Using DataFlow::ConfigSig instead of TaintTracking::Configuration

2026-04-30 19:26:02 +02:00 · 2023-07-06 03:14:49 +02:00
parent a8f887e3f9
commit a3c58c66e9
3 changed files with 19 additions and 16 deletions
--- a/ruby/ql/lib/codeql/ruby/security/LdapInjectionCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/LdapInjectionCustomizations.qll
@@ -26,7 +26,7 @@ module LdapInjection {
  /**
   * Additional taint steps for "LDAP Injection" vulnerabilities.
   */
-  predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
    filterTaintStep(nodeFrom, nodeTo)
  }

--- a/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll
@@ -5,22 +5,25 @@

 private import codeql.ruby.DataFlow
 private import codeql.ruby.TaintTracking
-private import LdapInjectionCustomizations
-private import LdapInjectionCustomizations::LdapInjection

-/**
- * A taint-tracking configuration for detecting LDAP Injections vulnerabilities.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "LdapInjection" }
+/** Provides a taint-tracking configuration for detecting LDAP Injections vulnerabilities. */
+module LdapInjection {
+  import LdapInjectionCustomizations::LdapInjection

-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
+  /**
+   * A taint-tracking configuration for detecting LDAP Injections vulnerabilities.
+   */
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }

-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    LdapInjection::isAdditionalTaintStep(node1, node2)
+    predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+      LdapInjection::isAdditionalFlowStep(node1, node2)
+    }
  }
+
+  import TaintTracking::Make<Config>
 }
--- a/ruby/ql/src/experimental/ldap-injection/LdapInjection.ql
+++ b/ruby/ql/src/experimental/ldap-injection/LdapInjection.ql
@@ -13,9 +13,9 @@

 import codeql.ruby.DataFlow
 import codeql.ruby.security.LdapInjectionQuery
-import DataFlow::PathGraph
+import LdapInjection::PathGraph

-from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+from LdapInjection::PathNode source, LdapInjection::PathNode sink
+where LdapInjection::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
  "user-provided value"