mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Update all languages to use the shared taint-tracking library
This commit is contained in:
Jeroen Ketema
@@ -33,14 +33,6 @@
|
|||||||
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll",
|
"ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll",
|
||||||
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll"
|
"swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll"
|
||||||
],
|
],
|
||||||
"TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [
|
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll",
|
|
||||||
"go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll",
|
|
||||||
"java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll",
|
|
||||||
"python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll",
|
|
||||||
"ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll",
|
|
||||||
"swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll"
|
|
||||||
],
|
|
||||||
"TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [
|
"TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [
|
||||||
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
|
||||||
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
|
"cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
|
||||||
|
|||||||
@@ -6,6 +6,10 @@
|
|||||||
import csharp
|
import csharp
|
||||||
|
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTracking
|
import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific
|
||||||
|
private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<CsharpDataFlow, CsharpTaintTracking>
|
||||||
import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl
|
import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
/**
|
||||||
|
* Provides C#-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module CsharpTaintTracking implements TaintTrackingParameter<CsharpDataFlow> {
|
||||||
|
import TaintTrackingPrivate
|
||||||
|
}
|
||||||
@@ -25,7 +25,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
|
|||||||
* of `c` at sinks and inputs to additional taint steps.
|
* of `c` at sinks and inputs to additional taint steps.
|
||||||
*/
|
*/
|
||||||
bindingset[node]
|
bindingset[node]
|
||||||
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
|
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
|
||||||
|
|
||||||
private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) {
|
private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) {
|
||||||
src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or
|
src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or
|
||||||
|
|||||||
@@ -1,75 +0,0 @@
|
|||||||
/**
|
|
||||||
* Provides classes for performing local (intra-procedural) and
|
|
||||||
* global (inter-procedural) taint-tracking analyses.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import TaintTrackingParameter::Public
|
|
||||||
private import TaintTrackingParameter::Private
|
|
||||||
|
|
||||||
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
|
|
||||||
DataFlowInternal::FullStateConfigSig
|
|
||||||
{
|
|
||||||
import Config
|
|
||||||
|
|
||||||
predicate isBarrier(DataFlow::Node node) {
|
|
||||||
Config::isBarrier(node) or defaultTaintSanitizer(node)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
||||||
Config::isAdditionalFlowStep(node1, node2) or
|
|
||||||
defaultAdditionalTaintStep(node1, node2)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
||||||
Config::allowImplicitRead(node, c)
|
|
||||||
or
|
|
||||||
(
|
|
||||||
Config::isSink(node) or
|
|
||||||
Config::isSink(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _, _, _)
|
|
||||||
) and
|
|
||||||
defaultImplicitTaintRead(node, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation.
|
|
||||||
*/
|
|
||||||
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import DataFlowInternal::DefaultState<Config>
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `Global` instead. */
|
|
||||||
deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import Global<Config>
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation using flow state.
|
|
||||||
*/
|
|
||||||
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `GlobalWithState` instead. */
|
|
||||||
deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import GlobalWithState<Config>
|
|
||||||
}
|
|
||||||
@@ -10,6 +10,10 @@ import semmle.go.dataflow.DataFlow
|
|||||||
* global (inter-procedural) taint-tracking analyses.
|
* global (inter-procedural) taint-tracking analyses.
|
||||||
*/
|
*/
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import semmle.go.dataflow.internal.tainttracking1.TaintTracking
|
import semmle.go.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import semmle.go.dataflow.internal.DataFlowImplSpecific
|
||||||
|
private import semmle.go.dataflow.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<GoDataFlow, GoTaintTracking>
|
||||||
import semmle.go.dataflow.internal.tainttracking1.TaintTrackingImpl
|
import semmle.go.dataflow.internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
/**
|
||||||
|
* Provides Go-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module GoTaintTracking implements TaintTrackingParameter<GoDataFlow> {
|
||||||
|
import TaintTrackingUtil
|
||||||
|
}
|
||||||
@@ -47,7 +47,7 @@ private Type getElementType(Type containerType) {
|
|||||||
* of `c` at sinks and inputs to additional taint steps.
|
* of `c` at sinks and inputs to additional taint steps.
|
||||||
*/
|
*/
|
||||||
bindingset[node]
|
bindingset[node]
|
||||||
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) {
|
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
||||||
exists(Type containerType |
|
exists(Type containerType |
|
||||||
node instanceof DataFlow::ArgumentNode and
|
node instanceof DataFlow::ArgumentNode and
|
||||||
getElementType*(node.getType()) = containerType
|
getElementType*(node.getType()) = containerType
|
||||||
|
|||||||
@@ -1,75 +0,0 @@
|
|||||||
/**
|
|
||||||
* Provides classes for performing local (intra-procedural) and
|
|
||||||
* global (inter-procedural) taint-tracking analyses.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import TaintTrackingParameter::Public
|
|
||||||
private import TaintTrackingParameter::Private
|
|
||||||
|
|
||||||
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
|
|
||||||
DataFlowInternal::FullStateConfigSig
|
|
||||||
{
|
|
||||||
import Config
|
|
||||||
|
|
||||||
predicate isBarrier(DataFlow::Node node) {
|
|
||||||
Config::isBarrier(node) or defaultTaintSanitizer(node)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
||||||
Config::isAdditionalFlowStep(node1, node2) or
|
|
||||||
defaultAdditionalTaintStep(node1, node2)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
||||||
Config::allowImplicitRead(node, c)
|
|
||||||
or
|
|
||||||
(
|
|
||||||
Config::isSink(node) or
|
|
||||||
Config::isSink(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _, _, _)
|
|
||||||
) and
|
|
||||||
defaultImplicitTaintRead(node, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation.
|
|
||||||
*/
|
|
||||||
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import DataFlowInternal::DefaultState<Config>
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `Global` instead. */
|
|
||||||
deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import Global<Config>
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation using flow state.
|
|
||||||
*/
|
|
||||||
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `GlobalWithState` instead. */
|
|
||||||
deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import GlobalWithState<Config>
|
|
||||||
}
|
|
||||||
@@ -8,6 +8,10 @@ import semmle.code.java.dataflow.DataFlow2
|
|||||||
import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule
|
import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule
|
||||||
|
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import semmle.code.java.dataflow.internal.tainttracking1.TaintTracking
|
import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
|
||||||
|
private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<JavaDataFlow, JavaTaintTracking>
|
||||||
import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl
|
import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
/**
|
||||||
|
* Provides Java-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module JavaTaintTracking implements TaintTrackingParameter<JavaDataFlow> {
|
||||||
|
import TaintTrackingUtil
|
||||||
|
}
|
||||||
@@ -177,7 +177,7 @@ private RefType getElementType(RefType container) {
|
|||||||
* of `c` at sinks and inputs to additional taint steps.
|
* of `c` at sinks and inputs to additional taint steps.
|
||||||
*/
|
*/
|
||||||
bindingset[node]
|
bindingset[node]
|
||||||
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) {
|
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
||||||
exists(RefType container |
|
exists(RefType container |
|
||||||
(node.asExpr() instanceof Argument or node instanceof ArgumentNode) and
|
(node.asExpr() instanceof Argument or node instanceof ArgumentNode) and
|
||||||
getElementType*(node.getType()) = container
|
getElementType*(node.getType()) = container
|
||||||
|
|||||||
@@ -15,6 +15,10 @@ private import python
|
|||||||
* global (inter-procedural) taint-tracking analyses.
|
* global (inter-procedural) taint-tracking analyses.
|
||||||
*/
|
*/
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import internal.tainttracking1.TaintTracking
|
import semmle.python.dataflow.new.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import semmle.python.dataflow.new.internal.DataFlowImplSpecific
|
||||||
|
private import semmle.python.dataflow.new.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<PythonDataFlow, PythonTaintTracking>
|
||||||
import internal.tainttracking1.TaintTrackingImpl
|
import internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
/**
|
||||||
|
* Provides Python-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module PythonTaintTracking implements TaintTrackingParameter<PythonDataFlow> {
|
||||||
|
import TaintTrackingPrivate
|
||||||
|
}
|
||||||
@@ -16,7 +16,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
|
|||||||
* of `c` at sinks and inputs to additional taint steps.
|
* of `c` at sinks and inputs to additional taint steps.
|
||||||
*/
|
*/
|
||||||
bindingset[node]
|
bindingset[node]
|
||||||
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
|
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
|
||||||
|
|
||||||
private module Cached {
|
private module Cached {
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -1,75 +0,0 @@
|
|||||||
/**
|
|
||||||
* Provides classes for performing local (intra-procedural) and
|
|
||||||
* global (inter-procedural) taint-tracking analyses.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import TaintTrackingParameter::Public
|
|
||||||
private import TaintTrackingParameter::Private
|
|
||||||
|
|
||||||
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
|
|
||||||
DataFlowInternal::FullStateConfigSig
|
|
||||||
{
|
|
||||||
import Config
|
|
||||||
|
|
||||||
predicate isBarrier(DataFlow::Node node) {
|
|
||||||
Config::isBarrier(node) or defaultTaintSanitizer(node)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
||||||
Config::isAdditionalFlowStep(node1, node2) or
|
|
||||||
defaultAdditionalTaintStep(node1, node2)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
||||||
Config::allowImplicitRead(node, c)
|
|
||||||
or
|
|
||||||
(
|
|
||||||
Config::isSink(node) or
|
|
||||||
Config::isSink(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _, _, _)
|
|
||||||
) and
|
|
||||||
defaultImplicitTaintRead(node, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation.
|
|
||||||
*/
|
|
||||||
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import DataFlowInternal::DefaultState<Config>
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `Global` instead. */
|
|
||||||
deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import Global<Config>
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation using flow state.
|
|
||||||
*/
|
|
||||||
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `GlobalWithState` instead. */
|
|
||||||
deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import GlobalWithState<Config>
|
|
||||||
}
|
|
||||||
@@ -3,6 +3,10 @@
|
|||||||
* global (inter-procedural) taint-tracking analyses.
|
* global (inter-procedural) taint-tracking analyses.
|
||||||
*/
|
*/
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import codeql.ruby.dataflow.internal.tainttracking1.TaintTracking
|
import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import codeql.ruby.dataflow.internal.DataFlowImplSpecific
|
||||||
|
private import codeql.ruby.dataflow.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<RubyDataFlow, RubyTaintTracking>
|
||||||
import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingImpl
|
import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,10 @@
|
|||||||
|
/**
|
||||||
|
* Provides Ruby-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module RubyTaintTracking implements TaintTrackingParameter<RubyDataFlow> {
|
||||||
|
import TaintTrackingPrivate
|
||||||
|
}
|
||||||
@@ -1,75 +0,0 @@
|
|||||||
/**
|
|
||||||
* Provides classes for performing local (intra-procedural) and
|
|
||||||
* global (inter-procedural) taint-tracking analyses.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import TaintTrackingParameter::Public
|
|
||||||
private import TaintTrackingParameter::Private
|
|
||||||
|
|
||||||
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
|
|
||||||
DataFlowInternal::FullStateConfigSig
|
|
||||||
{
|
|
||||||
import Config
|
|
||||||
|
|
||||||
predicate isBarrier(DataFlow::Node node) {
|
|
||||||
Config::isBarrier(node) or defaultTaintSanitizer(node)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
||||||
Config::isAdditionalFlowStep(node1, node2) or
|
|
||||||
defaultAdditionalTaintStep(node1, node2)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
||||||
Config::allowImplicitRead(node, c)
|
|
||||||
or
|
|
||||||
(
|
|
||||||
Config::isSink(node) or
|
|
||||||
Config::isSink(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _, _, _)
|
|
||||||
) and
|
|
||||||
defaultImplicitTaintRead(node, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation.
|
|
||||||
*/
|
|
||||||
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import DataFlowInternal::DefaultState<Config>
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `Global` instead. */
|
|
||||||
deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import Global<Config>
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation using flow state.
|
|
||||||
*/
|
|
||||||
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `GlobalWithState` instead. */
|
|
||||||
deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import GlobalWithState<Config>
|
|
||||||
}
|
|
||||||
@@ -3,6 +3,10 @@
|
|||||||
* global (inter-procedural) taint-tracking analyses.
|
* global (inter-procedural) taint-tracking analyses.
|
||||||
*/
|
*/
|
||||||
module TaintTracking {
|
module TaintTracking {
|
||||||
import codeql.swift.dataflow.internal.tainttracking1.TaintTracking
|
import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingParameter::Public
|
||||||
|
private import codeql.swift.dataflow.internal.DataFlowImplSpecific
|
||||||
|
private import codeql.swift.dataflow.internal.TaintTrackingImplSpecific
|
||||||
|
private import codeql.dataflow.TaintTracking
|
||||||
|
import TaintFlowMake<SwiftDataFlow, SwiftTaintTracking>
|
||||||
import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingImpl
|
import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingImpl
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,11 @@
|
|||||||
|
/**
|
||||||
|
* Provides Swift-specific definitions for use in the taint tracking library.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import codeql.dataflow.TaintTrackingParameter
|
||||||
|
private import DataFlowImplSpecific
|
||||||
|
|
||||||
|
module SwiftTaintTracking implements TaintTrackingParameter<SwiftDataFlow> {
|
||||||
|
import TaintTrackingPrivate
|
||||||
|
import TaintTrackingPublic
|
||||||
|
}
|
||||||
@@ -1,75 +0,0 @@
|
|||||||
/**
|
|
||||||
* Provides classes for performing local (intra-procedural) and
|
|
||||||
* global (inter-procedural) taint-tracking analyses.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import TaintTrackingParameter::Public
|
|
||||||
private import TaintTrackingParameter::Private
|
|
||||||
|
|
||||||
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
|
|
||||||
DataFlowInternal::FullStateConfigSig
|
|
||||||
{
|
|
||||||
import Config
|
|
||||||
|
|
||||||
predicate isBarrier(DataFlow::Node node) {
|
|
||||||
Config::isBarrier(node) or defaultTaintSanitizer(node)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
|
||||||
Config::isAdditionalFlowStep(node1, node2) or
|
|
||||||
defaultAdditionalTaintStep(node1, node2)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
||||||
Config::allowImplicitRead(node, c)
|
|
||||||
or
|
|
||||||
(
|
|
||||||
Config::isSink(node) or
|
|
||||||
Config::isSink(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _) or
|
|
||||||
Config::isAdditionalFlowStep(node, _, _, _)
|
|
||||||
) and
|
|
||||||
defaultImplicitTaintRead(node, c)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation.
|
|
||||||
*/
|
|
||||||
module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import DataFlowInternal::DefaultState<Config>
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `Global` instead. */
|
|
||||||
deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import Global<Config>
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a global taint tracking computation using flow state.
|
|
||||||
*/
|
|
||||||
module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
private module Config0 implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import Config
|
|
||||||
}
|
|
||||||
|
|
||||||
private module C implements DataFlowInternal::FullStateConfigSig {
|
|
||||||
import AddTaintDefaults<Config0>
|
|
||||||
}
|
|
||||||
|
|
||||||
import DataFlowInternal::Impl<C>
|
|
||||||
}
|
|
||||||
|
|
||||||
/** DEPRECATED: Use `GlobalWithState` instead. */
|
|
||||||
deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
|
|
||||||
import GlobalWithState<Config>
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user