From af612a12decc437edded24ff5975c0cbf0ff4af5 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 8 Mar 2023 14:50:46 +0100 Subject: [PATCH] C++: Update `TlsSettingsMisconfiguration` with `DataFlow::ConfigSig` --- .../Protocols/TlsSettingsMisconfiguration.ql | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql index 814a723826c..984058126fb 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql @@ -12,14 +12,12 @@ import cpp import semmle.code.cpp.security.boostorg.asio.protocols -class ExistsAnyFlowConfig extends DataFlow::Configuration { - ExistsAnyFlowConfig() { this = "ExistsAnyFlowConfig" } - - override predicate isSource(DataFlow::Node source) { +module ExistsAnyFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { exists(BoostorgAsio::SslContextClass c | c.getAContructorCall() = source.asExpr()) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(BoostorgAsio::SslSetOptionsFunction f, FunctionCall fcSetOptions | f.getACallToThisFunction() = fcSetOptions and fcSetOptions.getQualifier() = sink.asExpr() @@ -27,10 +25,12 @@ class ExistsAnyFlowConfig extends DataFlow::Configuration { } } +module ExistsAnyFlow = DataFlow::Make; + bindingset[flag] predicate isOptionSet(ConstructorCall cc, int flag, FunctionCall fcSetOptions) { - exists(ExistsAnyFlowConfig anyFlowConfig, VariableAccess contextSetOptions | - anyFlowConfig.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and + exists(VariableAccess contextSetOptions | + ExistsAnyFlow::hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and exists(BoostorgAsio::SslSetOptionsFunction f | f.getACallToThisFunction() = fcSetOptions | contextSetOptions = fcSetOptions.getQualifier() and forall(