diff --git a/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql b/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql index f30061c4f592..269d55bd3e7f 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/extensionMethod/test.ql @@ -1,18 +1,16 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:extension-method" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("taint") } - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql index 1b0dc06d7b7d..269d55bd3e7f 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql @@ -1,18 +1,16 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:foreach-array-iterator" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("taint") } - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/func/test.ql b/java/ql/test/kotlin/library-tests/dataflow/func/test.ql index d9753998114d..671c27dd6846 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/func/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/func/test.ql @@ -1,18 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:lambdaFlow" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql index 36fae98724c6..671c27dd6846 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ql @@ -1,18 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:notNullExprFlow" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/stmtexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/stmtexpr/test.ql index dbda8992f34c..c0420a73fd60 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/stmtexpr/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/stmtexpr/test.ql @@ -1,18 +1,16 @@ import java import semmle.code.java.dataflow.DataFlow -class Conf extends DataFlow::Configuration { - Conf() { this = "qltest:exprStmtFlow" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(ClassInstanceExpr).getType().(RefType).getASupertype*().hasName("Source") } - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql b/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql index ec65598757f5..671c27dd6846 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql @@ -1,18 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "kttaintconf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql index 36fae98724c6..671c27dd6846 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql +++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql @@ -1,18 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:notNullExprFlow" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql b/java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql index aeb2c5d5bbc2..7d42aebe7fb8 100644 --- a/java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql +++ b/java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql @@ -1,20 +1,20 @@ import java import semmle.code.java.dataflow.DataFlow -class Config extends DataFlow::Configuration { - Config() { this = "Config" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(StringLiteral).getValue() = "Source" } - override predicate isSource(DataFlow::Node n) { n.asExpr().(StringLiteral).getValue() = "Source" } - - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().getName() = "sink" } } +module Flow = DataFlow::Global; + query predicate isFinalField(Field f) { exists(FieldDeclaration f2 | f = f2.getAField()) and f.isFinal() } from DataFlow::Node source, DataFlow::Node sink -where any(Config c).hasFlow(source, sink) +where Flow::flow(source, sink) select source, sink diff --git a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql index 05bdca7b7c98..34ab6146dc15 100644 --- a/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql +++ b/java/ql/test/kotlin/library-tests/jvmoverloads_flow/test.ql @@ -1,18 +1,18 @@ import java import semmle.code.java.dataflow.DataFlow -class Config extends DataFlow::Configuration { - Config() { this = "config" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getCallee().getName() = "source" } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().getName() = "sink" } } -from Config c, DataFlow::Node source, DataFlow::Node sink -where c.hasFlow(source, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node source, DataFlow::Node sink +where Flow::flow(source, sink) select source, sink, source.getEnclosingCallable() diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql index 28151ecdc856..da0fc33464bd 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/flowTest.ql @@ -12,21 +12,21 @@ class ShouldBeSunk extends StringLiteral { } } -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr() instanceof ShouldBeSunk or n.asExpr() instanceof ShouldNotBeSunk } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().getName() = "sink" } } +module Flow = DataFlow::Global; + predicate isSunk(StringLiteral sl) { - exists(Config c, DataFlow::Node source | c.hasFlow(source, _) and sl = source.asExpr()) + exists(DataFlow::Node source | Flow::flow(source, _) and sl = source.asExpr()) } query predicate shouldBeSunkButIsnt(ShouldBeSunk src) { not isSunk(src) } diff --git a/java/ql/test/kotlin/library-tests/super-method-calls/test.ql b/java/ql/test/kotlin/library-tests/super-method-calls/test.ql index 9a628624c91a..c1903d219962 100644 --- a/java/ql/test/kotlin/library-tests/super-method-calls/test.ql +++ b/java/ql/test/kotlin/library-tests/super-method-calls/test.ql @@ -1,18 +1,18 @@ import java import semmle.code.java.dataflow.DataFlow -class Config extends DataFlow::Configuration { - Config() { this = "abc" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().getName() = "source" } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().getName() = "sink" } } -from Config c, DataFlow::Node n1, DataFlow::Node n2 -where c.hasFlow(n1, n2) +module Flow = DataFlow::Global; + +from DataFlow::Node n1, DataFlow::Node n2 +where Flow::flow(n1, n2) select n1, n2 diff --git a/java/ql/test/kotlin/library-tests/vararg/dataflow.ql b/java/ql/test/kotlin/library-tests/vararg/dataflow.ql index c4e60e6115d2..b898bfb3aff2 100644 --- a/java/ql/test/kotlin/library-tests/vararg/dataflow.ql +++ b/java/ql/test/kotlin/library-tests/vararg/dataflow.ql @@ -1,18 +1,18 @@ import java import semmle.code.java.dataflow.DataFlow -class Config extends DataFlow::Configuration { - Config() { this = "varargs-dataflow-test" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(CompileTimeConstantExpr).getEnclosingCallable().fromSource() } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { n.asExpr() = any(MethodAccess ma | ma.getMethod().getName() = "sink").getAnArgument() } } -from DataFlow::Node source, DataFlow::Node sink, Config c -where c.hasFlow(source, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node source, DataFlow::Node sink +where Flow::flow(source, sink) select source, sink diff --git a/java/ql/test/library-tests/dataflow/call-sensitivity/flow.ql b/java/ql/test/library-tests/dataflow/call-sensitivity/flow.ql index b4e9d3cb3534..155280c415a4 100644 --- a/java/ql/test/library-tests/dataflow/call-sensitivity/flow.ql +++ b/java/ql/test/library-tests/dataflow/call-sensitivity/flow.ql @@ -4,14 +4,12 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow::PathGraph +import Flow::PathGraph -class Conf extends DataFlow::Configuration { - Conf() { this = "CallSensitiveFlowConf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassInstanceExpr } - override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassInstanceExpr } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | ma.getMethod().hasName("sink") and ma.getAnArgument() = sink.asExpr() @@ -19,6 +17,8 @@ class Conf extends DataFlow::Configuration { } } -from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf -where conf.hasFlowPath(source, sink) +module Flow = DataFlow::Global; + +from Flow::PathNode source, Flow::PathNode sink +where Flow::flowPath(source, sink) select source, source, sink, "$@", sink, sink.toString() diff --git a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql index cadd07c6f41a..131d0a5706d7 100644 --- a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql +++ b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ql @@ -2,18 +2,16 @@ import java import semmle.code.java.dataflow.DataFlow import TestUtilities.InlineExpectationsTest -class Conf extends DataFlow::Configuration { - Conf() { this = "qltest:callback-dispatch" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("source") - } - - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } } +module Flow = DataFlow::Global; + class HasFlowTest extends InlineExpectationsTest { HasFlowTest() { this = "HasFlowTest" } @@ -21,7 +19,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "flow" and - exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) | + exists(DataFlow::Node src, DataFlow::Node sink | Flow::flow(src, sink) | sink.getLocation() = location and element = sink.toString() and value = src.asExpr().(MethodAccess).getAnArgument().toString() diff --git a/java/ql/test/library-tests/dataflow/capture/test.ql b/java/ql/test/library-tests/dataflow/capture/test.ql index 989094c520dd..448bb0305835 100644 --- a/java/ql/test/library-tests/dataflow/capture/test.ql +++ b/java/ql/test/library-tests/dataflow/capture/test.ql @@ -1,17 +1,16 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow StringLiteral src() { result.getCompilationUnit().fromSource() } -class Conf extends Configuration { - Conf() { this = "qq capture" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr() = src() } - override predicate isSource(Node n) { n.asExpr() = src() } - - override predicate isSink(Node n) { any() } + predicate isSink(DataFlow::Node n) { any() } } -from Node src, Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/collections/flow.ql b/java/ql/test/library-tests/dataflow/collections/flow.ql index e485725250dc..a1dbcd7b38be 100644 --- a/java/ql/test/library-tests/dataflow/collections/flow.ql +++ b/java/ql/test/library-tests/dataflow/collections/flow.ql @@ -1,10 +1,8 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "conf" } - - override predicate isSource(DataFlow::Node src) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { ( src.asExpr().(VarAccess).getVariable().hasName("tainted") or @@ -14,7 +12,7 @@ class Conf extends TaintTracking::Configuration { ) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | sink.asExpr() = ma.getAnArgument() and ma.getMethod().hasName("sink") @@ -25,6 +23,8 @@ class Conf extends TaintTracking::Configuration { } } -from Conf c, DataFlow::Node src, DataFlow::Node sink -where c.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql index 7f3afb75a2ea..5a0ca1865c15 100644 --- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql +++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql @@ -8,16 +8,16 @@ class TestRemoteFlowSource extends RemoteFlowSource { override string getSourceType() { result = "test" } } -class TaintFlowConf extends TaintTracking::Configuration { - TaintFlowConf() { this = "qltest:dataflow:entrypoint-types-taint" } +module TaintFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } } +module TaintFlow = TaintTracking::Global; + class HasFlowTest extends InlineExpectationsTest { HasFlowTest() { this = "HasFlowTest" } @@ -25,7 +25,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasTaintFlow" and - exists(DataFlow::Node sink, TaintFlowConf conf | conf.hasFlowTo(sink) | + exists(DataFlow::Node sink | TaintFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/library-tests/dataflow/fields/flow.ql b/java/ql/test/library-tests/dataflow/fields/flow.ql index 02a3f7e3adbf..39c5c0273ee3 100644 --- a/java/ql/test/library-tests/dataflow/fields/flow.ql +++ b/java/ql/test/library-tests/dataflow/fields/flow.ql @@ -1,12 +1,10 @@ import java import semmle.code.java.dataflow.DataFlow -class Conf extends DataFlow::Configuration { - Conf() { this = "FieldFlowConf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassInstanceExpr } - override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassInstanceExpr } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | ma.getMethod().hasName("sink") and ma.getAnArgument() = sink.asExpr() @@ -14,6 +12,8 @@ class Conf extends DataFlow::Configuration { } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/lambda/flow.ql b/java/ql/test/library-tests/dataflow/lambda/flow.ql index dc8d1c7d4b08..ea4ad906086a 100644 --- a/java/ql/test/library-tests/dataflow/lambda/flow.ql +++ b/java/ql/test/library-tests/dataflow/lambda/flow.ql @@ -1,16 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest lambda" } - - override predicate isSource(DataFlow::Node src) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr().(VarAccess).getVariable().hasName("args") or src.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall() = any(MethodAccess ma | ma.getMethod().hasName("exec") and @@ -19,6 +17,8 @@ class Conf extends TaintTracking::Configuration { } } -from DataFlow::Node src, DataFlow::Node sink, Conf c -where c.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/local-flow/flow.ql b/java/ql/test/library-tests/dataflow/local-flow/flow.ql index b568a1be73d3..adb3e8d2dc41 100644 --- a/java/ql/test/library-tests/dataflow/local-flow/flow.ql +++ b/java/ql/test/library-tests/dataflow/local-flow/flow.ql @@ -1,14 +1,12 @@ import java import semmle.code.java.dataflow.DataFlow -class Conf extends DataFlow::Configuration { - Conf() { this = "conf" } - - override predicate isSource(DataFlow::Node src) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | sink.asExpr() = ma.getAnArgument() and ma.getMethod().hasName("sink") @@ -16,6 +14,8 @@ class Conf extends DataFlow::Configuration { } } -from Conf c, DataFlow::Node src, DataFlow::Node sink -where c.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/null/testnullflow.ql b/java/ql/test/library-tests/dataflow/null/testnullflow.ql index d0937e9c0f4e..1b6ab960d312 100644 --- a/java/ql/test/library-tests/dataflow/null/testnullflow.ql +++ b/java/ql/test/library-tests/dataflow/null/testnullflow.ql @@ -1,14 +1,14 @@ import java import semmle.code.java.dataflow.DataFlow -class Conf extends DataFlow::Configuration { - Conf() { this = "qqconf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr() instanceof NullLiteral } - override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof NullLiteral } - - override predicate isSink(DataFlow::Node n) { any() } + predicate isSink(DataFlow::Node n) { any() } } -from Conf conf, DataFlow::Node src, DataFlow::Node sink -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/records/test.ql b/java/ql/test/library-tests/dataflow/records/test.ql index 3ce69be095e1..7d1e315efeac 100644 --- a/java/ql/test/library-tests/dataflow/records/test.ql +++ b/java/ql/test/library-tests/dataflow/records/test.ql @@ -1,15 +1,14 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow -class Conf extends Configuration { - Conf() { this = "qqconf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - - override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from Conf conf, Node src, Node sink -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.ql b/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.ql index 2a6f2cc12b8b..c9cb216feea2 100644 --- a/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.ql +++ b/java/ql/test/library-tests/dataflow/switchexpr/switchexprflow.ql @@ -1,15 +1,14 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow -class Conf extends Configuration { - Conf() { this = "qqconf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - - override predicate isSink(Node n) { any() } + predicate isSink(DataFlow::Node n) { any() } } -from Conf c, Node sink -where c.hasFlow(_, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node sink +where Flow::flowTo(sink) select sink diff --git a/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.ql b/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.ql index 7ecf221b9fde..d4ce44f38ab8 100644 --- a/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.ql +++ b/java/ql/test/library-tests/dataflow/taint-ioutils/dataFlow.ql @@ -2,14 +2,14 @@ import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:dataflow:ioutils" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof UserInput } - override predicate isSource(DataFlow::Node source) { source instanceof UserInput } - - override predicate isSink(DataFlow::Node sink) { any() } + predicate isSink(DataFlow::Node sink) { any() } } -from UserInput u, DataFlow::Node e, Conf config -where config.hasFlow(u, e) and e.getEnclosingCallable().hasName("ioutils") +module Flow = TaintTracking::Global; + +from UserInput u, DataFlow::Node e +where Flow::flow(u, e) and e.getEnclosingCallable().hasName("ioutils") select e diff --git a/java/ql/test/library-tests/dataflow/taint/test.ql b/java/ql/test/library-tests/dataflow/taint/test.ql index 65b15fbaa4e8..671c27dd6846 100644 --- a/java/ql/test/library-tests/dataflow/taint/test.ql +++ b/java/ql/test/library-tests/dataflow/taint/test.ql @@ -1,18 +1,14 @@ import java import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "qqconf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { - n.asExpr().(Argument).getCall().getCallee().hasName("sink") - } + predicate isSink(DataFlow::Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") } } -from DataFlow::Node src, DataFlow::Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/taintgettersetter/taintgettersetter.ql b/java/ql/test/library-tests/dataflow/taintgettersetter/taintgettersetter.ql index 86e176345d68..6da67a65cc3f 100644 --- a/java/ql/test/library-tests/dataflow/taintgettersetter/taintgettersetter.ql +++ b/java/ql/test/library-tests/dataflow/taintgettersetter/taintgettersetter.ql @@ -1,25 +1,24 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow -class Conf extends Configuration { - Conf() { this = "taintgettersetter" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - - override predicate isSink(Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess sink | sink.getAnArgument() = n.asExpr() and sink.getMethod().hasName("sink") ) } - override predicate isAdditionalFlowStep(Node n1, Node n2) { + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { exists(AddExpr add | add.getType() instanceof TypeString and add.getAnOperand() = n1.asExpr() and n2.asExpr() = add ) } } -from Node src, Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/dataflow/taintreturn/taintreturn.ql b/java/ql/test/library-tests/dataflow/taintreturn/taintreturn.ql index 4d264ac6f28e..46400b5ab457 100644 --- a/java/ql/test/library-tests/dataflow/taintreturn/taintreturn.ql +++ b/java/ql/test/library-tests/dataflow/taintreturn/taintreturn.ql @@ -1,6 +1,5 @@ import java import semmle.code.java.dataflow.TaintTracking -import DataFlow predicate step(Expr e1, Expr e2) { exists(MethodAccess ma | @@ -17,28 +16,35 @@ predicate isSink0(Expr sink) { ) } -class Conf1 extends Configuration { - Conf1() { this = "testconf1" } +module FirstConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("src") } - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("src") } + predicate isSink(DataFlow::Node n) { any() } - override predicate isSink(Node n) { any() } - - override predicate isAdditionalFlowStep(Node n1, Node n2) { step(n1.asExpr(), n2.asExpr()) } + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { + step(n1.asExpr(), n2.asExpr()) + } } -class Conf2 extends Configuration { - Conf2() { this = "testconf2" } +module FirstFlow = DataFlow::Global; - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("src") } +module SecondConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("src") } - override predicate isSink(Node n) { isSink0(n.asExpr()) } + predicate isSink(DataFlow::Node n) { isSink0(n.asExpr()) } - override predicate isAdditionalFlowStep(Node n1, Node n2) { step(n1.asExpr(), n2.asExpr()) } + predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { + step(n1.asExpr(), n2.asExpr()) + } } +module SecondFlow = DataFlow::Global; + from int i1, int i2 where - i1 = count(Node src, Node sink, Conf1 c | c.hasFlow(src, sink) and isSink0(sink.asExpr())) and - i2 = count(Node src, Node sink, Conf2 c | c.hasFlow(src, sink)) + i1 = + count(DataFlow::Node src, DataFlow::Node sink | + FirstFlow::flow(src, sink) and isSink0(sink.asExpr()) + ) and + i2 = count(DataFlow::Node src, DataFlow::Node sink | SecondFlow::flow(src, sink)) select i1, i2 diff --git a/java/ql/test/library-tests/dataflow/taintsources/local.ql b/java/ql/test/library-tests/dataflow/taintsources/local.ql index 37dc93f03add..a174629ca6ea 100644 --- a/java/ql/test/library-tests/dataflow/taintsources/local.ql +++ b/java/ql/test/library-tests/dataflow/taintsources/local.ql @@ -10,22 +10,22 @@ predicate isTestSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } -class LocalValueConf extends DataFlow::Configuration { - LocalValueConf() { this = "LocalValueConf" } +module LocalValueConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof LocalSource } - override predicate isSource(DataFlow::Node n) { n instanceof LocalSource } - - override predicate isSink(DataFlow::Node n) { isTestSink(n) } + predicate isSink(DataFlow::Node n) { isTestSink(n) } } -class LocalTaintConf extends TaintTracking::Configuration { - LocalTaintConf() { this = "LocalTaintConf" } +module LocalValueFlow = DataFlow::Global; - override predicate isSource(DataFlow::Node n) { n instanceof LocalSource } +module LocalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof LocalSource } - override predicate isSink(DataFlow::Node n) { isTestSink(n) } + predicate isSink(DataFlow::Node n) { isTestSink(n) } } +module LocalTaintFlow = TaintTracking::Global; + class LocalFlowTest extends InlineExpectationsTest { LocalFlowTest() { this = "LocalFlowTest" } @@ -33,7 +33,7 @@ class LocalFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasLocalValueFlow" and - exists(DataFlow::Node sink | any(LocalValueConf c).hasFlowTo(sink) | + exists(DataFlow::Node sink | LocalValueFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" @@ -41,7 +41,7 @@ class LocalFlowTest extends InlineExpectationsTest { or tag = "hasLocalTaintFlow" and exists(DataFlow::Node src, DataFlow::Node sink | - any(LocalTaintConf c).hasFlow(src, sink) and not any(LocalValueConf c).hasFlow(src, sink) + LocalTaintFlow::flow(src, sink) and not LocalValueFlow::flow(src, sink) | sink.getLocation() = location and element = sink.toString() and diff --git a/java/ql/test/library-tests/dataflow/taintsources/remote.ql b/java/ql/test/library-tests/dataflow/taintsources/remote.ql index d8a3be41537a..fa1f206ca740 100644 --- a/java/ql/test/library-tests/dataflow/taintsources/remote.ql +++ b/java/ql/test/library-tests/dataflow/taintsources/remote.ql @@ -6,22 +6,22 @@ predicate isTestSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } -class RemoteValueConf extends DataFlow::Configuration { - RemoteValueConf() { this = "RemoteValueConf" } +module RemoteValueConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node n) { isTestSink(n) } + predicate isSink(DataFlow::Node n) { isTestSink(n) } } -class RemoteTaintConf extends TaintTracking::Configuration { - RemoteTaintConf() { this = "RemoteTaintConf" } +module RemoteValueFlow = DataFlow::Global; - override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } +module RemoteTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } - override predicate isSink(DataFlow::Node n) { isTestSink(n) } + predicate isSink(DataFlow::Node n) { isTestSink(n) } } +module RemoteTaintFlow = TaintTracking::Global; + class RemoteFlowTest extends InlineExpectationsTest { RemoteFlowTest() { this = "RemoteFlowTest" } @@ -29,7 +29,7 @@ class RemoteFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasRemoteValueFlow" and - exists(DataFlow::Node sink | any(RemoteValueConf c).hasFlowTo(sink) | + exists(DataFlow::Node sink | RemoteValueFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" @@ -37,7 +37,7 @@ class RemoteFlowTest extends InlineExpectationsTest { or tag = "hasRemoteTaintFlow" and exists(DataFlow::Node src, DataFlow::Node sink | - any(RemoteTaintConf c).hasFlow(src, sink) and not any(RemoteValueConf c).hasFlow(src, sink) + RemoteTaintFlow::flow(src, sink) and not RemoteValueFlow::flow(src, sink) | sink.getLocation() = location and element = sink.toString() and diff --git a/java/ql/test/library-tests/dataflow/this-flow/this-flow.ql b/java/ql/test/library-tests/dataflow/this-flow/this-flow.ql index 481cb2108d9d..aa7811d07eb1 100644 --- a/java/ql/test/library-tests/dataflow/this-flow/this-flow.ql +++ b/java/ql/test/library-tests/dataflow/this-flow/this-flow.ql @@ -1,19 +1,18 @@ import java import semmle.code.java.dataflow.DataFlow -import DataFlow -class ThisFlowConfig extends Configuration { - ThisFlowConfig() { this = "ThisFlowConfig" } - - override predicate isSource(Node src) { - exists(PostUpdateNode cie | cie.asExpr() instanceof ClassInstanceExpr | +module ThisFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { + exists(DataFlow::PostUpdateNode cie | cie.asExpr() instanceof ClassInstanceExpr | cie.getPreUpdateNode() = src or cie = src ) } - override predicate isSink(Node sink) { any() } + predicate isSink(DataFlow::Node sink) { any() } } -from Node n, ThisFlowConfig conf -where conf.hasFlow(_, n) +module ThisFlow = DataFlow::Global; + +from DataFlow::Node n +where ThisFlow::flowTo(n) select n diff --git a/java/ql/test/library-tests/dataflow/typepruning/test.ql b/java/ql/test/library-tests/dataflow/typepruning/test.ql index c86476afeed3..018a4f428feb 100644 --- a/java/ql/test/library-tests/dataflow/typepruning/test.ql +++ b/java/ql/test/library-tests/dataflow/typepruning/test.ql @@ -2,18 +2,16 @@ import java import semmle.code.java.dataflow.DataFlow import DataFlow -class Conf extends Configuration { - Conf() { this = "test types" } +module Config implements DataFlow::ConfigSig { + predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") } - - override predicate isSink(Node n) { + predicate isSink(Node n) { exists(MethodAccess sink | sink.getAnArgument() = n.asExpr() and sink.getMethod().hasName("sink") ) } - override predicate isAdditionalFlowStep(Node n1, Node n2) { + predicate isAdditionalFlowStep(Node n1, Node n2) { exists(MethodAccess ma | ma.getMethod().hasName("customStep") and ma.getAnArgument() = n1.asExpr() and @@ -22,6 +20,8 @@ class Conf extends Configuration { } } -from Node src, Node sink, Conf conf -where conf.hasFlow(src, sink) +module Flow = DataFlow::Global; + +from Node src, Node sink +where Flow::flow(src, sink) select src, sink, sink.getEnclosingCallable() diff --git a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql index a88702a206fb..f068b30b0d51 100644 --- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql +++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql @@ -2,14 +2,20 @@ import java import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} +module ProviderTaintFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } + + predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) } -class ProviderTaintFlowConf extends DefaultTaintFlowConf { - override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource } + int fieldFlowBranchLimit() { result = DefaultFlowConfig::fieldFlowBranchLimit() } } +module ProviderTaintFlow = TaintTracking::Global; + class ProviderInlineFlowTest extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } + + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { + ProviderTaintFlow::flow(src, sink) + } } diff --git a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql index e7d5ae7e44b0..c73c0a5c6c9e 100644 --- a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql +++ b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql @@ -3,22 +3,18 @@ import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} - -class Conf extends TaintTracking::Configuration { - Conf() { this = "test:AndroidExternalFlowConf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink") } } +module Flow = TaintTracking::Global; + class ExternalStorageTest extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } - override DataFlow::Configuration getTaintFlowConfig() { result instanceof Conf } + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { Flow::flow(src, sink) } } diff --git a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql index 682442b3dfc6..64c0f48ffa6a 100644 --- a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql +++ b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql @@ -2,14 +2,20 @@ import java import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} +module SourceValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + + predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) } -class SourceValueFlowConf extends DefaultValueFlowConf { - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } + int fieldFlowBranchLimit() { result = DefaultFlowConfig::fieldFlowBranchLimit() } } +module SourceValueFlow = DataFlow::Global; + class SourceInlineFlowTest extends InlineFlowTest { - override DataFlow::Configuration getTaintFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { + SourceValueFlow::flow(src, sink) + } + + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { none() } } diff --git a/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql b/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql index f94074649ec2..5bbe2cab89c6 100644 --- a/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql +++ b/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql @@ -4,16 +4,16 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.QueryInjection import TestUtilities.InlineExpectationsTest -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:dataflow:android::flow" } - - override predicate isSource(DataFlow::Node source) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() } + predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() } } +module Flow = TaintTracking::Global; + class FlowStepTest extends InlineExpectationsTest { FlowStepTest() { this = "FlowStepTest" } @@ -22,8 +22,7 @@ class FlowStepTest extends InlineExpectationsTest { override predicate hasActualResult(Location l, string element, string tag, string value) { tag = "taintReachesReturn" and value = "" and - exists(Conf conf, DataFlow::Node source | - conf.hasFlow(source, _) and + exists(DataFlow::Node source | Flow::flow(source, _) | l = source.getLocation() and element = source.toString() ) diff --git a/java/ql/test/library-tests/frameworks/android/taint-database/sinks.ql b/java/ql/test/library-tests/frameworks/android/taint-database/sinks.ql index fd1dbad3b020..234b7ca74b00 100644 --- a/java/ql/test/library-tests/frameworks/android/taint-database/sinks.ql +++ b/java/ql/test/library-tests/frameworks/android/taint-database/sinks.ql @@ -4,16 +4,16 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.QueryInjection import TestUtilities.InlineExpectationsTest -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:dataflow:android::flow" } - - override predicate isSource(DataFlow::Node source) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } + predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } } +module Flow = TaintTracking::Global; + class SinkTest extends InlineExpectationsTest { SinkTest() { this = "SinkTest" } @@ -22,8 +22,7 @@ class SinkTest extends InlineExpectationsTest { override predicate hasActualResult(Location l, string element, string tag, string value) { tag = "taintReachesSink" and value = "" and - exists(Conf conf, DataFlow::Node source | - conf.hasFlow(source, _) and + exists(DataFlow::Node source | Flow::flow(source, _) | l = source.getLocation() and element = source.toString() ) diff --git a/java/ql/test/library-tests/frameworks/apache-http/flow.ql b/java/ql/test/library-tests/frameworks/apache-http/flow.ql index ac350ec6eb93..20069103a4af 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/flow.ql +++ b/java/ql/test/library-tests/frameworks/apache-http/flow.ql @@ -5,20 +5,14 @@ import semmle.code.java.security.XSS import semmle.code.java.security.UrlRedirect import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} - -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:frameworks:apache-http" } - - override predicate isSource(DataFlow::Node n) { +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") or n instanceof RemoteFlowSource } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) or n instanceof XssSink @@ -27,8 +21,10 @@ class Conf extends TaintTracking::Configuration { } } +module Flow = TaintTracking::Global; + class HasFlowTest extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } - override DataFlow::Configuration getTaintFlowConfig() { result = any(Conf c) } + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { Flow::flow(src, sink) } } diff --git a/java/ql/test/library-tests/frameworks/guava/handwritten/flow.ql b/java/ql/test/library-tests/frameworks/guava/handwritten/flow.ql index 956de3612dbf..fbfc56486f8e 100644 --- a/java/ql/test/library-tests/frameworks/guava/handwritten/flow.ql +++ b/java/ql/test/library-tests/frameworks/guava/handwritten/flow.ql @@ -2,32 +2,28 @@ import java import semmle.code.java.dataflow.TaintTracking import TestUtilities.InlineExpectationsTest -class TaintFlowConf extends TaintTracking::Configuration { - TaintFlowConf() { this = "qltest:frameworks:guava-taint" } +module TaintFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } - - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } } -class ValueFlowConf extends DataFlow::Configuration { - ValueFlowConf() { this = "qltest:frameworks:guava-value" } +module TaintFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node n) { - n.asExpr().(MethodAccess).getMethod().hasName("taint") - } +module ValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") } - override predicate isSink(DataFlow::Node n) { + predicate isSink(DataFlow::Node n) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) } - override int fieldFlowBranchLimit() { result = 100 } + int fieldFlowBranchLimit() { result = 100 } } +module ValueFlow = DataFlow::Global; + class HasFlowTest extends InlineExpectationsTest { HasFlowTest() { this = "HasFlowTest" } @@ -35,22 +31,20 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "numTaintFlow" and - exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf tconf, int num | - tconf.hasFlow(src, sink) - | - not any(ValueFlowConf vconf).hasFlow(src, sink) and + exists(DataFlow::Node src, DataFlow::Node sink, int num | TaintFlow::flow(src, sink) | + not ValueFlow::flow(src, sink) and value = num.toString() and sink.getLocation() = location and element = sink.toString() and - num = strictcount(DataFlow::Node src2 | tconf.hasFlow(src2, sink)) + num = strictcount(DataFlow::Node src2 | TaintFlow::flow(src2, sink)) ) or tag = "numValueFlow" and - exists(DataFlow::Node sink, ValueFlowConf vconf, int num | vconf.hasFlowTo(sink) | + exists(DataFlow::Node sink, int num | ValueFlow::flowTo(sink) | value = num.toString() and sink.getLocation() = location and element = sink.toString() and - num = strictcount(DataFlow::Node src2 | vconf.hasFlow(src2, sink)) + num = strictcount(DataFlow::Node src2 | ValueFlow::flow(src2, sink)) ) } } diff --git a/java/ql/test/library-tests/frameworks/guice/flow.ql b/java/ql/test/library-tests/frameworks/guice/flow.ql index eb41b0781323..e8e58e6cbb84 100644 --- a/java/ql/test/library-tests/frameworks/guice/flow.ql +++ b/java/ql/test/library-tests/frameworks/guice/flow.ql @@ -2,12 +2,10 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking -class Conf extends TaintTracking::Configuration { - Conf() { this = "conf" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess ma | sink.asExpr() = ma.getAnArgument() and ma.getMethod().hasName("sink") @@ -16,6 +14,8 @@ class Conf extends TaintTracking::Configuration { } } -from Conf c, DataFlow::Node src, DataFlow::Node sink -where c.hasFlow(src, sink) +module Flow = TaintTracking::Global; + +from DataFlow::Node src, DataFlow::Node sink +where Flow::flow(src, sink) select src, sink diff --git a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql index 386d22e49514..3644b87e6d3b 100644 --- a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql @@ -2,18 +2,18 @@ import java import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineExpectationsTest -class TestConfig extends TaintTracking::Configuration { - TestConfig() { this = "TestConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(MethodAccess call | call.getMethod().hasName("sink") and call.getArgument(0) = sink.asExpr() ) } } +module TestFlow = TaintTracking::Global; + class JmsFlowTest extends InlineExpectationsTest { JmsFlowTest() { this = "JmsFlowTest" } @@ -21,7 +21,7 @@ class JmsFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "tainted" and - exists(DataFlow::PathNode sink, TestConfig conf | conf.hasFlowPath(_, sink) | + exists(TestFlow::PathNode sink | TestFlow::flowPath(_, sink) | location = sink.getNode().getLocation() and element = sink.getNode().toString() and value = "" ) } diff --git a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql index 6e200ffa201f..47cc6b07ad2f 100644 --- a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql +++ b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql @@ -3,22 +3,18 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} - -class Conf extends TaintTracking::Configuration { - Conf() { this = "qltest:frameworks:rabbitmq" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { exists(MethodAccess ma | ma.getMethod().hasName("sink") | node.asExpr() = ma.getAnArgument()) } } +module Flow = TaintTracking::Global; + class HasFlowTest extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } - override DataFlow::Configuration getTaintFlowConfig() { result = any(Conf c) } + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { Flow::flow(src, sink) } } diff --git a/java/ql/test/library-tests/frameworks/ratpack/flow.ql b/java/ql/test/library-tests/frameworks/ratpack/flow.ql index c59a4198073d..dae21e78f7cc 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/flow.ql +++ b/java/ql/test/library-tests/frameworks/ratpack/flow.ql @@ -1,7 +1,7 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources -import TestUtilities.InlineExpectationsTest +import TestUtilities.InlineFlowTest module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { @@ -17,17 +17,10 @@ module Config implements DataFlow::ConfigSig { module Flow = TaintTracking::Global; -class HasFlowTest extends InlineExpectationsTest { +class HasFlowTest extends InlineFlowTest { HasFlowTest() { this = "HasFlowTest" } - override string getARelevantTag() { result = "hasTaintFlow" } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } - override predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "hasTaintFlow" and - exists(DataFlow::Node sink | Flow::flowTo(sink) | - sink.getLocation() = location and - element = sink.toString() and - value = "" - ) - } + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { Flow::flow(src, sink) } } diff --git a/java/ql/test/library-tests/frameworks/spring/controller/test.ql b/java/ql/test/library-tests/frameworks/spring/controller/test.ql index bfd5384454b9..b6beb8e1e753 100644 --- a/java/ql/test/library-tests/frameworks/spring/controller/test.ql +++ b/java/ql/test/library-tests/frameworks/spring/controller/test.ql @@ -2,20 +2,18 @@ import java import semmle.code.java.dataflow.FlowSources import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} - -class ValueFlowConf extends DataFlow::Configuration { - ValueFlowConf() { this = "ValueFlowConf" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } +module ValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink.asExpr().(Argument).getCall().getCallee().hasName("sink") } } +module ValueFlow = DataFlow::Global; + class Test extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { result = any(ValueFlowConf config) } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { + ValueFlow::flow(src, sink) + } } diff --git a/java/ql/test/library-tests/pathsanitizer/test.ql b/java/ql/test/library-tests/pathsanitizer/test.ql index bea3af839a19..cefce3276e6a 100644 --- a/java/ql/test/library-tests/pathsanitizer/test.ql +++ b/java/ql/test/library-tests/pathsanitizer/test.ql @@ -2,18 +2,20 @@ import java import semmle.code.java.security.PathSanitizer import TestUtilities.InlineFlowTest -class EnableLegacy extends EnableLegacyConfiguration { - EnableLegacy() { exists(this) } -} +module PathSanitizerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { DefaultFlowConfig::isSource(source) } -class PathSanitizerConf extends DefaultTaintFlowConf { - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof PathInjectionSanitizer - } + predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) } + + predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof PathInjectionSanitizer } } +module PathSanitizerFlow = TaintTracking::Global; + class Test extends InlineFlowTest { - override DataFlow::Configuration getValueFlowConfig() { none() } + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } - override DataFlow::Configuration getTaintFlowConfig() { result = any(PathSanitizerConf config) } + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { + PathSanitizerFlow::flow(src, sink) + } } diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql b/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql index aecf0807e58d..454f42112ea9 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql @@ -1,22 +1,7 @@ import java -import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.XSS +import semmle.code.java.security.XssQuery import TestUtilities.InlineExpectationsTest -class XssConfig extends TaintTracking::Configuration { - XssConfig() { this = "XSSConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(XssAdditionalTaintStep s).step(node1, node2) - } -} - class XssTest extends InlineExpectationsTest { XssTest() { this = "XssTest" } @@ -24,7 +9,7 @@ class XssTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "xss" and - exists(DataFlow::Node sink, XssConfig conf | conf.hasFlowTo(sink) | + exists(DataFlow::Node sink | XssFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql b/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql index 62e9895fbe97..bee1fa84ebce 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql @@ -1,26 +1,12 @@ import java -import semmle.code.java.dataflow.TaintTracking -import semmle.code.java.security.QueryInjection +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.security.SqlInjectionQuery import TestUtilities.InlineExpectationsTest -private class QueryInjectionFlowConfig extends TaintTracking::Configuration { - QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" } +private class SourceMethodSource extends RemoteFlowSource { + SourceMethodSource() { this.asExpr().(MethodAccess).getMethod().hasName("source") } - override predicate isSource(DataFlow::Node src) { - src.asExpr() = any(MethodAccess ma | ma.getMethod().hasName("source")) - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or - node.getType() instanceof BoxedType or - node.getType() instanceof NumberType - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(AdditionalQueryInjectionTaintStep s).step(node1, node2) - } + override string getSourceType() { result = "source" } } class HasFlowTest extends InlineExpectationsTest { @@ -30,7 +16,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "sqlInjection" and - exists(DataFlow::Node sink, QueryInjectionFlowConfig conf | conf.hasFlowTo(sink) | + exists(DataFlow::Node sink | QueryInjectionFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql index c52221999d18..6d6ea719da9d 100644 --- a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql @@ -4,14 +4,14 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.XPath import TestUtilities.InlineExpectationsTest -class Conf extends TaintTracking::Configuration { - Conf() { this = "test:xml:xpathinjection" } +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } + predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } } +module Flow = TaintTracking::Global; + class HasXPathInjectionTest extends InlineExpectationsTest { HasXPathInjectionTest() { this = "HasXPathInjectionTest" } @@ -19,7 +19,7 @@ class HasXPathInjectionTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasXPathInjection" and - exists(DataFlow::Node sink, Conf conf | conf.hasFlowTo(sink) | + exists(DataFlow::Node sink | Flow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = ""