Convert to using the new DataFlow modules

2026-04-29 10:45:15 +02:00 · 2023-03-08 21:50:09 -05:00
parent 05da1dc4a3
commit 6a0167fa7f
3 changed files with 23 additions and 23 deletions
--- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
@@ -9,14 +9,12 @@ import semmle.code.java.security.InsecureLdapAuth
 /**
 * A taint-tracking configuration for `ldap://` URL in LDAP authentication.
 */
-class InsecureUrlFlowConfig extends TaintTracking::Configuration {
-  InsecureUrlFlowConfig() { this = "InsecureLdapAuth:InsecureUrlFlowConfig" }
-
+private module InsecureUrlFlowConfig implements DataFlow::ConfigSig {
  /** Source of `ldap://` connection string. */
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof InsecureLdapUrl }
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof InsecureLdapUrl }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
@@ -24,7 +22,7 @@ class InsecureUrlFlowConfig extends TaintTracking::Configuration {
  }

  /** Method call of `env.put()`. */
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
    exists(MethodAccess ma |
      pred.asExpr() = ma.getArgument(1) and
      isProviderUrlSetter(ma) and
@@ -33,21 +31,21 @@ class InsecureUrlFlowConfig extends TaintTracking::Configuration {
  }
 }

+module InsecureUrlFlowConfiguration = TaintTracking::Make<InsecureUrlFlowConfig>;
+
 /**
 * A taint-tracking configuration for `simple` basic-authentication in LDAP configuration.
 */
-class BasicAuthFlowConfig extends DataFlow::Configuration {
-  BasicAuthFlowConfig() { this = "InsecureLdapAuth:BasicAuthFlowConfig" }
-
+private module BasicAuthFlowConfig implements DataFlow::ConfigSig {
  /** Source of `simple` configuration. */
-  override predicate isSource(DataFlow::Node src) {
+  predicate isSource(DataFlow::Node src) {
    exists(MethodAccess ma |
      isBasicAuthEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
    )
  }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
@@ -55,24 +53,26 @@ class BasicAuthFlowConfig extends DataFlow::Configuration {
  }
 }

+module BasicAuthFlowConfiguration = DataFlow::Make<BasicAuthFlowConfig>;
+
 /**
 * A taint-tracking configuration for `ssl` configuration in LDAP authentication.
 */
-class SslFlowConfig extends DataFlow::Configuration {
-  SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
-
+private module SslFlowConfig implements DataFlow::ConfigSig {
  /** Source of `ssl` configuration. */
-  override predicate isSource(DataFlow::Node src) {
+  predicate isSource(DataFlow::Node src) {
    exists(MethodAccess ma |
      isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
    )
  }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
    )
  }
 }
+
+module SslFlowConfiguration = DataFlow::Make<SslFlowConfig>;
--- a/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+++ b/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -15,10 +15,10 @@ import java
 import semmle.code.java.security.InsecureLdapAuthQuery
 import DataFlow::PathGraph

-from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureUrlFlowConfig config
+from InsecureUrlFlowConfiguration::PathNode source, InsecureUrlFlowConfiguration::PathNode sink
 where
-  config.hasFlowPath(source, sink) and
-  any(BasicAuthFlowConfig bc).hasFlowTo(sink.getNode()) and
-  not any(SslFlowConfig sc).hasFlowTo(sink.getNode())
+  InsecureUrlFlowConfiguration::hasFlowPath(source, sink) and
+  BasicAuthFlowConfiguration::hasFlowTo(sink.getNode()) and
+  not SslFlowConfiguration::hasFlowTo(sink.getNode())
 select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(),
  "LDAP connection string"
--- a/java/ql/test/query-tests/security/CWE-522/InsecureLdapAuthTest.ql
+++ b/java/ql/test/query-tests/security/CWE-522/InsecureLdapAuthTest.ql
@@ -9,9 +9,9 @@ class InsecureLdapAuthenticationTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasInsecureLdapAuth" and
-    exists(DataFlow::Node sink, InsecureUrlFlowConfig conf | conf.hasFlowTo(sink) |
-      any(BasicAuthFlowConfig bc).hasFlowTo(sink) and
-      not any(SslFlowConfig sc).hasFlowTo(sink) and
+    exists(DataFlow::Node sink | InsecureUrlFlowConfiguration::hasFlowTo(sink) |
+      BasicAuthFlowConfiguration::hasFlowTo(sink) and
+      not SslFlowConfiguration::hasFlowTo(sink) and
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""