Expand handling of generic artifact sources

java/ql/lib/experimental/Quantum/JCA.qll

@@ -125,16 +125,10 @@ module JCAModel {
     }
   }
 
-  class CipherUpdateCall extends MethodCall {
-    CipherUpdateCall() { this.getMethod().hasQualifiedName("javax.crypto", "Cipher", "update") }
-
-    DataFlow::Node getInputData() { result.asExpr() = this.getArgument(0) }
-  }
-
   private newtype TCipherModeFlowState =
     TUninitializedCipherModeFlowState() or
     TInitializedCipherModeFlowState(CipherInitCall call) or
-    TUsedCipherModeFlowState(CipherInitCall init, CipherUpdateCall update)
+    TUsedCipherModeFlowState(CipherInitCall init)
 
   abstract private class CipherModeFlowState extends TCipherModeFlowState {
     string toString() {

java/ql/lib/experimental/Quantum/Language.qll

@@ -3,6 +3,7 @@ private import java as Language
 private import semmle.code.java.security.InsecureRandomnessQuery
 private import semmle.code.java.security.RandomQuery
 private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.FlowSources
 
 private class UnknownLocation extends Language::Location {
   UnknownLocation() { this.getFile().getAbsolutePath() = "" }
@@ -31,6 +32,25 @@ module CryptoInput implements InputSig<Language::Location> {
  */
 module Crypto = CryptographyBase<Language::Location, CryptoInput>;
 
+/**
+ * Definitions of various generic data sources
+ */
+final class DefaultFlowSource = SourceNode;
+
+final class DefaultRemoteFlowSource = RemoteFlowSource;
+
+class GenericLocalDataSource extends Crypto::GenericRemoteDataSource {
+  GenericLocalDataSource() {
+    any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
+  }
+
+  override DataFlow::Node asOutputData() { result.asExpr() = this }
+
+  override predicate flowsTo(Crypto::ArtifactLocatableElement other) {
+    DataSourceToArtifactFlow::flow(this.asOutputData(), other.getInput())
+  }
+}
+
 /**
  * Random number generation, where each instance is modelled as the expression
  * tied to an output node (i.e., the result of the source of randomness)
@@ -70,5 +90,20 @@ module RNGToArtifactFlowConfig implements DataFlow::ConfigSig {
 
 module RNGToArtifactFlow = DataFlow::Global<RNGToArtifactFlowConfig>;
 
+/**
+ * Generic data source to artifact flow configuration
+ */
+module DataSourceToArtifactFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::GenericDataSourceInstance i).asOutputData()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink = any(Crypto::ArtifactLocatableElement other).getInput()
+  }
+}
+
+module DataSourceToArtifactFlow = DataFlow::Global<DataSourceToArtifactFlowConfig>;
+
 // Import library-specific modeling
 import JCA

java/ql/src/experimental/Quantum/TestCipher.ql

@@ -13,4 +13,4 @@ where
   p = a.getPadding() and
   nonce = op.getNonce()
 select op, op.getCipherOperationMode(), a, a.getRawAlgorithmName(), m, m.getRawAlgorithmName(), p,
-  p.getRawAlgorithmName(), nonce, nonce.getInputData()
+  p.getRawAlgorithmName(), nonce