Swift: Rewrite UnsafeJsEval to use `DataFlow::ConfigSig

This commit is contained in:
Jeroen Ketema
2023-04-03 16:22:32 +02:00
parent db641e508a
commit 56156cfa36
2 changed files with 26 additions and 5 deletions

View File

@@ -12,7 +12,7 @@ import codeql.swift.security.UnsafeJsEvalExtensions
/**
* A taint configuration from taint sources to sinks for this query.
*/
class UnsafeJsEvalConfig extends TaintTracking::Configuration {
deprecated class UnsafeJsEvalConfig extends TaintTracking::Configuration {
UnsafeJsEvalConfig() { this = "UnsafeJsEvalConfig" }
override predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
@@ -27,3 +27,25 @@ class UnsafeJsEvalConfig extends TaintTracking::Configuration {
any(UnsafeJsEvalAdditionalTaintStep s).step(nodeFrom, nodeTo)
}
}
/**
* A taint configuration from taint sources to sinks for this query.
*/
module UnsafeJsEvalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
predicate isSink(DataFlow::Node node) { node instanceof UnsafeJsEvalSink }
predicate isBarrier(DataFlow::Node sanitizer) {
sanitizer instanceof UnsafeJsEvalSanitizer
}
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(UnsafeJsEvalAdditionalTaintStep s).step(nodeFrom, nodeTo)
}
}
/**
* Detect taint flow of taint sources to sinks for this query.
*/
module UnsafeJsEvalFlow = TaintTracking::Global<UnsafeJsEvalConfig>;

View File

@@ -15,12 +15,11 @@
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.security.UnsafeJsEvalQuery
import DataFlow::PathGraph
import UnsafeJsEvalFlow::PathGraph
from
UnsafeJsEvalConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode,
UnsafeJsEvalSink sink
UnsafeJsEvalFlow::PathNode sourceNode, UnsafeJsEvalFlow::PathNode sinkNode, UnsafeJsEvalSink sink
where
config.hasFlowPath(sourceNode, sinkNode) and
UnsafeJsEvalFlow::flowPath(sourceNode, sinkNode) and
sink = sinkNode.getNode()
select sink, sourceNode, sinkNode, "Evaluation of uncontrolled JavaScript from a remote source."