Merge pull request #12563 from egregius313/egregius313/refactor-java-libs-to-dataflow-modules

Java: Refactor Java query libraries to use dataflow modules

java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql

@@ -13,10 +13,10 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.ExternalAPIs
-import DataFlow::PathGraph
+import UntrustedDataToExternalApiFlow::PathGraph
 
-from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink
+where UntrustedDataToExternalApiFlow::flowPath(source, sink)
 select sink, source, sink,
   "Call to " + sink.getNode().(ExternalApiDataNode).getMethodDescription() +
     " with untrusted data from $@.", source, source.toString()

java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql

@@ -11,10 +11,12 @@
  */
 
 import semmle.code.java.security.PartialPathTraversalQuery
-import DataFlow::PathGraph
+import PartialPathTraversalFromRemoteFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink
-where any(PartialPathTraversalFromRemoteConfig config).hasFlowPath(source, sink)
+from
+  PartialPathTraversalFromRemoteFlow::PathNode source,
+  PartialPathTraversalFromRemoteFlow::PathNode sink
+where PartialPathTraversalFromRemoteFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@.",
   source, "user-supplied data"

java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql

@@ -13,9 +13,9 @@
 
 import java
 import semmle.code.java.security.StaticInitializationVectorQuery
-import DataFlow::PathGraph
+import StaticInitializationVectorFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, StaticInitializationVectorConfig conf
-where conf.hasFlowPath(source, sink)
+from StaticInitializationVectorFlow::PathNode source, StaticInitializationVectorFlow::PathNode sink
+where StaticInitializationVectorFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "A $@ should not be used for encryption.", source.getNode(),
   "static initialization vector"

java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql

@@ -18,7 +18,5 @@ import semmle.code.java.security.UnsafeCertTrustQuery
 from Expr unsafeTrust
 where
   unsafeTrust instanceof RabbitMQEnableHostnameVerificationNotSet or
-  exists(SslEndpointIdentificationFlowConfig config |
-    config.hasFlowTo(DataFlow::exprNode(unsafeTrust))
-  )
+  SslEndpointIdentificationFlow::flowTo(DataFlow::exprNode(unsafeTrust))
 select unsafeTrust, "Unsafe configuration of trusted certificates."

java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql

@@ -13,10 +13,10 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.InsecureTrustManagerQuery
-import DataFlow::PathGraph
+import InsecureTrustManagerFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink
-where any(InsecureTrustManagerConfiguration cfg).hasFlowPath(source, sink)
+from InsecureTrustManagerFlow::PathNode source, InsecureTrustManagerFlow::PathNode sink
+where InsecureTrustManagerFlow::flowPath(source, sink)
 select sink, source, sink, "This uses $@, which is defined in $@ and trusts any certificate.",
   source, "TrustManager",
   source.getNode().asExpr().(ClassInstanceExpr).getConstructedType() as type, type.nestedName()

java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql

@@ -12,9 +12,9 @@
 
 import java
 import semmle.code.java.security.HttpsUrlsQuery
-import DataFlow::PathGraph
+import HttpStringToUrlOpenMethodFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink
-where any(HttpStringToUrlOpenMethodFlowConfig c).hasFlowPath(source, sink)
+from HttpStringToUrlOpenMethodFlow::PathNode source, HttpStringToUrlOpenMethodFlow::PathNode sink
+where HttpStringToUrlOpenMethodFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "URL may have been constructed with HTTP protocol, using $@.",
   source.getNode(), "this HTTP URL"

java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql

@@ -13,10 +13,10 @@
 
 import java
 import semmle.code.java.security.InsufficientKeySizeQuery
-import DataFlow::PathGraph
+import KeySizeFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, KeySizeConfiguration cfg
-where cfg.hasFlowPath(source, sink)
+from KeySizeFlow::PathNode source, KeySizeFlow::PathNode sink
+where KeySizeFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "This $@ is less than the recommended key size of " + source.getState() + " bits.",
   source.getNode(), "key size"

java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql

@@ -12,9 +12,9 @@
 
 import java
 import semmle.code.java.security.MissingJWTSignatureCheckQuery
-import DataFlow::PathGraph
+import MissingJwtSignatureCheckFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, MissingJwtSignatureCheckConf conf
-where conf.hasFlowPath(source, sink)
+from MissingJwtSignatureCheckFlow::PathNode source, MissingJwtSignatureCheckFlow::PathNode sink
+where MissingJwtSignatureCheckFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This parses a $@, but the signature is not verified.",
   source.getNode(), "JWT signing key"

java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql

@@ -13,9 +13,9 @@
 
 import java
 import semmle.code.java.security.UnsafeDeserializationQuery
-import DataFlow::PathGraph
+import UnsafeDeserializationFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf
-where conf.hasFlowPath(source, sink)
+from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink
+where UnsafeDeserializationFlow::flowPath(source, sink)
 select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink,
   "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value"

java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql

@@ -16,9 +16,9 @@
 
 import java
 import semmle.code.java.security.InsecureBasicAuthQuery
-import DataFlow::PathGraph
+import InsecureBasicAuthFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, BasicAuthFlowConfig config
-where config.hasFlowPath(source, sink)
+from InsecureBasicAuthFlow::PathNode source, InsecureBasicAuthFlow::PathNode sink
+where InsecureBasicAuthFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Insecure basic authentication from a $@.", source.getNode(),
   "HTTP URL"

java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql

@@ -11,10 +11,9 @@
  */
 
 import semmle.code.java.security.HardcodedCredentialsApiCallQuery
-import DataFlow::PathGraph
+import HardcodedCredentialApiCallFlow::PathGraph
 
-from
-  DataFlow::PathNode source, DataFlow::PathNode sink, HardcodedCredentialApiCallConfiguration conf
-where conf.hasFlowPath(source, sink)
+from HardcodedCredentialApiCallFlow::PathNode source, HardcodedCredentialApiCallFlow::PathNode sink
+where HardcodedCredentialApiCallFlow::flowPath(source, sink)
 select source.getNode(), source, sink, "Hard-coded value flows to $@.", sink.getNode(),
   "sensitive API call"

java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql

@@ -15,15 +15,15 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.ConditionalBypassQuery
-import DataFlow::PathGraph
+import ConditionalBypassFlow::PathGraph
 
 from
-  DataFlow::PathNode source, DataFlow::PathNode sink, MethodAccess m, Expr e,
-  ConditionalBypassFlowConfig conf
+  ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, MethodAccess m,
+  Expr e
 where
   conditionControlsMethod(m, e) and
   sink.getNode().asExpr() = e and
-  conf.hasFlowPath(source, sink)
+  ConditionalBypassFlow::flowPath(source, sink)
 select m, source, sink,
   "Sensitive method may not be executed depending on a $@, which flows from $@.", e,
   "this condition", source.getNode(), "user-controlled value"

java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql

@@ -15,10 +15,10 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.ImplicitPendingIntentsQuery
-import DataFlow::PathGraph
+import ImplicitPendingIntentStartFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink
-where any(ImplicitPendingIntentStartConf conf).hasFlowPath(source, sink)
+from ImplicitPendingIntentStartFlow::PathNode source, ImplicitPendingIntentStartFlow::PathNode sink
+where ImplicitPendingIntentStartFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "$@ and sent to an unspecified third party through a PendingIntent.", source.getNode(),
   "An implicit Intent is created"

java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll

@@ -232,9 +232,7 @@ class SaxTransformerFactoryNewTransformerHandler extends XmlParserCall {
 
   override Expr getSink() { result = this.getArgument(0) }
 
-  override predicate isSafe() {
-    exists(SafeTransformerFactoryFlowConfig stf | stf.hasFlowToExpr(this.getQualifier()))
-  }
+  override predicate isSafe() { SafeTransformerFactoryFlow::flowToExpr(this.getQualifier()) }
 }
 
 /** DEPRECATED: Alias for SaxTransformerFactoryNewTransformerHandler */