feat(dataflow): Refactor DataFlow module and add TaintTracking functionality

Author: GeekMasher

ql/lib/codeql/bicep/DataFlow.qll

@@ -1,16 +1,2 @@
-/**
- * Provides classes for performing local (intra-procedural) and
- * global (inter-procedural) data flow analyses.
- */
-
- import codeql.Locations
-
- /**
-  * Provides classes for performing local (intra-procedural) and
-  * global (inter-procedural) data flow analyses.
-  */
- module DataFlow {
-   private import codeql.dataflow.DataFlow
-   import DataFlowMake<Location, BicepDataFlow>
-   import Public
- }
+import dataflow.Ssa
+import dataflow.DataFlow

ql/lib/codeql/bicep/dataflow/DataFlow.qll

@@ -1,5 +1,13 @@
-private import codeql.dataflow.DataFlow
-private import codeql.bicep.AST
-private import codeql.bicep.CFG as Cfg
-private import codeql.bicep.dataflow.Ssa as Ssa
-private import codeql.Locations
+/**
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) data flow analyses.
+ */
+
+import bicep
+
+module DataFlow {
+  private import internal.DataFlowImplSpecific
+  private import codeql.dataflow.DataFlow
+  import DataFlowMake<Location, BicepDataFlow>
+  import internal.DataFlowImpl
+}

ql/lib/codeql/bicep/dataflow/internal/DataFlowImplSpecific.qll

@@ -21,6 +21,4 @@
    class ParameterNode = Private::ParameterNodeImpl;
 
    Node exprNode(DataFlowExpr e) { result = Public::exprNode(e) }
- 
-  //  predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1;
  }

ql/lib/codeql/bicep/dataflow/internal/TaintTrackingPrivate.qll

@@ -0,0 +1,47 @@
+private import bicep
+private import DataFlowPrivate
+private import TaintTrackingPublic
+private import codeql.bicep.CFG
+private import codeql.bicep.dataflow.DataFlow
+
+/**
+ * Holds if `node` should be a sanitizer in all global taint flow configurations
+ * but not in local taint.
+ */
+predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
+
+/**
+ * Holds if default `TaintTracking::Configuration`s should allow implicit reads
+ * of `c` at sinks and inputs to additional taint steps.
+ */
+bindingset[node]
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
+
+cached
+private module Cached {
+  private import codeql.bicep.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
+
+  cached
+  predicate forceCachingInSameStage() { DataFlowImplCommon::forceCachingInSameStage() }
+
+  /**
+   * Holds if the additional step from `nodeFrom` to `nodeTo` should be included
+   * in all global taint flow configurations.
+   */
+  cached
+  predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) {
+    none()
+  }
+
+  /**
+   * Holds if taint propagates from `nodeFrom` to `nodeTo` in exactly one local
+   * (intra-procedural) step.
+   */
+  cached
+  predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    DataFlow::localFlowStep(nodeFrom, nodeTo) or
+    defaultAdditionalTaintStep(nodeFrom, nodeTo, _)
+  }
+}
+
+import Cached

ql/lib/codeql/bicep/dataflow/internal/TaintTrackingPublic.qll

@@ -0,0 +1,20 @@
+private import bicep
+private import TaintTrackingPrivate
+private import codeql.bicep.CFG
+private import codeql.bicep.dataflow.DataFlow
+
+/**
+ * Holds if taint propagates from `source` to `sink` in zero or more local
+ * (intra-procedural) steps.
+ */
+pragma[inline]
+predicate localTaint(DataFlow::Node source, DataFlow::Node sink) { localTaintStep*(source, sink) }
+
+/**
+ * Holds if taint can flow from `e1` to `e2` in zero or more
+ * local (intra-procedural) steps.
+ */
+pragma[inline]
+predicate localExprTaint(CfgNodes::ExprCfgNode e1, CfgNodes::ExprCfgNode e2) { none() }
+
+predicate localTaintStep = localTaintStepCached/2;