Rename SimpleScalarSanitizer to SimpleTypeSanitizer

2026-04-24 16:25:15 +02:00 · 2024-01-22 23:55:29 -05:00
parent 696788e5b2
commit fb80c5ea84
28 changed files with 33 additions and 35 deletions
--- a/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
@@ -28,7 +28,7 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node n) { exists(CryptoAlgoSpec c | n.asExpr() = c.getAlgoSpec()) }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 }

 /**
--- a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
@@ -39,7 +39,7 @@ private class DefaultCommandInjectionSink extends CommandInjectionSink {

 private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer {
  DefaultCommandInjectionSanitizer() {
-    this instanceof SimpleScalarSanitizer
+    this instanceof SimpleTypeSanitizer
    or
    isSafeCommandArgument(this.asExpr())
  }
--- a/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll
@@ -13,7 +13,7 @@ module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }

  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
    or
    isSafeCommandArgument(node.asExpr())
  }
--- a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll
@@ -39,7 +39,7 @@ module HttpStringToUrlOpenMethodFlowConfig implements DataFlow::ConfigSig {
    any(HttpUrlsAdditionalTaintStep c).step(node1, node2)
  }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 }

 /**
--- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
@@ -20,7 +20,7 @@ deprecated class JndiInjectionFlowConfig extends TaintTracking::Configuration {
  override predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink }

  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer or
+    node instanceof SimpleTypeSanitizer or
    node instanceof JndiInjectionSanitizer
  }

@@ -38,7 +38,7 @@ module JndiInjectionFlowConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink }

  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer or
+    node instanceof SimpleTypeSanitizer or
    node instanceof JndiInjectionSanitizer
  }

--- a/java/ql/lib/semmle/code/java/security/LdapInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/LdapInjection.qll
@@ -34,8 +34,7 @@ private class DefaultLdapInjectionSink extends LdapInjectionSink {
 }

 /** A sanitizer that clears the taint on (boxed) primitive types. */
-private class DefaultLdapSanitizer extends LdapInjectionSanitizer instanceof SimpleScalarSanitizer {
-}
+private class DefaultLdapSanitizer extends LdapInjectionSanitizer instanceof SimpleTypeSanitizer { }

 /**
 * Holds if `n1` to `n2` is a dataflow step that converts between `String` and `LdapName`,
--- a/java/ql/lib/semmle/code/java/security/LogInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/LogInjection.qll
@@ -31,7 +31,7 @@ private class DefaultLogInjectionSink extends LogInjectionSink {
  DefaultLogInjectionSink() { sinkNode(this, "log-injection") }
 }

-private class DefaultLogInjectionSanitizer extends LogInjectionSanitizer instanceof SimpleScalarSanitizer
+private class DefaultLogInjectionSanitizer extends LogInjectionSanitizer instanceof SimpleTypeSanitizer
 { }

 private class LineBreaksLogInjectionSanitizer extends LogInjectionSanitizer {
--- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll
@@ -34,7 +34,7 @@ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(OgnlInjectionAdditionalTaintStep c).step(node1, node2)
--- a/java/ql/lib/semmle/code/java/security/RequestForgery.qll
+++ b/java/ql/lib/semmle/code/java/security/RequestForgery.qll
@@ -60,8 +60,7 @@ private class DefaultRequestForgerySink extends RequestForgerySink {
 /** A sanitizer for request forgery vulnerabilities. */
 abstract class RequestForgerySanitizer extends DataFlow::Node { }

-private class PrimitiveSanitizer extends RequestForgerySanitizer instanceof SimpleScalarSanitizer {
-}
+private class PrimitiveSanitizer extends RequestForgerySanitizer instanceof SimpleTypeSanitizer { }

 private class HostnameSanitizingPrefix extends InterestingPrefix {
  int offset;
--- a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll
@@ -17,7 +17,7 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }

  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
    or
    exists(MethodCall ma, string methodName, CompileTimeConstantExpr target |
      node.asExpr() = ma and
--- a/java/ql/lib/semmle/code/java/security/Sanitizers.qll
+++ b/java/ql/lib/semmle/code/java/security/Sanitizers.qll
@@ -4,10 +4,10 @@ import java
 private import semmle.code.java.dataflow.DataFlow

 /**
- * A node whose type is a common scalar type, such as primitives or their boxed counterparts.
+ * A node whose type is a simple type unlikely to carry taint, such as primitives or their boxed counterparts.
 */
-class SimpleScalarSanitizer extends DataFlow::Node {
-  SimpleScalarSanitizer() {
+class SimpleTypeSanitizer extends DataFlow::Node {
+  SimpleTypeSanitizer() {
    this.getType() instanceof PrimitiveType or
    this.getType() instanceof BoxedType or
    this.getType() instanceof NumberType
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -56,7 +56,7 @@ module SensitiveLoggerConfig implements DataFlow::ConfigSig {

  predicate isBarrier(DataFlow::Node sanitizer) {
    sanitizer.asExpr() instanceof LiveLiteral or
-    sanitizer instanceof SimpleScalarSanitizer or
+    sanitizer instanceof SimpleTypeSanitizer or
    sanitizer.getType() instanceof TypeType
  }

--- a/java/ql/lib/semmle/code/java/security/SqlConcatenatedQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SqlConcatenatedQuery.qll
@@ -23,7 +23,7 @@ module UncontrolledStringBuilderSourceFlowConfig implements DataFlow::ConfigSig

  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 }

 /**
--- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
@@ -42,7 +42,7 @@ module QueryInjectionFlowConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
--- a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
@@ -17,7 +17,7 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
--- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll
@@ -58,7 +58,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") }

  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof SimpleScalarSanitizer or
+    sanitizer instanceof SimpleTypeSanitizer or
    sanitizer instanceof PathInjectionSanitizer
  }

@@ -79,7 +79,7 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") }

  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof SimpleScalarSanitizer or
+    sanitizer instanceof SimpleTypeSanitizer or
    sanitizer instanceof PathInjectionSanitizer
  }

--- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll
@@ -90,5 +90,5 @@ private class DefaultTemplateInjectionSink extends TemplateInjectionSink {
  DefaultTemplateInjectionSink() { sinkNode(this, "template-injection") }
 }

-private class DefaultTemplateInjectionSanitizer extends TemplateInjectionSanitizer instanceof SimpleScalarSanitizer
+private class DefaultTemplateInjectionSanitizer extends TemplateInjectionSanitizer instanceof SimpleTypeSanitizer
 { }
--- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
@@ -58,7 +58,7 @@ module TrustBoundaryConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) {
    node instanceof TrustBoundaryValidationSanitizer or
    node.getType() instanceof HttpServletSession or
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
  }

  predicate isSink(DataFlow::Node sink) { sink instanceof TrustBoundaryViolationSink }
--- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll
@@ -43,7 +43,7 @@ private class UriOpeningContentResolverMethod extends Method {
  }
 }

-private class UninterestingTypeSanitizer extends ContentUriResolutionSanitizer instanceof SimpleScalarSanitizer
+private class UninterestingTypeSanitizer extends ContentUriResolutionSanitizer instanceof SimpleTypeSanitizer
 { }

 private class PathSanitizer extends ContentUriResolutionSanitizer instanceof PathInjectionSanitizer {
--- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll
@@ -36,7 +36,7 @@ module XsltInjectionFlowConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) { sink instanceof XsltInjectionSink }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(XsltInjectionAdditionalTaintStep c).step(node1, node2)
--- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
@@ -76,7 +76,7 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig {
  }

  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer or
+    node instanceof SimpleTypeSanitizer or
    node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod
  }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
@@ -34,7 +34,7 @@ class Log4jInjectionSink extends DataFlow::Node {
 /**
 * A node that sanitizes a message before logging to avoid log injection.
 */
-class Log4jInjectionSanitizer extends DataFlow::Node instanceof SimpleScalarSanitizer { }
+class Log4jInjectionSanitizer extends DataFlow::Node instanceof SimpleTypeSanitizer { }

 /**
 * A taint-tracking configuration for tracking untrusted user input used in log entries.
--- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
@@ -57,7 +57,7 @@ module InjectFilePathConfig implements DataFlow::ConfigSig {
  }

  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
    or
    node instanceof PathInjectionSanitizer
  }
--- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
@@ -21,7 +21,7 @@ module ExecCmdFlowConfig implements DataFlow::ConfigSig {
    node instanceof AssignToNonZeroIndex or
    node instanceof ArrayInitAtNonZeroIndex or
    node instanceof StreamConcatAtNonZeroIndex or
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
  }
 }

@@ -41,7 +41,7 @@ module ExecUserFlowConfig implements DataFlow::ConfigSig {
    )
  }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 }

 /** Tracks flow of unvalidated user input that is used in Runtime.Exec */
--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
@@ -25,7 +25,7 @@ private module MyBatisAnnotationSqlInjectionConfig implements DataFlow::ConfigSi

  predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisAnnotatedMethodCallArgument }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    exists(MethodCall ma |
--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
@@ -25,7 +25,7 @@ private module MyBatisMapperXmlSqlInjectionConfig implements DataFlow::ConfigSig

  predicate isSink(DataFlow::Node sink) { sink instanceof MyBatisMapperMethodCallAnArgument }

-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleScalarSanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }

  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    exists(MethodCall ma |
--- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
@@ -39,7 +39,7 @@ module ClientSuppliedIpUsedInSecurityCheckConfig implements DataFlow::ConfigSig
      not aa.getIndexExpr().(CompileTimeConstantExpr).getIntValue() = 0
    )
    or
-    node instanceof SimpleScalarSanitizer
+    node instanceof SimpleTypeSanitizer
  }
 }

--- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
@@ -129,7 +129,7 @@ private class SpringModelAndViewSink extends UnsafeUrlForwardSink {
  }
 }

-private class PrimitiveSanitizer extends UnsafeUrlForwardSanitizer instanceof SimpleScalarSanitizer {
+private class PrimitiveSanitizer extends UnsafeUrlForwardSanitizer instanceof SimpleTypeSanitizer {
 }

 private class SanitizingPrefix extends InterestingPrefix {