Convert InsecureIV.ql to use the new dataflow API

Jami Cogswell · Jami Cogswell · commit 7527b7a061f3 · 2025-04-28T20:46:51.000-04:00
diff --git a/javascript/lib/ghsl/InsecureIV.qll b/javascript/lib/ghsl/InsecureIV.qll
@@ -2,47 +2,41 @@ import semmle.javascript.dataflow.TaintTracking
 
 import ghsl.CommandLine
 
-class RandomTaintsSourceConfiguration extends TaintTracking::Configuration {
-    RandomTaintsSourceConfiguration() { this = "RandomTaintsSourceConfiguration" }
+module RandomTaintsSourceConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { isSecureRandom(source) }
 
-    override predicate isSource(DataFlow::Node source) {
-        isSecureRandom(source)
-    }
-
-    override predicate isSink(DataFlow::Node sink) {
-        not isSecureRandom(sink)
-    }
+  predicate isSink(DataFlow::Node sink) { not isSecureRandom(sink) }
 }
 
-class InsecureIVConfiguration extends TaintTracking::Configuration {
-    InsecureIVConfiguration() { this = "InsecureIVConfiguration" }
+module RandomTaintsSourceFlow = TaintTracking::Global<RandomTaintsSourceConfig>;
 
-    override predicate isSource(DataFlow::Node source) {
-        exists(Literal literal|literal.flow() = source)
-        or
-        source instanceof DataFlow::ArrayLiteralNode
-        or
-        source instanceof RemoteFlowSource
-        or
-        source instanceof FileSystemReadAccess
-        or
-        source instanceof DatabaseAccess
-        or
-        source instanceof CommandLineArgument
-        or
-        // an external function that is not a known source of randomness
-        (
-            source instanceof ExternalCallWithOutput
-            and not source instanceof CreateIVArgument
-            and not source instanceof SecureRandomSource
-        )
-    }
+module InsecureIVConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    exists(Literal literal | literal.flow() = source)
+    or
+    source instanceof DataFlow::ArrayLiteralNode
+    or
+    source instanceof RemoteFlowSource
+    or
+    source instanceof FileSystemReadAccess
+    or
+    source instanceof DatabaseAccess
+    or
+    source instanceof CommandLineArgument
+    or
+    // an external function that is not a known source of randomness
+    (
+        source instanceof ExternalCallWithOutput
+        and not source instanceof CreateIVArgument
+        and not source instanceof SecureRandomSource
+    )
+  }
 
-    override predicate isSink(DataFlow::Node sink) {
-        sink instanceof CreateIVArgument
-    }
+  predicate isSink(DataFlow::Node sink) { sink instanceof CreateIVArgument }
 }
 
+module InsecureIVFlow = TaintTracking::Global<InsecureIVConfig>;
+
 class ExternalCallWithOutput extends DataFlow::Node {
     CallExpr call;
 
diff --git a/javascript/src/security/CWE-329/InsecureIV.ql b/javascript/src/security/CWE-329/InsecureIV.ql
@@ -15,16 +15,14 @@
 
 import javascript
 import semmle.javascript.dataflow.TaintTracking
-import DataFlow::PathGraph
+import InsecureIVFlow::PathGraph
 import ghsl.InsecureIV
 
-from InsecureIVConfiguration insecurecfg, DataFlow::PathNode source, DataFlow::PathNode sink
+from InsecureIVFlow::PathNode source, InsecureIVFlow::PathNode sink
 where
-  insecurecfg.hasFlowPath(source, sink) and
-  not exists(DataFlow::Node randomSource, RandomTaintsSourceConfiguration randomConfig |
-    randomSource instanceof SecureRandomSource
-  |
-    randomConfig.hasFlow(randomSource, source.getNode())
+  InsecureIVFlow::flowPath(source, sink) and
+  not exists(DataFlow::Node randomSource | randomSource instanceof SecureRandomSource |
+    RandomTaintsSourceFlow::flow(randomSource, source.getNode())
   ) and
   not knownCryptTest(sink.getNode())
 select sink, source, sink,
