C#: Re-factor LdapInjection to use the new API.

2026-04-08 00:24:03 +02:00 · 2023-03-31 10:46:33 +02:00
parent 91150af11e
commit 73cd7519a2
3 changed files with 33 additions and 9 deletions
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -25,9 +25,11 @@ abstract class Sink extends DataFlow::ExprNode { }
 abstract class Sanitizer extends DataFlow::ExprNode { }

 /**
+ * DEPRECATED: Use `LdapInjection` instead.
+ *
 * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
 */
-class TaintTrackingConfiguration extends TaintTracking::Configuration {
+deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
  TaintTrackingConfiguration() { this = "LDAPInjection" }

  override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -37,6 +39,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 }

+/**
+ * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
+ */
+module LdapInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+}
+
+/**
+ * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
+ */
+module LdapInjection = TaintTracking::Global<LdapInjectionConfig>;
+
 /** A source of remote user input. */
 class RemoteSource extends Source instanceof RemoteFlowSource { }

--- a/Features/CWE-090/LDAPInjection.ql
+++ b/Features/CWE-090/LDAPInjection.ql
@@ -13,9 +13,9 @@

 import csharp
 import semmle.code.csharp.security.dataflow.LDAPInjectionQuery
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import LdapInjection::PathGraph

-from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from LdapInjection::PathNode source, LdapInjection::PathNode sink
+where LdapInjection::flowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
  "user-provided value"
--- a/Features/CWE-090/StoredLDAPInjection.ql
+++ b/Features/CWE-090/StoredLDAPInjection.ql
@@ -14,13 +14,19 @@
 import csharp
 import semmle.code.csharp.security.dataflow.LDAPInjectionQuery
 import semmle.code.csharp.security.dataflow.flowsources.Stored
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import StoredLdapInjection::PathGraph

-class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration {
-  override predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
+module StoredLdapInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
+
+  predicate isSink = LdapInjectionConfig::isSink/1;
+
+  predicate isBarrier = LdapInjectionConfig::isBarrier/1;
 }

-from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+module StoredLdapInjection = TaintTracking::Global<StoredLdapInjectionConfig>;
+
+from StoredLdapInjection::PathNode source, StoredLdapInjection::PathNode sink
+where StoredLdapInjection::flowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
  "stored (potentially user-provided) value"