Python: Provide internal InstanceTaintStepsHelper

I realized that if you ever wanted to the way taint-steps works again, you would have to go to all the 117 places it has been implemented, and change EVERY ONE OF THEM :( so trying to solve that problem here. Not super happy with the name, but that was just the best I could come up with :D
2025-12-16 16:53:25 +01:00 · 2021-07-22 13:52:45 +02:00
parent 6e9d9fcbbd
commit c3f942f899
12 changed files with 448 additions and 294 deletions
--- a/python/.vscode/ql.code-snippets
+++ b/python/.vscode/ql.code-snippets
@@ -199,31 +199,51 @@
            "  /**",
            "   * Taint propagation for `${TM_SELECTED_TEXT}`.",
            "   */",
+            "  private class InstanceTaintSteps extends InstanceTaintStepsHelper {",
+            "    InstanceTaintSteps() { this = \"${TM_SELECTED_TEXT}\" }",
+            "    ",
+            "    override DataFlow::Node getInstance() { result = instance() }",
+            "    ",
+            "    override string getAttributeName() { none() }",
+            "    ",
+            "    override string getMethodName() { none() }",
+            "    ",
+            "    override string getAsyncMethodName() { none() }",
+            "  }",
+            "",
+            "  /**",
+            "   * Extra taint propagation for `${TM_SELECTED_TEXT}`, not covered by `InstanceTaintSteps`.",
+            "   */",
            "  private class AdditionalTaintStep extends TaintTracking::AdditionalTaintStep {",
            "    override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {",
-            "      // normal (non-async) methods",
-            "      nodeFrom = instance() and",
-            "      nodeTo.(DataFlow::MethodCallNode).calls(nodeFrom, [\"TODO\"])",
-            "      or",
-            "      // async methods",
-            "      exists(DataFlow::MethodCallNode call, Await await |",
-            "        nodeTo.asExpr() = await and",
-            "        nodeFrom = instance()",
-            "      |",
-            "        await.getValue() = any(DataFlow::Node awaitable | call.flowsTo(awaitable)).asExpr() and",
-            "        call.calls(nodeFrom, [\"TODO\"])",
-            "      )",
-            "      or",
-            "      // Attributes",
-            "      nodeFrom = instance() and",
-            "      nodeTo.(DataFlow::AttrRead).getObject() = nodeFrom and",
-            "      nodeTo.(DataFlow::AttrRead).getAttributeName() in [\"TODO\"]",
+            "      // TODO",
+            "      none()",
            "    }",
            "  }",
            "}",
        ],
        "description": "Type tracking class (select full class path before inserting)",
    },
+    "foo": {
+        "scope": "ql",
+        "prefix": "foo",
+        "body": [
+            "    /**",
+            "     * Taint propagation for `$1`.",
+            "     */",
+            "     private class InstanceTaintSteps extends InstanceTaintStepsHelper {",
+            "        InstanceTaintSteps() { this = \"$1\" }",
+            "",
+            "        override DataFlow::Node getInstance() { result = instance() }",
+            "",
+            "        override string getAttributeName() { none() }",
+            "",
+            "        override string getMethodName() { none() }",
+            "",
+            "        override string getAsyncMethodName() { none() }",
+            "      }",
+        ],
+    },
    "API graph .getMember chain": {
        "scope": "ql",
        "prefix": "api graph .getMember chain",