diff --git a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll index 8512308f241..c487c6cecc2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll @@ -28,7 +28,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node { */ predicate isRemoteSource() { exists(RefType startingType, Expr startActivityForResultArg | - ImplicitStartActivityForResult::hasFlowToExpr(startActivityForResultArg) and + ImplicitStartActivityForResult::flowToExpr(startActivityForResultArg) and // startingType is the class enclosing the method that calls `startActivityForResult`. startingType = startActivityForResultArg.getEnclosingCallable().getDeclaringType() | @@ -104,7 +104,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS } private module ImplicitStartActivityForResult = - DataFlow::Make; + DataFlow::Global; /** An Android Activity or Fragment. */ private class ActivityOrFragment extends Class { diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll index 72516e5427e..2793f1980c5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll @@ -21,10 +21,10 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig { } } -private module TypeLiteralToParseAsFlow = DataFlow::Make; +private module TypeLiteralToParseAsFlow = DataFlow::Global; private TypeLiteral getSourceWithFlowToParseAs() { - TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _) + TypeLiteralToParseAsFlow::flow(DataFlow::exprNode(result), _) } /** A field that is deserialized by `HttpResponse.parseAs`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index e26d2312f1b..79fd19f4ef2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -108,10 +108,10 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi } private module TypeLiteralToJacksonDatabindFlow = - DataFlow::Make; + DataFlow::Global; private TypeLiteral getSourceWithFlowToJacksonDatabind() { - TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _) + TypeLiteralToJacksonDatabindFlow::flow(DataFlow::exprNode(result), _) } /** A type whose values are explicitly deserialized in a call to a Jackson method. */ diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll index 2855f5989cf..e0c9fbff800 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll @@ -173,4 +173,4 @@ private module SensitiveCommunicationConfig implements DataFlow::ConfigSig { /** * Tracks taint flow from variables containing sensitive information to broadcast Intents. */ -module SensitiveCommunicationFlow = TaintTracking::Make; +module SensitiveCommunicationFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll index 68b16f7f902..c44db421301 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll @@ -17,15 +17,15 @@ private module ApkInstallationConfig implements DataFlow::ConfigSig { ma.getMethod() instanceof SetDataMethod and ma.getArgument(0) = node.asExpr() and ( - PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier()) + PackageArchiveMimeTypeFlow::flowToExpr(ma.getQualifier()) or - InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier()) + InstallPackageActionFlow::flowToExpr(ma.getQualifier()) ) ) } } -module ApkInstallationFlow = DataFlow::Make; +module ApkInstallationFlow = DataFlow::Global; private newtype ActionState = ActionUnset() or @@ -72,7 +72,7 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig { predicate isBarrier(DataFlow::Node node, FlowState state) { none() } } -private module InstallPackageActionFlow = TaintTracking::MakeWithState; +private module InstallPackageActionFlow = TaintTracking::GlobalWithState; private newtype MimeTypeState = MimeTypeUnset() or @@ -117,4 +117,4 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig } private module PackageArchiveMimeTypeFlow = - TaintTracking::MakeWithState; + TaintTracking::GlobalWithState; diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index 7564993c1ed..94b1877a4a3 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -37,4 +37,4 @@ private module FragmentInjectionTaintConfig implements DataFlow::ConfigSig { * Taint-tracking flow for unsafe user input * that is used to create Android fragments dynamically. */ -module FragmentInjectionTaintFlow = TaintTracking::Make; +module FragmentInjectionTaintFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index d23a0c8ae4b..970cb4867fd 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -53,4 +53,4 @@ private module IntentUriPermissionManipulationConfig implements DataFlow::Config * Taint tracking flow for user-provided Intents being returned to third party apps. */ module IntentUriPermissionManipulationFlow = - TaintTracking::Make; + TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll index a706da71e50..a26e08d3edc 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll @@ -38,4 +38,4 @@ private module LogInjectionConfig implements DataFlow::ConfigSig { /** * Taint-tracking flow for tracking untrusted user input used in log entries. */ -module LogInjectionFlow = TaintTracking::Make; +module LogInjectionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index 1f19d9640e2..9d1f9b5081e 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -53,4 +53,4 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer } } -module RequestForgeryFlow = TaintTracking::Make; +module RequestForgeryFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index e7888afba5d..0d9df09bb74 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -42,4 +42,4 @@ private module RsaWithoutOaepConfig implements DataFlow::ConfigSig { } /** Flow for finding RSA ciphers initialized without using OAEP padding. */ -module RsaWithoutOaepFlow = DataFlow::Make; +module RsaWithoutOaepFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll index 2ca0c4b69c0..ea687d32a0a 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll @@ -65,4 +65,4 @@ private module SensitiveLoggerConfig implements DataFlow::ConfigSig { predicate isBarrierIn(Node node) { isSource(node) } } -module SensitiveLoggerFlow = TaintTracking::Make; +module SensitiveLoggerFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index f347f98c9c3..b59c4b79655 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -41,4 +41,4 @@ private module UnsafeContentResolutionConfig implements DataFlow::ConfigSig { } /** Taint-tracking flow to find paths from remote sources to content URI resolutions. */ -module UnsafeContentResolutionFlow = TaintTracking::Make; +module UnsafeContentResolutionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index a2efc852fd2..2680631318f 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -43,7 +43,7 @@ private class DefaultXssSink extends XssSink { or exists(MethodAccess ma | ma.getMethod() instanceof WritingMethod and - XssVulnerableWriterSourceToWritingMethodFlow::hasFlowToExpr(ma.getQualifier()) and + XssVulnerableWriterSourceToWritingMethodFlow::flowToExpr(ma.getQualifier()) and this.asExpr() = ma.getArgument(_) ) } @@ -71,7 +71,7 @@ private module XssVulnerableWriterSourceToWritingMethodFlowConfig implements Dat } private module XssVulnerableWriterSourceToWritingMethodFlow = - TaintTracking::Make; + TaintTracking::Global; /** A method that can be used to output data to an output stream or writer. */ private class WritingMethod extends Method { diff --git a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll index 02d68fceb5c..d3ac09798a6 100644 --- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll @@ -42,4 +42,4 @@ module XxeLocalConfig implements DataFlow::ConfigSig { /** * Detect taint flow of unvalidated local user input that is used in XML external entity expansion. */ -module XxeLocalFlow = TaintTracking::Make; +module XxeLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 46108b7a680..06bccc993a4 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -42,4 +42,4 @@ module XxeConfig implements DataFlow::ConfigSig { /** * Detect taint flow of unvalidated remote user input that is used in XML external entity expansion. */ -module XxeFlow = TaintTracking::Make; +module XxeFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index b852c8393fb..e85e130e381 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -81,4 +81,4 @@ private module PolynomialRedosConfig implements DataFlow::ConfigSig { } } -module PolynomialRedosFlow = TaintTracking::Make; +module PolynomialRedosFlow = TaintTracking::Global; diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index c7c3ce0f835..4058978f29a 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -41,7 +41,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig { } } -module TaintedPath = TaintTracking::Make; +module TaintedPath = TaintTracking::Global; import TaintedPath::PathGraph @@ -53,13 +53,13 @@ import TaintedPath::PathGraph * continue to report there; otherwise we report directly at `sink`. */ DataFlow::Node getReportingNode(DataFlow::Node sink) { - TaintedPath::hasFlowTo(sink) and + TaintedPath::flowTo(sink) and if exists(PathCreation pc | pc.getAnInput() = sink.asExpr()) then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr()) else result = sink } from TaintedPath::PathNode source, TaintedPath::PathNode sink -where TaintedPath::hasFlowPath(source, sink) +where TaintedPath::flowPath(source, sink) select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index fa62e4e6dfd..94c2b0e68a0 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -41,7 +41,7 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig { } } -module TaintedPathLocalFlow = TaintTracking::Make; +module TaintedPathLocalFlow = TaintTracking::Global; import TaintedPathLocalFlow::PathGraph @@ -53,13 +53,13 @@ import TaintedPathLocalFlow::PathGraph * continue to report there; otherwise we report directly at `sink`. */ DataFlow::Node getReportingNode(DataFlow::Node sink) { - TaintedPathLocalFlow::hasFlowTo(sink) and + TaintedPathLocalFlow::flowTo(sink) and if exists(PathCreation pc | pc.getAnInput() = sink.asExpr()) then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr()) else result = sink } from TaintedPathLocalFlow::PathNode source, TaintedPathLocalFlow::PathNode sink -where TaintedPathLocalFlow::hasFlowPath(source, sink) +where TaintedPathLocalFlow::flowPath(source, sink) select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql index bae6311f362..b1afdfe65a4 100644 --- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql @@ -44,7 +44,7 @@ module ZipSlipConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof PathInjectionSanitizer } } -module ZipSlipFlow = TaintTracking::Make; +module ZipSlipFlow = TaintTracking::Global; import ZipSlipFlow::PathGraph @@ -56,7 +56,7 @@ private class FileCreationSink extends DataFlow::Node { } from ZipSlipFlow::PathNode source, ZipSlipFlow::PathNode sink -where ZipSlipFlow::hasFlowPath(source, sink) +where ZipSlipFlow::flowPath(source, sink) select source.getNode(), source, sink, "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), "file system operation" diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql index e8a80e372b7..5289ac39a9b 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql @@ -32,7 +32,7 @@ module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { } module LocalUserInputToArgumentToExecFlow = - TaintTracking::Make; + TaintTracking::Global; import LocalUserInputToArgumentToExecFlow::PathGraph @@ -40,7 +40,7 @@ from LocalUserInputToArgumentToExecFlow::PathNode source, LocalUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg where - LocalUserInputToArgumentToExecFlow::hasFlowPath(source, sink) and + LocalUserInputToArgumentToExecFlow::flowPath(source, sink) and sink.getNode().asExpr() = execArg select execArg, source, sink, "This command line depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.ql b/java/ql/src/Security/CWE/CWE-079/XSS.ql index f2b0a65f9fe..dbec746eaf6 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSS.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql @@ -29,11 +29,11 @@ module XssConfig implements DataFlow::ConfigSig { } } -module XssFlow = TaintTracking::Make; +module XssFlow = TaintTracking::Global; import XssFlow::PathGraph from XssFlow::PathNode source, XssFlow::PathNode sink -where XssFlow::hasFlowPath(source, sink) +where XssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql index fd9c397f812..90bd2dccc44 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql @@ -21,11 +21,11 @@ module XssLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } } -module XssLocalFlow = TaintTracking::Make; +module XssLocalFlow = TaintTracking::Global; import XssLocalFlow::PathGraph from XssLocalFlow::PathNode source, XssLocalFlow::PathNode sink -where XssLocalFlow::hasFlowPath(source, sink) +where XssLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql index 209d778dca8..87f478de979 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql @@ -36,7 +36,7 @@ module UncontrolledStringBuilderSourceFlowConfig implements DataFlow::ConfigSig } module UncontrolledStringBuilderSourceFlow = - TaintTracking::Make; + TaintTracking::Global; from QueryInjectionSink query, Expr uncontrolled where @@ -45,7 +45,7 @@ where or exists(StringBuilderVar sbv | uncontrolledStringBuilderQuery(sbv, uncontrolled) and - UncontrolledStringBuilderSourceFlow::hasFlow(DataFlow::exprNode(sbv.getToStringCall()), query) + UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query) ) ) and not queryTaintedBy(query, _, _) diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql index 0ad803533c5..34e322247c9 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql @@ -31,13 +31,13 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig { } module LocalUserInputToQueryInjectionFlow = - TaintTracking::Make; + TaintTracking::Global; import LocalUserInputToQueryInjectionFlow::PathGraph from LocalUserInputToQueryInjectionFlow::PathNode source, LocalUserInputToQueryInjectionFlow::PathNode sink -where LocalUserInputToQueryInjectionFlow::hasFlowPath(source, sink) +where LocalUserInputToQueryInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql index 66371f161ca..e879a33051d 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql @@ -17,6 +17,6 @@ import LdapInjectionLib import LdapInjectionFlow::PathGraph from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink -where LdapInjectionFlow::hasFlowPath(source, sink) +where LdapInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll b/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll index d682e4902d8..d6ca8b1169d 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll @@ -17,4 +17,4 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig { } } -module LdapInjectionFlow = TaintTracking::Make; +module LdapInjectionFlow = TaintTracking::Global; diff --git a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql index aab75a8d368..3255ac99bd6 100644 --- a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +++ b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql @@ -15,5 +15,5 @@ import semmle.code.java.security.ArbitraryApkInstallationQuery import ApkInstallationFlow::PathGraph from ApkInstallationFlow::PathNode source, ApkInstallationFlow::PathNode sink -where ApkInstallationFlow::hasFlowPath(source, sink) +where ApkInstallationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Arbitrary Android APK installation." diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql index c3a991ddcd5..5e957f23793 100644 --- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql @@ -61,7 +61,7 @@ module BeanValidationConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink } } -module BeanValidationFlow = TaintTracking::Make; +module BeanValidationFlow = TaintTracking::Global; import BeanValidationFlow::PathGraph @@ -80,6 +80,6 @@ where or exists(SetMessageInterpolatorCall c | not c.isSafe()) ) and - BeanValidationFlow::hasFlowPath(source, sink) + BeanValidationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Custom constraint error message contains an unsanitized $@.", source, "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql index b1682dd5774..4fef0a620cd 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql @@ -42,12 +42,12 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig { } } -module ResponseSplitting = TaintTracking::Make; +module ResponseSplitting = TaintTracking::Global; import ResponseSplitting::PathGraph from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink -where ResponseSplitting::hasFlowPath(source, sink) +where ResponseSplitting::flowPath(source, sink) select sink.getNode(), source, sink, "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql index 321f5659e27..402ad1ba1bc 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql @@ -26,12 +26,12 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig { } } -module ResponseSplitting = TaintTracking::Make; +module ResponseSplitting = TaintTracking::Global; import ResponseSplitting::PathGraph from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink -where ResponseSplitting::hasFlowPath(source, sink) +where ResponseSplitting::flowPath(source, sink) select sink.getNode(), source, sink, "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql index 61c1db901b0..dd4ffb6a10a 100644 --- a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +++ b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.LogInjectionQuery import LogInjectionFlow::PathGraph from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink -where LogInjectionFlow::hasFlowPath(source, sink) +where LogInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql index c723e7d7067..703bb23b6f5 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql @@ -23,7 +23,7 @@ private module ImproperValidationOfArrayConstructionConfig implements DataFlow:: } module ImproperValidationOfArrayConstructionFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayConstructionFlow::PathGraph @@ -34,7 +34,7 @@ from where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and - ImproperValidationOfArrayConstructionFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayConstructionFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql index a4335eeb2fe..8541074c493 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql @@ -27,7 +27,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig { } } -module BoundedFlowSourceFlow = DataFlow::Make; +module BoundedFlowSourceFlow = DataFlow::Global; import BoundedFlowSourceFlow::PathGraph @@ -39,7 +39,7 @@ where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and boundedsource = source.getNode() and - BoundedFlowSourceFlow::hasFlowPath(source, sink) + BoundedFlowSourceFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using $@ which may be zero.", arrayCreation, "array", boundedsource, boundedsource.getDescription().toLowerCase() diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql index a1d13c3d8db..f5539e4d05b 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql @@ -24,7 +24,7 @@ module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::Con } module ImproperValidationOfArrayConstructionLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayConstructionLocalFlow::PathGraph @@ -35,7 +35,7 @@ from where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and - ImproperValidationOfArrayConstructionLocalFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayConstructionLocalFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql index 70b23e058a5..6c6755dc484 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql @@ -25,7 +25,7 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig { } module ImproperValidationOfArrayIndexFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayIndexFlow::PathGraph @@ -34,7 +34,7 @@ from ImproperValidationOfArrayIndexFlow::PathNode sink, CheckableArrayAccess arrayAccess where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and - ImproperValidationOfArrayIndexFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayIndexFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql index fd07e39b6ba..d2f8f6135a9 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql @@ -24,7 +24,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig { } } -module BoundedFlowSourceFlow = DataFlow::Make; +module BoundedFlowSourceFlow = DataFlow::Global; import BoundedFlowSourceFlow::PathGraph @@ -34,7 +34,7 @@ from where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and boundedsource = source.getNode() and - BoundedFlowSourceFlow::hasFlowPath(source, sink) and + BoundedFlowSourceFlow::flowPath(source, sink) and boundedsource != sink.getNode() and not ( ( diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql index d57df422287..51f54eebd79 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql @@ -24,7 +24,7 @@ module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig } module ImproperValidationOfArrayIndexLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayIndexLocalFlow::PathGraph @@ -33,7 +33,7 @@ from ImproperValidationOfArrayIndexLocalFlow::PathNode sink, CheckableArrayAccess arrayAccess where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and - ImproperValidationOfArrayIndexLocalFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayIndexLocalFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql index da5bc5372a4..a2d2e9005ef 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql @@ -27,7 +27,7 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig { } module ExternallyControlledFormatStringFlow = - TaintTracking::Make; + TaintTracking::Global; import ExternallyControlledFormatStringFlow::PathGraph @@ -35,7 +35,7 @@ from ExternallyControlledFormatStringFlow::PathNode source, ExternallyControlledFormatStringFlow::PathNode sink, StringFormat formatCall where - ExternallyControlledFormatStringFlow::hasFlowPath(source, sink) and + ExternallyControlledFormatStringFlow::flowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql index 0300eaea806..56026c61cfa 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql @@ -23,7 +23,7 @@ module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSi } module ExternallyControlledFormatStringLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ExternallyControlledFormatStringLocalFlow::PathGraph @@ -31,7 +31,7 @@ from ExternallyControlledFormatStringLocalFlow::PathNode source, ExternallyControlledFormatStringLocalFlow::PathNode sink, StringFormat formatCall where - ExternallyControlledFormatStringLocalFlow::hasFlowPath(source, sink) and + ExternallyControlledFormatStringLocalFlow::flowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index c4294e92ef0..81e572e4c4e 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -32,9 +32,9 @@ module RemoteUserInputUnderflowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } } -module RemoteUserInputOverflow = TaintTracking::Make; +module RemoteUserInputOverflow = TaintTracking::Global; -module RemoteUserInputUnderflow = TaintTracking::Make; +module RemoteUserInputUnderflow = TaintTracking::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::Global; module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } @@ -36,7 +36,7 @@ module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { } module ArithmeticTaintedLocalUnderflowFlow = - TaintTracking::Make; + TaintTracking::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::Global; module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof TaintSource } @@ -44,7 +44,7 @@ module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig { } module ArithmeticUncontrolledUnderflowFlow = - TaintTracking::Make; + TaintTracking::Global; module Flow = DataFlow::MergePathGraph; +module MaxValueFlow = DataFlow::Global; module MinValueFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { @@ -59,7 +59,7 @@ module MinValueFlowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } } -module MinValueFlow = DataFlow::Make; +module MinValueFlow = DataFlow::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::GlobalWithState; from Expr e where @@ -116,7 +116,7 @@ where // implicit: no setAllowContentAccess(false) exists(WebViewSource source | source.asExpr() = e and - not WebViewDisallowContentAccessFlow::hasFlow(source, _) + not WebViewDisallowContentAccessFlow::flow(source, _) ) select e, "Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView." diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql index 6d99eba59c2..400d7159b9a 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql @@ -133,7 +133,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof FileCreationSink and - not TempDirSystemGetPropertyDirectlyToMkdir::hasFlowTo(sink) + not TempDirSystemGetPropertyDirectlyToMkdir::flowTo(sink) } predicate isBarrier(DataFlow::Node sanitizer) { @@ -146,7 +146,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig { } module TempDirSystemGetPropertyToCreate = - TaintTracking::Make; + TaintTracking::Global; /** * Configuration that tracks calls to to `mkdir` or `mkdirs` that are are directly on the temp directory system property. @@ -179,7 +179,7 @@ module TempDirSystemGetPropertyDirectlyToMkdirConfig implements DataFlow::Config } module TempDirSystemGetPropertyDirectlyToMkdir = - TaintTracking::Make; + TaintTracking::Global; // // Begin configuration for tracking single-method calls that are vulnerable. @@ -270,7 +270,7 @@ import Flow::PathGraph from Flow::PathNode source, Flow::PathNode sink, string message where ( - TempDirSystemGetPropertyToCreate::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and + TempDirSystemGetPropertyToCreate::flowPath(source.asPathNode1(), sink.asPathNode1()) and message = "Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users." or diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql index be5d3dad848..0a40c11dfe9 100644 --- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql @@ -42,7 +42,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlowConfig implements DataFlow: } module ServletWriterSourceToPrintStackTraceMethodFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A call that uses `Throwable.printStackTrace()` on a stream that is connected @@ -51,7 +51,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlow = predicate printsStackToWriter(MethodAccess call) { exists(PrintStackTraceMethod printStackTrace | call.getMethod() = printStackTrace and - ServletWriterSourceToPrintStackTraceMethodFlow::hasFlowToExpr(call.getAnArgument()) + ServletWriterSourceToPrintStackTraceMethodFlow::flowToExpr(call.getAnArgument()) ) } @@ -87,7 +87,7 @@ module StackTraceStringToHttpResponseSinkFlowConfig implements DataFlow::ConfigS } module StackTraceStringToHttpResponseSinkFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A write of stack trace data to an external stream. @@ -104,7 +104,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) { predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) { exists(MethodAccess stackTraceString | stackTraceExpr(stackTrace, stackTraceString) and - StackTraceStringToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(stackTraceString), + StackTraceStringToHttpResponseSinkFlow::flow(DataFlow::exprNode(stackTraceString), externalExpr) ) } @@ -127,13 +127,13 @@ module GetMessageFlowSourceToHttpResponseSinkFlowConfig implements DataFlow::Con } module GetMessageFlowSourceToHttpResponseSinkFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A call to `getMessage()` that then flows to a servlet response. */ predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) { - GetMessageFlowSourceToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(getMessage), externalExpr) + GetMessageFlowSourceToHttpResponseSinkFlow::flow(DataFlow::exprNode(getMessage), externalExpr) } from Expr externalExpr, Expr errorInformation diff --git a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql index 281415a0d91..d79abd6e417 100644 --- a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +++ b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql @@ -20,7 +20,7 @@ import IntentUriPermissionManipulationFlow::PathGraph from IntentUriPermissionManipulationFlow::PathNode source, IntentUriPermissionManipulationFlow::PathNode sink -where IntentUriPermissionManipulationFlow::hasFlowPath(source, sink) +where IntentUriPermissionManipulationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This Intent can be set with arbitrary flags from a $@, " + "and used to give access to internal content providers.", source.getNode(), diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql index f6663b8e87d..4bea66796b8 100644 --- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql @@ -77,7 +77,7 @@ module TrustAllHostnameVerifierConfig implements DataFlow::ConfigSig { } } -module TrustAllHostnameVerifierFlow = DataFlow::Make; +module TrustAllHostnameVerifierFlow = DataFlow::Global; import TrustAllHostnameVerifierFlow::PathGraph @@ -118,7 +118,7 @@ from TrustAllHostnameVerifierFlow::PathNode source, TrustAllHostnameVerifierFlow::PathNode sink, RefType verifier where - TrustAllHostnameVerifierFlow::hasFlowPath(source, sink) and + TrustAllHostnameVerifierFlow::flowPath(source, sink) and not isNodeGuardedByFlag(sink.getNode()) and verifier = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType() select sink, source, sink, diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index ec7ffcbccc1..a423eed3d22 100644 --- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -38,7 +38,7 @@ module InsecureCryptoConfig implements ConfigSig { } } -module InsecureCryptoFlow = TaintTracking::Make; +module InsecureCryptoFlow = TaintTracking::Global; import InsecureCryptoFlow::PathGraph @@ -48,6 +48,6 @@ from where sink.getNode().asExpr() = c.getAlgoSpec() and source.getNode().asExpr() = s and - InsecureCryptoFlow::hasFlowPath(source, sink) + InsecureCryptoFlow::flowPath(source, sink) select c, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", s, s.getValue() diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql index 47446211438..b5f14421894 100644 --- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql @@ -61,7 +61,7 @@ module InsecureCryptoConfig implements ConfigSig { } } -module InsecureCryptoFlow = TaintTracking::Make; +module InsecureCryptoFlow = TaintTracking::Global; import InsecureCryptoFlow::PathGraph @@ -71,7 +71,7 @@ from where sink.getNode().asExpr() = c.getAlgoSpec() and source.getNode().asExpr() = s and - InsecureCryptoFlow::hasFlowPath(source, sink) + InsecureCryptoFlow::flowPath(source, sink) select c, source, sink, "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", s, s.getValue() diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql index ce90cc5e00f..4a8c9bc3ad1 100644 --- a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql @@ -17,7 +17,7 @@ import semmle.code.java.security.UnsafeContentUriResolutionQuery import UnsafeContentResolutionFlow::PathGraph from UnsafeContentResolutionFlow::PathNode src, UnsafeContentResolutionFlow::PathNode sink -where UnsafeContentResolutionFlow::hasFlowPath(src, sink) +where UnsafeContentResolutionFlow::flowPath(src, sink) select sink.getNode(), src, sink, "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql index 5ffa7068980..6ff9a15eca4 100644 --- a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +++ b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql @@ -16,7 +16,7 @@ import semmle.code.java.security.FragmentInjectionQuery import FragmentInjectionTaintFlow::PathGraph from FragmentInjectionTaintFlow::PathNode source, FragmentInjectionTaintFlow::PathNode sink -where FragmentInjectionTaintFlow::hasFlowPath(source, sink) +where FragmentInjectionTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Fragment depends on a $@, which may allow a malicious application to bypass access controls.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql index a884ba6c242..9b306bc1bd1 100644 --- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.SensitiveLoggingQuery import SensitiveLoggerFlow::PathGraph from SensitiveLoggerFlow::PathNode source, SensitiveLoggerFlow::PathNode sink -where SensitiveLoggerFlow::hasFlowPath(source, sink) +where SensitiveLoggerFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This $@ is written to a log file.", source.getNode(), "potentially sensitive information" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql index cf9393830b0..78c9c86c762 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql @@ -21,11 +21,11 @@ module UrlRedirectConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } } -module UrlRedirectFlow = TaintTracking::Make; +module UrlRedirectFlow = TaintTracking::Global; import UrlRedirectFlow::PathGraph from UrlRedirectFlow::PathNode source, UrlRedirectFlow::PathNode sink -where UrlRedirectFlow::hasFlowPath(source, sink) +where UrlRedirectFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql index de44173ec57..d8a28f52abb 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql @@ -21,11 +21,11 @@ module UrlRedirectLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } } -module UrlRedirectLocalFlow = TaintTracking::Make; +module UrlRedirectLocalFlow = TaintTracking::Global; import UrlRedirectLocalFlow::PathGraph from UrlRedirectLocalFlow::PathNode source, UrlRedirectLocalFlow::PathNode sink -where UrlRedirectLocalFlow::hasFlowPath(source, sink) +where UrlRedirectLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql index 708d4f08ee7..5520d332ed6 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql @@ -19,7 +19,7 @@ import semmle.code.java.security.XxeRemoteQuery import XxeFlow::PathGraph from XxeFlow::PathNode source, XxeFlow::PathNode sink -where XxeFlow::hasFlowPath(source, sink) +where XxeFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql index 0ab4ddcc106..5e306a65349 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql @@ -19,7 +19,7 @@ import semmle.code.java.security.XxeLocalQuery import XxeLocalFlow::PathGraph from XxeLocalFlow::PathNode source, XxeLocalFlow::PathNode sink -where XxeLocalFlow::hasFlowPath(source, sink) +where XxeLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql index 807ef383dee..0d24e9315c1 100644 --- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql @@ -47,10 +47,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig { } } -module SecureCookieFlow = DataFlow::Make; +module SecureCookieFlow = DataFlow::Global; from MethodAccess add where add.getMethod() instanceof ResponseAddCookieMethod and - not SecureCookieFlow::hasFlowToExpr(add.getArgument(0)) + not SecureCookieFlow::flowToExpr(add.getArgument(0)) select add, "Cookie is added to response without the 'secure' flag being set." diff --git a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql index eacebd3f098..18a4d76873b 100644 --- a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +++ b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql @@ -22,11 +22,11 @@ module XPathInjectionConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } } -module XPathInjectionFlow = TaintTracking::Make; +module XPathInjectionFlow = TaintTracking::Global; import XPathInjectionFlow::PathGraph from XPathInjectionFlow::PathNode source, XPathInjectionFlow::PathNode sink -where XPathInjectionFlow::hasFlowPath(source, sink) +where XPathInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql index 3caefe3fd09..3194e0f8e7b 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql @@ -34,14 +34,14 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { } } -module NumericCastFlow = TaintTracking::Make; +module NumericCastFlow = TaintTracking::Global; import NumericCastFlow::PathGraph from NumericCastFlow::PathNode source, NumericCastFlow::PathNode sink, NumericNarrowingCastExpr exp where sink.getNode().asExpr() = exp.getExpr() and - NumericCastFlow::hasFlowPath(source, sink) + NumericCastFlow::flowPath(source, sink) select exp, source, sink, "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql index 41757ab419a..b9224769562 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql @@ -32,7 +32,7 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { } } -module NumericCastFlow = TaintTracking::Make; +module NumericCastFlow = TaintTracking::Global; import NumericCastFlow::PathGraph @@ -42,7 +42,7 @@ from where exp.getExpr() = tainted and sink.getNode().asExpr() = tainted and - NumericCastFlow::hasFlowPath(source, sink) and + NumericCastFlow::flowPath(source, sink) and not exists(RightShiftOp e | e.getShiftedVariable() = tainted.getVariable()) select exp, source, sink, "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql index 8a1244b93d1..2ba45ca083c 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql @@ -21,7 +21,7 @@ from PolynomialRedosFlow::PathNode source, PolynomialRedosFlow::PathNode sink, SuperlinearBackTracking::PolynomialBackTrackingTerm regexp where - PolynomialRedosFlow::hasFlowPath(source, sink) and + PolynomialRedosFlow::flowPath(source, sink) and regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp() select sink, source, sink, "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() + diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index a2475202dd8..2191a4a7401 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -15,6 +15,6 @@ import semmle.code.java.security.RsaWithoutOaepQuery import RsaWithoutOaepFlow::PathGraph from RsaWithoutOaepFlow::PathNode source, RsaWithoutOaepFlow::PathNode sink -where RsaWithoutOaepFlow::hasFlowPath(source, sink) +where RsaWithoutOaepFlow::flowPath(source, sink) select source, source, sink, "This specification is used to $@ without OAEP padding.", sink, "initialize an RSA cipher" diff --git a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql index bb48958443f..8debae02267 100644 --- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql @@ -60,7 +60,7 @@ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig { } } -module TaintedPermissionsCheckFlow = TaintTracking::Make; +module TaintedPermissionsCheckFlow = TaintTracking::Global; import TaintedPermissionsCheckFlow::PathGraph @@ -68,6 +68,6 @@ from TaintedPermissionsCheckFlow::PathNode source, TaintedPermissionsCheckFlow::PathNode sink, PermissionsConstruction p where - sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::hasFlowPath(source, sink) + sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::flowPath(source, sink) select p, source, sink, "Permissions check depends on a $@.", source.getNode(), "user-controlled value" diff --git a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql index c3455dc4beb..570a7af54cc 100644 --- a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +++ b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.RequestForgeryConfig import RequestForgeryFlow::PathGraph from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink -where RequestForgeryFlow::hasFlowPath(source, sink) +where RequestForgeryFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Potential server-side request forgery due to a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql index 59a7d827cf6..576927b1d72 100644 --- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.AndroidSensitiveCommunicationQuery import SensitiveCommunicationFlow::PathGraph from SensitiveCommunicationFlow::PathNode source, SensitiveCommunicationFlow::PathNode sink -where SensitiveCommunicationFlow::hasFlowPath(source, sink) +where SensitiveCommunicationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This call may leak $@.", source.getNode(), "sensitive information" diff --git a/java/ql/test/TestUtilities/InlineFlowTest.qll b/java/ql/test/TestUtilities/InlineFlowTest.qll index bd4ef924da2..efc5a6fab2b 100644 --- a/java/ql/test/TestUtilities/InlineFlowTest.qll +++ b/java/ql/test/TestUtilities/InlineFlowTest.qll @@ -57,9 +57,9 @@ module DefaultFlowConfig implements DataFlow::ConfigSig { int fieldFlowBranchLimit() { result = 1000 } } -private module DefaultValueFlow = DataFlow::Make; +private module DefaultValueFlow = DataFlow::Global; -private module DefaultTaintFlow = TaintTracking::Make; +private module DefaultTaintFlow = TaintTracking::Global; class DefaultValueFlowConf extends DataFlow::Configuration { DefaultValueFlowConf() { this = "qltest:defaultValueFlowConf" } @@ -118,13 +118,13 @@ class InlineFlowTest extends InlineExpectationsTest { predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { if exists(EnableLegacyConfiguration e) then getValueFlowConfig().hasFlow(src, sink) - else DefaultValueFlow::hasFlow(src, sink) + else DefaultValueFlow::flow(src, sink) } predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { if exists(EnableLegacyConfiguration e) then getTaintFlowConfig().hasFlow(src, sink) - else DefaultTaintFlow::hasFlow(src, sink) + else DefaultTaintFlow::flow(src, sink) } DataFlow::Configuration getValueFlowConfig() { result = any(DefaultValueFlowConf config) } diff --git a/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql b/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql index a582f5b2456..7635dae3820 100644 --- a/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql +++ b/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql @@ -47,13 +47,13 @@ module Conf4 implements ConfigSig { } predicate flow(Node src, Node sink, string s) { - Make::hasFlow(src, sink) and s = "nobarrier" + Global::flow(src, sink) and s = "nobarrier" or - Make::hasFlow(src, sink) and s = "srcbarrier" + Global::flow(src, sink) and s = "srcbarrier" or - Make::hasFlow(src, sink) and s = "sinkbarrier" + Global::flow(src, sink) and s = "sinkbarrier" or - Make::hasFlow(src, sink) and s = "both" + Global::flow(src, sink) and s = "both" } from Node src, Node sink, string s diff --git a/java/ql/test/library-tests/dataflow/partial/test.ql b/java/ql/test/library-tests/dataflow/partial/test.ql index 399a876e9a9..4b2e5e71ff4 100644 --- a/java/ql/test/library-tests/dataflow/partial/test.ql +++ b/java/ql/test/library-tests/dataflow/partial/test.ql @@ -10,10 +10,10 @@ module Config implements ConfigSig { int explorationLimit() { result = 10 } -module PartialFlow = Make::FlowExploration; +module PartialFlow = Global::FlowExploration; import PartialFlow::PartialPathGraph from PartialFlow::PartialPathNode n, int dist -where PartialFlow::hasPartialFlow(_, n, dist) +where PartialFlow::partialFlow(_, n, dist) select dist, n diff --git a/java/ql/test/library-tests/dataflow/partial/testRev.ql b/java/ql/test/library-tests/dataflow/partial/testRev.ql index c869cb4f915..f3f71d69e3b 100644 --- a/java/ql/test/library-tests/dataflow/partial/testRev.ql +++ b/java/ql/test/library-tests/dataflow/partial/testRev.ql @@ -10,10 +10,10 @@ module Config implements ConfigSig { int explorationLimit() { result = 10 } -module PartialFlow = Make::FlowExploration; +module PartialFlow = Global::FlowExploration; import PartialFlow::PartialPathGraph from PartialFlow::PartialPathNode n, int dist -where PartialFlow::hasPartialFlowRev(n, _, dist) +where PartialFlow::partialFlowRev(n, _, dist) select dist, n diff --git a/java/ql/test/library-tests/dataflow/state/test.ql b/java/ql/test/library-tests/dataflow/state/test.ql index afd7ed9a97e..b82dd95c0b1 100644 --- a/java/ql/test/library-tests/dataflow/state/test.ql +++ b/java/ql/test/library-tests/dataflow/state/test.ql @@ -55,7 +55,7 @@ module Config implements DataFlow::StateConfigSig { int explorationLimit() { result = 0 } -module Flow = TaintTracking::MakeWithState; +module Flow = TaintTracking::GlobalWithState; module PartialFlow = Flow::FlowExploration; @@ -67,7 +67,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "flow" and exists(Flow::PathNode src, Flow::PathNode sink | - Flow::hasFlowPath(src, sink) and + Flow::flowPath(src, sink) and sink.getNode().getLocation() = location and element = sink.toString() and value = src.getState() @@ -75,7 +75,7 @@ class HasFlowTest extends InlineExpectationsTest { or tag = "pFwd" and exists(PartialFlow::PartialPathNode src, PartialFlow::PartialPathNode node | - PartialFlow::hasPartialFlow(src, node, _) and + PartialFlow::partialFlow(src, node, _) and checkNode(node.getNode()) and node.getNode().getLocation() = location and element = node.toString() and @@ -84,7 +84,7 @@ class HasFlowTest extends InlineExpectationsTest { or tag = "pRev" and exists(PartialFlow::PartialPathNode node, PartialFlow::PartialPathNode sink | - PartialFlow::hasPartialFlowRev(node, sink, _) and + PartialFlow::partialFlowRev(node, sink, _) and checkNode(node.getNode()) and node.getNode().getLocation() = location and element = node.toString() and diff --git a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql index 1e40c0a5d25..dd6aec2ebe3 100644 --- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql @@ -10,7 +10,7 @@ class HasApkInstallationTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasApkInstallation" and - exists(DataFlow::Node sink | ApkInstallationFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | ApkInstallationFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql index ba753b0d930..73a41b1bd8e 100644 --- a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql @@ -12,6 +12,6 @@ private class LogInjectionTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - LogInjectionFlow::hasFlow(src, sink) + LogInjectionFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql b/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql index c434dbe413a..d90039cf920 100644 --- a/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql +++ b/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql @@ -6,6 +6,6 @@ class IntentUriPermissionManipulationTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - IntentUriPermissionManipulationFlow::hasFlow(src, sink) + IntentUriPermissionManipulationFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql index 5e2046c6fbf..55c07bbd301 100644 --- a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql +++ b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql @@ -6,6 +6,6 @@ class Test extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - UnsafeContentResolutionFlow::hasFlow(src, sink) + UnsafeContentResolutionFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql b/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql index 22b02c818f5..2771dd3af90 100644 --- a/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql @@ -6,6 +6,6 @@ class Test extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - FragmentInjectionTaintFlow::hasFlow(src, sink) + FragmentInjectionTaintFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql index b868dcabf85..5de153a9e35 100644 --- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql +++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql @@ -4,7 +4,7 @@ import semmle.code.java.security.SensitiveLoggingQuery class HasFlowTest extends InlineFlowTest { override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - SensitiveLoggerFlow::hasFlow(src, sink) + SensitiveLoggerFlow::flow(src, sink) } override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } diff --git a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql index e31d890d908..75af0160def 100644 --- a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql +++ b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql @@ -9,7 +9,7 @@ class HasPolyRedos extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasPolyRedos" and exists(DataFlow::Node sink | - PolynomialRedosFlow::hasFlowTo(sink) and + PolynomialRedosFlow::flowTo(sink) and location = sink.getLocation() and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql index cdfdaea621e..01af77284f0 100644 --- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql @@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - RsaWithoutOaepFlow::hasFlow(src, sink) + RsaWithoutOaepFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql b/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql index b27d81ee073..865e6e8f0d3 100644 --- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql +++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql @@ -10,7 +10,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "SSRF" and exists(DataFlow::Node sink | - RequestForgeryFlow::hasFlowTo(sink) and + RequestForgeryFlow::flowTo(sink) and sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql b/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql index c57c316310d..0f1864398b4 100644 --- a/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql +++ b/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql @@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - SensitiveCommunicationFlow::hasFlow(src, sink) + SensitiveCommunicationFlow::flow(src, sink) } }