Convert to using the new DataFlow modules

2026-05-04 21:25:44 +02:00 · 2023-03-08 21:50:09 -05:00
parent 05da1dc4a3
commit 6a0167fa7f
3 changed files with 23 additions and 23 deletions
--- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
@@ -9,14 +9,12 @@ import semmle.code.java.security.InsecureLdapAuth
 /**
 * A taint-tracking configuration for `ldap://` URL in LDAP authentication.
 */
-class InsecureUrlFlowConfig extends TaintTracking::Configuration {
-  InsecureUrlFlowConfig() { this = "InsecureLdapAuth:InsecureUrlFlowConfig" }
-
+private module InsecureUrlFlowConfig implements DataFlow::ConfigSig {
  /** Source of `ldap://` connection string. */
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof InsecureLdapUrl }
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof InsecureLdapUrl }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
@@ -24,7 +22,7 @@ class InsecureUrlFlowConfig extends TaintTracking::Configuration {
  }

  /** Method call of `env.put()`. */
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
    exists(MethodAccess ma |
      pred.asExpr() = ma.getArgument(1) and
      isProviderUrlSetter(ma) and
@@ -33,21 +31,21 @@ class InsecureUrlFlowConfig extends TaintTracking::Configuration {
  }
 }

+module InsecureUrlFlowConfiguration = TaintTracking::Make<InsecureUrlFlowConfig>;
+
 /**
 * A taint-tracking configuration for `simple` basic-authentication in LDAP configuration.
 */
-class BasicAuthFlowConfig extends DataFlow::Configuration {
-  BasicAuthFlowConfig() { this = "InsecureLdapAuth:BasicAuthFlowConfig" }
-
+private module BasicAuthFlowConfig implements DataFlow::ConfigSig {
  /** Source of `simple` configuration. */
-  override predicate isSource(DataFlow::Node src) {
+  predicate isSource(DataFlow::Node src) {
    exists(MethodAccess ma |
      isBasicAuthEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
    )
  }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
@@ -55,24 +53,26 @@ class BasicAuthFlowConfig extends DataFlow::Configuration {
  }
 }

+module BasicAuthFlowConfiguration = DataFlow::Make<BasicAuthFlowConfig>;
+
 /**
 * A taint-tracking configuration for `ssl` configuration in LDAP authentication.
 */
-class SslFlowConfig extends DataFlow::Configuration {
-  SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
-
+private module SslFlowConfig implements DataFlow::ConfigSig {
  /** Source of `ssl` configuration. */
-  override predicate isSource(DataFlow::Node src) {
+  predicate isSource(DataFlow::Node src) {
    exists(MethodAccess ma |
      isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
    )
  }

  /** Sink of directory context creation. */
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    exists(ConstructorCall cc |
      cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and
      sink.asExpr() = cc.getArgument(0)
    )
  }
 }
+
+module SslFlowConfiguration = DataFlow::Make<SslFlowConfig>;