Refactor query tests

2026-05-05 21:55:19 +02:00 · 2023-04-13 22:07:44 -04:00
parent 93bd2a9409
commit 66f971e70d
3 changed files with 23 additions and 22 deletions
--- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql
@@ -1,22 +1,23 @@
 import java
+import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XSS
 import TestUtilities.InlineExpectationsTest

-class XssConfig extends TaintTracking::Configuration {
-  XssConfig() { this = "XSSConfig" }
+module XssConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
+  predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer }

-  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(XssAdditionalTaintStep s).step(node1, node2)
  }
 }

+module XssFlow = TaintTracking::Global<XssConfig>;
+
 class XssTest extends InlineExpectationsTest {
  XssTest() { this = "XssTest" }

@@ -24,7 +25,7 @@ class XssTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "xss" and
-    exists(DataFlow::Node sink, XssConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | XssFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql
@@ -3,26 +3,26 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.QueryInjection
 import TestUtilities.InlineExpectationsTest

-private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
-  QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) {
+private module QueryInjectionFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) {
    src.asExpr() = any(MethodAccess ma | ma.getMethod().hasName("source"))
  }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
    node.getType() instanceof PrimitiveType or
    node.getType() instanceof BoxedType or
    node.getType() instanceof NumberType
  }

-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
  }
 }

+private module QueryInjectionFlow = TaintTracking::Global<QueryInjectionFlowConfig>;
+
 class HasFlowTest extends InlineExpectationsTest {
  HasFlowTest() { this = "HasFlowTest" }

@@ -30,7 +30,7 @@ class HasFlowTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "sqlInjection" and
-    exists(DataFlow::Node sink, QueryInjectionFlowConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | QueryInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql
@@ -4,14 +4,14 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XPath
 import TestUtilities.InlineExpectationsTest

-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "test:xml:xpathinjection" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }

+module Flow = TaintTracking::Global<Config>;
+
 class HasXPathInjectionTest extends InlineExpectationsTest {
  HasXPathInjectionTest() { this = "HasXPathInjectionTest" }

@@ -19,7 +19,7 @@ class HasXPathInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasXPathInjection" and
-    exists(DataFlow::Node sink, Conf conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | Flow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""