From 43de3a131bfb2b18e2adfb13af99184880d8f345 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 20:25:17 +0100 Subject: [PATCH] PS: Use the existing MaD rows to model file reads as flow sources. --- .../dataflow/flowsources/FlowSources.qll | 1 + .../dataflow/flowsources/Stored.qll | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/Stored.qll diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/FlowSources.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/FlowSources.qll index dc76e8bedd6..b32c1fc0295 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/FlowSources.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/FlowSources.qll @@ -2,6 +2,7 @@ private import semmle.code.powershell.dataflow.internal.DataFlowPublic as DataFlow import semmle.code.powershell.dataflow.flowsources.Remote import semmle.code.powershell.dataflow.flowsources.Local +import semmle.code.powershell.dataflow.flowsources.Stored import semmle.code.powershell.frameworks.data.internal.ApiGraphModels /** diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/Stored.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/Stored.qll new file mode 100644 index 00000000000..80fedeb6494 --- /dev/null +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/Stored.qll @@ -0,0 +1,35 @@ +/** + * Provides classes representing sources of stored data. + */ + +import powershell +private import FlowSources + +/** A data flow source of stored user input. */ +abstract class StoredFlowSource extends SourceNode { + override string getThreatModel() { result = "local" } +} + +/** + * A node with input from a database. + */ +abstract class DatabaseInputSource extends StoredFlowSource { + override string getThreatModel() { result = "database" } + + override string getSourceType() { result = "database input" } +} + +private class ExternalDatabaseInputSource extends DatabaseInputSource { + ExternalDatabaseInputSource() { this = ModelOutput::getASourceNode("database", _).asSource() } +} + +/** A file stream source is considered a stored flow source. */ +abstract class FileStreamStoredFlowSource extends StoredFlowSource { + override string getThreatModel() { result = "file" } + + override string getSourceType() { result = "file stream" } +} + +private class ExternalFileStreamStoredFlowSource extends FileStreamStoredFlowSource { + ExternalFileStreamStoredFlowSource() { this = ModelOutput::getASourceNode("file", _).asSource() } +}