C#: Re-factor ExposureInTransmittedData to use the new API.

2026-04-30 03:05:15 +02:00 · 2023-04-13 15:05:25 +02:00
parent f4ee1a5119
commit bb75ed03da
1 changed files with 8 additions and 8 deletions
--- a/Features/CWE-201/ExposureInTransmittedData.ql
+++ b/Features/CWE-201/ExposureInTransmittedData.ql
@@ -15,12 +15,10 @@ import semmle.code.csharp.security.SensitiveActions
 import semmle.code.csharp.security.dataflow.flowsinks.Remote
 import semmle.code.csharp.frameworks.system.data.Common
 import semmle.code.csharp.frameworks.System
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import ExposureInTransmittedData::PathGraph

-class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "Exposure through transmitted data" }
-
-  override predicate isSource(DataFlow::Node source) {
+module ExposureInTransmittedDataConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
    // `source` may contain a password
    source.asExpr() instanceof PasswordExpr
    or
@@ -42,10 +40,12 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
    )
  }

-  override predicate isSink(DataFlow::Node sink) { sink instanceof RemoteFlowSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof RemoteFlowSink }
 }

-from TaintTrackingConfiguration configuration, DataFlow::PathNode source, DataFlow::PathNode sink
-where configuration.hasFlowPath(source, sink)
+module ExposureInTransmittedData = TaintTracking::Global<ExposureInTransmittedDataConfig>;
+
+from ExposureInTransmittedData::PathNode source, ExposureInTransmittedData::PathNode sink
+where ExposureInTransmittedData::flowPath(source, sink)
 select sink.getNode(), source, sink, "This data transmitted to the user depends on $@.",
  source.getNode(), "sensitive information"