Generally define lower-numbered data-flow configs in terms of higher-numbered ones

Since usually we have DataFlow3::Configurations that stand alone, DataFlow2::Configurations that depend on them, and finally DataFlow::Configurations that produce a top-level query result (for example), qll files where the reverse pattern holds will usually not be concurrently importable due to dataflow configuration recursion prevention.
2025-12-17 01:03:14 +01:00 · 2022-04-15 09:25:40 +01:00
parent 27d87e9300
commit 90505949c7
4 changed files with 9 additions and 9 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll
@@ -30,7 +30,7 @@ class Yaml extends RefType {
  Yaml() { this.getAnAncestor().hasQualifiedName("org.yaml.snakeyaml", "Yaml") }
 }

-private class SafeYamlConstructionFlowConfig extends DataFlow2::Configuration {
+private class SafeYamlConstructionFlowConfig extends DataFlow3::Configuration {
  SafeYamlConstructionFlowConfig() { this = "SnakeYaml::SafeYamlConstructionFlowConfig" }

  override predicate isSource(DataFlow::Node src) {
@@ -65,7 +65,7 @@ private class SnakeYamlParse extends MethodAccess {
  }
 }

-private class SafeYamlFlowConfig extends DataFlow3::Configuration {
+private class SafeYamlFlowConfig extends DataFlow2::Configuration {
  SafeYamlFlowConfig() { this = "SnakeYaml::SafeYamlFlowConfig" }

  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeYaml }
--- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll
@@ -2,9 +2,9 @@

 import java
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.DataFlow3
+import semmle.code.java.dataflow.DataFlow2
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.TaintTracking2
+import semmle.code.java.dataflow.TaintTracking3
 import semmle.code.java.security.AndroidIntentRedirection

 /**
@@ -38,7 +38,7 @@ private class OriginalIntentSanitizer extends IntentRedirectionSanitizer {
 * Data flow configuration used to discard incoming Intents
 * flowing directly to sinks that start Android components.
 */
-private class SameIntentBeingRelaunchedConfiguration extends DataFlow3::Configuration {
+private class SameIntentBeingRelaunchedConfiguration extends DataFlow2::Configuration {
  SameIntentBeingRelaunchedConfiguration() { this = "SameIntentBeingRelaunchedConfiguration" }

  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
@@ -74,7 +74,7 @@ private class IntentWithTaintedComponent extends DataFlow::Node {
 /**
 * A taint tracking configuration for tainted data flowing to an `Intent`'s component.
 */
-private class TaintedIntentComponentConf extends TaintTracking2::Configuration {
+private class TaintedIntentComponentConf extends TaintTracking3::Configuration {
  TaintedIntentComponentConf() { this = "TaintedIntentComponentConf" }

  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll
@@ -3,7 +3,6 @@
 import java
 import semmle.code.java.frameworks.JAXB
 import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.DataFlow2
 import semmle.code.java.security.CleartextStorageQuery
 import semmle.code.java.security.CleartextStoragePropertiesQuery

@@ -74,7 +73,7 @@ private Expr getInstanceInput(DataFlow::Node instance, RefType t) {
  )
 }

-private class ClassStoreFlowConfig extends DataFlow2::Configuration {
+private class ClassStoreFlowConfig extends DataFlow::Configuration {
  ClassStoreFlowConfig() { this = "ClassStoreFlowConfig" }

  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassStore }
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll
@@ -3,6 +3,7 @@
 import java
 private import semmle.code.java.dataflow.DataFlow4
 private import semmle.code.java.dataflow.TaintTracking
+private import semmle.code.java.dataflow.TaintTracking2
 private import semmle.code.java.security.SensitiveActions

 /** A sink representing persistent storage that saves data in clear text. */
@@ -39,7 +40,7 @@ abstract class Storable extends Call {
  abstract Expr getAStore();
 }

-private class SensitiveSourceFlowConfig extends TaintTracking::Configuration {
+private class SensitiveSourceFlowConfig extends TaintTracking2::Configuration {
  SensitiveSourceFlowConfig() { this = "SensitiveSourceFlowConfig" }

  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SensitiveExpr }