C#: Re-factor FormatInvalid to use the new API.

michaelnebel · michaelnebel · commit 5580023ec361 · 2023-04-19T13:36:30.000+02:00
diff --git a/csharp/ql/src/API Abuse/FormatInvalid.ql b/csharp/ql/src/API Abuse/FormatInvalid.ql
@@ -12,38 +12,36 @@
 
 import csharp
 import semmle.code.csharp.frameworks.Format
-import DataFlow::PathGraph
+import FormatInvalid::PathGraph
 
-private class FormatConfiguration extends DataFlow::Configuration {
-  FormatConfiguration() { this = "format" }
+module FormatInvalidConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLiteral }
 
-  override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLiteral }
-
-  override predicate isSink(DataFlow::Node n) {
-    exists(FormatCall c | n.asExpr() = c.getFormatExpr())
-  }
+  predicate isSink(DataFlow::Node n) { exists(FormatCall c | n.asExpr() = c.getFormatExpr()) }
 }
 
+module FormatInvalid = DataFlow::Global<FormatInvalidConfig>;
+
 private predicate invalidFormatString(
-  InvalidFormatString src, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  InvalidFormatString src, FormatInvalid::PathNode source, FormatInvalid::PathNode sink, string msg,
   FormatCall call, string callString
 ) {
   source.getNode().asExpr() = src and
   sink.getNode().asExpr() = call.getFormatExpr() and
-  any(FormatConfiguration conf).hasFlowPath(source, sink) and
+  FormatInvalid::flowPath(source, sink) and
   call.hasInsertions() and
   msg = "Invalid format string used in $@ formatting call." and
   callString = "this"
 }
 
 private predicate unusedArgument(
-  FormatCall call, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  FormatCall call, FormatInvalid::PathNode source, FormatInvalid::PathNode sink, string msg,
   ValidFormatString src, string srcString, Expr unusedExpr, string unusedString
 ) {
   exists(int unused |
     source.getNode().asExpr() = src and
     sink.getNode().asExpr() = call.getFormatExpr() and
-    any(FormatConfiguration conf).hasFlowPath(source, sink) and
+    FormatInvalid::flowPath(source, sink) and
     unused = call.getASuppliedArgument() and
     not unused = src.getAnInsert() and
     not src.getValue() = "" and
@@ -55,13 +53,13 @@ private predicate unusedArgument(
 }
 
 private predicate missingArgument(
-  FormatCall call, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  FormatCall call, FormatInvalid::PathNode source, FormatInvalid::PathNode sink, string msg,
   ValidFormatString src, string srcString
 ) {
   exists(int used, int supplied |
     source.getNode().asExpr() = src and
     sink.getNode().asExpr() = call.getFormatExpr() and
-    any(FormatConfiguration conf).hasFlowPath(source, sink) and
+    FormatInvalid::flowPath(source, sink) and
     used = src.getAnInsert() and
     supplied = call.getSuppliedArguments() and
     used >= supplied and
@@ -71,8 +69,8 @@ private predicate missingArgument(
 }
 
 from
-  Element alert, DataFlow::PathNode source, DataFlow::PathNode sink, string msg, Element extra1,
-  string extra1String, Element extra2, string extra2String
+  Element alert, FormatInvalid::PathNode source, FormatInvalid::PathNode sink, string msg,
+  Element extra1, string extra1String, Element extra2, string extra2String
 where
   invalidFormatString(alert, source, sink, msg, extra1, extra1String) and
   extra2 = extra1 and
