Refactor query tests

github · Apr 14, 2023 · 0c2a1bd · 0c2a1bd
1 parent ecfafc5
commit 0c2a1bd
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 29 deletions.
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql b/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql
@@ -1,30 +1,31 @@
 import java
+import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XSS
 import TestUtilities.InlineExpectationsTest
 
-class XssConfig extends TaintTracking::Configuration {
-  XssConfig() { this = "XSSConfig" }
+module XssConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
+  predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer }
 
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(XssAdditionalTaintStep s).step(node1, node2)
   }
 }
 
+module XssFlow = TaintTracking::Global<XssConfig>;
+
 class XssTest extends InlineExpectationsTest {
   XssTest() { this = "XssTest" }
 
   override string getARelevantTag() { result = "xss" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "xss" and
-    exists(DataFlow::Node sink, XssConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | XssFlow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""

diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql b/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql
@@ -3,34 +3,34 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.QueryInjection
 import TestUtilities.InlineExpectationsTest
 
-private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
-  QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) {
+private module QueryInjectionFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) {
     src.asExpr() = any(MethodAccess ma | ma.getMethod().hasName("source"))
   }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof PrimitiveType or
     node.getType() instanceof BoxedType or
     node.getType() instanceof NumberType
   }
 
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
   }
 }
 
+private module QueryInjectionFlow = TaintTracking::Global<QueryInjectionFlowConfig>;
+
 class HasFlowTest extends InlineExpectationsTest {
   HasFlowTest() { this = "HasFlowTest" }
 
   override string getARelevantTag() { result = "sqlInjection" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "sqlInjection" and
-    exists(DataFlow::Node sink, QueryInjectionFlowConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | QueryInjectionFlow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""

diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/taintedString.ql b/java/ql/test/query-tests/security/CWE-089/semmle/examples/taintedString.ql
@@ -1,16 +1,16 @@
 import semmle.code.java.dataflow.FlowSources
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "qltest:cwe-089:taintedString" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof UserInput }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof UserInput }
-
-  override predicate isSink(DataFlow::Node sink) { any() }
+  predicate isSink(DataFlow::Node sink) { any() }
 }
 
-from Conf conf, Expr tainted, Method method
+module Flow = TaintTracking::Global<Config>;
+
+from Expr tainted, Method method
 where
-  conf.hasFlowToExpr(tainted) and
+  Flow::flowToExpr(tainted) and
   tainted.getEnclosingCallable() = method and
   tainted.getFile().getStem() = ["Test", "Validation"]
 select method, tainted.getLocation().getStartLine() - method.getLocation().getStartLine(), tainted
diff --git a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql
@@ -4,22 +4,22 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XPath
 import TestUtilities.InlineExpectationsTest
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "test:xml:xpathinjection" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }
 
+module Flow = TaintTracking::Global<Config>;
+
 class HasXPathInjectionTest extends InlineExpectationsTest {
   HasXPathInjectionTest() { this = "HasXPathInjectionTest" }
 
   override string getARelevantTag() { result = "hasXPathInjection" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasXPathInjection" and
-    exists(DataFlow::Node sink, Conf conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | Flow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""