From 747cd1745a43b621d80434c0beeb8b323f60ada8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 4 Aug 2023 13:32:46 +0200 Subject: [PATCH] Update all languages to use the shared taint-tracking library --- config/identical-files.json | 8 -- .../code/csharp/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../internal/TaintTrackingPrivate.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../lib/semmle/go/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../code/java/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../dataflow/internal/TaintTrackingUtil.qll | 2 +- .../python/dataflow/new/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../new/internal/TaintTrackingPrivate.qll | 2 +- .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- ruby/ql/lib/codeql/ruby/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 10 +++ .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- .../codeql/swift/dataflow/TaintTracking.qll | 6 +- .../internal/TaintTrackingImplSpecific.qll | 11 +++ .../internal/tainttracking1/TaintTracking.qll | 75 ------------------- 22 files changed, 95 insertions(+), 393 deletions(-) create mode 100644 csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll create mode 100644 python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll delete mode 100644 python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll create mode 100644 ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll create mode 100644 swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll delete mode 100644 swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll diff --git a/config/identical-files.json b/config/identical-files.json index 2b8840a63f3..84b50a0c502 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -33,14 +33,6 @@ "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll", "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll" ], - "TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [ - "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll", - "go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll", - "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll", - "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll", - "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll" - ], "TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [ "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll", diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll index 57f499ffa21..7243d36b05d 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll @@ -6,6 +6,10 @@ import csharp module TaintTracking { - import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..783b61befca --- /dev/null +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C#-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module CsharpTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 53b61ed5974..d7e2444c7d5 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -25,7 +25,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll index 2f0bb5ea116..2c028a0e34a 100644 --- a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll +++ b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll @@ -10,6 +10,10 @@ import semmle.go.dataflow.DataFlow * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import semmle.go.dataflow.internal.tainttracking1.TaintTracking + import semmle.go.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.go.dataflow.internal.DataFlowImplSpecific + private import semmle.go.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.go.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..5a0bb940aa9 --- /dev/null +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Go-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module GoTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 21d3f482f6c..1f453c8c8f0 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -47,7 +47,7 @@ private Type getElementType(Type containerType) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(Type containerType | node instanceof DataFlow::ArgumentNode and getElementType*(node.getType()) = containerType diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll index 37a26bf38bf..ad7b88381a8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll @@ -8,6 +8,10 @@ import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule module TaintTracking { - import semmle.code.java.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.java.dataflow.internal.DataFlowImplSpecific + private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..29705d8ab7d --- /dev/null +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Java-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module JavaTaintTracking implements TaintTrackingParameter { + import TaintTrackingUtil +} diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 6f8dbb1771b..5d609087c93 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -177,7 +177,7 @@ private RefType getElementType(RefType container) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(RefType container | (node.asExpr() instanceof Argument or node instanceof ArgumentNode) and getElementType*(node.getType()) = container diff --git a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll index 6b7a2303559..aa80e7c7148 100644 --- a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll @@ -15,6 +15,10 @@ private import python * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import internal.tainttracking1.TaintTracking + import semmle.python.dataflow.new.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.python.dataflow.new.internal.DataFlowImplSpecific + private import semmle.python.dataflow.new.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import internal.tainttracking1.TaintTrackingImpl } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..bf5a5b968a9 --- /dev/null +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Python-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module PythonTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 3a23f790a44..4b90d0d82d3 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -16,7 +16,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private module Cached { /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/ruby/ql/lib/codeql/ruby/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/TaintTracking.qll index 7746fcff835..461a423e1f1 100644 --- a/ruby/ql/lib/codeql/ruby/TaintTracking.qll +++ b/ruby/ql/lib/codeql/ruby/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.ruby.dataflow.internal.tainttracking1.TaintTracking + import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.ruby.dataflow.internal.DataFlowImplSpecific + private import codeql.ruby.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..33d1ebae0f8 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Ruby-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module RubyTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate +} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll index 3ac71370495..2dcb4e239c6 100644 --- a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll +++ b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.swift.dataflow.internal.tainttracking1.TaintTracking + import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.swift.dataflow.internal.DataFlowImplSpecific + private import codeql.swift.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 00000000000..5ad0dc787e9 --- /dev/null +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,11 @@ +/** + * Provides Swift-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTrackingParameter +private import DataFlowImplSpecific + +module SwiftTaintTracking implements TaintTrackingParameter { + import TaintTrackingPrivate + import TaintTrackingPublic +} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a0137682..00000000000 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -}