diff --git a/cpp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/cpp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll index 416bf4b04f8b..e733940bdc11 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll @@ -54,7 +54,7 @@ module PrivateCleartextWrite { predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } } - module WriteFlow = TaintTracking::Make; + module WriteFlow = TaintTracking::Global; class PrivateDataSource extends Source { PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index e6bdc74ccebb..8415c022111a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll index 2c288b6d3dad..e21a83fcb549 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll @@ -103,7 +103,7 @@ private module DefaultTaintTrackingConfig implements DataFlow::ConfigSig { } } -private module DefaultTaintTrackingFlow = TaintTracking::Make; +private module DefaultTaintTrackingFlow = TaintTracking::Global; private module ToGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) } @@ -121,13 +121,13 @@ private module ToGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } } -private module ToGlobalVarTaintTrackingFlow = TaintTracking::Make; +private module ToGlobalVarTaintTrackingFlow = TaintTracking::Global; private module FromGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { // This set of sources should be reasonably small, which is good for // performance since the set of sinks is very large. - ToGlobalVarTaintTrackingFlow::hasFlowTo(source) + ToGlobalVarTaintTrackingFlow::flowTo(source) } predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) } @@ -145,7 +145,7 @@ private module FromGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { } private module FromGlobalVarTaintTrackingFlow = - TaintTracking::Make; + TaintTracking::Global; private predicate readsVariable(LoadInstruction load, Variable var) { load.getSourceAddress().(VariableAddressInstruction).getAstVariable() = var @@ -331,7 +331,7 @@ private import Cached cached predicate tainted(Expr source, Element tainted) { exists(DataFlow::Node sink | - DefaultTaintTrackingFlow::hasFlow(getNodeForSource(source), sink) and + DefaultTaintTrackingFlow::flow(getNodeForSource(source), sink) and tainted = adjustedSink(sink) ) } @@ -360,8 +360,8 @@ predicate taintedIncludingGlobalVars(Expr source, Element tainted, string global DataFlow::VariableNode variableNode, GlobalOrNamespaceVariable global, DataFlow::Node sink | global = variableNode.getVariable() and - ToGlobalVarTaintTrackingFlow::hasFlow(getNodeForSource(source), variableNode) and - FromGlobalVarTaintTrackingFlow::hasFlow(variableNode, sink) and + ToGlobalVarTaintTrackingFlow::flow(getNodeForSource(source), variableNode) and + FromGlobalVarTaintTrackingFlow::flow(variableNode, sink) and tainted = adjustedSink(sink) and global = globalVarFromId(globalVar) ) @@ -450,7 +450,7 @@ module TaintedWithPath { predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } } - private module AdjustedFlow = TaintTracking::Make; + private module AdjustedFlow = TaintTracking::Global; /* * A sink `Element` may map to multiple `DataFlowX::PathNode`s via (the @@ -472,7 +472,7 @@ module TaintedWithPath { // that makes it easiest to deal with the case where source = sink. TEndpointPathNode(Element e) { exists(DataFlow::Node sourceNode, DataFlow::Node sinkNode | - AdjustedFlow::hasFlow(sourceNode, sinkNode) + AdjustedFlow::flow(sourceNode, sinkNode) | sourceNode = getNodeForExpr(e) and exists(TaintTrackingConfiguration ttCfg | ttCfg.isSource(e)) @@ -634,7 +634,7 @@ module TaintedWithPath { exists(DataFlow::Node flowSource, DataFlow::Node flowSink | source = sourceNode.(InitialPathNode).inner() and flowSource = getNodeForExpr(source) and - AdjustedFlow::hasFlow(flowSource, flowSink) and + AdjustedFlow::flow(flowSource, flowSink) and tainted = adjustedSink(flowSink) and tainted = sinkNode.(FinalPathNode).inner() ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll b/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll index 6a0841e13e2a..e53be5980b19 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll @@ -399,7 +399,7 @@ module BoostorgAsio { import Config } - import DataFlow::Make + import DataFlow::Global } /** @@ -596,7 +596,7 @@ module BoostorgAsio { } } - module SslContextFlowsToSetOptionFlow = DataFlow::Make; + module SslContextFlowsToSetOptionFlow = DataFlow::Global; /** * An option value that flows to the first parameter of a call to `SetOptions()`. @@ -640,5 +640,5 @@ module BoostorgAsio { } } - module SslOptionFlow = DataFlow::Make; + module SslOptionFlow = DataFlow::Global; } diff --git a/cpp/ql/src/Critical/OverflowDestination.ql b/cpp/ql/src/Critical/OverflowDestination.ql index 39ce527e08ae..4cfaaf8981b3 100644 --- a/cpp/ql/src/Critical/OverflowDestination.ql +++ b/cpp/ql/src/Critical/OverflowDestination.ql @@ -84,11 +84,11 @@ module OverflowDestinationConfig implements DataFlow::ConfigSig { } } -module OverflowDestination = TaintTracking::Make; +module OverflowDestination = TaintTracking::Global; from FunctionCall fc, OverflowDestination::PathNode source, OverflowDestination::PathNode sink where - OverflowDestination::hasFlowPath(source, sink) and + OverflowDestination::flowPath(source, sink) and sourceSized(fc, sink.getNode().asIndirectConvertedExpr()) select fc, source, sink, "To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size." diff --git a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql index 03f622855ab6..79a5d530c21e 100644 --- a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql +++ b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql @@ -80,9 +80,9 @@ predicate introducesNewField(Class derived, Class base) { ) } -module CastToPointerArithFlow = DataFlow::MakeWithState; +module CastToPointerArithFlow = DataFlow::GlobalWithState; from CastToPointerArithFlow::PathNode source, CastToPointerArithFlow::PathNode sink -where CastToPointerArithFlow::hasFlowPath(source, sink) +where CastToPointerArithFlow::flowPath(source, sink) select sink, source, sink, "This pointer arithmetic may be done with the wrong type because of $@.", source, "this cast" diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql index 2b2e9f6bf8b2..65454332ab1e 100644 --- a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql +++ b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql @@ -146,13 +146,13 @@ module NonConstFlowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { isBarrierNode(node) } } -module NonConstFlow = TaintTracking::Make; +module NonConstFlow = TaintTracking::Global; from FormattingFunctionCall call, Expr formatString where call.getArgument(call.getFormatParameterIndex()) = formatString and exists(DataFlow::Node sink | - NonConstFlow::hasFlowTo(sink) and + NonConstFlow::flowTo(sink) and isSinkImpl(sink, formatString) ) select formatString, diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql index fe6581340dee..71aa97c0ae56 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql @@ -16,7 +16,7 @@ import LeapYear from Expr source, Expr sink where - PossibleYearArithmeticOperationCheckFlow::hasFlow(DataFlow::exprNode(source), + PossibleYearArithmeticOperationCheckFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(sink)) select sink, "An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios.", diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll index a838f4c6a0d8..7a375e7b107d 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll +++ b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll @@ -231,7 +231,7 @@ private module LeapYearCheckConfig implements DataFlow::ConfigSig { } } -module LeapYearCheckFlow = DataFlow::Make; +module LeapYearCheckFlow = DataFlow::Global; /** * Data flow configuration for finding an operation with hardcoded 365 that will flow into @@ -284,7 +284,7 @@ private module FiletimeYearArithmeticOperationCheckConfig implements DataFlow::C } module FiletimeYearArithmeticOperationCheckFlow = - DataFlow::Make; + DataFlow::Global; /** * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field. @@ -372,4 +372,4 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C } module PossibleYearArithmeticOperationCheckFlow = - TaintTracking::Make; + TaintTracking::Global; diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index f85270d523e5..03570b3611cd 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -31,16 +31,14 @@ where // If there is a data flow from the variable that was modified to a function that seems to check for leap year exists(VariableAccess source, ChecksForLeapYearFunctionCall fc | source = var.getAnAccess() and - LeapYearCheckFlow::hasFlow(DataFlow::exprNode(source), - DataFlow::exprNode(fc.getAnArgument())) + LeapYearCheckFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument())) ) or // If there is a data flow from the field that was modified to a function that seems to check for leap year exists(VariableAccess vacheck, YearFieldAccess yfacheck, ChecksForLeapYearFunctionCall fc | vacheck = var.getAnAccess() and yfacheck.getQualifier() = vacheck and - LeapYearCheckFlow::hasFlow(DataFlow::exprNode(yfacheck), - DataFlow::exprNode(fc.getAnArgument())) + LeapYearCheckFlow::flow(DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument())) ) or // If there is a successor or predecessor that sets the month = 1 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql index c23eda355c4c..38ecd4183ffd 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql @@ -12,5 +12,5 @@ import cpp import NtohlArrayNoBound from DataFlow::Node source, DataFlow::Node sink -where NetworkToBufferSizeFlow::hasFlow(source, sink) +where NetworkToBufferSizeFlow::flow(source, sink) select sink, "Unchecked use of data from network function $@.", source, source.toString() diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll index e3b095d74dd5..1bd90084c670 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll @@ -161,4 +161,4 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { } } -module NetworkToBufferSizeFlow = DataFlow::Make; +module NetworkToBufferSizeFlow = DataFlow::Global; diff --git a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql index e7baf96615e3..61989db1c6e9 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql @@ -25,17 +25,17 @@ module ExistsAnyFlowConfig implements DataFlow::ConfigSig { } } -module ExistsAnyFlow = DataFlow::Make; +module ExistsAnyFlow = DataFlow::Global; bindingset[flag] predicate isOptionSet(ConstructorCall cc, int flag, FunctionCall fcSetOptions) { exists(VariableAccess contextSetOptions | - ExistsAnyFlow::hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and + ExistsAnyFlow::flow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and exists(BoostorgAsio::SslSetOptionsFunction f | f.getACallToThisFunction() = fcSetOptions | contextSetOptions = fcSetOptions.getQualifier() and forall(Expr optionArgument, Expr optionArgumentSource | optionArgument = fcSetOptions.getArgument(0) and - BoostorgAsio::SslOptionFlow::hasFlow(DataFlow::exprNode(optionArgumentSource), + BoostorgAsio::SslOptionFlow::flow(DataFlow::exprNode(optionArgumentSource), DataFlow::exprNode(optionArgument)) | optionArgument.getValue().toInt().bitShiftRight(16).bitAnd(flag) = flag @@ -49,7 +49,7 @@ predicate isOptionNotSet(ConstructorCall cc, int flag) { not isOptionSet(cc, fla from Expr protocolSource, Expr protocolSink, ConstructorCall cc, Expr e, string msg where - BoostorgAsio::SslContextCallTlsProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource), + BoostorgAsio::SslContextCallTlsProtocolFlow::flow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) and cc.getArgument(0) = protocolSink and ( diff --git a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql index 140cf8e2ccf4..4df70695179b 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql @@ -14,12 +14,12 @@ import semmle.code.cpp.security.boostorg.asio.protocols from Expr protocolSource, Expr protocolSink, ConstructorCall cc where - BoostorgAsio::SslContextCallFlow::hasFlow(DataFlow::exprNode(protocolSource), + BoostorgAsio::SslContextCallFlow::flow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) and - not BoostorgAsio::SslContextCallTlsProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource), + not BoostorgAsio::SslContextCallTlsProtocolFlow::flow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) and cc.getArgument(0) = protocolSink and - BoostorgAsio::SslContextCallBannedProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource), + BoostorgAsio::SslContextCallBannedProtocolFlow::flow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) select protocolSink, "Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@.", cc, "boost::asio::ssl::context::context", protocolSource, protocolSource.toString(), diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll index 6d6f17daf0ea..70247bdf4a48 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll @@ -10,10 +10,10 @@ import ExternalAPIsSpecific /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::hasFlow(_, this) } + UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ - DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::hasFlow(result, this) } + DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) } } /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll index d2ab4f0309fc..2505f718bc6d 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll @@ -73,4 +73,4 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } -module UntrustedDataToExternalApiFlow = TaintTracking::Make; +module UntrustedDataToExternalApiFlow = TaintTracking::Global; diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql index d16ce6376dd4..432f47f67355 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql @@ -16,7 +16,7 @@ import semmle.code.cpp.security.FlowSources import UntrustedDataToExternalApiFlow::PathGraph from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink -where UntrustedDataToExternalApiFlow::hasFlowPath(source, sink) +where UntrustedDataToExternalApiFlow::flowPath(source, sink) select sink, source, sink, "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() + " with untrusted data from $@.", source, source.getNode().(RemoteFlowSource).getSourceType() diff --git a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index a00accd4d29d..1cfd0a7132f8 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -15,7 +15,7 @@ import ExternalAPIs import UntrustedDataToExternalApiFlow::PathGraph from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink -where UntrustedDataToExternalApiFlow::hasFlowPath(source, sink) +where UntrustedDataToExternalApiFlow::flowPath(source, sink) select sink, source, sink, "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() + " with untrusted data from $@.", source, source.toString() diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll index 6d6f17daf0ea..70247bdf4a48 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll @@ -10,10 +10,10 @@ import ExternalAPIsSpecific /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::hasFlow(_, this) } + UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ - DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::hasFlow(result, this) } + DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) } } /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll index 4dd077f24ce9..93da5497a225 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll @@ -63,4 +63,4 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } -module UntrustedDataToExternalApiFlow = TaintTracking::Make; +module UntrustedDataToExternalApiFlow = TaintTracking::Global; diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 89d8f975680b..4e626d0bc773 100644 --- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -90,7 +90,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig { } } -module TaintedPath = TaintTracking::Make; +module TaintedPath = TaintTracking::Global; from FileFunction fileFunction, Expr taintedArg, FlowSource taintSource, @@ -98,7 +98,7 @@ from where taintedArg = sinkNode.getNode().asIndirectArgument() and fileFunction.outermostWrapperFunctionCall(taintedArg, callChain) and - TaintedPath::hasFlowPath(sourceNode, sinkNode) and + TaintedPath::flowPath(sourceNode, sinkNode) and taintSource = sourceNode.getNode() select taintedArg, sourceNode, sinkNode, "This argument to a file access function is derived from $@ and then passed to " + callChain + ".", diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql index c7e01e0b983b..cc4b748e5dc9 100644 --- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -76,7 +76,7 @@ class ExecState extends TExecState { DataFlow::Node getOutgoingNode() { result = outgoing } /** Holds if this is a possible `ExecState` for `sink`. */ - predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::hasFlow(outgoing, sink) } + predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::flow(outgoing, sink) } string toString() { result = "ExecState" } } @@ -109,7 +109,7 @@ module ExecStateConfig implements DataFlow::ConfigSig { } } -module ExecState = TaintTracking::Make; +module ExecState = TaintTracking::Global; module ExecTaintConfig implements DataFlow::StateConfigSig { class FlowState = TState; @@ -141,13 +141,13 @@ module ExecTaintConfig implements DataFlow::StateConfigSig { } } -module ExecTaint = TaintTracking::MakeWithState; +module ExecTaint = TaintTracking::GlobalWithState; from ExecTaint::PathNode sourceNode, ExecTaint::PathNode sinkNode, string taintCause, string callChain, DataFlow::Node concatResult, Expr command where - ExecTaint::hasFlowPath(sourceNode, sinkNode) and + ExecTaint::flowPath(sourceNode, sinkNode) and taintCause = sourceNode.getNode().(FlowSource).getSourceType() and isSinkImpl(sinkNode.getNode(), command, callChain) and concatResult = sinkNode.getState().(ExecState).getOutgoingNode() diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 598e242b0ef3..107be7bddfde 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -114,13 +114,13 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig { } } -module ImproperArrayIndexValidation = TaintTracking::Make; +module ImproperArrayIndexValidation = TaintTracking::Global; from ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink, string sourceType where - ImproperArrayIndexValidation::hasFlowPath(source, sink) and + ImproperArrayIndexValidation::flowPath(source, sink) and isFlowSource(source.getNode(), sourceType) select sink.getNode(), source, sink, "An array indexing expression depends on $@ that might be outside the bounds of the array.", diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index a4d37eb48752..54c3b013471a 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -122,7 +122,7 @@ module UncontrolledArithConfig implements DataFlow::ConfigSig { } } -module UncontrolledArith = TaintTracking::Make; +module UncontrolledArith = TaintTracking::Global; /** Gets the expression that corresponds to `node`, if any. */ Expr getExpr(DataFlow::Node node) { result = [node.asExpr(), node.asDefiningArgument()] } @@ -131,7 +131,7 @@ from UncontrolledArith::PathNode source, UncontrolledArith::PathNode sink, VariableAccess va, string effect where - UncontrolledArith::hasFlowPath(source, sink) and + UncontrolledArith::flowPath(source, sink) and sink.getNode().asExpr() = va and missingGuard(va, effect) select sink.getNode(), source, sink, diff --git a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql index 4d2428905287..740e4ad9e8e9 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql @@ -95,14 +95,14 @@ module TaintedAllocationSizeConfig implements DataFlow::ConfigSig { } } -module TaintedAllocationSize = TaintTracking::Make; +module TaintedAllocationSize = TaintTracking::Global; from Expr alloc, TaintedAllocationSize::PathNode source, TaintedAllocationSize::PathNode sink, string taintCause where isFlowSource(source.getNode(), taintCause) and - TaintedAllocationSize::hasFlowPath(source, sink) and + TaintedAllocationSize::flowPath(source, sink) and allocSink(alloc, sink.getNode()) select alloc, source, sink, "This allocation size is derived from $@ and might overflow.", source.getNode(), "user input (" + taintCause + ")" diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql index 34d211a53ae8..5eab70c5cc96 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql @@ -33,14 +33,14 @@ module VerifyResultConfig implements DataFlow::ConfigSig { } } -module VerifyResult = DataFlow::Make; +module VerifyResult = DataFlow::Global; from DataFlow::Node source, DataFlow::Node sink1, DataFlow::Node sink2, GuardCondition guard, Expr c1, Expr c2, boolean testIsTrue where - VerifyResult::hasFlow(source, sink1) and - VerifyResult::hasFlow(source, sink2) and + VerifyResult::flow(source, sink1) and + VerifyResult::flow(source, sink2) and guard.comparesEq(sink1.asExpr(), c1, 0, false, testIsTrue) and // (value != c1) => testIsTrue guard.comparesEq(sink2.asExpr(), c2, 0, false, testIsTrue) and // (value != c2) => testIsTrue c1.getValue().toInt() = 0 and diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql index d7bb69582d79..f2754c5811f0 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql @@ -49,7 +49,7 @@ module ToBufferConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) } } -module ToBufferFlow = TaintTracking::Make; +module ToBufferFlow = TaintTracking::Global; predicate isSinkImpl(DataFlow::Node sink, SensitiveBufferWrite w) { w.getASource() = sink.asIndirectExpr() @@ -59,7 +59,7 @@ from SensitiveBufferWrite w, ToBufferFlow::PathNode sourceNode, ToBufferFlow::PathNode sinkNode, FlowSource source where - ToBufferFlow::hasFlowPath(sourceNode, sinkNode) and + ToBufferFlow::flowPath(sourceNode, sinkNode) and sourceNode.getNode() = source and isSinkImpl(sinkNode.getNode(), w) select w, sourceNode, sinkNode, diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql index 3c1a78b14c5d..c04ceae7adad 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql @@ -33,7 +33,7 @@ module FromSensitiveConfig implements DataFlow::ConfigSig { } } -module FromSensitiveFlow = TaintTracking::Make; +module FromSensitiveFlow = TaintTracking::Global; predicate isSinkImpl(DataFlow::Node sink, FileWrite w, Expr dest) { exists(Expr e | @@ -81,7 +81,7 @@ from SensitiveExpr source, FromSensitiveFlow::PathNode sourceNode, FromSensitiveFlow::PathNode midNode, FileWrite w, Expr dest where - FromSensitiveFlow::hasFlowPath(sourceNode, midNode) and + FromSensitiveFlow::flowPath(sourceNode, midNode) and isSourceImpl(sourceNode.getNode(), source) and isSinkImpl(midNode.getNode(), w, dest) select w, sourceNode, midNode, diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql index a0fb6bd2dacf..fa0d2ffd82a5 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql @@ -250,13 +250,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig { } } -module FromSensitiveFlow = TaintTracking::Make; +module FromSensitiveFlow = TaintTracking::Global; /** * A taint flow configuration for flow from a sensitive expression to an encryption operation. */ module ToEncryptionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { FromSensitiveFlow::hasFlow(source, _) } + predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flow(source, _) } predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) } @@ -271,7 +271,7 @@ module ToEncryptionConfig implements DataFlow::ConfigSig { } } -module ToEncryptionFlow = TaintTracking::Make; +module ToEncryptionFlow = TaintTracking::Global; /** * A taint flow configuration for flow from an encryption operation to a network operation. @@ -279,25 +279,25 @@ module ToEncryptionFlow = TaintTracking::Make; module FromEncryptionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { isSinkEncrypt(source, _) } - predicate isSink(DataFlow::Node sink) { FromSensitiveFlow::hasFlowTo(sink) } + predicate isSink(DataFlow::Node sink) { FromSensitiveFlow::flowTo(sink) } predicate isBarrier(DataFlow::Node node) { node.asExpr().getUnspecifiedType() instanceof IntegralType } } -module FromEncryptionFlow = TaintTracking::Make; +module FromEncryptionFlow = TaintTracking::Global; from FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink, NetworkSendRecv networkSendRecv, string msg where // flow from sensitive -> network data - FromSensitiveFlow::hasFlowPath(source, sink) and + FromSensitiveFlow::flowPath(source, sink) and isSinkSendRecv(sink.getNode(), networkSendRecv) and // no flow from sensitive -> evidence of encryption - not ToEncryptionFlow::hasFlow(source.getNode(), _) and - not FromEncryptionFlow::hasFlowTo(sink.getNode()) and + not ToEncryptionFlow::flow(source.getNode(), _) and + not FromEncryptionFlow::flowTo(sink.getNode()) and // construct result if networkSendRecv instanceof NetworkSend then diff --git a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql index 797302be5a4c..0c060befeff5 100644 --- a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql +++ b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql @@ -125,13 +125,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig { } } -module FromSensitiveFlow = TaintTracking::Make; +module FromSensitiveFlow = TaintTracking::Global; from SensitiveExpr sensitive, FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink, SqliteFunctionCall sqliteCall where - FromSensitiveFlow::hasFlowPath(source, sink) and + FromSensitiveFlow::flowPath(source, sink) and isSourceImpl(source.getNode(), sensitive) and isSinkImpl(sink.getNode(), sqliteCall, _) select sqliteCall, source, sink, diff --git a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql index ceddfbf9f404..423ed57dd98f 100644 --- a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql +++ b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql @@ -89,10 +89,10 @@ module HttpStringToUrlOpenConfig implements DataFlow::ConfigSig { } } -module HttpStringToUrlOpen = TaintTracking::Make; +module HttpStringToUrlOpen = TaintTracking::Global; from HttpStringToUrlOpen::PathNode source, HttpStringToUrlOpen::PathNode sink, HttpStringLiteral str where - HttpStringToUrlOpen::hasFlowPath(source, sink) and + HttpStringToUrlOpen::flowPath(source, sink) and str = source.getNode().asIndirectExpr() select str, source, sink, "This URL may be constructed with the HTTP protocol." diff --git a/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql b/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql index f899889a59b0..3cc10b7ad19c 100644 --- a/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -46,13 +46,13 @@ module KeyStrengthFlowConfig implements DataFlow::ConfigSig { } } -module KeyStrengthFlow = DataFlow::Make; +module KeyStrengthFlow = DataFlow::Global; from KeyStrengthFlow::PathNode source, KeyStrengthFlow::PathNode sink, FunctionCall fc, int param, string name, int minimumBits, int bits where - KeyStrengthFlow::hasFlowPath(source, sink) and + KeyStrengthFlow::flowPath(source, sink) and sink.getNode().asExpr() = fc.getArgument(param) and fc.getTarget().hasGlobalName(name) and minimumBits = getMinimumKeyStrength(name, param) and diff --git a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql index e6dd4e7046e2..2703f819b546 100644 --- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql @@ -64,7 +64,7 @@ module NullAppNameCreateProcessFunctionConfig implements DataFlow::ConfigSig { } } -module NullAppNameCreateProcessFunction = DataFlow::Make; +module NullAppNameCreateProcessFunction = DataFlow::Global; /** * Dataflow that detects a call to CreateProcess with an unquoted commandLine argument @@ -85,7 +85,7 @@ module QuotedCommandInCreateProcessFunctionConfig implements DataFlow::ConfigSig } module QuotedCommandInCreateProcessFunction = - DataFlow::Make; + DataFlow::Global; bindingset[s] predicate isQuotedOrNoSpaceApplicationNameOnCmd(string s) { @@ -98,12 +98,12 @@ from CreateProcessFunctionCall call, string msg1, string msg2 where exists(Expr appName | appName = call.getArgument(call.getApplicationNameArgumentId()) and - NullAppNameCreateProcessFunction::hasFlowToExpr(appName) and + NullAppNameCreateProcessFunction::flowToExpr(appName) and msg1 = call.toString() + " with lpApplicationName == NULL (" + appName + ")" ) and exists(Expr cmd | cmd = call.getArgument(call.getCommandLineArgumentId()) and - QuotedCommandInCreateProcessFunction::hasFlowToExpr(cmd) and + QuotedCommandInCreateProcessFunction::flowToExpr(cmd) and msg2 = " and with an unquoted lpCommandLine (" + cmd + ") introduces a security vulnerability if the path contains spaces." diff --git a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql index 7e76cf76c123..74a5e1ba4e0b 100644 --- a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql +++ b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql @@ -30,15 +30,15 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig { } } -module ExposedSystemData = TaintTracking::Make; +module ExposedSystemData = TaintTracking::Global; from ExposedSystemData::PathNode source, ExposedSystemData::PathNode sink where - ExposedSystemData::hasFlowPath(source, sink) and + ExposedSystemData::flowPath(source, sink) and not exists( DataFlow::Node alt // remove duplicate results on conversions | - ExposedSystemData::hasFlow(source.getNode(), alt) and + ExposedSystemData::flow(source.getNode(), alt) and alt.asConvertedExpr() = sink.getNode().asIndirectExpr() and alt != sink.getNode() ) diff --git a/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql b/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql index a06314e3c97a..9fa4f538378b 100644 --- a/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql +++ b/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql @@ -51,9 +51,9 @@ module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig { } } -module PotentiallyExposedSystemData = TaintTracking::Make; +module PotentiallyExposedSystemData = TaintTracking::Global; from PotentiallyExposedSystemData::PathNode source, PotentiallyExposedSystemData::PathNode sink -where PotentiallyExposedSystemData::hasFlowPath(source, sink) +where PotentiallyExposedSystemData::flowPath(source, sink) select sink, source, sink, "This operation potentially exposes sensitive system data from $@.", source, source.getNode().toString() diff --git a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql index 1b611a42b8d8..6b73e50c9635 100644 --- a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql @@ -45,9 +45,9 @@ module XxeConfig implements DataFlow::StateConfigSig { } } -module XxeFlow = DataFlow::MakeWithState; +module XxeFlow = DataFlow::GlobalWithState; from XxeFlow::PathNode source, XxeFlow::PathNode sink -where XxeFlow::hasFlowPath(source, sink) +where XxeFlow::flowPath(source, sink) select sink, source, sink, "This $@ is not configured to prevent an XML external entity (XXE) attack.", source, "XML parser" diff --git a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql index 8f36ab50aa81..5ed30e19bb32 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql +++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql @@ -39,7 +39,7 @@ module NullDaclConfig implements DataFlow::ConfigSig { } } -module NullDaclFlow = DataFlow::Make; +module NullDaclFlow = DataFlow::Global; /** * Dataflow that detects a call to SetSecurityDescriptorDacl with a pDacl @@ -70,7 +70,7 @@ module NonNullDaclConfig implements DataFlow::ConfigSig { } } -module NonNullDaclFlow = DataFlow::Make; +module NonNullDaclFlow = DataFlow::Global; from SetSecurityDescriptorDaclFunctionCall call, string message where @@ -88,7 +88,7 @@ where " that is set to NULL will result in an unprotected object." | var = call.getArgument(2) and - NullDaclFlow::hasFlowToExpr(var) and - not NonNullDaclFlow::hasFlowToExpr(var) + NullDaclFlow::flowToExpr(var) and + not NonNullDaclFlow::flowToExpr(var) ) select call, message diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql index 7b72b2684e69..cf346cb812eb 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql @@ -50,9 +50,9 @@ module WordexpTaintConfig implements DataFlow::ConfigSig { } } -module WordexpTaint = TaintTracking::Make; +module WordexpTaint = TaintTracking::Global; from WordexpTaint::PathNode sourceNode, WordexpTaint::PathNode sinkNode -where WordexpTaint::hasFlowPath(sourceNode, sinkNode) +where WordexpTaint::flowPath(sourceNode, sinkNode) select sinkNode.getNode(), sourceNode, sinkNode, "Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection." diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql index 71958eaad91a..00cf017297ff 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql @@ -32,10 +32,10 @@ module MultToAllocConfig implements DataFlow::ConfigSig { } } -module MultToAlloc = DataFlow::Make; +module MultToAlloc = DataFlow::Global; from MultToAlloc::PathNode source, MultToAlloc::PathNode sink -where MultToAlloc::hasFlowPath(source, sink) +where MultToAlloc::flowPath(source, sink) select sink, source, sink, "Potentially overflowing value from $@ is used in the size of this allocation.", source, "multiplication" diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 35cce4a30da0..f90f0bdcab84 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -43,7 +43,8 @@ module FieldAddressToPointerArithmeticConfig implements DataFlow::ConfigSig { } } -module FieldAddressToPointerArithmeticFlow = DataFlow::Make; +module FieldAddressToPointerArithmeticFlow = + DataFlow::Global; predicate isFieldAddressSource(Field f, DataFlow::Node source) { source.asInstruction().(FieldAddressInstruction).getField() = f @@ -70,7 +71,7 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int delta) { exists(int size, int bound, DataFlow::Node source, DataFlow::InstructionNode sink | - FieldAddressToPointerArithmeticFlow::hasFlow(source, sink) and + FieldAddressToPointerArithmeticFlow::flow(source, sink) and isFieldAddressSource(f, source) and pai.getLeft() = sink.asInstruction() and f.getUnspecifiedType().(ArrayType).getArraySize() = size and @@ -90,13 +91,13 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } } -module PointerArithmeticToDerefFlow = DataFlow::Make; +module PointerArithmeticToDerefFlow = DataFlow::Global; from Field f, PointerArithmeticToDerefFlow::PathNode source, PointerArithmeticToDerefFlow::PathNode sink, Instruction deref, string operation, int delta where - PointerArithmeticToDerefFlow::hasFlowPath(source, sink) and + PointerArithmeticToDerefFlow::flowPath(source, sink) and isInvalidPointerDerefSink(sink.getNode(), deref, operation) and isConstantSizeOverflowSource(f, source.getNode().asInstruction(), delta) select source, source, sink, diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 9cadcb505d08..cfd610767de1 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -209,7 +209,7 @@ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } } -module InvalidPointerToDerefFlow = DataFlow::Make; +module InvalidPointerToDerefFlow = DataFlow::Global; /** * Holds if `pai` is a pointer-arithmetic operation and `source` is a dataflow node with a @@ -241,7 +241,7 @@ newtype TMergedPathNode = // pointer, but we want to raise an alert at the dereference. TPathNodeSink(Instruction i) { exists(DataFlow::Node n | - InvalidPointerToDerefFlow::hasFlow(_, n) and + InvalidPointerToDerefFlow::flow(_, n) and isInvalidPointerDerefSink(n, i, _) ) } @@ -349,7 +349,7 @@ predicate hasFlowPath( | conf1.hasFlowPath(source1.asPathNode1(), _, sink1, _) and joinOn1(pai, sink1, source3) and - InvalidPointerToDerefFlow::hasFlowPath(source3, sink3) and + InvalidPointerToDerefFlow::flowPath(source3, sink3) and joinOn2(sink3, sink.asSinkNode(), operation) ) } diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql index c09277f38f2d..2355c276b607 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql @@ -16,7 +16,7 @@ import experimental.semmle.code.cpp.security.PrivateCleartextWrite::PrivateClear import WriteFlow::PathGraph from WriteFlow::PathNode source, WriteFlow::PathNode sink -where WriteFlow::hasFlowPath(source, sink) +where WriteFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This write into the external location '" + sink.getNode() + "' may contain unencrypted data from $@.", source, "this source of private data." diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql index 3fbc4fc10fd7..a27e6382916c 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql @@ -12,11 +12,11 @@ module LiteralToGethostbynameConfig implements DataFlow::ConfigSig { } } -module LiteralToGethostbynameFlow = DataFlow::Make; +module LiteralToGethostbynameFlow = DataFlow::Global; from StringLiteral sl, FunctionCall fc, DataFlow::Node source, DataFlow::Node sink where source.asIndirectExpr(1) = sl and sink.asIndirectExpr(1) = fc.getArgument(0) and - LiteralToGethostbynameFlow::hasFlow(source, sink) + LiteralToGethostbynameFlow::flow(source, sink) select sl, fc diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql index fc73440cd7b1..09d580234fb7 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql @@ -16,11 +16,11 @@ module GetenvToGethostbynameConfig implements DataFlow::ConfigSig { } } -module GetenvToGethostbynameFlow = DataFlow::Make; +module GetenvToGethostbynameFlow = DataFlow::Global; from Expr getenv, FunctionCall fc, DataFlow::Node source, DataFlow::Node sink where source.asIndirectExpr(1) = getenv and sink.asIndirectExpr(1) = fc.getArgument(0) and - GetenvToGethostbynameFlow::hasFlow(source, sink) + GetenvToGethostbynameFlow::flow(source, sink) select getenv, fc diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.ql index 7d810156e7d2..917193b2994a 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.ql @@ -17,11 +17,11 @@ module EnvironmentToFileConfig implements DataFlow::ConfigSig { } } -module EnvironmentToFileFlow = DataFlow::Make; +module EnvironmentToFileFlow = DataFlow::Global; from Expr getenv, Expr fopen, DataFlow::Node source, DataFlow::Node sink where source.asIndirectExpr(1) = getenv and sink.asIndirectExpr(1) = fopen and - EnvironmentToFileFlow::hasFlow(source, sink) + EnvironmentToFileFlow::flow(source, sink) select fopen, "This 'fopen' uses data from $@.", getenv, "call to 'getenv'" diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql index a81c3a71d75d..15cc379131ab 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql @@ -30,9 +30,9 @@ module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { } } -module NetworkToBufferSizeFlow = TaintTracking::Make; +module NetworkToBufferSizeFlow = TaintTracking::Global; from DataFlow::Node ntohl, DataFlow::Node offset -where NetworkToBufferSizeFlow::hasFlow(ntohl, offset) +where NetworkToBufferSizeFlow::flow(ntohl, offset) select offset, "This array offset may be influenced by $@.", ntohl, "converted data from the network" diff --git a/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/standardFlow.ql b/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/standardFlow.ql index 1497702db76f..d929b6557a4d 100644 --- a/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/standardFlow.ql +++ b/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/standardFlow.ql @@ -14,8 +14,8 @@ module TestConfig implements DataFlow::ConfigSig { } } -module TestFlow = DataFlow::Make; +module TestFlow = DataFlow::Global; from DataFlow::Node sink, DataFlow::Node source -where TestFlow::hasFlow(source, sink) +where TestFlow::flow(source, sink) select sink, source diff --git a/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/withAdditionalFlow.ql b/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/withAdditionalFlow.ql index c46d2cddf886..49e98db06ae1 100644 --- a/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/withAdditionalFlow.ql +++ b/cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/withAdditionalFlow.ql @@ -25,8 +25,8 @@ module TestConfig implements DataFlow::ConfigSig { } } -module TestFlow = DataFlow::Make; +module TestFlow = DataFlow::Global; from DataFlow::Node sink, DataFlow::Node source -where TestFlow::hasFlow(source, sink) +where TestFlow::flow(source, sink) select sink, source diff --git a/cpp/ql/test/library-tests/dataflow/crement/from0.ql b/cpp/ql/test/library-tests/dataflow/crement/from0.ql index 90bf8401fbab..d395920c030f 100644 --- a/cpp/ql/test/library-tests/dataflow/crement/from0.ql +++ b/cpp/ql/test/library-tests/dataflow/crement/from0.ql @@ -7,8 +7,8 @@ module Cfg implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof VariableAccess } } -module Flow = DataFlow::Make; +module Flow = DataFlow::Global; from Expr sink -where Flow::hasFlowToExpr(sink) +where Flow::flowToExpr(sink) select sink diff --git a/csharp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/csharp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll index e6bdc74ccebb..8415c022111a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 7dbdc5bee524..5ca3ffed7820 100644 --- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -210,7 +210,7 @@ module ThroughFlowConfig implements DataFlow::StateConfigSig { } } -private module ThroughFlow = TaintTracking::MakeWithState; +private module ThroughFlow = TaintTracking::GlobalWithState; /** * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. @@ -220,7 +220,7 @@ string captureThroughFlow(DataFlowTargetApi api) { DataFlow::ParameterNode p, DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input, string output | - ThroughFlow::hasFlow(p, returnNodeExt) and + ThroughFlow::flow(p, returnNodeExt) and returnNodeExt.getEnclosingCallable() = api and input = parameterNodeAsInput(p) and output = returnNodeAsOutput(returnNodeExt) and @@ -253,14 +253,14 @@ module FromSourceConfig implements DataFlow::ConfigSig { } } -private module FromSource = TaintTracking::Make; +private module FromSource = TaintTracking::Global; /** * Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`. */ string captureSource(DataFlowTargetApi api) { exists(DataFlow::Node source, DataFlow::Node sink, string kind | - FromSource::hasFlow(source, sink) and + FromSource::flow(source, sink) and ExternalFlow::sourceNode(source, kind) and api = sink.getEnclosingCallable() and isRelevantSourceKind(kind) and @@ -285,14 +285,14 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig { DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } } -private module PropagateToSink = TaintTracking::Make; +private module PropagateToSink = TaintTracking::Global; /** * Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink. */ string captureSink(DataFlowTargetApi api) { exists(DataFlow::Node src, DataFlow::Node sink, string kind | - PropagateToSink::hasFlow(src, sink) and + PropagateToSink::flow(src, sink) and ExternalFlow::sinkNode(sink, kind) and api = src.getEnclosingCallable() and isRelevantSinkKind(kind) and diff --git a/go/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/go/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/go/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll index e6bdc74ccebb..8415c022111a 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/java/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/java/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/java/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index e6bdc74ccebb..8415c022111a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll index 8512308f2411..c487c6cecc26 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll @@ -28,7 +28,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node { */ predicate isRemoteSource() { exists(RefType startingType, Expr startActivityForResultArg | - ImplicitStartActivityForResult::hasFlowToExpr(startActivityForResultArg) and + ImplicitStartActivityForResult::flowToExpr(startActivityForResultArg) and // startingType is the class enclosing the method that calls `startActivityForResult`. startingType = startActivityForResultArg.getEnclosingCallable().getDeclaringType() | @@ -104,7 +104,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS } private module ImplicitStartActivityForResult = - DataFlow::Make; + DataFlow::Global; /** An Android Activity or Fragment. */ private class ActivityOrFragment extends Class { diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll index 72516e5427ec..2793f1980c5c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll @@ -21,10 +21,10 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig { } } -private module TypeLiteralToParseAsFlow = DataFlow::Make; +private module TypeLiteralToParseAsFlow = DataFlow::Global; private TypeLiteral getSourceWithFlowToParseAs() { - TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _) + TypeLiteralToParseAsFlow::flow(DataFlow::exprNode(result), _) } /** A field that is deserialized by `HttpResponse.parseAs`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index e26d2312f1ba..79fd19f4ef20 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -108,10 +108,10 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi } private module TypeLiteralToJacksonDatabindFlow = - DataFlow::Make; + DataFlow::Global; private TypeLiteral getSourceWithFlowToJacksonDatabind() { - TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _) + TypeLiteralToJacksonDatabindFlow::flow(DataFlow::exprNode(result), _) } /** A type whose values are explicitly deserialized in a call to a Jackson method. */ diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll index 2855f5989cf0..e0c9fbff8000 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll @@ -173,4 +173,4 @@ private module SensitiveCommunicationConfig implements DataFlow::ConfigSig { /** * Tracks taint flow from variables containing sensitive information to broadcast Intents. */ -module SensitiveCommunicationFlow = TaintTracking::Make; +module SensitiveCommunicationFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll index 68b16f7f902e..d066f4974a1f 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll @@ -17,15 +17,15 @@ private module ApkInstallationConfig implements DataFlow::ConfigSig { ma.getMethod() instanceof SetDataMethod and ma.getArgument(0) = node.asExpr() and ( - PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier()) + PackageArchiveMimeTypeFlow::flowToExpr(ma.getQualifier()) or - InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier()) + InstallPackageActionFlow::flowToExpr(ma.getQualifier()) ) ) } } -module ApkInstallationFlow = DataFlow::Make; +module ApkInstallationFlow = DataFlow::Global; private newtype ActionState = ActionUnset() or @@ -72,7 +72,8 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig { predicate isBarrier(DataFlow::Node node, FlowState state) { none() } } -private module InstallPackageActionFlow = TaintTracking::MakeWithState; +private module InstallPackageActionFlow = + TaintTracking::GlobalWithState; private newtype MimeTypeState = MimeTypeUnset() or @@ -117,4 +118,4 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig } private module PackageArchiveMimeTypeFlow = - TaintTracking::MakeWithState; + TaintTracking::GlobalWithState; diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index 7564993c1ed7..94b1877a4a39 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -37,4 +37,4 @@ private module FragmentInjectionTaintConfig implements DataFlow::ConfigSig { * Taint-tracking flow for unsafe user input * that is used to create Android fragments dynamically. */ -module FragmentInjectionTaintFlow = TaintTracking::Make; +module FragmentInjectionTaintFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index d23a0c8ae4bc..970cb4867fd8 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -53,4 +53,4 @@ private module IntentUriPermissionManipulationConfig implements DataFlow::Config * Taint tracking flow for user-provided Intents being returned to third party apps. */ module IntentUriPermissionManipulationFlow = - TaintTracking::Make; + TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll index a706da71e503..a26e08d3edcf 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll @@ -38,4 +38,4 @@ private module LogInjectionConfig implements DataFlow::ConfigSig { /** * Taint-tracking flow for tracking untrusted user input used in log entries. */ -module LogInjectionFlow = TaintTracking::Make; +module LogInjectionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index 1f19d9640e21..9d1f9b5081e0 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -53,4 +53,4 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer } } -module RequestForgeryFlow = TaintTracking::Make; +module RequestForgeryFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index e7888afba5d7..0d9df09bb744 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -42,4 +42,4 @@ private module RsaWithoutOaepConfig implements DataFlow::ConfigSig { } /** Flow for finding RSA ciphers initialized without using OAEP padding. */ -module RsaWithoutOaepFlow = DataFlow::Make; +module RsaWithoutOaepFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll index 2ca0c4b69c02..ea687d32a0ae 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll @@ -65,4 +65,4 @@ private module SensitiveLoggerConfig implements DataFlow::ConfigSig { predicate isBarrierIn(Node node) { isSource(node) } } -module SensitiveLoggerFlow = TaintTracking::Make; +module SensitiveLoggerFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index f347f98c9c33..b59c4b79655f 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -41,4 +41,4 @@ private module UnsafeContentResolutionConfig implements DataFlow::ConfigSig { } /** Taint-tracking flow to find paths from remote sources to content URI resolutions. */ -module UnsafeContentResolutionFlow = TaintTracking::Make; +module UnsafeContentResolutionFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index a2efc852fd2d..2680631318f7 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -43,7 +43,7 @@ private class DefaultXssSink extends XssSink { or exists(MethodAccess ma | ma.getMethod() instanceof WritingMethod and - XssVulnerableWriterSourceToWritingMethodFlow::hasFlowToExpr(ma.getQualifier()) and + XssVulnerableWriterSourceToWritingMethodFlow::flowToExpr(ma.getQualifier()) and this.asExpr() = ma.getArgument(_) ) } @@ -71,7 +71,7 @@ private module XssVulnerableWriterSourceToWritingMethodFlowConfig implements Dat } private module XssVulnerableWriterSourceToWritingMethodFlow = - TaintTracking::Make; + TaintTracking::Global; /** A method that can be used to output data to an output stream or writer. */ private class WritingMethod extends Method { diff --git a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll index 02d68fceb5cb..d3ac09798a67 100644 --- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll @@ -42,4 +42,4 @@ module XxeLocalConfig implements DataFlow::ConfigSig { /** * Detect taint flow of unvalidated local user input that is used in XML external entity expansion. */ -module XxeLocalFlow = TaintTracking::Make; +module XxeLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 46108b7a680c..06bccc993a43 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -42,4 +42,4 @@ module XxeConfig implements DataFlow::ConfigSig { /** * Detect taint flow of unvalidated remote user input that is used in XML external entity expansion. */ -module XxeFlow = TaintTracking::Make; +module XxeFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index b852c8393fbb..e85e130e381b 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -81,4 +81,4 @@ private module PolynomialRedosConfig implements DataFlow::ConfigSig { } } -module PolynomialRedosFlow = TaintTracking::Make; +module PolynomialRedosFlow = TaintTracking::Global; diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index c7c3ce0f8350..4058978f29a9 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -41,7 +41,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig { } } -module TaintedPath = TaintTracking::Make; +module TaintedPath = TaintTracking::Global; import TaintedPath::PathGraph @@ -53,13 +53,13 @@ import TaintedPath::PathGraph * continue to report there; otherwise we report directly at `sink`. */ DataFlow::Node getReportingNode(DataFlow::Node sink) { - TaintedPath::hasFlowTo(sink) and + TaintedPath::flowTo(sink) and if exists(PathCreation pc | pc.getAnInput() = sink.asExpr()) then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr()) else result = sink } from TaintedPath::PathNode source, TaintedPath::PathNode sink -where TaintedPath::hasFlowPath(source, sink) +where TaintedPath::flowPath(source, sink) select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index fa62e4e6dfda..94c2b0e68a07 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -41,7 +41,7 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig { } } -module TaintedPathLocalFlow = TaintTracking::Make; +module TaintedPathLocalFlow = TaintTracking::Global; import TaintedPathLocalFlow::PathGraph @@ -53,13 +53,13 @@ import TaintedPathLocalFlow::PathGraph * continue to report there; otherwise we report directly at `sink`. */ DataFlow::Node getReportingNode(DataFlow::Node sink) { - TaintedPathLocalFlow::hasFlowTo(sink) and + TaintedPathLocalFlow::flowTo(sink) and if exists(PathCreation pc | pc.getAnInput() = sink.asExpr()) then result.asExpr() = any(PathCreation pc | pc.getAnInput() = sink.asExpr()) else result = sink } from TaintedPathLocalFlow::PathNode source, TaintedPathLocalFlow::PathNode sink -where TaintedPathLocalFlow::hasFlowPath(source, sink) +where TaintedPathLocalFlow::flowPath(source, sink) select getReportingNode(sink.getNode()), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql index bae6311f3620..b1afdfe65a4f 100644 --- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql @@ -44,7 +44,7 @@ module ZipSlipConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof PathInjectionSanitizer } } -module ZipSlipFlow = TaintTracking::Make; +module ZipSlipFlow = TaintTracking::Global; import ZipSlipFlow::PathGraph @@ -56,7 +56,7 @@ private class FileCreationSink extends DataFlow::Node { } from ZipSlipFlow::PathNode source, ZipSlipFlow::PathNode sink -where ZipSlipFlow::hasFlowPath(source, sink) +where ZipSlipFlow::flowPath(source, sink) select source.getNode(), source, sink, "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), "file system operation" diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql index e8a80e372b79..5289ac39a9b6 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql @@ -32,7 +32,7 @@ module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { } module LocalUserInputToArgumentToExecFlow = - TaintTracking::Make; + TaintTracking::Global; import LocalUserInputToArgumentToExecFlow::PathGraph @@ -40,7 +40,7 @@ from LocalUserInputToArgumentToExecFlow::PathNode source, LocalUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg where - LocalUserInputToArgumentToExecFlow::hasFlowPath(source, sink) and + LocalUserInputToArgumentToExecFlow::flowPath(source, sink) and sink.getNode().asExpr() = execArg select execArg, source, sink, "This command line depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.ql b/java/ql/src/Security/CWE/CWE-079/XSS.ql index f2b0a65f9fe9..dbec746eaf68 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSS.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql @@ -29,11 +29,11 @@ module XssConfig implements DataFlow::ConfigSig { } } -module XssFlow = TaintTracking::Make; +module XssFlow = TaintTracking::Global; import XssFlow::PathGraph from XssFlow::PathNode source, XssFlow::PathNode sink -where XssFlow::hasFlowPath(source, sink) +where XssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql index fd9c397f812d..90bd2dccc44e 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql @@ -21,11 +21,11 @@ module XssLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } } -module XssLocalFlow = TaintTracking::Make; +module XssLocalFlow = TaintTracking::Global; import XssLocalFlow::PathGraph from XssLocalFlow::PathNode source, XssLocalFlow::PathNode sink -where XssLocalFlow::hasFlowPath(source, sink) +where XssLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql index 209d778dca84..87f478de9795 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql @@ -36,7 +36,7 @@ module UncontrolledStringBuilderSourceFlowConfig implements DataFlow::ConfigSig } module UncontrolledStringBuilderSourceFlow = - TaintTracking::Make; + TaintTracking::Global; from QueryInjectionSink query, Expr uncontrolled where @@ -45,7 +45,7 @@ where or exists(StringBuilderVar sbv | uncontrolledStringBuilderQuery(sbv, uncontrolled) and - UncontrolledStringBuilderSourceFlow::hasFlow(DataFlow::exprNode(sbv.getToStringCall()), query) + UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query) ) ) and not queryTaintedBy(query, _, _) diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql index 0ad803533c59..34e322247c9b 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql @@ -31,13 +31,13 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig { } module LocalUserInputToQueryInjectionFlow = - TaintTracking::Make; + TaintTracking::Global; import LocalUserInputToQueryInjectionFlow::PathGraph from LocalUserInputToQueryInjectionFlow::PathNode source, LocalUserInputToQueryInjectionFlow::PathNode sink -where LocalUserInputToQueryInjectionFlow::hasFlowPath(source, sink) +where LocalUserInputToQueryInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql index 66371f161ca1..e879a33051d5 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql @@ -17,6 +17,6 @@ import LdapInjectionLib import LdapInjectionFlow::PathGraph from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink -where LdapInjectionFlow::hasFlowPath(source, sink) +where LdapInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll b/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll index d682e4902d89..d6ca8b1169d5 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll @@ -17,4 +17,4 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig { } } -module LdapInjectionFlow = TaintTracking::Make; +module LdapInjectionFlow = TaintTracking::Global; diff --git a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql index aab75a8d3680..3255ac99bd68 100644 --- a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +++ b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql @@ -15,5 +15,5 @@ import semmle.code.java.security.ArbitraryApkInstallationQuery import ApkInstallationFlow::PathGraph from ApkInstallationFlow::PathNode source, ApkInstallationFlow::PathNode sink -where ApkInstallationFlow::hasFlowPath(source, sink) +where ApkInstallationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Arbitrary Android APK installation." diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql index c3a991ddcd50..5e957f237931 100644 --- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql @@ -61,7 +61,7 @@ module BeanValidationConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink } } -module BeanValidationFlow = TaintTracking::Make; +module BeanValidationFlow = TaintTracking::Global; import BeanValidationFlow::PathGraph @@ -80,6 +80,6 @@ where or exists(SetMessageInterpolatorCall c | not c.isSafe()) ) and - BeanValidationFlow::hasFlowPath(source, sink) + BeanValidationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Custom constraint error message contains an unsanitized $@.", source, "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql index b1682dd5774d..4fef0a620cdf 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql @@ -42,12 +42,12 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig { } } -module ResponseSplitting = TaintTracking::Make; +module ResponseSplitting = TaintTracking::Global; import ResponseSplitting::PathGraph from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink -where ResponseSplitting::hasFlowPath(source, sink) +where ResponseSplitting::flowPath(source, sink) select sink.getNode(), source, sink, "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql index 321f5659e272..402ad1ba1bcc 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql @@ -26,12 +26,12 @@ module ResponseSplittingLocalConfig implements DataFlow::ConfigSig { } } -module ResponseSplitting = TaintTracking::Make; +module ResponseSplitting = TaintTracking::Global; import ResponseSplitting::PathGraph from ResponseSplitting::PathNode source, ResponseSplitting::PathNode sink -where ResponseSplitting::hasFlowPath(source, sink) +where ResponseSplitting::flowPath(source, sink) select sink.getNode(), source, sink, "This header depends on a $@, which may cause a response-splitting vulnerability.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql index 61c1db901b0d..dd4ffb6a10a1 100644 --- a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +++ b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.LogInjectionQuery import LogInjectionFlow::PathGraph from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink -where LogInjectionFlow::hasFlowPath(source, sink) +where LogInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql index c723e7d7067b..703bb23b6f5d 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql @@ -23,7 +23,7 @@ private module ImproperValidationOfArrayConstructionConfig implements DataFlow:: } module ImproperValidationOfArrayConstructionFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayConstructionFlow::PathGraph @@ -34,7 +34,7 @@ from where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and - ImproperValidationOfArrayConstructionFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayConstructionFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql index a4335eeb2fec..8541074c4937 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql @@ -27,7 +27,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig { } } -module BoundedFlowSourceFlow = DataFlow::Make; +module BoundedFlowSourceFlow = DataFlow::Global; import BoundedFlowSourceFlow::PathGraph @@ -39,7 +39,7 @@ where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and boundedsource = source.getNode() and - BoundedFlowSourceFlow::hasFlowPath(source, sink) + BoundedFlowSourceFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using $@ which may be zero.", arrayCreation, "array", boundedsource, boundedsource.getDescription().toLowerCase() diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql index a1d13c3d8dbe..f5539e4d05b5 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql @@ -24,7 +24,7 @@ module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::Con } module ImproperValidationOfArrayConstructionLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayConstructionLocalFlow::PathGraph @@ -35,7 +35,7 @@ from where arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and sizeExpr = sink.getNode().asExpr() and - ImproperValidationOfArrayConstructionLocalFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayConstructionLocalFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation, "array", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql index 70b23e058a5d..6c6755dc4847 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql @@ -25,7 +25,7 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig { } module ImproperValidationOfArrayIndexFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayIndexFlow::PathGraph @@ -34,7 +34,7 @@ from ImproperValidationOfArrayIndexFlow::PathNode sink, CheckableArrayAccess arrayAccess where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and - ImproperValidationOfArrayIndexFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayIndexFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql index fd07e39b6baa..d2f8f6135a9d 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql @@ -24,7 +24,7 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig { } } -module BoundedFlowSourceFlow = DataFlow::Make; +module BoundedFlowSourceFlow = DataFlow::Global; import BoundedFlowSourceFlow::PathGraph @@ -34,7 +34,7 @@ from where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and boundedsource = source.getNode() and - BoundedFlowSourceFlow::hasFlowPath(source, sink) and + BoundedFlowSourceFlow::flowPath(source, sink) and boundedsource != sink.getNode() and not ( ( diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql index d57df422287e..51f54eebd79a 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql @@ -24,7 +24,7 @@ module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig } module ImproperValidationOfArrayIndexLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ImproperValidationOfArrayIndexLocalFlow::PathGraph @@ -33,7 +33,7 @@ from ImproperValidationOfArrayIndexLocalFlow::PathNode sink, CheckableArrayAccess arrayAccess where arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and - ImproperValidationOfArrayIndexLocalFlow::hasFlowPath(source, sink) + ImproperValidationOfArrayIndexLocalFlow::flowPath(source, sink) select arrayAccess.getIndexExpr(), source, sink, "This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql index da5bc5372a45..a2d2e9005ef1 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql @@ -27,7 +27,7 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig { } module ExternallyControlledFormatStringFlow = - TaintTracking::Make; + TaintTracking::Global; import ExternallyControlledFormatStringFlow::PathGraph @@ -35,7 +35,7 @@ from ExternallyControlledFormatStringFlow::PathNode source, ExternallyControlledFormatStringFlow::PathNode sink, StringFormat formatCall where - ExternallyControlledFormatStringFlow::hasFlowPath(source, sink) and + ExternallyControlledFormatStringFlow::flowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql index 0300eaea8067..56026c61cfac 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql @@ -23,7 +23,7 @@ module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSi } module ExternallyControlledFormatStringLocalFlow = - TaintTracking::Make; + TaintTracking::Global; import ExternallyControlledFormatStringLocalFlow::PathGraph @@ -31,7 +31,7 @@ from ExternallyControlledFormatStringLocalFlow::PathNode source, ExternallyControlledFormatStringLocalFlow::PathNode sink, StringFormat formatCall where - ExternallyControlledFormatStringLocalFlow::hasFlowPath(source, sink) and + ExternallyControlledFormatStringLocalFlow::flowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument() select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index c4294e92ef0a..81e572e4c4e0 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -32,9 +32,9 @@ module RemoteUserInputUnderflowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } } -module RemoteUserInputOverflow = TaintTracking::Make; +module RemoteUserInputOverflow = TaintTracking::Global; -module RemoteUserInputUnderflow = TaintTracking::Make; +module RemoteUserInputUnderflow = TaintTracking::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::Global; module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } @@ -36,7 +36,7 @@ module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { } module ArithmeticTaintedLocalUnderflowFlow = - TaintTracking::Make; + TaintTracking::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::Global; module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof TaintSource } @@ -44,7 +44,7 @@ module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig { } module ArithmeticUncontrolledUnderflowFlow = - TaintTracking::Make; + TaintTracking::Global; module Flow = DataFlow::MergePathGraph; +module MaxValueFlow = DataFlow::Global; module MinValueFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { @@ -59,7 +59,7 @@ module MinValueFlowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } } -module MinValueFlow = DataFlow::Make; +module MinValueFlow = DataFlow::Global; module Flow = DataFlow::MergePathGraph; + TaintTracking::GlobalWithState; from Expr e where @@ -116,7 +116,7 @@ where // implicit: no setAllowContentAccess(false) exists(WebViewSource source | source.asExpr() = e and - not WebViewDisallowContentAccessFlow::hasFlow(source, _) + not WebViewDisallowContentAccessFlow::flow(source, _) ) select e, "Sensitive information may be exposed via a malicious link due to access to content:// links being allowed in this WebView." diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql index 6d99eba59c29..400d7159b9a0 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql @@ -133,7 +133,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof FileCreationSink and - not TempDirSystemGetPropertyDirectlyToMkdir::hasFlowTo(sink) + not TempDirSystemGetPropertyDirectlyToMkdir::flowTo(sink) } predicate isBarrier(DataFlow::Node sanitizer) { @@ -146,7 +146,7 @@ module TempDirSystemGetPropertyToCreateConfig implements DataFlow::ConfigSig { } module TempDirSystemGetPropertyToCreate = - TaintTracking::Make; + TaintTracking::Global; /** * Configuration that tracks calls to to `mkdir` or `mkdirs` that are are directly on the temp directory system property. @@ -179,7 +179,7 @@ module TempDirSystemGetPropertyDirectlyToMkdirConfig implements DataFlow::Config } module TempDirSystemGetPropertyDirectlyToMkdir = - TaintTracking::Make; + TaintTracking::Global; // // Begin configuration for tracking single-method calls that are vulnerable. @@ -270,7 +270,7 @@ import Flow::PathGraph from Flow::PathNode source, Flow::PathNode sink, string message where ( - TempDirSystemGetPropertyToCreate::hasFlowPath(source.asPathNode1(), sink.asPathNode1()) and + TempDirSystemGetPropertyToCreate::flowPath(source.asPathNode1(), sink.asPathNode1()) and message = "Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users." or diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql index be5d3dad8480..98a342bcb277 100644 --- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql @@ -42,7 +42,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlowConfig implements DataFlow: } module ServletWriterSourceToPrintStackTraceMethodFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A call that uses `Throwable.printStackTrace()` on a stream that is connected @@ -51,7 +51,7 @@ module ServletWriterSourceToPrintStackTraceMethodFlow = predicate printsStackToWriter(MethodAccess call) { exists(PrintStackTraceMethod printStackTrace | call.getMethod() = printStackTrace and - ServletWriterSourceToPrintStackTraceMethodFlow::hasFlowToExpr(call.getAnArgument()) + ServletWriterSourceToPrintStackTraceMethodFlow::flowToExpr(call.getAnArgument()) ) } @@ -87,7 +87,7 @@ module StackTraceStringToHttpResponseSinkFlowConfig implements DataFlow::ConfigS } module StackTraceStringToHttpResponseSinkFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A write of stack trace data to an external stream. @@ -104,8 +104,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) { predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) { exists(MethodAccess stackTraceString | stackTraceExpr(stackTrace, stackTraceString) and - StackTraceStringToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(stackTraceString), - externalExpr) + StackTraceStringToHttpResponseSinkFlow::flow(DataFlow::exprNode(stackTraceString), externalExpr) ) } @@ -127,13 +126,13 @@ module GetMessageFlowSourceToHttpResponseSinkFlowConfig implements DataFlow::Con } module GetMessageFlowSourceToHttpResponseSinkFlow = - TaintTracking::Make; + TaintTracking::Global; /** * A call to `getMessage()` that then flows to a servlet response. */ predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) { - GetMessageFlowSourceToHttpResponseSinkFlow::hasFlow(DataFlow::exprNode(getMessage), externalExpr) + GetMessageFlowSourceToHttpResponseSinkFlow::flow(DataFlow::exprNode(getMessage), externalExpr) } from Expr externalExpr, Expr errorInformation diff --git a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql index 281415a0d91c..d79abd6e4178 100644 --- a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +++ b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql @@ -20,7 +20,7 @@ import IntentUriPermissionManipulationFlow::PathGraph from IntentUriPermissionManipulationFlow::PathNode source, IntentUriPermissionManipulationFlow::PathNode sink -where IntentUriPermissionManipulationFlow::hasFlowPath(source, sink) +where IntentUriPermissionManipulationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This Intent can be set with arbitrary flags from a $@, " + "and used to give access to internal content providers.", source.getNode(), diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql index f6663b8e87dd..4bea66796b8a 100644 --- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql @@ -77,7 +77,7 @@ module TrustAllHostnameVerifierConfig implements DataFlow::ConfigSig { } } -module TrustAllHostnameVerifierFlow = DataFlow::Make; +module TrustAllHostnameVerifierFlow = DataFlow::Global; import TrustAllHostnameVerifierFlow::PathGraph @@ -118,7 +118,7 @@ from TrustAllHostnameVerifierFlow::PathNode source, TrustAllHostnameVerifierFlow::PathNode sink, RefType verifier where - TrustAllHostnameVerifierFlow::hasFlowPath(source, sink) and + TrustAllHostnameVerifierFlow::flowPath(source, sink) and not isNodeGuardedByFlag(sink.getNode()) and verifier = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType() select sink, source, sink, diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index ec7ffcbccc17..a423eed3d22a 100644 --- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -38,7 +38,7 @@ module InsecureCryptoConfig implements ConfigSig { } } -module InsecureCryptoFlow = TaintTracking::Make; +module InsecureCryptoFlow = TaintTracking::Global; import InsecureCryptoFlow::PathGraph @@ -48,6 +48,6 @@ from where sink.getNode().asExpr() = c.getAlgoSpec() and source.getNode().asExpr() = s and - InsecureCryptoFlow::hasFlowPath(source, sink) + InsecureCryptoFlow::flowPath(source, sink) select c, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", s, s.getValue() diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql index 474462114382..b5f144218948 100644 --- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql @@ -61,7 +61,7 @@ module InsecureCryptoConfig implements ConfigSig { } } -module InsecureCryptoFlow = TaintTracking::Make; +module InsecureCryptoFlow = TaintTracking::Global; import InsecureCryptoFlow::PathGraph @@ -71,7 +71,7 @@ from where sink.getNode().asExpr() = c.getAlgoSpec() and source.getNode().asExpr() = s and - InsecureCryptoFlow::hasFlowPath(source, sink) + InsecureCryptoFlow::flowPath(source, sink) select c, source, sink, "Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", s, s.getValue() diff --git a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql index ce90cc5e00fa..4a8c9bc3ad11 100644 --- a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql @@ -17,7 +17,7 @@ import semmle.code.java.security.UnsafeContentUriResolutionQuery import UnsafeContentResolutionFlow::PathGraph from UnsafeContentResolutionFlow::PathNode src, UnsafeContentResolutionFlow::PathNode sink -where UnsafeContentResolutionFlow::hasFlowPath(src, sink) +where UnsafeContentResolutionFlow::flowPath(src, sink) select sink.getNode(), src, sink, "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql index 5ffa7068980f..6ff9a15eca4b 100644 --- a/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +++ b/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql @@ -16,7 +16,7 @@ import semmle.code.java.security.FragmentInjectionQuery import FragmentInjectionTaintFlow::PathGraph from FragmentInjectionTaintFlow::PathNode source, FragmentInjectionTaintFlow::PathNode sink -where FragmentInjectionTaintFlow::hasFlowPath(source, sink) +where FragmentInjectionTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Fragment depends on a $@, which may allow a malicious application to bypass access controls.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql index a884ba6c2427..9b306bc1bd19 100644 --- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.SensitiveLoggingQuery import SensitiveLoggerFlow::PathGraph from SensitiveLoggerFlow::PathNode source, SensitiveLoggerFlow::PathNode sink -where SensitiveLoggerFlow::hasFlowPath(source, sink) +where SensitiveLoggerFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This $@ is written to a log file.", source.getNode(), "potentially sensitive information" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql index cf9393830b00..78c9c86c7620 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql @@ -21,11 +21,11 @@ module UrlRedirectConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } } -module UrlRedirectFlow = TaintTracking::Make; +module UrlRedirectFlow = TaintTracking::Global; import UrlRedirectFlow::PathGraph from UrlRedirectFlow::PathNode source, UrlRedirectFlow::PathNode sink -where UrlRedirectFlow::hasFlowPath(source, sink) +where UrlRedirectFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql index de44173ec573..d8a28f52abba 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql @@ -21,11 +21,11 @@ module UrlRedirectLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } } -module UrlRedirectLocalFlow = TaintTracking::Make; +module UrlRedirectLocalFlow = TaintTracking::Global; import UrlRedirectLocalFlow::PathGraph from UrlRedirectLocalFlow::PathNode source, UrlRedirectLocalFlow::PathNode sink -where UrlRedirectLocalFlow::hasFlowPath(source, sink) +where UrlRedirectLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql index 708d4f08ee7a..5520d332ed6e 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql @@ -19,7 +19,7 @@ import semmle.code.java.security.XxeRemoteQuery import XxeFlow::PathGraph from XxeFlow::PathNode source, XxeFlow::PathNode sink -where XxeFlow::hasFlowPath(source, sink) +where XxeFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql index 0ab4ddcc106e..5e306a653495 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXELocal.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXELocal.ql @@ -19,7 +19,7 @@ import semmle.code.java.security.XxeLocalQuery import XxeLocalFlow::PathGraph from XxeLocalFlow::PathNode source, XxeLocalFlow::PathNode sink -where XxeLocalFlow::hasFlowPath(source, sink) +where XxeLocalFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql index 807ef383dee4..0d24e9315c1f 100644 --- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql @@ -47,10 +47,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig { } } -module SecureCookieFlow = DataFlow::Make; +module SecureCookieFlow = DataFlow::Global; from MethodAccess add where add.getMethod() instanceof ResponseAddCookieMethod and - not SecureCookieFlow::hasFlowToExpr(add.getArgument(0)) + not SecureCookieFlow::flowToExpr(add.getArgument(0)) select add, "Cookie is added to response without the 'secure' flag being set." diff --git a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql index eacebd3f0987..18a4d76873b3 100644 --- a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +++ b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql @@ -22,11 +22,11 @@ module XPathInjectionConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } } -module XPathInjectionFlow = TaintTracking::Make; +module XPathInjectionFlow = TaintTracking::Global; import XPathInjectionFlow::PathGraph from XPathInjectionFlow::PathNode source, XPathInjectionFlow::PathNode sink -where XPathInjectionFlow::hasFlowPath(source, sink) +where XPathInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql index 3caefe3fd09a..3194e0f8e7b1 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql @@ -34,14 +34,14 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { } } -module NumericCastFlow = TaintTracking::Make; +module NumericCastFlow = TaintTracking::Global; import NumericCastFlow::PathGraph from NumericCastFlow::PathNode source, NumericCastFlow::PathNode sink, NumericNarrowingCastExpr exp where sink.getNode().asExpr() = exp.getExpr() and - NumericCastFlow::hasFlowPath(source, sink) + NumericCastFlow::flowPath(source, sink) select exp, source, sink, "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql index 41757ab419ae..b92247695624 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql @@ -32,7 +32,7 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { } } -module NumericCastFlow = TaintTracking::Make; +module NumericCastFlow = TaintTracking::Global; import NumericCastFlow::PathGraph @@ -42,7 +42,7 @@ from where exp.getExpr() = tainted and sink.getNode().asExpr() = tainted and - NumericCastFlow::hasFlowPath(source, sink) and + NumericCastFlow::flowPath(source, sink) and not exists(RightShiftOp e | e.getShiftedVariable() = tainted.getVariable()) select exp, source, sink, "This cast to a narrower type depends on a $@, potentially causing truncation.", source.getNode(), diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql index 8a1244b93d1d..2ba45ca083ca 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql @@ -21,7 +21,7 @@ from PolynomialRedosFlow::PathNode source, PolynomialRedosFlow::PathNode sink, SuperlinearBackTracking::PolynomialBackTrackingTerm regexp where - PolynomialRedosFlow::hasFlowPath(source, sink) and + PolynomialRedosFlow::flowPath(source, sink) and regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp() select sink, source, sink, "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() + diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index a2475202dd8e..2191a4a74010 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -15,6 +15,6 @@ import semmle.code.java.security.RsaWithoutOaepQuery import RsaWithoutOaepFlow::PathGraph from RsaWithoutOaepFlow::PathNode source, RsaWithoutOaepFlow::PathNode sink -where RsaWithoutOaepFlow::hasFlowPath(source, sink) +where RsaWithoutOaepFlow::flowPath(source, sink) select source, source, sink, "This specification is used to $@ without OAEP padding.", sink, "initialize an RSA cipher" diff --git a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql index bb48958443f7..87266e0df473 100644 --- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql @@ -60,14 +60,13 @@ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig { } } -module TaintedPermissionsCheckFlow = TaintTracking::Make; +module TaintedPermissionsCheckFlow = TaintTracking::Global; import TaintedPermissionsCheckFlow::PathGraph from TaintedPermissionsCheckFlow::PathNode source, TaintedPermissionsCheckFlow::PathNode sink, PermissionsConstruction p -where - sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::hasFlowPath(source, sink) +where sink.getNode().asExpr() = p.getInput() and TaintedPermissionsCheckFlow::flowPath(source, sink) select p, source, sink, "Permissions check depends on a $@.", source.getNode(), "user-controlled value" diff --git a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql index c3455dc4beb8..570a7af54cc3 100644 --- a/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +++ b/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.RequestForgeryConfig import RequestForgeryFlow::PathGraph from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink -where RequestForgeryFlow::hasFlowPath(source, sink) +where RequestForgeryFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Potential server-side request forgery due to a $@.", source.getNode(), "user-provided value" diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql index 59a7d827cf6a..576927b1d722 100644 --- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql @@ -16,6 +16,6 @@ import semmle.code.java.security.AndroidSensitiveCommunicationQuery import SensitiveCommunicationFlow::PathGraph from SensitiveCommunicationFlow::PathNode source, SensitiveCommunicationFlow::PathNode sink -where SensitiveCommunicationFlow::hasFlowPath(source, sink) +where SensitiveCommunicationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This call may leak $@.", source.getNode(), "sensitive information" diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 7dbdc5bee524..5ca3ffed7820 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -210,7 +210,7 @@ module ThroughFlowConfig implements DataFlow::StateConfigSig { } } -private module ThroughFlow = TaintTracking::MakeWithState; +private module ThroughFlow = TaintTracking::GlobalWithState; /** * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter. @@ -220,7 +220,7 @@ string captureThroughFlow(DataFlowTargetApi api) { DataFlow::ParameterNode p, DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input, string output | - ThroughFlow::hasFlow(p, returnNodeExt) and + ThroughFlow::flow(p, returnNodeExt) and returnNodeExt.getEnclosingCallable() = api and input = parameterNodeAsInput(p) and output = returnNodeAsOutput(returnNodeExt) and @@ -253,14 +253,14 @@ module FromSourceConfig implements DataFlow::ConfigSig { } } -private module FromSource = TaintTracking::Make; +private module FromSource = TaintTracking::Global; /** * Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`. */ string captureSource(DataFlowTargetApi api) { exists(DataFlow::Node source, DataFlow::Node sink, string kind | - FromSource::hasFlow(source, sink) and + FromSource::flow(source, sink) and ExternalFlow::sourceNode(source, kind) and api = sink.getEnclosingCallable() and isRelevantSourceKind(kind) and @@ -285,14 +285,14 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig { DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } } -private module PropagateToSink = TaintTracking::Make; +private module PropagateToSink = TaintTracking::Global; /** * Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink. */ string captureSink(DataFlowTargetApi api) { exists(DataFlow::Node src, DataFlow::Node sink, string kind | - PropagateToSink::hasFlow(src, sink) and + PropagateToSink::flow(src, sink) and ExternalFlow::sinkNode(sink, kind) and api = src.getEnclosingCallable() and isRelevantSinkKind(kind) and diff --git a/java/ql/test/TestUtilities/InlineFlowTest.qll b/java/ql/test/TestUtilities/InlineFlowTest.qll index bd4ef924da2e..efc5a6fab2b9 100644 --- a/java/ql/test/TestUtilities/InlineFlowTest.qll +++ b/java/ql/test/TestUtilities/InlineFlowTest.qll @@ -57,9 +57,9 @@ module DefaultFlowConfig implements DataFlow::ConfigSig { int fieldFlowBranchLimit() { result = 1000 } } -private module DefaultValueFlow = DataFlow::Make; +private module DefaultValueFlow = DataFlow::Global; -private module DefaultTaintFlow = TaintTracking::Make; +private module DefaultTaintFlow = TaintTracking::Global; class DefaultValueFlowConf extends DataFlow::Configuration { DefaultValueFlowConf() { this = "qltest:defaultValueFlowConf" } @@ -118,13 +118,13 @@ class InlineFlowTest extends InlineExpectationsTest { predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { if exists(EnableLegacyConfiguration e) then getValueFlowConfig().hasFlow(src, sink) - else DefaultValueFlow::hasFlow(src, sink) + else DefaultValueFlow::flow(src, sink) } predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { if exists(EnableLegacyConfiguration e) then getTaintFlowConfig().hasFlow(src, sink) - else DefaultTaintFlow::hasFlow(src, sink) + else DefaultTaintFlow::flow(src, sink) } DataFlow::Configuration getValueFlowConfig() { result = any(DefaultValueFlowConf config) } diff --git a/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql b/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql index a582f5b24568..7635dae3820b 100644 --- a/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql +++ b/java/ql/test/library-tests/dataflow/inoutbarriers/test.ql @@ -47,13 +47,13 @@ module Conf4 implements ConfigSig { } predicate flow(Node src, Node sink, string s) { - Make::hasFlow(src, sink) and s = "nobarrier" + Global::flow(src, sink) and s = "nobarrier" or - Make::hasFlow(src, sink) and s = "srcbarrier" + Global::flow(src, sink) and s = "srcbarrier" or - Make::hasFlow(src, sink) and s = "sinkbarrier" + Global::flow(src, sink) and s = "sinkbarrier" or - Make::hasFlow(src, sink) and s = "both" + Global::flow(src, sink) and s = "both" } from Node src, Node sink, string s diff --git a/java/ql/test/library-tests/dataflow/partial/test.ql b/java/ql/test/library-tests/dataflow/partial/test.ql index 399a876e9a99..4b2e5e71ff4d 100644 --- a/java/ql/test/library-tests/dataflow/partial/test.ql +++ b/java/ql/test/library-tests/dataflow/partial/test.ql @@ -10,10 +10,10 @@ module Config implements ConfigSig { int explorationLimit() { result = 10 } -module PartialFlow = Make::FlowExploration; +module PartialFlow = Global::FlowExploration; import PartialFlow::PartialPathGraph from PartialFlow::PartialPathNode n, int dist -where PartialFlow::hasPartialFlow(_, n, dist) +where PartialFlow::partialFlow(_, n, dist) select dist, n diff --git a/java/ql/test/library-tests/dataflow/partial/testRev.ql b/java/ql/test/library-tests/dataflow/partial/testRev.ql index c869cb4f915b..f3f71d69e3b2 100644 --- a/java/ql/test/library-tests/dataflow/partial/testRev.ql +++ b/java/ql/test/library-tests/dataflow/partial/testRev.ql @@ -10,10 +10,10 @@ module Config implements ConfigSig { int explorationLimit() { result = 10 } -module PartialFlow = Make::FlowExploration; +module PartialFlow = Global::FlowExploration; import PartialFlow::PartialPathGraph from PartialFlow::PartialPathNode n, int dist -where PartialFlow::hasPartialFlowRev(n, _, dist) +where PartialFlow::partialFlowRev(n, _, dist) select dist, n diff --git a/java/ql/test/library-tests/dataflow/state/test.ql b/java/ql/test/library-tests/dataflow/state/test.ql index afd7ed9a97e6..b82dd95c0b11 100644 --- a/java/ql/test/library-tests/dataflow/state/test.ql +++ b/java/ql/test/library-tests/dataflow/state/test.ql @@ -55,7 +55,7 @@ module Config implements DataFlow::StateConfigSig { int explorationLimit() { result = 0 } -module Flow = TaintTracking::MakeWithState; +module Flow = TaintTracking::GlobalWithState; module PartialFlow = Flow::FlowExploration; @@ -67,7 +67,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "flow" and exists(Flow::PathNode src, Flow::PathNode sink | - Flow::hasFlowPath(src, sink) and + Flow::flowPath(src, sink) and sink.getNode().getLocation() = location and element = sink.toString() and value = src.getState() @@ -75,7 +75,7 @@ class HasFlowTest extends InlineExpectationsTest { or tag = "pFwd" and exists(PartialFlow::PartialPathNode src, PartialFlow::PartialPathNode node | - PartialFlow::hasPartialFlow(src, node, _) and + PartialFlow::partialFlow(src, node, _) and checkNode(node.getNode()) and node.getNode().getLocation() = location and element = node.toString() and @@ -84,7 +84,7 @@ class HasFlowTest extends InlineExpectationsTest { or tag = "pRev" and exists(PartialFlow::PartialPathNode node, PartialFlow::PartialPathNode sink | - PartialFlow::hasPartialFlowRev(node, sink, _) and + PartialFlow::partialFlowRev(node, sink, _) and checkNode(node.getNode()) and node.getNode().getLocation() = location and element = node.toString() and diff --git a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql index 1e40c0a5d257..dd6aec2ebe35 100644 --- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql +++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql @@ -10,7 +10,7 @@ class HasApkInstallationTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasApkInstallation" and - exists(DataFlow::Node sink | ApkInstallationFlow::hasFlowTo(sink) | + exists(DataFlow::Node sink | ApkInstallationFlow::flowTo(sink) | sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql index ba753b0d9308..73a41b1bd8e8 100644 --- a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql @@ -12,6 +12,6 @@ private class LogInjectionTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - LogInjectionFlow::hasFlow(src, sink) + LogInjectionFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql b/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql index c434dbe413a8..d90039cf920e 100644 --- a/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql +++ b/java/ql/test/query-tests/security/CWE-266/IntentUriPermissionManipulationTest.ql @@ -6,6 +6,6 @@ class IntentUriPermissionManipulationTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - IntentUriPermissionManipulationFlow::hasFlow(src, sink) + IntentUriPermissionManipulationFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql index 5e2046c6fbfa..55c07bbd3014 100644 --- a/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql +++ b/java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql @@ -6,6 +6,6 @@ class Test extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - UnsafeContentResolutionFlow::hasFlow(src, sink) + UnsafeContentResolutionFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql b/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql index 22b02c818f59..2771dd3af90d 100644 --- a/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-470/FragmentInjectionTest.ql @@ -6,6 +6,6 @@ class Test extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - FragmentInjectionTaintFlow::hasFlow(src, sink) + FragmentInjectionTaintFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql index b868dcabf853..5de153a9e359 100644 --- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql +++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql @@ -4,7 +4,7 @@ import semmle.code.java.security.SensitiveLoggingQuery class HasFlowTest extends InlineFlowTest { override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - SensitiveLoggerFlow::hasFlow(src, sink) + SensitiveLoggerFlow::flow(src, sink) } override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } diff --git a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql index e31d890d9089..75af0160defe 100644 --- a/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql +++ b/java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql @@ -9,7 +9,7 @@ class HasPolyRedos extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasPolyRedos" and exists(DataFlow::Node sink | - PolynomialRedosFlow::hasFlowTo(sink) and + PolynomialRedosFlow::flowTo(sink) and location = sink.getLocation() and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql index cdfdaea621e0..01af77284f00 100644 --- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql @@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - RsaWithoutOaepFlow::hasFlow(src, sink) + RsaWithoutOaepFlow::flow(src, sink) } } diff --git a/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql b/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql index b27d81ee0730..865e6e8f0d32 100644 --- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql +++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.ql @@ -10,7 +10,7 @@ class HasFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "SSRF" and exists(DataFlow::Node sink | - RequestForgeryFlow::hasFlowTo(sink) and + RequestForgeryFlow::flowTo(sink) and sink.getLocation() = location and element = sink.toString() and value = "" diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql b/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql index c57c316310d1..0f1864398b42 100644 --- a/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql +++ b/java/ql/test/query-tests/security/CWE-927/SensitiveCommunication.ql @@ -7,6 +7,6 @@ class HasFlowTest extends InlineFlowTest { override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { - SensitiveCommunicationFlow::hasFlow(src, sink) + SensitiveCommunicationFlow::flow(src, sink) } } diff --git a/python/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/python/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/python/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll index e6bdc74ccebb..8415c022111a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll index e6bdc74ccebb..8415c022111a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll index e6bdc74ccebb..8415c022111a 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/python/ql/src/Security/CWE-327/FluentApiModel.qll b/python/ql/src/Security/CWE-327/FluentApiModel.qll index 3f479bc1627a..6ba3231f49bb 100644 --- a/python/ql/src/Security/CWE-327/FluentApiModel.qll +++ b/python/ql/src/Security/CWE-327/FluentApiModel.qll @@ -112,7 +112,7 @@ module InsecureContextConfiguration2 implements DataFlow::StateConfigSig { } } -private module InsecureContextFlow = DataFlow::MakeWithState; +private module InsecureContextFlow = DataFlow::GlobalWithState; /** * Holds if `conectionCreation` marks the creation of a connection based on the contex @@ -127,7 +127,7 @@ predicate unsafe_connection_creation_with_context( ) { // Connection created from a context allowing `insecure_version`. exists(InsecureContextFlow::PathNode src, InsecureContextFlow::PathNode sink | - InsecureContextFlow::hasFlowPath(src, sink) and + InsecureContextFlow::flowPath(src, sink) and src.getNode() = contextOrigin and sink.getNode() = connectionCreation and sink.getState().allowsInsecureVersion(insecure_version) and diff --git a/ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md b/ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md new file mode 100644 index 000000000000..54df71fae464 --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-03-23-dataflow-renaming.md @@ -0,0 +1,6 @@ +--- +category: deprecated +--- +* The recently introduced new data flow and taint tracking APIs have had a + number of module and predicate renamings. The old APIs remain in place for + now. diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll index e6bdc74ccebb..8415c022111a 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll index e6bdc74ccebb..8415c022111a 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll index e6bdc74ccebb..8415c022111a 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll index abec1880e657..f08529988c72 100644 --- a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll @@ -56,7 +56,7 @@ module StoredXss { } } - import TaintTracking::Make + import TaintTracking::Global } /** DEPRECATED: Alias for StoredXss */ diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll index dbed650250ee..d4b99766a584 100644 --- a/ruby/ql/lib/codeql/ruby/security/XSS.qll +++ b/ruby/ql/lib/codeql/ruby/security/XSS.qll @@ -304,7 +304,7 @@ private module OrmTracking { } } - import DataFlow::Make + import DataFlow::Global } /** Provides default sources, sinks and sanitizers for detecting stored cross-site scripting (XSS) vulnerabilities. */ @@ -336,7 +336,7 @@ module StoredXss { private class OrmFieldAsSource extends Source instanceof DataFlow::CallNode { OrmFieldAsSource() { exists(DataFlow::CallNode subSrc | - OrmTracking::hasFlow(subSrc, this.getReceiver()) and + OrmTracking::flow(subSrc, this.getReceiver()) and subSrc.(OrmInstantiation).methodCallMayAccessField(this.getMethodName()) ) } diff --git a/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql b/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql index 1dc855230a19..da1bd427589a 100644 --- a/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql +++ b/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql @@ -17,6 +17,6 @@ import codeql.ruby.security.StoredXSSQuery import StoredXss::PathGraph from StoredXss::PathNode source, StoredXss::PathNode sink -where StoredXss::hasFlowPath(source, sink) +where StoredXss::flowPath(source, sink) select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.", source.getNode(), "stored value" diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll index 617362ab4f01..137612c52afe 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll @@ -2,7 +2,7 @@ * Provides an implementation of global (interprocedural) data flow. This file * re-exports the local (intraprocedural) data flow analysis from * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed - * through the `Make` and `MakeWithState` modules. + * through the `Global` and `GlobalWithState` modules. */ private import DataFlowImplCommon @@ -73,10 +73,10 @@ signature module ConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -166,10 +166,10 @@ signature module StateConfigSig { */ default FlowFeature getAFeature() { none() } - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ default predicate sourceGrouping(Node source, string sourceGroup) { none() } - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ default predicate sinkGrouping(Node sink, string sinkGroup) { none() } /** @@ -182,15 +182,15 @@ signature module StateConfigSig { } /** - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` + * Gets the exploration limit for `partialFlow` and `partialFlowRev` * measured in approximate number of interprocedural steps. */ signature int explorationLimitSig(); /** - * The output of a data flow computation. + * The output of a global data flow computation. */ -signature module DataFlowSig { +signature module GlobalFlowSig { /** * A `Node` augmented with a call context (except for sinks) and an access path. * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. @@ -203,28 +203,28 @@ signature module DataFlowSig { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink); + predicate flowPath(PathNode source, PathNode sink); /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink); + predicate flow(Node source, Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink); + predicate flowTo(Node sink); /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink); + predicate flowToExpr(DataFlowExpr sink); } /** * Constructs a standard data flow computation. */ -module Make implements DataFlowSig { +module Global implements GlobalFlowSig { private module C implements FullStateConfigSig { import DefaultState import Config @@ -233,10 +233,15 @@ module Make implements DataFlowSig { import Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements GlobalFlowSig { + import Global +} + /** * Constructs a data flow computation using flow state. */ -module MakeWithState implements DataFlowSig { +module GlobalWithState implements GlobalFlowSig { private module C implements FullStateConfigSig { import Config } @@ -244,6 +249,11 @@ module MakeWithState implements DataFlowSig { import Impl } +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements GlobalFlowSig { + import GlobalWithState +} + signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index c47b03088552..d18ef5acd6e9 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -91,10 +91,10 @@ signature module FullStateConfigSig { */ FlowFeature getAFeature(); - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ + /** Holds if sources should be grouped in the result of `flowPath`. */ predicate sourceGrouping(Node source, string sourceGroup); - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ + /** Holds if sinks should be grouped in the result of `flowPath`. */ predicate sinkGrouping(Node sink, string sinkGroup); /** @@ -3633,7 +3633,7 @@ module Impl { * The corresponding paths are generated from the end-points and the graph * included in the module `PathGraph`. */ - predicate hasFlowPath(PathNode source, PathNode sink) { + predicate flowPath(PathNode source, PathNode sink) { exists(PathNodeImpl flowsource, PathNodeImpl flowsink | source = flowsource and sink = flowsink | @@ -3643,6 +3643,9 @@ module Impl { ) } + /** DEPRECATED: Use `flowPath` instead. */ + deprecated predicate hasFlowPath = flowPath/2; + private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) { flowsource.isSource() and flowsource.getNodeEx().asNode() = source and @@ -3653,17 +3656,26 @@ module Impl { /** * Holds if data can flow from `source` to `sink`. */ - predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) } + predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) } + + /** DEPRECATED: Use `flow` instead. */ + deprecated predicate hasFlow = flow/2; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() } + + /** DEPRECATED: Use `flowTo` instead. */ + deprecated predicate hasFlowTo = flowTo/1; /** * Holds if data can flow from some source to `sink`. */ - predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) } + predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } + + /** DEPRECATED: Use `flowToExpr` instead. */ + deprecated predicate hasFlowToExpr = flowToExpr/1; private predicate finalStats( boolean fwd, int nodes, int fields, int conscand, int states, int tuples @@ -4574,7 +4586,7 @@ module Impl { * * To use this in a `path-problem` query, import the module `PartialPathGraph`. */ - predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) { + predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) { partialFlow(source, node) and dist = node.getSourceDistance() } @@ -4594,7 +4606,7 @@ module Impl { * Note that reverse flow has slightly lower precision than the corresponding * forward flow, as reverse flow disregards type pruning among other features. */ - predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { + predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) { revPartialFlow(node, sink) and dist = node.getSinkDistance() } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll index e6bdc74ccebb..8415c022111a 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll @@ -1,5 +1,5 @@ /** - * DEPRECATED: Use `Make` and `MakeWithState` instead. + * DEPRECATED: Use `Global` and `GlobalWithState` instead. * * Provides a `Configuration` class backwards-compatible interface to the data * flow library. @@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) { } private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - hasFlowPath(source, sink) and source.getConfiguration() = config + flowPath(source, sink) and source.getConfiguration() = config } private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll index 7f96fe5e6fb0..3f8cef3698a7 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll @@ -35,7 +35,7 @@ private module AddTaintDefaults imp /** * Constructs a standard taint tracking computation. */ -module Make implements DataFlow::DataFlowSig { +module Global implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import DataFlowInternal::DefaultState import Config @@ -48,10 +48,15 @@ module Make implements DataFlow::DataFlowSig { import DataFlowInternal::Impl } +/** DEPRECATED: Use `Global` instead. */ +deprecated module Make implements DataFlow::GlobalFlowSig { + import Global +} + /** * Constructs a taint tracking computation using flow state. */ -module MakeWithState implements DataFlow::DataFlowSig { +module GlobalWithState implements DataFlow::GlobalFlowSig { private module Config0 implements DataFlowInternal::FullStateConfigSig { import Config } @@ -62,3 +67,8 @@ module MakeWithState implements DataFlow::DataF import DataFlowInternal::Impl } + +/** DEPRECATED: Use `GlobalWithState` instead. */ +deprecated module MakeWithState implements DataFlow::GlobalFlowSig { + import GlobalWithState +} diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql index 10dcc0c5199c..444c4da2ca23 100644 --- a/swift/ql/src/queries/Summary/SummaryStats.ql +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -21,12 +21,12 @@ module TaintReachConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { any() } } -module TaintReachFlow = TaintTracking::Make; +module TaintReachFlow = TaintTracking::Global; /** * Gets the total number of dataflow nodes that taint reaches (from any source). */ -int taintedNodesCount() { result = count(DataFlow::Node n | TaintReachFlow::hasFlowTo(n)) } +int taintedNodesCount() { result = count(DataFlow::Node n | TaintReachFlow::flowTo(n)) } /** * Gets the proportion of dataflow nodes that taint reaches (from any source),