From bdd64ce86d9db735fbd1403efbb880d7b282c95c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 22:51:55 +0200 Subject: [PATCH 1/7] Introduce shared taint tracking library --- config/identical-files.json | 2 - .../code/cpp/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ----------------- .../code/cpp/dataflow/new/TaintTracking.qll | 6 +- .../code/cpp/ir/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ----------------- .../codeql/dataflow/TaintTracking.qll | 84 +++++++++++++++++++ .../dataflow/TaintTrackingParameter.qll | 22 +++++ 12 files changed, 143 insertions(+), 157 deletions(-) create mode 100644 cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 shared/dataflow/codeql/dataflow/TaintTracking.qll create mode 100644 shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll diff --git a/config/identical-files.json b/config/identical-files.json index 19103323a23..2b8840a63f3 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -34,8 +34,6 @@ "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll" ], "TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [ - "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll", - "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll", "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll", "go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll", "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll", diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll index fcee9801e78..8a8db1bdcce 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll @@ -25,6 +25,10 @@ import semmle.code.cpp.dataflow.DataFlow2 * global (inter-procedural) taint-tracking analyses. */ deprecated module TaintTracking { - import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..41edb96f573 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C++-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module CppOldTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll index bea9364884c..89a8eba2199 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll @@ -39,7 +39,7 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } /** * Holds if `node` should be a sanitizer in all global taint flow configurations diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll index 23cef94c1c3..87e037aad9b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll @@ -23,6 +23,10 @@ import semmle.code.cpp.dataflow.new.DataFlow2 * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.ir.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll index f3449904420..6f2bfcdd6aa 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll @@ -19,6 +19,10 @@ import semmle.code.cpp.ir.dataflow.DataFlow import semmle.code.cpp.ir.dataflow.DataFlow2 module TaintTracking { - import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.ir.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..70ce12c1dc2 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C++-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module CppTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index 028f5bad9da..50e45e3081d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -112,7 +112,7 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } /** * Holds if `node` should be a sanitizer in all global taint flow configurations diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll new file mode 100644 index 00000000000..fc0dcfe0f76 --- /dev/null +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -0,0 +1,84 @@ +/** + * Provides classes for performing local (intra-procedural) and + * global (inter-procedural) taint-tracking analyses. + */ + +import DataFlow +import DataFlowImpl +import DataFlowParameter +import TaintTrackingParameter + +module TaintFlowMake< + DataFlowParameter DataFlowLang, TaintTrackingParameter TaintTrackingLang> +{ + private import DataFlowLang + private import TaintTrackingLang + private import DataFlowMake + private import MakeImpl + + private module AddTaintDefaults implements FullStateConfigSig { + import Config + + predicate isBarrier(DataFlowLang::Node node) { + Config::isBarrier(node) or defaultTaintSanitizer(node) + } + + predicate isAdditionalFlowStep(DataFlowLang::Node node1, DataFlowLang::Node node2) { + Config::isAdditionalFlowStep(node1, node2) or + defaultAdditionalTaintStep(node1, node2) + } + + predicate allowImplicitRead(DataFlowLang::Node node, DataFlowLang::ContentSet c) { + Config::allowImplicitRead(node, c) + or + ( + Config::isSink(node) or + Config::isSink(node, _) or + Config::isAdditionalFlowStep(node, _) or + Config::isAdditionalFlowStep(node, _, _, _) + ) and + defaultImplicitTaintRead(node, c) + } + } + + /** + * Constructs a global taint tracking computation. + */ + module Global implements GlobalFlowSig { + private module Config0 implements FullStateConfigSig { + import DefaultState + import Config + } + + private module C implements FullStateConfigSig { + import AddTaintDefaults + } + + import Impl + } + + /** DEPRECATED: Use `Global` instead. */ + deprecated module Make implements GlobalFlowSig { + import Global + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements GlobalFlowSig { + private module Config0 implements FullStateConfigSig { + import Config + } + + private module C implements FullStateConfigSig { + import AddTaintDefaults + } + + import Impl + } + + /** DEPRECATED: Use `GlobalWithState` instead. */ + deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState + } +} diff --git a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll new file mode 100644 index 00000000000..5af87217469 --- /dev/null +++ b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll @@ -0,0 +1,22 @@ +import DataFlowParameter + +signature module TaintTrackingParameter { + /** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ + predicate defaultTaintSanitizer(Lang::Node node); + + /** + * Holds if the additional step from `src` to `sink` should be included in all + * global taint flow configurations. + */ + predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); + + /** + * Holds if taint flow configurations should allow implicit reads of `c` at sinks + * and inputs to additional taint steps. + */ + bindingset[node] + predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); +} From 7ba2f7a22a45d5d060517cd1c4147fdcb3079afa Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 11:48:39 +0200 Subject: [PATCH 2/7] Address review comments --- .../codeql/dataflow/TaintTracking.qll | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index fc0dcfe0f76..326efdc2d0d 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -3,20 +3,21 @@ * global (inter-procedural) taint-tracking analyses. */ -import DataFlow -import DataFlowImpl -import DataFlowParameter +private import DataFlow +private import DataFlowImpl +private import DataFlowParameter import TaintTrackingParameter module TaintFlowMake< DataFlowParameter DataFlowLang, TaintTrackingParameter TaintTrackingLang> { - private import DataFlowLang private import TaintTrackingLang - private import DataFlowMake - private import MakeImpl + private import DataFlowMake as DataFlow + private import MakeImpl as DataFlowInternal - private module AddTaintDefaults implements FullStateConfigSig { + private module AddTaintDefaults implements + DataFlowInternal::FullStateConfigSig + { import Config predicate isBarrier(DataFlowLang::Node node) { @@ -44,41 +45,43 @@ module TaintFlowMake< /** * Constructs a global taint tracking computation. */ - module Global implements GlobalFlowSig { - private module Config0 implements FullStateConfigSig { - import DefaultState + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState import Config } - private module C implements FullStateConfigSig { + private module C implements DataFlowInternal::FullStateConfigSig { import AddTaintDefaults } - import Impl + import DataFlowInternal::Impl } /** DEPRECATED: Use `Global` instead. */ - deprecated module Make implements GlobalFlowSig { + deprecated module Make implements DataFlow::GlobalFlowSig { import Global } /** * Constructs a global taint tracking computation using flow state. */ - module GlobalWithState implements GlobalFlowSig { - private module Config0 implements FullStateConfigSig { + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } - private module C implements FullStateConfigSig { + private module C implements DataFlowInternal::FullStateConfigSig { import AddTaintDefaults } - import Impl + import DataFlowInternal::Impl } /** DEPRECATED: Use `GlobalWithState` instead. */ - deprecated module MakeWithState implements GlobalFlowSig { + deprecated module MakeWithState implements + DataFlow::GlobalFlowSig + { import GlobalWithState } } From 20b792545d8e71de11a5437c3ec512c70189c652 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 11:53:52 +0200 Subject: [PATCH 3/7] Add missing QLDoc --- shared/dataflow/codeql/dataflow/TaintTracking.qll | 5 ++++- shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 326efdc2d0d..84c8c859d06 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -1,5 +1,5 @@ /** - * Provides classes for performing local (intra-procedural) and + * Provides modules for performing local (intra-procedural) and * global (inter-procedural) taint-tracking analyses. */ @@ -8,6 +8,9 @@ private import DataFlowImpl private import DataFlowParameter import TaintTrackingParameter +/** + * Construct the modules for taint-tracking analyses. + */ module TaintFlowMake< DataFlowParameter DataFlowLang, TaintTrackingParameter TaintTrackingLang> { diff --git a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll index 5af87217469..ffeb9f82d98 100644 --- a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll +++ b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll @@ -1,3 +1,7 @@ +/** + * Provides the signature for the language-specific parts of the taint-tracking analyses. + */ + import DataFlowParameter signature module TaintTrackingParameter { From 747cd1745a43b621d80434c0beeb8b323f60ada8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 13:32:46 +0200 Subject: [PATCH 4/7] Update all languages to use the shared taint-tracking library --- config/identical-files.json | 8 -- .../code/csharp/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../internal/TaintTrackingPrivate.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../lib/semmle/go/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../code/java/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../python/dataflow/new/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../new/internal/TaintTrackingPrivate.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- ruby/ql/lib/codeql/ruby/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../codeql/swift/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 11 +++ .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- 22 files changed, 95 insertions(+), 393 deletions(-) create mode 100644 csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll create mode 100644 python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll delete mode 100644 python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll create mode 100644 ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll diff --git a/config/identical-files.json b/config/identical-files.json index 2b8840a63f3..84b50a0c502 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -33,14 +33,6 @@ "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll", "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll" ], - "TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [ - "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll", - "go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll", - "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll", - "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll", - "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll" - ], "TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [ "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll", diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll index 57f499ffa21..7243d36b05d 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll @@ -6,6 +6,10 @@ import csharp module TaintTracking { - import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..783b61befca --- /dev/null +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C#-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module CsharpTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 53b61ed5974..d7e2444c7d5 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -25,7 +25,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll index 2f0bb5ea116..2c028a0e34a 100644 --- a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll +++ b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll @@ -10,6 +10,10 @@ import semmle.go.dataflow.DataFlow * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import semmle.go.dataflow.internal.tainttracking1.TaintTracking + import semmle.go.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.go.dataflow.internal.DataFlowImplSpecific + private import semmle.go.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.go.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..5a0bb940aa9 --- /dev/null +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Go-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module GoTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 21d3f482f6c..1f453c8c8f0 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -47,7 +47,7 @@ private Type getElementType(Type containerType) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(Type containerType | node instanceof DataFlow::ArgumentNode and getElementType*(node.getType()) = containerType diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll index 37a26bf38bf..ad7b88381a8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll @@ -8,6 +8,10 @@ import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule module TaintTracking { - import semmle.code.java.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.java.dataflow.internal.DataFlowImplSpecific + private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..29705d8ab7d --- /dev/null +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Java-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module JavaTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 6f8dbb1771b..5d609087c93 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -177,7 +177,7 @@ private RefType getElementType(RefType container) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(RefType container | (node.asExpr() instanceof Argument or node instanceof ArgumentNode) and getElementType*(node.getType()) = container diff --git a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll index 6b7a2303559..aa80e7c7148 100644 --- a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll @@ -15,6 +15,10 @@ private import python * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import internal.tainttracking1.TaintTracking + import semmle.python.dataflow.new.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.python.dataflow.new.internal.DataFlowImplSpecific + private import semmle.python.dataflow.new.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import internal.tainttracking1.TaintTrackingImpl } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..bf5a5b968a9 --- /dev/null +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Python-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module PythonTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 3a23f790a44..4b90d0d82d3 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -16,7 +16,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private module Cached { /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/ruby/ql/lib/codeql/ruby/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/TaintTracking.qll index 7746fcff835..461a423e1f1 100644 --- a/ruby/ql/lib/codeql/ruby/TaintTracking.qll +++ b/ruby/ql/lib/codeql/ruby/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.ruby.dataflow.internal.tainttracking1.TaintTracking + import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.ruby.dataflow.internal.DataFlowImplSpecific + private import codeql.ruby.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..33d1ebae0f8 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Ruby-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module RubyTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll index 3ac71370495..2dcb4e239c6 100644 --- a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll +++ b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.swift.dataflow.internal.tainttracking1.TaintTracking + import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.swift.dataflow.internal.DataFlowImplSpecific + private import codeql.swift.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..5ad0dc787e9 --- /dev/null +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,11 @@ +/** + * Provides Swift-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module SwiftTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate + import TaintTrackingPublic +} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} From c4a65e58bb92edf9afb38f4a009579626f7c1fe9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 13:33:24 +0200 Subject: [PATCH 5/7] Add change note --- shared/dataflow/change-notes/2023-08-04-taint-tracking.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 shared/dataflow/change-notes/2023-08-04-taint-tracking.md diff --git a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md new file mode 100644 index 00000000000..000d7ea265c --- /dev/null +++ b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The shared taint-tracking library is now part of the dataflow qlpack. From 8b6a7985dbeae97040020fc058cc66fd53d3aa02 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Aug 2023 15:23:15 +0200 Subject: [PATCH 6/7] Refactor the traint-tracking library to follow the dataflow library refactoring --- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../codeql/dataflow/TaintTracking.qll | 36 ++++++++++++++----- .../dataflow/TaintTrackingParameter.qll | 26 -------------- .../internal/TaintTrackingImplSpecific.qll | 4 +-- 10 files changed, 44 insertions(+), 50 deletions(-) delete mode 100644 shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll index 41edb96f573..3f917d69802 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C++-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CppOldTaintTracking implements TaintTrackingParameter { +module CppOldTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll index 70ce12c1dc2..f62468087b9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C++-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CppTaintTracking implements TaintTrackingParameter { +module CppTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll index 783b61befca..17a0d2c3c1a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C#-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CsharpTaintTracking implements TaintTrackingParameter { +module CsharpTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll index 5a0bb940aa9..f52499df232 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Go-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module GoTaintTracking implements TaintTrackingParameter { +module GoTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll index 29705d8ab7d..ba30b102a20 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Java-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module JavaTaintTracking implements TaintTrackingParameter { +module JavaTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll index bf5a5b968a9..6f65d234344 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Python-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module PythonTaintTracking implements TaintTrackingParameter { +module PythonTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll index 33d1ebae0f8..fe733ee5d95 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Ruby-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module RubyTaintTracking implements TaintTrackingParameter { +module RubyTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 84c8c859d06..73960fbca1d 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -3,19 +3,39 @@ * global (inter-procedural) taint-tracking analyses. */ -private import DataFlow -private import DataFlowImpl -private import DataFlowParameter -import TaintTrackingParameter +private import DataFlow as DF +private import internal.DataFlowImpl + +/** + * Provides language-specific taint-tracking parameters. + */ +signature module InputSig { + /** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ + predicate defaultTaintSanitizer(Lang::Node node); + + /** + * Holds if the additional step from `src` to `sink` should be included in all + * global taint flow configurations. + */ + predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); + + /** + * Holds if taint flow configurations should allow implicit reads of `c` at sinks + * and inputs to additional taint steps. + */ + bindingset[node] + predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); +} /** * Construct the modules for taint-tracking analyses. */ -module TaintFlowMake< - DataFlowParameter DataFlowLang, TaintTrackingParameter TaintTrackingLang> -{ +module TaintFlowMake TaintTrackingLang> { private import TaintTrackingLang - private import DataFlowMake as DataFlow + private import DF::DataFlowMake as DataFlow private import MakeImpl as DataFlowInternal private module AddTaintDefaults implements diff --git a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll deleted file mode 100644 index ffeb9f82d98..00000000000 --- a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Provides the signature for the language-specific parts of the taint-tracking analyses. - */ - -import DataFlowParameter - -signature module TaintTrackingParameter { - /** - * Holds if `node` should be a sanitizer in all global taint flow configurations - * but not in local taint. - */ - predicate defaultTaintSanitizer(Lang::Node node); - - /** - * Holds if the additional step from `src` to `sink` should be included in all - * global taint flow configurations. - */ - predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); - - /** - * Holds if taint flow configurations should allow implicit reads of `c` at sinks - * and inputs to additional taint steps. - */ - bindingset[node] - predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); -} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll index 5ad0dc787e9..fd00fa5e8f1 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,10 +2,10 @@ * Provides Swift-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module SwiftTaintTracking implements TaintTrackingParameter { +module SwiftTaintTracking implements InputSig { import TaintTrackingPrivate import TaintTrackingPublic } From a2bb7dee186b7ab3412d44d55876244adca25417 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 21 Aug 2023 10:32:28 +0200 Subject: [PATCH 7/7] Java: Delete copy of shared taint tracking library --- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- 1 file changed, 75 deletions(-) delete mode 100644 java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -}