Java: Move new definitions to new file

2026-04-30 19:26:02 +02:00 · 2020-10-06 17:37:01 +01:00
parent 60a7666105
commit 92fd8c4128
5 changed files with 59 additions and 53 deletions
--- a/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll
+++ b/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll
@@ -0,0 +1,51 @@
+/**
+ * Provides classes representing various flow steps for taint tracking.
+ */
+
+import java
+
+/**
+ * A method that returns tainted data when one of its inputs (an argument or the qualifier) are tainted.
+ *
+ * Extend this class to add additional taint steps through a method that should
+ * apply to all taint configurations.
+ */
+abstract class TaintPreservingMethod extends Method {
+  /**
+   * Holds if this method returns tainted data when `arg` tainted.
+   * `arg` is a parameter index, or is -1 to indicate the qualifier.
+   */
+  abstract predicate returnsTaint(int arg);
+}
+
+/**
+ * A method that transfers taint from one of its inputs (an argument or the qualifier) to another.
+ *
+ * Extend this class to add additional taint steps through a method that should
+ * apply to all taint configurations.
+ */
+abstract class TaintTransferringMethod extends Method {
+  /**
+   * Holds if this method writes tainted data to `sink` when `src` is tainted.
+   * `src` and `sink` are parameter indices, or -1 to indicate the qualifier.
+   */
+  abstract predicate transfersTaint(int src, int sink);
+}
+
+private class StringTaintPreservingMethod extends TaintPreservingMethod {
+  StringTaintPreservingMethod() {
+    getDeclaringType() instanceof TypeString and
+    hasName(["concat", "copyValueOf", "endsWith", "format", "formatted", "getBytes", "indent",
+          "intern", "join", "repeat", "split", "strip", "stripIndent", "stripLeading",
+          "stripTrailing", "substring", "toCharArray", "toLowerCase", "toString", "toUpperCase",
+          "trim"])
+  }
+
+  override predicate returnsTaint(int arg) {
+    arg = -1
+    or
+    this.hasName(["concat", "copyValueOf"]) and arg = 0
+    or
+    this.hasName(["format", "formatted", "join"]) and arg = [0 .. getNumberOfParameters()]
+  }
+}
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingFrameworks.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingFrameworks.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -7,7 +7,8 @@ private import semmle.code.java.security.SecurityTests
 private import semmle.code.java.security.Validation
 private import semmle.code.java.Maps
 private import semmle.code.java.dataflow.internal.ContainerFlow
-private import semmle.code.java.dataflow.TaintTrackingFrameworks
+private import semmle.code.java.dataflow.FlowSteps
+private import semmle.code.java.dataflow.internal.TaintTrackingFrameworks

 /**
 * Holds if taint can flow from `src` to `sink` in zero or more
@@ -72,52 +73,6 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
  any(AdditionalTaintStep a).step(src, sink)
 }

-/**
- * A method that returns tainted data when one of its inputs (an argument or the qualifier) are tainted.
- *
- * Extend this class to add additional taint steps through a method that should
- * apply to all taint configurations.
- */
-abstract class TaintPreservingMethod extends Method {
-  /**
-   * Holds if this method returns tainted data when `arg` tainted.
-   * `arg` is a parameter index, or is -1 to indicate the qualifier.
-   */
-  abstract predicate returnsTaint(int arg);
-}
-
-/**
- * A method that transfers taint from one of its inputs (an argument or the qualifier) to another.
- *
- * Extend this class to add additional taint steps through a method that should
- * apply to all taint configurations.
- */
-abstract class TaintTransferringMethod extends Method {
-  /**
-   * Holds if this method writes tainted data to `sink` when `src` is tainted.
-   * `src` and `sink` are parameter indices, or -1 to indicate the qualifier.
-   */
-  abstract predicate transfersTaint(int src, int sink);
-}
-
-private class StringTaintPreservingMethod extends TaintPreservingMethod {
-  StringTaintPreservingMethod() {
-    getDeclaringType() instanceof TypeString and
-    hasName(["concat", "copyValueOf", "endsWith", "format", "formatted", "getBytes", "indent",
-          "intern", "join", "repeat", "split", "strip", "stripIndent", "stripLeading",
-          "stripTrailing", "substring", "toCharArray", "toLowerCase", "toString", "toUpperCase",
-          "trim"])
-  }
-
-  override predicate returnsTaint(int arg) {
-    arg = -1
-    or
-    this.hasName(["concat", "copyValueOf"]) and arg = 0
-    or
-    this.hasName(["format", "formatted", "join"]) and arg = [0 .. getNumberOfParameters()]
-  }
-}
-
 /**
 * Holds if `node` should be a sanitizer in all global taint flow configurations
 * but not in local taint.
--- a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
+++ b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
@@ -1,6 +1,6 @@
 import java
 import Android
-private import semmle.code.java.dataflow.TaintTracking::TaintTracking as TT
+import semmle.code.java.dataflow.FlowSteps

 /**
 * The class `android.database.sqlite.SQLiteDatabase`.
@@ -228,7 +228,7 @@ private class ContentProviderUpdateMethod extends SQLiteRunner {
  override int sqlIndex() { result = 2 }
 }

-private class QueryBuilderBuildMethod extends TT::TaintPreservingMethod {
+private class QueryBuilderBuildMethod extends TaintPreservingMethod {
  QueryBuilderBuildMethod() {
    this.getDeclaringType().getASourceSupertype*() instanceof TypeSQLiteQueryBuilder and
    // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit)
@@ -255,7 +255,7 @@ private class QueryBuilderBuildMethod extends TT::TaintPreservingMethod {
  }
 }

-private class QueryBuilderAppendMethod extends TT::TaintTransferringMethod {
+private class QueryBuilderAppendMethod extends TaintTransferringMethod {
  QueryBuilderAppendMethod() {
    this.getDeclaringType().getASourceSupertype*() instanceof TypeSQLiteQueryBuilder and
    // setProjectionMap(Map<String, String> columnMap)
@@ -273,7 +273,7 @@ private class QueryBuilderAppendMethod extends TT::TaintTransferringMethod {
  }
 }

-private class UnsafeAppendUtilMethod extends TT::TaintPreservingMethod {
+private class UnsafeAppendUtilMethod extends TaintPreservingMethod {
  UnsafeAppendUtilMethod() {
    this.getDeclaringType() instanceof TypeDatabaseUtils and
    // String[] appendSelectionArgs(String[] originalValues, String[] newValues)
--- a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
+++ b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -8,7 +8,7 @@ import semmle.code.java.Serializability
 import semmle.code.java.Reflection
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.DataFlow5
-private import semmle.code.java.dataflow.TaintTracking::TaintTracking as TT
+import semmle.code.java.dataflow.FlowSteps

 /**
 * A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation.
@@ -28,7 +28,7 @@ abstract class JacksonSerializableType extends Type { }
 * A method used for serializing objects using Jackson. The final parameter is the object to be
 * serialized.
 */
-library class JacksonWriteValueMethod extends TT::TaintPreservingMethod, TT::TaintTransferringMethod {
+library class JacksonWriteValueMethod extends TaintPreservingMethod, TaintTransferringMethod {
  JacksonWriteValueMethod() {
    (
      getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectWriter") or