C#: Re-factor the callablereturnarg tests.

2025-12-24 04:36:35 +01:00 · 2023-04-12 11:47:42 +02:00
parent 9c5b8e2894
commit c787bb2ff9
3 changed files with 29 additions and 37 deletions
--- a/csharp/ql/test/library-tests/dataflow/callablereturnsarg/Common.qll
+++ b/csharp/ql/test/library-tests/dataflow/callablereturnsarg/Common.qll
@@ -10,34 +10,38 @@ private predicate outRefDef(DataFlow::ExprNode ne, int outRef) {
  )
 }

-class Configuration extends DataFlow::Configuration {
-  Configuration() { this = "Configuration" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode }

-  override predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
    any(Callable c).canReturn(sink.asExpr()) or outRefDef(sink, _)
  }

-  override predicate isBarrier(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
    exists(AbstractValues::NullValue nv | node.(GuardedDataFlowNode).mustHaveValue(nv) |
      nv.isNull()
    )
  }
 }

-predicate flowOutFromParameter(DataFlow::Configuration c, Parameter p) {
-  exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
-    p.getCallable().canReturn(ne.getExpr()) and
-    np.getParameter() = p and
-    c.hasFlow(np, ne)
-  )
+module FlowOut<DataFlow::GlobalFlowSig Input> {
+  predicate flowOutFromParameter(Parameter p) {
+    exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
+      p.getCallable().canReturn(ne.getExpr()) and
+      np.getParameter() = p and
+      Input::flow(np, ne)
+    )
+  }
+
+  predicate flowOutFromParameterOutOrRef(Parameter p, int outRef) {
+    exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
+      outRefDef(ne, outRef) and
+      np.getParameter() = p and
+      Input::flow(np, ne)
+    )
+  }
 }

-predicate flowOutFromParameterOutOrRef(DataFlow::Configuration c, Parameter p, int outRef) {
-  exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
-    outRefDef(ne, outRef) and
-    np.getParameter() = p and
-    c.hasFlow(np, ne)
-  )
-}
+module Data = FlowOut<DataFlow::Global<Config>>;
+
+module Taint = FlowOut<TaintTracking::Global<Config>>;
--- a/csharp/ql/test/library-tests/dataflow/callablereturnsarg/DataFlow.ql
+++ b/csharp/ql/test/library-tests/dataflow/callablereturnsarg/DataFlow.ql
@@ -1,9 +1,9 @@
 import csharp
 import Common

-from Configuration c, Parameter p, int outRefArg
+from Parameter p, int outRefArg
 where
-  flowOutFromParameter(c, p) and outRefArg = -1
+  Data::flowOutFromParameter(p) and outRefArg = -1
  or
-  flowOutFromParameterOutOrRef(c, p, outRefArg)
+  Data::flowOutFromParameterOutOrRef(p, outRefArg)
 select p.getCallable(), p.getPosition(), outRefArg
--- a/csharp/ql/test/library-tests/dataflow/callablereturnsarg/TaintTracking.ql
+++ b/csharp/ql/test/library-tests/dataflow/callablereturnsarg/TaintTracking.ql
@@ -1,21 +1,9 @@
 import csharp
 import Common

-class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  Configuration c;
-
-  TaintTrackingConfiguration() { this = "Taint " + c }
-
-  override predicate isSource(DataFlow::Node source) { c.isSource(source) }
-
-  override predicate isSink(DataFlow::Node sink) { c.isSink(sink) }
-
-  override predicate isSanitizer(DataFlow::Node node) { c.isBarrier(node) }
-}
-
-from TaintTrackingConfiguration c, Parameter p, int outRefArg
+from Parameter p, int outRefArg
 where
-  flowOutFromParameter(c, p) and outRefArg = -1
+  Taint::flowOutFromParameter(p) and outRefArg = -1
  or
-  flowOutFromParameterOutOrRef(c, p, outRefArg)
+  Taint::flowOutFromParameterOutOrRef(p, outRefArg)
 select p.getCallable(), p.getPosition(), outRefArg