mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
Make the Config module of public Flow modules public
This is to make things easier for the CodeML/ATM team once these configurations are moved from `src/` to `lib/`.
This commit is contained in:
Ed Minnix
@@ -20,7 +20,7 @@ import semmle.code.java.security.PathCreation
|
||||
import semmle.code.java.security.PathSanitizer
|
||||
import TaintedPathCommon
|
||||
|
||||
private module TaintedPathLocalConfig implements DataFlow::ConfigSig {
|
||||
module TaintedPathLocalConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
@@ -34,7 +34,7 @@ class ArchiveEntryNameMethod extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
private module ZipSlipConfiguration implements DataFlow::ConfigSig {
|
||||
module ZipSlipConfiguration implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source.asExpr().(MethodAccess).getMethod() instanceof ArchiveEntryNameMethod
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ import semmle.code.java.security.LdapInjection
|
||||
/**
|
||||
* A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
|
||||
*/
|
||||
private module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
|
||||
module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
|
||||
|
||||
@@ -55,7 +55,7 @@ class SetMessageInterpolatorCall extends MethodAccess {
|
||||
* Taint tracking BeanValidationConfiguration describing the flow of data from user input
|
||||
* to the argument of a method that builds constraint error messages.
|
||||
*/
|
||||
private module BeanValidationConfig implements DataFlow::ConfigSig {
|
||||
module BeanValidationConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink }
|
||||
|
||||
@@ -14,7 +14,7 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.StringFormat
|
||||
|
||||
private module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
|
||||
module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
@@ -16,7 +16,7 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import ArithmeticCommon
|
||||
|
||||
private module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig {
|
||||
module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
|
||||
@@ -27,7 +27,7 @@ private module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigS
|
||||
module ArithmeticTaintedLocalOverflowFlow =
|
||||
TaintTracking::Make<ArithmeticTaintedLocalOverflowConfig>;
|
||||
|
||||
private module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig {
|
||||
module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
|
||||
|
||||
@@ -24,7 +24,7 @@ class TaintSource extends DataFlow::ExprNode {
|
||||
}
|
||||
}
|
||||
|
||||
private module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigSig {
|
||||
module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof TaintSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
|
||||
@@ -35,7 +35,7 @@ private module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigS
|
||||
module ArithmeticUncontrolledOverflowFlow =
|
||||
TaintTracking::Make<ArithmeticUncontrolledOverflowConfig>;
|
||||
|
||||
private module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
|
||||
module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof TaintSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
|
||||
|
||||
@@ -65,7 +65,7 @@ private newtype WebViewOrSettings =
|
||||
IsWebView() or
|
||||
IsSettings()
|
||||
|
||||
private module WebViewDisallowContentAccessConfig implements DataFlow::StateConfigSig {
|
||||
module WebViewDisallowContentAccessConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = WebViewOrSettings;
|
||||
|
||||
predicate isSource(DataFlow::Node node, FlowState state) {
|
||||
|
||||
@@ -44,7 +44,7 @@ class TrustAllHostnameVerifier extends RefType {
|
||||
/**
|
||||
* A configuration to model the flow of a `TrustAllHostnameVerifier` to a `set(Default)HostnameVerifier` call.
|
||||
*/
|
||||
private module TrustAllHostnameVerifierConfig implements DataFlow::ConfigSig {
|
||||
module TrustAllHostnameVerifierConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source.asExpr().(ClassInstanceExpr).getConstructedType() instanceof TrustAllHostnameVerifier
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.UrlRedirect
|
||||
|
||||
private module UrlRedirectConfig implements DataFlow::ConfigSig {
|
||||
module UrlRedirectConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
|
||||
|
||||
@@ -15,7 +15,7 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.UrlRedirect
|
||||
|
||||
private module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
|
||||
module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
|
||||
|
||||
@@ -16,7 +16,7 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.security.XPath
|
||||
|
||||
private module XPathInjectionConfig implements DataFlow::ConfigSig {
|
||||
module XPathInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
|
||||
|
||||
@@ -52,7 +52,7 @@ class WCPermissionConstruction extends ClassInstanceExpr, PermissionsConstructio
|
||||
override Expr getInput() { result = this.getArgument(0) }
|
||||
}
|
||||
|
||||
private module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
|
||||
module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof UserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
Reference in New Issue
Block a user