From 8b6a7985dbeae97040020fc058cc66fd53d3aa02 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Aug 2023 15:23:15 +0200 Subject: [PATCH] Refactor the traint-tracking library to follow the dataflow library refactoring --- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../internal/TaintTrackingImplSpecific.qll | 4 +-- .../codeql/dataflow/TaintTracking.qll | 36 ++++++++++++++----- .../dataflow/TaintTrackingParameter.qll | 26 -------------- .../internal/TaintTrackingImplSpecific.qll | 4 +-- 10 files changed, 44 insertions(+), 50 deletions(-) delete mode 100644 shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll index 41edb96f573..3f917d69802 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C++-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CppOldTaintTracking implements TaintTrackingParameter { +module CppOldTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll index 70ce12c1dc2..f62468087b9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C++-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CppTaintTracking implements TaintTrackingParameter { +module CppTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll index 783b61befca..17a0d2c3c1a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides C#-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module CsharpTaintTracking implements TaintTrackingParameter { +module CsharpTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll index 5a0bb940aa9..f52499df232 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Go-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module GoTaintTracking implements TaintTrackingParameter { +module GoTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll index 29705d8ab7d..ba30b102a20 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Java-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module JavaTaintTracking implements TaintTrackingParameter { +module JavaTaintTracking implements InputSig { import TaintTrackingUtil } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll index bf5a5b968a9..6f65d234344 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Python-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module PythonTaintTracking implements TaintTrackingParameter { +module PythonTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll index 33d1ebae0f8..fe733ee5d95 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,9 +2,9 @@ * Provides Ruby-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module RubyTaintTracking implements TaintTrackingParameter { +module RubyTaintTracking implements InputSig { import TaintTrackingPrivate } diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 84c8c859d06..73960fbca1d 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -3,19 +3,39 @@ * global (inter-procedural) taint-tracking analyses. */ -private import DataFlow -private import DataFlowImpl -private import DataFlowParameter -import TaintTrackingParameter +private import DataFlow as DF +private import internal.DataFlowImpl + +/** + * Provides language-specific taint-tracking parameters. + */ +signature module InputSig { + /** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ + predicate defaultTaintSanitizer(Lang::Node node); + + /** + * Holds if the additional step from `src` to `sink` should be included in all + * global taint flow configurations. + */ + predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); + + /** + * Holds if taint flow configurations should allow implicit reads of `c` at sinks + * and inputs to additional taint steps. + */ + bindingset[node] + predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); +} /** * Construct the modules for taint-tracking analyses. */ -module TaintFlowMake< - DataFlowParameter DataFlowLang, TaintTrackingParameter TaintTrackingLang> -{ +module TaintFlowMake TaintTrackingLang> { private import TaintTrackingLang - private import DataFlowMake as DataFlow + private import DF::DataFlowMake as DataFlow private import MakeImpl as DataFlowInternal private module AddTaintDefaults implements diff --git a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll b/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll deleted file mode 100644 index ffeb9f82d98..00000000000 --- a/shared/dataflow/codeql/dataflow/TaintTrackingParameter.qll +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Provides the signature for the language-specific parts of the taint-tracking analyses. - */ - -import DataFlowParameter - -signature module TaintTrackingParameter { - /** - * Holds if `node` should be a sanitizer in all global taint flow configurations - * but not in local taint. - */ - predicate defaultTaintSanitizer(Lang::Node node); - - /** - * Holds if the additional step from `src` to `sink` should be included in all - * global taint flow configurations. - */ - predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); - - /** - * Holds if taint flow configurations should allow implicit reads of `c` at sinks - * and inputs to additional taint steps. - */ - bindingset[node] - predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); -} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll index 5ad0dc787e9..fd00fa5e8f1 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll @@ -2,10 +2,10 @@ * Provides Swift-specific definitions for use in the taint tracking library. */ -private import codeql.dataflow.TaintTrackingParameter +private import codeql.dataflow.TaintTracking private import DataFlowImplSpecific -module SwiftTaintTracking implements TaintTrackingParameter { +module SwiftTaintTracking implements InputSig { import TaintTrackingPrivate import TaintTrackingPublic }