mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Refactor DataFlow configurations to use "Config" naming convention
This commit is contained in:
Ed Minnix
@@ -10,7 +10,7 @@ private class ParseAsMethod extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
private module TypeLiteralToParseAsFlowConfiguration implements DataFlow::ConfigSig {
|
||||
private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -21,7 +21,7 @@ private module TypeLiteralToParseAsFlowConfiguration implements DataFlow::Config
|
||||
}
|
||||
}
|
||||
|
||||
private module TypeLiteralToParseAsFlow = DataFlow::Make<TypeLiteralToParseAsFlowConfiguration>;
|
||||
private module TypeLiteralToParseAsFlow = DataFlow::Make<TypeLiteralToParseAsFlowConfig>;
|
||||
|
||||
private TypeLiteral getSourceWithFlowToParseAs() {
|
||||
TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _)
|
||||
|
||||
@@ -90,7 +90,7 @@ private class FieldReferencedJacksonSerializableType extends JacksonSerializable
|
||||
/** A type whose values may be deserialized by the Jackson JSON framework. */
|
||||
abstract class JacksonDeserializableType extends Type { }
|
||||
|
||||
private module TypeLiteralToJacksonDatabindFlowConfiguration implements DataFlow::ConfigSig {
|
||||
private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -108,7 +108,7 @@ private module TypeLiteralToJacksonDatabindFlowConfiguration implements DataFlow
|
||||
}
|
||||
|
||||
private module TypeLiteralToJacksonDatabindFlow =
|
||||
DataFlow::Make<TypeLiteralToJacksonDatabindFlowConfiguration>;
|
||||
DataFlow::Make<TypeLiteralToJacksonDatabindFlowConfig>;
|
||||
|
||||
private TypeLiteral getSourceWithFlowToJacksonDatabind() {
|
||||
TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _)
|
||||
|
||||
@@ -9,7 +9,7 @@ private import semmle.code.java.security.ArbitraryApkInstallation
|
||||
* A dataflow configuration for flow from an external source of an APK to the
|
||||
* `setData[AndType][AndNormalize]` method of an intent.
|
||||
*/
|
||||
private module ApkInstallationConfiguration implements DataFlow::ConfigSig {
|
||||
private module ApkInstallationConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource }
|
||||
|
||||
predicate isSink(DataFlow::Node node) {
|
||||
@@ -25,7 +25,7 @@ private module ApkInstallationConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfiguration>;
|
||||
module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfig>;
|
||||
|
||||
private newtype ActionState =
|
||||
ActionUnset() or
|
||||
@@ -37,7 +37,7 @@ private newtype ActionState =
|
||||
*
|
||||
* This is used to track if an intent is used to install an APK.
|
||||
*/
|
||||
private module InstallPackageActionConfiguration implements DataFlow::StateConfigSig {
|
||||
private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = ActionState;
|
||||
|
||||
predicate isSource(DataFlow::Node source, FlowState state) {
|
||||
@@ -72,8 +72,7 @@ private module InstallPackageActionConfiguration implements DataFlow::StateConfi
|
||||
predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
|
||||
}
|
||||
|
||||
private module InstallPackageActionFlow =
|
||||
TaintTracking::MakeWithState<InstallPackageActionConfiguration>;
|
||||
private module InstallPackageActionFlow = TaintTracking::MakeWithState<InstallPackageActionConfig>;
|
||||
|
||||
private newtype MimeTypeState =
|
||||
MimeTypeUnset() or
|
||||
@@ -84,7 +83,7 @@ private newtype MimeTypeState =
|
||||
* the `setType` or `setTypeAndNormalize` method of an intent, followed by a call
|
||||
* to `setData[AndType][AndNormalize]`.
|
||||
*/
|
||||
private module PackageArchiveMimeTypeConfiguration implements DataFlow::StateConfigSig {
|
||||
private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = MimeTypeState;
|
||||
|
||||
predicate isSource(DataFlow::Node node, FlowState state) {
|
||||
@@ -118,4 +117,4 @@ private module PackageArchiveMimeTypeConfiguration implements DataFlow::StateCon
|
||||
}
|
||||
|
||||
private module PackageArchiveMimeTypeFlow =
|
||||
TaintTracking::MakeWithState<PackageArchiveMimeTypeConfiguration>;
|
||||
TaintTracking::MakeWithState<PackageArchiveMimeTypeConfig>;
|
||||
|
||||
@@ -23,7 +23,7 @@ deprecated class LogInjectionConfiguration extends TaintTracking::Configuration
|
||||
}
|
||||
}
|
||||
|
||||
private module LogInjectionConfiguration implements DataFlow::ConfigSig {
|
||||
private module LogInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof LogInjectionSink }
|
||||
@@ -38,4 +38,4 @@ private module LogInjectionConfiguration implements DataFlow::ConfigSig {
|
||||
/**
|
||||
* Taint-tracking flow for tracking untrusted user input used in log entries.
|
||||
*/
|
||||
module LogInjectionFlow = TaintTracking::Make<LogInjectionConfiguration>;
|
||||
module LogInjectionFlow = TaintTracking::Make<LogInjectionConfig>;
|
||||
|
||||
@@ -35,7 +35,7 @@ deprecated class RequestForgeryConfiguration extends TaintTracking::Configuratio
|
||||
/**
|
||||
* A taint-tracking configuration characterising request-forgery risks.
|
||||
*/
|
||||
private module RequestForgeryConfiguration implements DataFlow::ConfigSig {
|
||||
private module RequestForgeryConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source instanceof RemoteFlowSource and
|
||||
// Exclude results of remote HTTP requests: fetching something else based on that result
|
||||
@@ -53,4 +53,4 @@ private module RequestForgeryConfiguration implements DataFlow::ConfigSig {
|
||||
predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer }
|
||||
}
|
||||
|
||||
module RequestForgeryFlow = TaintTracking::Make<RequestForgeryConfiguration>;
|
||||
module RequestForgeryFlow = TaintTracking::Make<RequestForgeryConfig>;
|
||||
|
||||
@@ -49,7 +49,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
|
||||
}
|
||||
|
||||
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
|
||||
private module SensitiveLoggerConfiguration implements DataFlow::ConfigSig {
|
||||
private module SensitiveLoggerConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
|
||||
@@ -65,4 +65,4 @@ private module SensitiveLoggerConfiguration implements DataFlow::ConfigSig {
|
||||
predicate isBarrierIn(Node node) { isSource(node) }
|
||||
}
|
||||
|
||||
module SensitiveLoggerFlow = TaintTracking::Make<SensitiveLoggerConfiguration>;
|
||||
module SensitiveLoggerFlow = TaintTracking::Make<SensitiveLoggerConfig>;
|
||||
|
||||
@@ -28,7 +28,7 @@ class BrokenAlgoLiteral extends ShortStringLiteral {
|
||||
}
|
||||
}
|
||||
|
||||
module InsecureCryptoConfiguration implements ConfigSig {
|
||||
module InsecureCryptoConfig implements ConfigSig {
|
||||
predicate isSource(Node n) { n.asExpr() instanceof BrokenAlgoLiteral }
|
||||
|
||||
predicate isSink(Node n) { exists(CryptoAlgoSpec c | n.asExpr() = c.getAlgoSpec()) }
|
||||
@@ -38,7 +38,7 @@ module InsecureCryptoConfiguration implements ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfiguration>;
|
||||
module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfig>;
|
||||
|
||||
import InsecureCryptoFlow::PathGraph
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ class StringContainer extends RefType {
|
||||
}
|
||||
}
|
||||
|
||||
module InsecureCryptoConfiguration implements ConfigSig {
|
||||
module InsecureCryptoConfig implements ConfigSig {
|
||||
predicate isSource(Node n) { n.asExpr() instanceof InsecureAlgoLiteral }
|
||||
|
||||
predicate isSink(Node n) { exists(CryptoAlgoSpec c | n.asExpr() = c.getAlgoSpec()) }
|
||||
@@ -61,7 +61,7 @@ module InsecureCryptoConfiguration implements ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfiguration>;
|
||||
module InsecureCryptoFlow = TaintTracking::Make<InsecureCryptoConfig>;
|
||||
|
||||
import InsecureCryptoFlow::PathGraph
|
||||
|
||||
|
||||
Reference in New Issue
Block a user