From 5bd9aae0723031e356f5661fbb0ffd49ce37f452 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 12 Apr 2023 10:01:11 -0400
Subject: [PATCH] Refactor Log4jJndiInjection.ql

---
 .../CWE/CWE-020/Log4jJndiInjection.ql         | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
index d65e2110de1..14bef1791cc 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
@@ -16,9 +16,10 @@
  */
 
 import java
+import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.ExternalFlow
-import DataFlow::PathGraph
+import Log4jInjectionFlow::PathGraph
 
 private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "log4j-injection" }
@@ -41,17 +42,20 @@ class Log4jInjectionSanitizer extends DataFlow::Node {
 /**
  * A taint-tracking configuration for tracking untrusted user input used in log entries.
  */
-class Log4jInjectionConfiguration extends TaintTracking::Configuration {
-  Log4jInjectionConfiguration() { this = "Log4jInjectionConfiguration" }
+module Log4jInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof Log4jInjectionSink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Log4jInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Log4jInjectionSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof Log4jInjectionSanitizer }
 }
 
-from Log4jInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+/**
+ * Taint-tracking flow for tracking untrusted user input used in log entries.
+ */
+module Log4jInjectionFlow = TaintTracking::Global<Log4jInjectionConfig>;
+
+from Log4jInjectionFlow::PathNode source, Log4jInjectionFlow::PathNode sink
+where Log4jInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Log4j log entry depends on a $@.", source.getNode(),
   "user-provided value"