Java: Refactor CaptureSourceModel to enable re-use.

2025-12-20 18:56:32 +01:00 · 2022-03-18 10:53:34 +01:00
parent f00837578b
commit 45234b1631
3 changed files with 37 additions and 34 deletions
--- a/java/ql/src/utils/model-generator/CaptureSourceModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -4,41 +4,8 @@
 * @id java/utils/model-generator/sink-models
 */

-import java
-private import semmle.code.java.dataflow.TaintTracking
-private import semmle.code.java.dataflow.ExternalFlow
-private import semmle.code.java.dataflow.internal.DataFlowImplCommon
 private import ModelGeneratorUtils
-
-class FromSourceConfiguration extends TaintTracking::Configuration {
-  FromSourceConfiguration() { this = "FromSourceConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(TargetApi c |
-      sink instanceof ReturnNodeExt and
-      sink.getEnclosingCallable() = c
-    )
-  }
-
-  override DataFlow::FlowFeature getAFeature() {
-    result instanceof DataFlow::FeatureHasSinkCallContext
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isRelevantTaintStep(node1, node2)
-  }
-}
-
-string captureSource(TargetApi api) {
-  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
-    config.hasFlow(source, sink) and
-    sourceNode(source, kind) and
-    api = sink.getEnclosingCallable() and
-    result = asSourceModel(api, returnNodeAsOutput(sink), kind)
-  )
-}
+private import CaptureSourceModels

 from TargetApi api, string sink
 where sink = captureSource(api)
--- a/java/ql/src/utils/model-generator/CaptureSourceModels.qll
+++ b/java/ql/src/utils/model-generator/CaptureSourceModels.qll
@@ -0,0 +1,32 @@
+private import CaptureSourceModelsSpecific
+private import ModelGeneratorUtils
+
+class FromSourceConfiguration extends TaintTracking::Configuration {
+  FromSourceConfiguration() { this = "FromSourceConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(TargetApi c |
+      sink instanceof ReturnNodeExt and
+      sink.getEnclosingCallable() = c
+    )
+  }
+
+  override DataFlow::FlowFeature getAFeature() {
+    result instanceof DataFlow::FeatureHasSinkCallContext
+  }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    isRelevantTaintStep(node1, node2)
+  }
+}
+
+string captureSource(TargetApi api) {
+  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
+    config.hasFlow(source, sink) and
+    sourceNode(source, kind) and
+    api = sink.getEnclosingCallable() and
+    result = asSourceModel(api, returnNodeAsOutput(sink), kind)
+  )
+}
--- a/java/ql/src/utils/model-generator/CaptureSourceModelsSpecific.qll
+++ b/java/ql/src/utils/model-generator/CaptureSourceModelsSpecific.qll
@@ -0,0 +1,4 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.ExternalFlow
+import semmle.code.java.dataflow.internal.DataFlowImplCommon