Simplify sink configuration

2025-12-21 11:16:30 +01:00 · 2021-09-30 16:26:04 +02:00
parent 1a4fd7bc7d
commit 7a7ec06819
2 changed files with 7 additions and 13 deletions
--- a/java/ql/src/utils/model-generator/CaptureSinkModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSinkModels.ql
@@ -15,28 +15,22 @@ class PropagateToSinkConfiguration extends TaintTracking::Configuration {
  PropagateToSinkConfiguration() { this = "public methods calling sinks" }

  override predicate isSource(DataFlow::Node source) {
-    exists(MethodAccess ma |
-      ma.getAChildExpr() = source.asExpr() and
-      ma.getAnEnclosingStmt().getEnclosingCallable().isPublic() and
-      ma.getAnEnclosingStmt().getEnclosingCallable().fromSource()
-    )
+    source.asParameter().getCallable().isPublic()
  }

  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
 }

-string asInputArgument(Expr source) {
-  result = "Argument[" + source.(Argument).getPosition() + "]"
-  or
-  result = "Argument[" + source.(VarAccess).getVariable().(Parameter).getPosition() + "]"
+string asInputArgument(DataFlow::Node source) {
+  result = "Argument[" + source.asParameter().getPosition() + "]"
 }

 string captureSink(Callable api) {
  exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
    config.hasFlow(src, sink) and
    sinkNode(sink, kind) and
-    api = src.asExpr().getEnclosingCallable() and
-    result = asSinkModel(api, asInputArgument(src.asExpr()), kind)
+    api = src.asParameter().getCallable() and
+    result = asSinkModel(api, asInputArgument(src), kind)
  )
 }