Java: Introduce a class of dataflow nodes for the threat modeling.

2025-12-21 11:16:30 +01:00 · 2023-09-19 14:13:33 +02:00
parent 2684a22484
commit 9a112dde66
4 changed files with 32 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
@@ -26,6 +26,6 @@ private string getChildThreatModel(string group) { threatModelGrouping(result, g
 * Holds if the source model kind `kind` is relevant for generic queries
 * under the current threat model configuration.
 */
-predicate sourceModelKindConfig(string kind) {
+predicate currentThreatModel(string kind) {
  exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group))
 }
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -29,6 +29,35 @@ import semmle.code.java.frameworks.struts.StrutsActions
 import semmle.code.java.frameworks.Thrift
 import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
 private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlowConfiguration
+
+/**
+ * A data flow source.
+ */
+abstract class SourceNode extends DataFlow::Node {
+  /**
+   * Gets a string that represents the source kind with respect to threat modeling.
+   */
+  abstract string getThreatModel();
+}
+
+/**
+ * A class of data flow sources that respects the
+ * current threat model configuration.
+ */
+class ThreatModelFlowSource extends DataFlow::Node {
+  ThreatModelFlowSource() {
+    // Expansive threat model.
+    currentThreatModel("all") and
+    (this instanceof SourceNode or sourceNode(this, _))
+    or
+    exists(string kind |
+      // Specific threat model.
+      currentThreatModel(kind) and
+      (this.(SourceNode).getThreatModel() = kind or sourceNode(this, kind))
+    )
+  }
+}

 /** A data flow source of remote user input. */
 abstract class RemoteFlowSource extends DataFlow::Node {
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
@@ -1,5 +1,5 @@
 import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration

 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+  ExternalFlowConfiguration::currentThreatModel(kind)
 }
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
@@ -1,5 +1,5 @@
 import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration

 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+  ExternalFlowConfiguration::currentThreatModel(kind)
 }