Merge pull request #13881 from jketema/shared-taint-tracking

Introduce shared taint tracking library

java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll

@@ -8,6 +8,10 @@ import semmle.code.java.dataflow.DataFlow2
 import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule
 
 module TaintTracking {
-  import semmle.code.java.dataflow.internal.tainttracking1.TaintTracking
+  import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
+  private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
+  private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
+  private import codeql.dataflow.TaintTracking
+  import TaintFlowMake<JavaDataFlow, JavaTaintTracking>
   import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl
 }

java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll

@@ -0,0 +1,10 @@
+/**
+ * Provides Java-specific definitions for use in the taint tracking library.
+ */
+
+private import codeql.dataflow.TaintTracking
+private import DataFlowImplSpecific
+
+module JavaTaintTracking implements InputSig<JavaDataFlow> {
+  import TaintTrackingUtil
+}

java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -177,7 +177,7 @@ private RefType getElementType(RefType container) {
  * of `c` at sinks and inputs to additional taint steps.
  */
 bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) {
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
   exists(RefType container |
     (node.asExpr() instanceof Argument or node instanceof ArgumentNode) and
     getElementType*(node.getType()) = container

java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -1,75 +0,0 @@
-/**
- * Provides classes for performing local (intra-procedural) and
- * global (inter-procedural) taint-tracking analyses.
- */
-
-import TaintTrackingParameter::Public
-private import TaintTrackingParameter::Private
-
-private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
-  DataFlowInternal::FullStateConfigSig
-{
-  import Config
-
-  predicate isBarrier(DataFlow::Node node) {
-    Config::isBarrier(node) or defaultTaintSanitizer(node)
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    Config::isAdditionalFlowStep(node1, node2) or
-    defaultAdditionalTaintStep(node1, node2)
-  }
-
-  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    Config::allowImplicitRead(node, c)
-    or
-    (
-      Config::isSink(node) or
-      Config::isSink(node, _) or
-      Config::isAdditionalFlowStep(node, _) or
-      Config::isAdditionalFlowStep(node, _, _, _)
-    ) and
-    defaultImplicitTaintRead(node, c)
-  }
-}
-
-/**
- * Constructs a global taint tracking computation.
- */
-module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
-  private module Config0 implements DataFlowInternal::FullStateConfigSig {
-    import DataFlowInternal::DefaultState<Config>
-    import Config
-  }
-
-  private module C implements DataFlowInternal::FullStateConfigSig {
-    import AddTaintDefaults<Config0>
-  }
-
-  import DataFlowInternal::Impl<C>
-}
-
-/** DEPRECATED: Use `Global` instead. */
-deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
-  import Global<Config>
-}
-
-/**
- * Constructs a global taint tracking computation using flow state.
- */
-module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
-  private module Config0 implements DataFlowInternal::FullStateConfigSig {
-    import Config
-  }
-
-  private module C implements DataFlowInternal::FullStateConfigSig {
-    import AddTaintDefaults<Config0>
-  }
-
-  import DataFlowInternal::Impl<C>
-}
-
-/** DEPRECATED: Use `GlobalWithState` instead. */
-deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
-  import GlobalWithState<Config>
-}