Refactor the traint-tracking library to follow the dataflow library refactoring

2026-04-26 01:05:15 +02:00 · 2023-08-07 15:23:15 +02:00
parent 5d2984b7a5
commit 8b6a7985db
10 changed files with 44 additions and 50 deletions
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides C++-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module CppOldTaintTracking implements TaintTrackingParameter<CppOldDataFlow> {
+module CppOldTaintTracking implements InputSig<CppOldDataFlow> {
  import TaintTrackingUtil
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides C++-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module CppTaintTracking implements TaintTrackingParameter<CppDataFlow> {
+module CppTaintTracking implements InputSig<CppDataFlow> {
  import TaintTrackingUtil
 }
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides C#-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module CsharpTaintTracking implements TaintTrackingParameter<CsharpDataFlow> {
+module CsharpTaintTracking implements InputSig<CsharpDataFlow> {
  import TaintTrackingPrivate
 }
--- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides Go-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module GoTaintTracking implements TaintTrackingParameter<GoDataFlow> {
+module GoTaintTracking implements InputSig<GoDataFlow> {
  import TaintTrackingUtil
 }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides Java-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module JavaTaintTracking implements TaintTrackingParameter<JavaDataFlow> {
+module JavaTaintTracking implements InputSig<JavaDataFlow> {
  import TaintTrackingUtil
 }
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides Python-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module PythonTaintTracking implements TaintTrackingParameter<PythonDataFlow> {
+module PythonTaintTracking implements InputSig<PythonDataFlow> {
  import TaintTrackingPrivate
 }
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,9 +2,9 @@
 * Provides Ruby-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module RubyTaintTracking implements TaintTrackingParameter<RubyDataFlow> {
+module RubyTaintTracking implements InputSig<RubyDataFlow> {
  import TaintTrackingPrivate
 }
--- a/shared/dataflow/codeql/dataflow/TaintTracking.qll
+++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll
@@ -3,19 +3,39 @@
 * global (inter-procedural) taint-tracking analyses.
 */

-private import DataFlow
-private import DataFlowImpl
-private import DataFlowParameter
-import TaintTrackingParameter
+private import DataFlow as DF
+private import internal.DataFlowImpl
+
+/**
+ * Provides language-specific taint-tracking parameters.
+ */
+signature module InputSig<DF::InputSig Lang> {
+  /**
+   * Holds if `node` should be a sanitizer in all global taint flow configurations
+   * but not in local taint.
+   */
+  predicate defaultTaintSanitizer(Lang::Node node);
+
+  /**
+   * Holds if the additional step from `src` to `sink` should be included in all
+   * global taint flow configurations.
+   */
+  predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink);
+
+  /**
+   * Holds if taint flow configurations should allow implicit reads of `c` at sinks
+   * and inputs to additional taint steps.
+   */
+  bindingset[node]
+  predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c);
+}

 /**
 * Construct the modules for taint-tracking analyses.
 */
-module TaintFlowMake<
-  DataFlowParameter DataFlowLang, TaintTrackingParameter<DataFlowLang> TaintTrackingLang>
-{
+module TaintFlowMake<DF::InputSig DataFlowLang, InputSig<DataFlowLang> TaintTrackingLang> {
  private import TaintTrackingLang
-  private import DataFlowMake<DataFlowLang> as DataFlow
+  private import DF::DataFlowMake<DataFlowLang> as DataFlow
  private import MakeImpl<DataFlowLang> as DataFlowInternal

  private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
--- a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll
+++ b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll
@@ -1,26 +0,0 @@
-/**
- * Provides the signature for the language-specific parts of the taint-tracking analyses.
- */
-
-import DataFlowParameter
-
-signature module TaintTrackingParameter<DataFlowParameter Lang> {
-  /**
-   * Holds if `node` should be a sanitizer in all global taint flow configurations
-   * but not in local taint.
-   */
-  predicate defaultTaintSanitizer(Lang::Node node);
-
-  /**
-   * Holds if the additional step from `src` to `sink` should be included in all
-   * global taint flow configurations.
-   */
-  predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink);
-
-  /**
-   * Holds if taint flow configurations should allow implicit reads of `c` at sinks
-   * and inputs to additional taint steps.
-   */
-  bindingset[node]
-  predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c);
-}
--- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll
@@ -2,10 +2,10 @@
 * Provides Swift-specific definitions for use in the taint tracking library.
 */

-private import codeql.dataflow.TaintTrackingParameter
+private import codeql.dataflow.TaintTracking
 private import DataFlowImplSpecific

-module SwiftTaintTracking implements TaintTrackingParameter<SwiftDataFlow> {
+module SwiftTaintTracking implements InputSig<SwiftDataFlow> {
  import TaintTrackingPrivate
  import TaintTrackingPublic
 }