mirror of
https://github.com/github/codeql.git
synced 2026-04-27 01:35:13 +02:00
mass rename to ActiveThreatModelSource
This commit is contained in:
Rasmus Wriedt Larsen
@@ -40,7 +40,7 @@ class Log4jInjectionSanitizer extends DataFlow::Node instanceof SimpleTypeSaniti
|
||||
* A taint-tracking configuration for tracking untrusted user input used in log entries.
|
||||
*/
|
||||
module Log4jInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof Log4jInjectionSink }
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ class UrlConstructor extends ClassInstanceExpr {
|
||||
}
|
||||
|
||||
module RemoteUrlToOpenStreamFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodCall m |
|
||||
|
||||
@@ -50,7 +50,7 @@ class NormalizedPathNode extends DataFlow::Node {
|
||||
}
|
||||
|
||||
module InjectFilePathConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
sink instanceof TaintedPathSink and
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
import CommandInjectionRuntimeExec
|
||||
import ExecUserFlow::PathGraph
|
||||
|
||||
class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
|
||||
class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
|
||||
|
||||
from
|
||||
ExecUserFlow::PathNode source, ExecUserFlow::PathNode sink, DataFlow::Node sourceCmd,
|
||||
|
||||
@@ -21,7 +21,7 @@ private import semmle.code.java.security.Sanitizers
|
||||
import MyBatisAnnotationSqlInjectionFlow::PathGraph
|
||||
|
||||
private module MyBatisAnnotationSqlInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisAnnotatedMethodCallArgument }
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ private import semmle.code.java.security.Sanitizers
|
||||
import MyBatisMapperXmlSqlInjectionFlow::PathGraph
|
||||
|
||||
private module MyBatisMapperXmlSqlInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisMapperMethodCallAnArgument }
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking
|
||||
import BeanShellInjectionFlow::PathGraph
|
||||
|
||||
module BeanShellInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof BeanShellInjectionSink }
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.java.dataflow.TaintTracking
|
||||
import JShellInjectionFlow::PathGraph
|
||||
|
||||
module JShellInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof JShellInjectionSink }
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ import semmle.code.java.dataflow.TaintTracking
|
||||
* that is used to construct and evaluate an expression.
|
||||
*/
|
||||
module JakartaExpressionInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof ExpressionEvaluationSink }
|
||||
|
||||
|
||||
@@ -99,17 +99,17 @@ class CodeInjectionSink extends DataFlow::ExprNode {
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint configuration for tracking flow from `ThreatModelFlowSource` to a Jython method call
|
||||
* A taint configuration for tracking flow from `ActiveThreatModelSource` to a Jython method call
|
||||
* `CodeInjectionSink` that executes injected code.
|
||||
*/
|
||||
module CodeInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink }
|
||||
}
|
||||
|
||||
/**
|
||||
* Taint tracking flow from `ThreatModelFlowSource` to a Jython method call
|
||||
* Taint tracking flow from `ActiveThreatModelSource` to a Jython method call
|
||||
* `CodeInjectionSink` that executes injected code.
|
||||
*/
|
||||
module CodeInjectionFlow = TaintTracking::Global<CodeInjectionConfig>;
|
||||
|
||||
@@ -131,11 +131,11 @@ class ScriptInjectionSink extends DataFlow::ExprNode {
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint tracking configuration that tracks flow from `ThreatModelFlowSource` to an argument
|
||||
* A taint tracking configuration that tracks flow from `ActiveThreatModelSource` to an argument
|
||||
* of a method call that executes injected script.
|
||||
*/
|
||||
module ScriptInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof ScriptInjectionSink }
|
||||
}
|
||||
|
||||
@@ -42,7 +42,7 @@ class PortletRenderRequestMethod extends Method {
|
||||
*/
|
||||
module SpringViewManipulationConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source instanceof ThreatModelFlowSource or
|
||||
source instanceof ActiveThreatModelSource or
|
||||
source instanceof WebRequestSource or
|
||||
source.asExpr().(MethodCall).getMethod() instanceof PortletRenderRequestMethod
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ import AndroidWebResourceResponse
|
||||
import InsecureWebResourceResponseFlow::PathGraph
|
||||
|
||||
module InsecureWebResourceResponseConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink }
|
||||
|
||||
|
||||
@@ -148,7 +148,7 @@ private predicate updateMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::N
|
||||
* such as cipher, MAC or signature.
|
||||
*/
|
||||
private module UserInputInCryptoOperationConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(ProduceCryptoCall call | call.getQualifier() = sink.asExpr())
|
||||
@@ -214,7 +214,7 @@ private class NonConstantTimeComparisonCall extends StaticMethodCall {
|
||||
* that compare inputs using a non-constant-time algorithm.
|
||||
*/
|
||||
private module UserInputInComparisonConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(NonConstantTimeEqualsCall call |
|
||||
|
||||
@@ -63,7 +63,7 @@ module CorsSourceReachesCheckConfig implements DataFlow::ConfigSig {
|
||||
module CorsSourceReachesCheckFlow = TaintTracking::Global<CorsSourceReachesCheckConfig>;
|
||||
|
||||
private module CorsOriginConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodCall corsHeader, MethodCall allowCredentialsHeader |
|
||||
|
||||
@@ -22,7 +22,7 @@ import RequestResponseFlow::PathGraph
|
||||
/** Taint-tracking configuration tracing flow from get method request sources to output jsonp data. */
|
||||
module RequestResponseFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source instanceof ThreatModelFlowSource and
|
||||
source instanceof ActiveThreatModelSource and
|
||||
any(RequestGetMethod m).polyCalls*(source.getEnclosingCallable())
|
||||
}
|
||||
|
||||
|
||||
@@ -79,7 +79,7 @@ class JsonpBuilderExpr extends AddExpr {
|
||||
|
||||
/** A data flow configuration tracing flow from threat model sources to jsonp function name. */
|
||||
module ThreatModelFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node src) { src instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(JsonpBuilderExpr jhe | jhe.getFunctionName() = sink.asExpr())
|
||||
|
||||
@@ -17,7 +17,7 @@ import ThreadResourceAbuseFlow::PathGraph
|
||||
|
||||
/** Taint configuration of uncontrolled thread resource consumption. */
|
||||
module ThreadResourceAbuseConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof PauseThreadSink }
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ private predicate equalsSanitizer(Guard g, Expr e, boolean branch) {
|
||||
}
|
||||
|
||||
module UnsafeReflectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeReflectionSink }
|
||||
|
||||
|
||||
@@ -65,9 +65,9 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode {
|
||||
}
|
||||
}
|
||||
|
||||
/** Taint configuration of uncaught exceptions caused by user provided data from `ThreatModelFlowSource` */
|
||||
/** Taint configuration of uncaught exceptions caused by user provided data from `ActiveThreatModelSource` */
|
||||
module UncaughtServletExceptionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof UncaughtServletExceptionSink }
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ private predicate startsWithSanitizer(Guard g, Expr e, boolean branch) {
|
||||
}
|
||||
|
||||
module SpringUrlRedirectFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof SpringUrlRedirectSink }
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ import XQueryInjectionFlow::PathGraph
|
||||
* A taint-tracking configuration tracing flow from remote sources, through an XQuery parser, to its eventual execution.
|
||||
*/
|
||||
module XQueryInjectionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
sink.asExpr() = any(XQueryPreparedExecuteCall xpec).getPreparedExpression() or
|
||||
|
||||
@@ -24,7 +24,7 @@ import NfeLocalDoSFlow::PathGraph
|
||||
*/
|
||||
module NfeLocalDoSConfig implements DataFlow::ConfigSig {
|
||||
/** Holds if source is a remote flow source */
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
|
||||
|
||||
/** Holds if NFE is thrown but not caught */
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
Reference in New Issue
Block a user