From 5278bbcaaa50be652312311c307ef87cc4b8c869 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 11:45:55 +0200 Subject: [PATCH 1/7] C#: Re-factor SymmetricKeyTaintTrackingConfiguration to use the new API. --- .../EncryptionKeyDataFlowQuery.qll | 23 ++++++++++++++++++- .../CWE-321/HardcodedEncryptionKey.ql | 8 +++---- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll index b1bd83d143c..0509066fbbc 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll @@ -64,9 +64,11 @@ class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink } /** + * DEPRECATED: Use `SymmetricKey` instead. + * * Symmetric Key Data Flow configuration. */ -class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuration { +deprecated class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuration { SymmetricKeyTaintTrackingConfiguration() { this = "SymmetricKeyTaintTracking" } /** Holds if the node is a key source. */ @@ -78,3 +80,22 @@ class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuratio /** Holds if the node is a key sanitizer. */ override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer } } + +/** + * Symmetric Key Data Flow configuration. + */ +private module SymmetricKeyConfig implements DataFlow::ConfigSig { + /** Holds if the node is a key source. */ + predicate isSource(DataFlow::Node src) { src instanceof KeySource } + + /** Holds if the node is a symmetric encryption key sink. */ + predicate isSink(DataFlow::Node sink) { sink instanceof SymmetricEncryptionKeySink } + + /** Holds if the node is a key sanitizer. */ + predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer } +} + +/** + * Symmetric Key Data Flow configuration. + */ +module SymmetricKey = TaintTracking::Global; diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql index 8e516f44d4a..c06768cb2bf 100644 --- a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql +++ b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql @@ -15,7 +15,7 @@ import csharp import semmle.code.csharp.security.cryptography.EncryptionKeyDataFlowQuery -import DataFlow::PathGraph +import SymmetricKey::PathGraph /** * The creation of a literal byte array. @@ -38,10 +38,10 @@ class StringLiteralSource extends KeySource { } from - SymmetricKeyTaintTrackingConfiguration keyFlow, DataFlow::PathNode source, - DataFlow::PathNode sink, KeySource srcNode, SymmetricEncryptionKeySink sinkNode + SymmetricKey::PathNode source, SymmetricKey::PathNode sink, KeySource srcNode, + SymmetricEncryptionKeySink sinkNode where - keyFlow.hasFlowPath(source, sink) and + SymmetricKey::flowPath(source, sink) and source.getNode() = srcNode and sink.getNode() = sinkNode select sink.getNode(), source, sink, From c03ce2f63b56bf2d665f9c823be89838b949910a Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 11:57:37 +0200 Subject: [PATCH 2/7] C#: Re-factor HardCodedSymmetricEncryptionKey to use the new API. --- .../HardcodedSymmetricEncryptionKey.qll | 30 +++++++++++++++++++ .../HardcodedSymmetricEncryptionKey.ql | 6 ++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll index e937e69919e..d00cef763df 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll @@ -62,6 +62,8 @@ module HardcodedSymmetricEncryptionKey { } /** + * DEPRECATED: Use `HardCodedSymmetricEncryption` instead. + * * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. */ class TaintTrackingConfiguration extends TaintTracking::Configuration { @@ -85,4 +87,32 @@ module HardcodedSymmetricEncryptionKey { ) } } + + /** + * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. + */ + private module HardCodedSymmetricEncryptionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + /** + * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it. + * Need to create an additional custom step. + */ + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(MethodCall mc, CryptographicBuffer c | + pred.asExpr() = mc.getAnArgument() and + mc.getTarget() = c.getAMethod() and + succ.asExpr() = mc + ) + } + } + + /** + * A taint-tracking module for uncontrolled data in path expression vulnerabilities. + */ + module HardCodedSymmetricEncryption = TaintTracking::Global; } diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql index 4de91b9a214..099df293c23 100644 --- a/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql +++ b/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql @@ -15,10 +15,10 @@ import csharp import semmle.code.csharp.security.cryptography.HardcodedSymmetricEncryptionKey::HardcodedSymmetricEncryptionKey -import DataFlow::PathGraph +import HardCodedSymmetricEncryption::PathGraph -from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink -where c.hasFlowPath(source, sink) +from HardCodedSymmetricEncryption::PathNode source, HardCodedSymmetricEncryption::PathNode sink +where HardCodedSymmetricEncryption::flowPath(source, sink) select sink.getNode(), source, sink, "Hard-coded symmetric $@ is used in symmetric algorithm in " + sink.getNode().(Sink).getDescription() + ".", source.getNode(), "key" From cab976cf8f052919ffcfaf2fb5a3cf83d1901a55 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 13:45:10 +0200 Subject: [PATCH 3/7] C#: Re-factor CommandInjection to use the new API. --- .../dataflow/CommandInjectionQuery.qll | 28 +++++++++++++++++++ .../CWE-078/CommandInjection.ql | 6 ++-- .../CWE-078/StoredCommandInjection.ql | 16 +++++++---- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll index 82798a34743..4eabf16e7a5 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll @@ -23,6 +23,8 @@ abstract class Sink extends DataFlow::ExprNode { } abstract class Sanitizer extends DataFlow::ExprNode { } /** + * DEPRECATED: Use `CommandInjection` instead. + * * A taint-tracking configuration for command injection vulnerabilities. */ class TaintTrackingConfiguration extends TaintTracking::Configuration { @@ -35,6 +37,32 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * A taint-tracking configuration for command injection vulnerabilities. + */ +module CommandInjectionConfig implements DataFlow::ConfigSig { + /** + * Holds if `source` is a relevant data flow source. + */ + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** + * Holds if `sink` is a relevant data flow sink. + */ + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + /** + * Holds if data flow through `node` is prohibited. This completely removes + * `node` from the data flow graph. + */ + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * A taint-tracking module for command injection vulnerabilities. + */ +module CommandInjection = TaintTracking::Global; + /** A source of remote user input. */ class RemoteSource extends Source instanceof RemoteFlowSource { } diff --git a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql index 20a7be1c5b0..41eea7f4238 100644 --- a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql @@ -15,9 +15,9 @@ import csharp import semmle.code.csharp.security.dataflow.CommandInjectionQuery -import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph +import CommandInjection::PathGraph -from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink -where c.hasFlowPath(source, sink) +from CommandInjection::PathNode source, CommandInjection::PathNode sink +where CommandInjection::flowPath(source, sink) select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), "user-provided value" diff --git a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql index 8fa673f50f3..5f728db8473 100644 --- a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql @@ -16,13 +16,19 @@ import csharp import semmle.code.csharp.security.dataflow.flowsources.Stored import semmle.code.csharp.security.dataflow.CommandInjectionQuery -import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph +import StoredCommandInjection::PathGraph -class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration { - override predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource } +module StoredCommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource } + + predicate isSink = CommandInjectionConfig::isSink/1; + + predicate isBarrier = CommandInjectionConfig::isBarrier/1; } -from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink -where c.hasFlowPath(source, sink) +module StoredCommandInjection = TaintTracking::Global; + +from StoredCommandInjection::PathNode source, StoredCommandInjection::PathNode sink +where StoredCommandInjection::flowPath(source, sink) select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(), "stored (potentially user-provided) value" From 60c5bbde0fca43920ffef5993b7a2b2906df3004 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 14:09:59 +0200 Subject: [PATCH 4/7] C#: Re-factor ConditionalBypass to use the new API. --- .../dataflow/ConditionalBypassQuery.qll | 18 ++++++++++++++++++ .../CWE-807/ConditionalBypass.ql | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index e41a868be48..9d52e623e66 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -30,6 +30,8 @@ abstract class Sink extends DataFlow::ExprNode { abstract class Sanitizer extends DataFlow::ExprNode { } /** + * DEPRECATED: Use `ConditionalBypass` instead. + * * A taint-tracking configuration for user-controlled bypass of sensitive method. */ class Configuration extends TaintTracking::Configuration { @@ -42,6 +44,22 @@ class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * A taint-tracking configuration for user-controlled bypass of sensitive method. + */ +private module ConditionalBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * A taint-tracking module for user-controlled bypass of sensitive method. + */ +module ConditionalBypass = TaintTracking::Global; + /** A source of remote user input. */ class RemoteSource extends Source instanceof RemoteFlowSource { } diff --git a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql index 5fc59c13c57..cf55572e6c1 100644 --- a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql +++ b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql @@ -15,9 +15,9 @@ import csharp import semmle.code.csharp.security.dataflow.ConditionalBypassQuery -import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph +import ConditionalBypass::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from ConditionalBypass::PathNode source, ConditionalBypass::PathNode sink +where ConditionalBypass::flowPath(source, sink) select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", sink.getNode().(Sink).getSensitiveMethodCall(), "action", source.getNode(), "user-provided value" From cc4f3f62340afc6eaa68c3840d2ecbbc11879cf0 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 14:24:01 +0200 Subject: [PATCH 5/7] C#: Re-factor CodeInjection to use the new API. --- .../security/dataflow/CodeInjectionQuery.qll | 18 ++++++++++++++++++ .../Security Features/CWE-094/CodeInjection.ql | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index 4061ab8651c..0ae163c773e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -25,6 +25,8 @@ abstract class Sink extends DataFlow::ExprNode { } abstract class Sanitizer extends DataFlow::ExprNode { } /** + * DEPRECATED: Use `CodeInjection` instead. + * * A taint-tracking configuration for user input treated as code vulnerabilities. */ class TaintTrackingConfiguration extends TaintTracking::Configuration { @@ -37,6 +39,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * A taint-tracking configuration for user input treated as code vulnerabilities. + */ +private module CodeInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * A taint-tracking module for user input treated as code vulnerabilities. + */ +module CodeInjection = TaintTracking::Global; + /** A source of remote user input. */ class RemoteSource extends Source instanceof RemoteFlowSource { } diff --git a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql index 17e15fee924..060c6739d82 100644 --- a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql +++ b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql @@ -15,9 +15,9 @@ import csharp import semmle.code.csharp.security.dataflow.CodeInjectionQuery -import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph +import CodeInjection::PathGraph -from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink -where c.hasFlowPath(source, sink) +from CodeInjection::PathNode source, CodeInjection::PathNode sink +where CodeInjection::flowPath(source, sink) select sink.getNode(), source, sink, "This code compilation depends on a $@.", source.getNode(), "user-provided value" From 483e5c5264a4990ac705311fce72c99fa5116661 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 27 Mar 2023 14:32:02 +0200 Subject: [PATCH 6/7] C#: Re-factor ExposureOfPrivateInformation to use the new API. --- .../ExposureOfPrivateInformationQuery.qll | 18 ++++++++++++++++++ .../CWE-359/ExposureOfPrivateInformation.ql | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll index 2bf409899ee..b1ea7c7b09c 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll @@ -23,6 +23,8 @@ abstract class Sink extends DataFlow::ExprNode { } abstract class Sanitizer extends DataFlow::ExprNode { } /** + * DEPRECATED: Use `ExposureOfPrivateInformation` instead. + * * A taint-tracking configuration for private information flowing unencrypted to an external location. */ class TaintTrackingConfiguration extends TaintTracking::Configuration { @@ -35,6 +37,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * A taint-tracking configuration for private information flowing unencrypted to an external location. + */ +private module ExposureOfPrivateInformationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * A taint-tracking module for private information flowing unencrypted to an external location. + */ +module ExposureOfPrivateInformation = TaintTracking::Global; + private class PrivateDataSource extends Source { PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr } } diff --git a/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql b/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql index ac2f945258e..3a8faf9e4c1 100644 --- a/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql +++ b/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql @@ -13,10 +13,10 @@ import csharp import semmle.code.csharp.security.dataflow.ExposureOfPrivateInformationQuery -import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph +import ExposureOfPrivateInformation::PathGraph -from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink -where c.hasFlowPath(source, sink) +from ExposureOfPrivateInformation::PathNode source, ExposureOfPrivateInformation::PathNode sink +where ExposureOfPrivateInformation::flowPath(source, sink) select sink.getNode(), source, sink, "Private data returned by $@ is written to an external location.", source.getNode(), source.getNode().toString() From 31e352afb03deccf0e8b502574a41bb6dca321e2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 30 Mar 2023 09:45:49 +0200 Subject: [PATCH 7/7] C#: Actually add the deprecated keyword to the deprecated classes. --- .../security/cryptography/HardcodedSymmetricEncryptionKey.qll | 2 +- .../semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll | 2 +- .../code/csharp/security/dataflow/CommandInjectionQuery.qll | 2 +- .../code/csharp/security/dataflow/ConditionalBypassQuery.qll | 2 +- .../security/dataflow/ExposureOfPrivateInformationQuery.qll | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll index d00cef763df..9fdc6dc88be 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll @@ -66,7 +66,7 @@ module HardcodedSymmetricEncryptionKey { * * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. */ - class TaintTrackingConfiguration extends TaintTracking::Configuration { + deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { TaintTrackingConfiguration() { this = "HardcodedSymmetricEncryptionKey" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index 0ae163c773e..76a9a495637 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -29,7 +29,7 @@ abstract class Sanitizer extends DataFlow::ExprNode { } * * A taint-tracking configuration for user input treated as code vulnerabilities. */ -class TaintTrackingConfiguration extends TaintTracking::Configuration { +deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { TaintTrackingConfiguration() { this = "CodeInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll index 4eabf16e7a5..265cae5f08a 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll @@ -27,7 +27,7 @@ abstract class Sanitizer extends DataFlow::ExprNode { } * * A taint-tracking configuration for command injection vulnerabilities. */ -class TaintTrackingConfiguration extends TaintTracking::Configuration { +deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { TaintTrackingConfiguration() { this = "CommandInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index 9d52e623e66..e919684d751 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -34,7 +34,7 @@ abstract class Sanitizer extends DataFlow::ExprNode { } * * A taint-tracking configuration for user-controlled bypass of sensitive method. */ -class Configuration extends TaintTracking::Configuration { +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UserControlledBypassOfSensitiveMethodConfiguration" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll index b1ea7c7b09c..0b53d9d1ca6 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll @@ -27,7 +27,7 @@ abstract class Sanitizer extends DataFlow::ExprNode { } * * A taint-tracking configuration for private information flowing unencrypted to an external location. */ -class TaintTrackingConfiguration extends TaintTracking::Configuration { +deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { TaintTrackingConfiguration() { this = "ExposureOfPrivateInformation" } override predicate isSource(DataFlow::Node source) { source instanceof Source }