Java: Add defaultImplicitTaintRead and sync.

2026-04-29 02:35:15 +02:00 · 2021-06-18 14:24:50 +02:00
parent 38319a4832
commit 65ac8be5ac
21 changed files with 135 additions and 0 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -9,6 +9,13 @@ private import semmle.python.dataflow.new.internal.TaintTrackingPublic
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

+/**
+ * Holds if default `TaintTracking::Configuration`s should allow implicit reads
+ * of `c` at sinks and inputs to additional taint steps.
+ */
+bindingset[node]
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
+
 private module Cached {
  /**
   * Holds if the additional step from `nodeFrom` to `nodeTo` should be included in all
--- a/python/ql/src/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll
@@ -105,6 +105,11 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+    defaultImplicitTaintRead(node, c)
+  }
+
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/python/ql/src/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll
@@ -105,6 +105,11 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+    defaultImplicitTaintRead(node, c)
+  }
+
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/python/ql/src/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll
@@ -105,6 +105,11 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+    defaultImplicitTaintRead(node, c)
+  }
+
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/python/ql/src/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll
@@ -105,6 +105,11 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
+    defaultImplicitTaintRead(node, c)
+  }
+
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */