Refactor to DataFlow::Global

2025-12-24 04:36:35 +01:00 · 2023-03-24 10:04:46 -04:00
parent 899200a9c9
commit e7bad4cd90
28 changed files with 37 additions and 37 deletions
--- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll
@@ -41,4 +41,4 @@ module GroovyInjectionConfig implements DataFlow::ConfigSig {
 * Detect taint flow of unsafe user input
 * that is used to evaluate a Groovy expression.
 */
-module GroovyInjectionFlow = TaintTracking::Make<GroovyInjectionConfig>;
+module GroovyInjectionFlow = TaintTracking::Global<GroovyInjectionConfig>;
--- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll
@@ -76,7 +76,7 @@ module JexlInjectionConfig implements DataFlow::ConfigSig {
 * Tracks unsafe user input that is used to construct and evaluate a JEXL expression.
 * It supports both JEXL 2 and 3.
 */
-module JexlInjectionFlow = TaintTracking::Make<JexlInjectionConfig>;
+module JexlInjectionFlow = TaintTracking::Global<JexlInjectionConfig>;

 /**
 * Holds if `n1` to `n2` is a dataflow step that creates a JEXL script using an unsafe engine
@@ -122,7 +122,7 @@ private predicate createJexlTemplateStep(DataFlow::Node n1, DataFlow::Node n2) {
 /**
 * Holds if `expr` is a JEXL engine that is configured with a sandbox.
 */
-private predicate isSafeEngine(Expr expr) { SandboxedJexlFlow::hasFlowToExpr(expr) }
+private predicate isSafeEngine(Expr expr) { SandboxedJexlFlow::flowToExpr(expr) }

 /**
 * A configuration for tracking sandboxed JEXL engines.
@@ -145,7 +145,7 @@ private module SandboxedJexlFlowConfig implements DataFlow::ConfigSig {
  }
 }

-private module SandboxedJexlFlow = DataFlow::Make<SandboxedJexlFlowConfig>;
+private module SandboxedJexlFlow = DataFlow::Global<SandboxedJexlFlowConfig>;

 /**
 * Defines a data flow source for JEXL engines configured with a sandbox.
--- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
@@ -47,14 +47,14 @@ module JndiInjectionFlowConfig implements DataFlow::ConfigSig {
 }

 /** Tracks flow of unvalidated user input that is used in JNDI lookup */
-module JndiInjectionFlow = TaintTracking::Make<JndiInjectionFlowConfig>;
+module JndiInjectionFlow = TaintTracking::Global<JndiInjectionFlowConfig>;

 /**
 * A method that does a JNDI lookup when it receives a `SearchControls` argument with `setReturningObjFlag` = `true`
 */
 private class UnsafeSearchControlsSink extends JndiInjectionSink {
  UnsafeSearchControlsSink() {
-    exists(MethodAccess ma | UnsafeSearchControlsFlow::hasFlowToExpr(ma.getAnArgument()) |
+    exists(MethodAccess ma | UnsafeSearchControlsFlow::flowToExpr(ma.getAnArgument()) |
      this.asExpr() = ma.getArgument(0)
    )
  }
@@ -70,7 +70,7 @@ private module UnsafeSearchControlsConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeSearchControlsArgument }
 }

-private module UnsafeSearchControlsFlow = DataFlow::Make<UnsafeSearchControlsConfig>;
+private module UnsafeSearchControlsFlow = DataFlow::Global<UnsafeSearchControlsConfig>;

 /**
 * An argument of type `SearchControls` of an `LdapOperations.search` or `DirContext.search` call.
--- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll
@@ -44,4 +44,4 @@ module MvelInjectionFlowConfig implements DataFlow::ConfigSig {
 }

 /** Tracks flow of unsafe user input that is used to construct and evaluate a MVEL expression. */
-module MvelInjectionFlow = TaintTracking::Make<MvelInjectionFlowConfig>;
+module MvelInjectionFlow = TaintTracking::Global<MvelInjectionFlowConfig>;
--- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll
@@ -43,4 +43,4 @@ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig {
 }

 /** Tracks flow of unvalidated user input that is used in OGNL EL evaluation. */
-module OgnlInjectionFlow = TaintTracking::Make<OgnlInjectionFlowConfig>;
+module OgnlInjectionFlow = TaintTracking::Global<OgnlInjectionFlowConfig>;
--- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll
@@ -39,7 +39,7 @@ module SpelInjectionConfig implements DataFlow::ConfigSig {
 }

 /** Tracks flow of unsafe user input that is used to construct and evaluate a SpEL expression. */
-module SpelInjectionFlow = TaintTracking::Make<SpelInjectionConfig>;
+module SpelInjectionFlow = TaintTracking::Global<SpelInjectionConfig>;

 /** Default sink for SpEL injection vulnerabilities. */
 private class DefaultSpelExpressionEvaluationSink extends SpelExpressionEvaluationSink {
@@ -47,7 +47,7 @@ private class DefaultSpelExpressionEvaluationSink extends SpelExpressionEvaluati
    exists(MethodAccess ma |
      ma.getMethod() instanceof ExpressionEvaluationMethod and
      ma.getQualifier() = this.asExpr() and
-      not SafeEvaluationContextFlow::hasFlowToExpr(ma.getArgument(0))
+      not SafeEvaluationContextFlow::flowToExpr(ma.getArgument(0))
    )
  }
 }
@@ -68,7 +68,7 @@ private module SafeEvaluationContextFlowConfig implements DataFlow::ConfigSig {
  int fieldFlowBranchLimit() { result = 0 }
 }

-private module SafeEvaluationContextFlow = DataFlow::Make<SafeEvaluationContextFlowConfig>;
+private module SafeEvaluationContextFlow = DataFlow::Global<SafeEvaluationContextFlowConfig>;

 /**
 * A `ContextSource` that is safe from SpEL injection.
--- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
@@ -53,7 +53,7 @@ module QueryInjectionFlowConfig implements DataFlow::ConfigSig {
 }

 /** Tracks flow of unvalidated user input that is used in SQL queries. */
-module QueryInjectionFlow = TaintTracking::Make<QueryInjectionFlowConfig>;
+module QueryInjectionFlow = TaintTracking::Global<QueryInjectionFlowConfig>;

 /**
 * Implementation of `SqlTainted.ql`. This is extracted to a QLL so that it
@@ -62,5 +62,5 @@ module QueryInjectionFlow = TaintTracking::Make<QueryInjectionFlowConfig>;
 predicate queryTaintedBy(
  QueryInjectionSink query, QueryInjectionFlow::PathNode source, QueryInjectionFlow::PathNode sink
 ) {
-  QueryInjectionFlow::hasFlowPath(source, sink) and sink.getNode() = query
+  QueryInjectionFlow::flowPath(source, sink) and sink.getNode() = query
 }
--- a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll
@@ -71,4 +71,4 @@ module TemplateInjectionFlowConfig implements DataFlow::StateConfigSig {
 }

 /** Tracks server-side template injection (SST) vulnerabilities */
-module TemplateInjectionFlow = TaintTracking::MakeWithState<TemplateInjectionFlowConfig>;
+module TemplateInjectionFlow = TaintTracking::GlobalWithState<TemplateInjectionFlowConfig>;
--- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll
@@ -47,7 +47,7 @@ module XsltInjectionFlowConfig implements DataFlow::ConfigSig {
 /**
 * Tracks flow from unvalidated user input to XSLT transformation.
 */
-module XsltInjectionFlow = TaintTracking::Make<XsltInjectionFlowConfig>;
+module XsltInjectionFlow = TaintTracking::Global<XsltInjectionFlowConfig>;

 /**
 * A set of additional taint steps to consider when taint tracking XSLT related data flows.
@@ -70,7 +70,7 @@ private predicate newTransformerOrTemplatesStep(DataFlow::Node n1, DataFlow::Nod
    n2.asExpr() = ma and
    m.getDeclaringType() instanceof TransformerFactory and
    m.hasName(["newTransformer", "newTemplates"]) and
-    not TransformerFactoryWithSecureProcessingFeatureFlow::hasFlowToExpr(ma.getQualifier())
+    not TransformerFactoryWithSecureProcessingFeatureFlow::flowToExpr(ma.getQualifier())
  )
 }

@@ -99,7 +99,7 @@ private module TransformerFactoryWithSecureProcessingFeatureFlowConfig implement
 }

 private module TransformerFactoryWithSecureProcessingFeatureFlow =
-  DataFlow::Make<TransformerFactoryWithSecureProcessingFeatureFlowConfig>;
+  DataFlow::Global<TransformerFactoryWithSecureProcessingFeatureFlowConfig>;

 /** A `ParserConfig` specific to `TransformerFactory`. */
 private class TransformerFactoryFeatureConfig extends ParserConfig {
--- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll
@@ -31,4 +31,4 @@ module RegexInjectionConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) { node instanceof RegexInjectionSanitizer }
 }

-module RegexInjectionFlow = TaintTracking::Make<RegexInjectionConfig>;
+module RegexInjectionFlow = TaintTracking::Global<RegexInjectionConfig>;
--- a/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.JndiInjectionQuery
 import JndiInjectionFlow::PathGraph

 from JndiInjectionFlow::PathNode source, JndiInjectionFlow::PathNode sink
-where JndiInjectionFlow::hasFlowPath(source, sink)
+where JndiInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "JNDI lookup might include name from $@.", source.getNode(),
  "this user input"
--- a/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.XsltInjectionQuery
 import XsltInjectionFlow::PathGraph

 from XsltInjectionFlow::PathNode source, XsltInjectionFlow::PathNode sink
-where XsltInjectionFlow::hasFlowPath(source, sink)
+where XsltInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "XSLT transformation might include stylesheet from $@.",
  source.getNode(), "this user input"
--- a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.GroovyInjectionQuery
 import GroovyInjectionFlow::PathGraph

 from GroovyInjectionFlow::PathNode source, GroovyInjectionFlow::PathNode sink
-where GroovyInjectionFlow::hasFlowPath(source, sink)
+where GroovyInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Groovy script depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.JexlInjectionQuery
 import JexlInjectionFlow::PathGraph

 from JexlInjectionFlow::PathNode source, JexlInjectionFlow::PathNode sink
-where JexlInjectionFlow::hasFlowPath(source, sink)
+where JexlInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "JEXL expression depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.MvelInjectionQuery
 import MvelInjectionFlow::PathGraph

 from MvelInjectionFlow::PathNode source, MvelInjectionFlow::PathNode sink
-where MvelInjectionFlow::hasFlowPath(source, sink)
+where MvelInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "MVEL expression depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
@@ -17,6 +17,6 @@ import semmle.code.java.dataflow.DataFlow
 import SpelInjectionFlow::PathGraph

 from SpelInjectionFlow::PathNode source, SpelInjectionFlow::PathNode sink
-where SpelInjectionFlow::hasFlowPath(source, sink)
+where SpelInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "SpEL expression depends on a $@.", source.getNode(),
  "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.TemplateInjectionQuery
 import TemplateInjectionFlow::PathGraph

 from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink
-where TemplateInjectionFlow::hasFlowPath(source, sink)
+where TemplateInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Template, which may contain code, depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
@@ -18,6 +18,6 @@ import semmle.code.java.security.regexp.RegexInjectionQuery
 import RegexInjectionFlow::PathGraph

 from RegexInjectionFlow::PathNode source, RegexInjectionFlow::PathNode sink
-where RegexInjectionFlow::hasFlowPath(source, sink)
+where RegexInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
@@ -16,6 +16,6 @@ import semmle.code.java.security.OgnlInjectionQuery
 import OgnlInjectionFlow::PathGraph

 from OgnlInjectionFlow::PathNode source, OgnlInjectionFlow::PathNode sink
-where OgnlInjectionFlow::hasFlowPath(source, sink)
+where OgnlInjectionFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "OGNL Expression Language statement depends on a $@.",
  source.getNode(), "user-provided value"
--- a/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql
@@ -9,7 +9,7 @@ class HasJndiInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasJndiInjection" and
-    exists(DataFlow::Node sink | JndiInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | JndiInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-074/XsltInjectionTest.ql
@@ -11,7 +11,7 @@ class HasXsltInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasXsltInjection" and
-    exists(DataFlow::Node sink | XsltInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | XsltInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql
@@ -11,7 +11,7 @@ class HasGroovyInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasGroovyInjection" and
-    exists(DataFlow::Node sink | GroovyInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | GroovyInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql
@@ -9,7 +9,7 @@ class JexlInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasJexlInjection" and
-    exists(DataFlow::Node sink | JexlInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | JexlInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/MvelInjectionTest.ql
@@ -11,7 +11,7 @@ class HasMvelInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasMvelInjection" and
-    exists(DataFlow::Node sink | MvelInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | MvelInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql
@@ -11,7 +11,7 @@ class HasSpelInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasSpelInjection" and
-    exists(DataFlow::Node sink | SpelInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | SpelInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/TemplateInjectionTest.ql
@@ -9,7 +9,7 @@ class TemplateInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasTemplateInjection" and
-    exists(DataFlow::Node sink | TemplateInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | TemplateInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
@@ -9,7 +9,7 @@ class RegexInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasRegexInjection" and
-    exists(RegexInjectionFlow::PathNode sink | RegexInjectionFlow::hasFlowPath(_, sink) |
+    exists(RegexInjectionFlow::PathNode sink | RegexInjectionFlow::flowPath(_, sink) |
      location = sink.getNode().getLocation() and
      element = sink.getNode().toString() and
      value = ""
--- a/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql
@@ -9,7 +9,7 @@ class OgnlInjectionTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasOgnlInjection" and
-    exists(DataFlow::Node sink | OgnlInjectionFlow::hasFlowTo(sink) |
+    exists(DataFlow::Node sink | OgnlInjectionFlow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""