Update to the Global/flow* api

2026-04-30 11:15:13 +02:00 · 2023-03-27 12:26:18 -04:00
parent 106e5e7145
commit 9bfb13b942
3 changed files with 9 additions and 9 deletions
--- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
@@ -24,7 +24,7 @@ private module InsecureLdapUrlConfig implements DataFlow::ConfigSig {
  }
 }

-module InsecureLdapUrlFlow = TaintTracking::Make<InsecureLdapUrlConfig>;
+module InsecureLdapUrlFlow = TaintTracking::Global<InsecureLdapUrlConfig>;

 /**
 * A taint-tracking configuration for `simple` basic-authentication in LDAP configuration.
@@ -40,7 +40,7 @@ private module BasicAuthConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof InsecureLdapUrlSink }
 }

-module BasicAuthFlow = DataFlow::Make<BasicAuthConfig>;
+module BasicAuthFlow = DataFlow::Global<BasicAuthConfig>;

 /**
 * A taint-tracking configuration for `ssl` configuration in LDAP authentication.
@@ -56,4 +56,4 @@ private module RequiresSslConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof InsecureLdapUrlSink }
 }

-module RequiresSslFlow = DataFlow::Make<RequiresSslConfig>;
+module RequiresSslFlow = DataFlow::Global<RequiresSslConfig>;
--- a/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+++ b/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -18,8 +18,8 @@ import InsecureLdapUrlFlow::PathGraph

 from InsecureLdapUrlFlow::PathNode source, InsecureLdapUrlFlow::PathNode sink
 where
-  InsecureLdapUrlFlow::hasFlowPath(source, sink) and
-  BasicAuthFlow::hasFlowTo(sink.getNode()) and
-  not RequiresSslFlow::hasFlowTo(sink.getNode())
+  InsecureLdapUrlFlow::flowPath(source, sink) and
+  BasicAuthFlow::flowTo(sink.getNode()) and
+  not RequiresSslFlow::flowTo(sink.getNode())
 select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(),
  "LDAP connection string"
--- a/java/ql/test/query-tests/security/CWE-522/InsecureLdapAuthTest.ql
+++ b/java/ql/test/query-tests/security/CWE-522/InsecureLdapAuthTest.ql
@@ -9,9 +9,9 @@ class InsecureLdapAuthenticationTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasInsecureLdapAuth" and
-    exists(DataFlow::Node sink | InsecureLdapUrlFlow::hasFlowTo(sink) |
-      BasicAuthFlow::hasFlowTo(sink) and
-      not RequiresSslFlow::hasFlowTo(sink) and
+    exists(DataFlow::Node sink | InsecureLdapUrlFlow::flowTo(sink) |
+      BasicAuthFlow::flowTo(sink) and
+      not RequiresSslFlow::flowTo(sink) and
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""