C#: Re-factor the SafeConstructor classes to use the new API.

michaelnebel · michaelnebel · commit 5944b88334a2 · 2023-05-03T13:09:35.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
@@ -23,11 +23,15 @@ abstract class Sink extends DataFlow::Node { }
  */
 abstract private class InstanceMethodSink extends Sink {
   InstanceMethodSink() {
-    not exists(
-      SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage,
-      MethodCall mc
-    |
-      safeConstructorTracking.hasFlow(_, safeTypeUsage) and
+    not exists(DataFlow::Node safeTypeUsage, MethodCall mc |
+      (
+        DataContractJsonSafeConstructorTracking::flowTo(safeTypeUsage) or
+        JavaScriptSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or
+        XmlObjectSerializerDerivedConstructorTracking::flowTo(safeTypeUsage) or
+        XmlSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or
+        DataContractSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or
+        XmlMessageFormatterSafeConstructorTracking::flowTo(safeTypeUsage)
+      ) and
       mc.getQualifier() = safeTypeUsage.asExpr() and
       mc.getAnArgument() = this.asExpr()
     )
@@ -378,9 +382,11 @@ module WeakTypeCreationToUsageTracking =
   TaintTracking::Global<WeakTypeCreationToUsageTrackingConfig>;
 
 /**
+ * DEPRECATED: Do not extend this class.
+ *
  * Safe deserializer creation to usage tracking config.
  */
-abstract class SafeConstructorTrackingConfig extends TaintTracking2::Configuration {
+abstract deprecated class SafeConstructorTrackingConfig extends TaintTracking2::Configuration {
   bindingset[this]
   SafeConstructorTrackingConfig() { any() }
 }
@@ -490,13 +496,8 @@ private class DataContractJsonSerializerDeserializeMethodSink extends DataContra
   }
 }
 
-private class DataContractJsonSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  DataContractJsonSafeConstructorTrackingConfiguration() {
-    this = "DataContractJsonSafeConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module DataContractJsonSafeConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(Constructor c |
@@ -508,14 +509,17 @@ private class DataContractJsonSafeConstructorTrackingConfiguration extends SafeC
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isDataContractJsonSerializerCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module DataContractJsonSafeConstructorTracking =
+  TaintTracking::Global<DataContractJsonSafeConstructorTrackingConfig>;
+
 /** JavaScriptSerializer */
 private predicate isJavaScriptSerializerCall(MethodCall mc, Method m) {
   m = mc.getTarget() and
@@ -540,13 +544,8 @@ private class JavaScriptSerializerDeserializeMethodSink extends JavaScriptSerial
   }
 }
 
-private class JavaScriptSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  JavaScriptSerializerSafeConstructorTrackingConfiguration() {
-    this = "JavaScriptSerializerSafeConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module JavaScriptSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(Constructor c |
@@ -557,14 +556,17 @@ private class JavaScriptSerializerSafeConstructorTrackingConfiguration extends S
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isJavaScriptSerializerCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module JavaScriptSerializerSafeConstructorTracking =
+  TaintTracking::Global<JavaScriptSerializerSafeConstructorTrackingConfig>;
+
 /** XmlObjectSerializer */
 private predicate isXmlObjectSerializerCall(MethodCall mc, Method m) {
   m = mc.getTarget() and
@@ -584,13 +586,8 @@ private class XmlObjectSerializerDeserializeMethodSink extends XmlObjectSerializ
   }
 }
 
-private class XmlObjectSerializerDerivedConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  XmlObjectSerializerDerivedConstructorTrackingConfiguration() {
-    this = "XmlObjectSerializerDerivedConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module XmlObjectSerializerDerivedConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(ValueOrRefType declaringType |
@@ -604,14 +601,17 @@ private class XmlObjectSerializerDerivedConstructorTrackingConfiguration extends
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isXmlObjectSerializerCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module XmlObjectSerializerDerivedConstructorTracking =
+  TaintTracking::Global<XmlObjectSerializerDerivedConstructorTrackingConfig>;
+
 /** XmlSerializer */
 private predicate isXmlSerializerCall(MethodCall mc, Method m) {
   m = mc.getTarget() and
@@ -630,13 +630,8 @@ private class XmlSerializerDeserializeMethodSink extends XmlSerializerSink {
   }
 }
 
-private class XmlSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  XmlSerializerSafeConstructorTrackingConfiguration() {
-    this = "XmlSerializerSafeConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module XmlSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(Constructor c |
@@ -648,14 +643,17 @@ private class XmlSerializerSafeConstructorTrackingConfiguration extends SafeCons
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isXmlSerializerCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module XmlSerializerSafeConstructorTracking =
+  TaintTracking::Global<XmlSerializerSafeConstructorTrackingConfig>;
+
 /** DataContractSerializer */
 private predicate isDataContractSerializerCall(MethodCall mc, Method m) {
   m = mc.getTarget() and
@@ -678,13 +676,8 @@ private class DataContractSerializerDeserializeMethodSink extends DataContractSe
   }
 }
 
-private class DataContractSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  DataContractSerializerSafeConstructorTrackingConfiguration() {
-    this = "DataContractSerializerSafeConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module DataContractSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(Constructor c |
@@ -696,14 +689,17 @@ private class DataContractSerializerSafeConstructorTrackingConfiguration extends
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isDataContractSerializerCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module DataContractSerializerSafeConstructorTracking =
+  TaintTracking::Global<DataContractSerializerSafeConstructorTrackingConfig>;
+
 /** XmlMessageFormatter */
 private predicate isXmlMessageFormatterCall(MethodCall mc, Method m) {
   m = mc.getTarget() and
@@ -722,13 +718,8 @@ private class XmlMessageFormatterDeserializeMethodSink extends XmlMessageFormatt
   }
 }
 
-private class XmlMessageFormatterSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig
-{
-  XmlMessageFormatterSafeConstructorTrackingConfiguration() {
-    this = "XmlMessageFormatterSafeConstructorTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
+private module XmlMessageFormatterSafeConstructorTrackingConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(ObjectCreation oc |
       oc = source.asExpr() and
       exists(Constructor c |
@@ -740,14 +731,17 @@ private class XmlMessageFormatterSafeConstructorTrackingConfiguration extends Sa
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       isXmlMessageFormatterCall(mc, _) and
       mc.getQualifier() = sink.asExpr()
     )
   }
 }
 
+private module XmlMessageFormatterSafeConstructorTracking =
+  TaintTracking::Global<XmlMessageFormatterSafeConstructorTrackingConfig>;
+
 /** LosFormatter */
 private predicate isLosFormatterCall(MethodCall mc, Method m) {
   m = mc.getTarget() and

Original file line number	Diff line number	Diff line change
`@@ -23,11 +23,15 @@ abstract class Sink extends DataFlow::Node { }`
`23`	`23`	`*/`
`24`	`24`	`abstract private class InstanceMethodSink extends Sink {`
`25`	`25`	`InstanceMethodSink() {`
`26`		`- not exists(`
`27`		`- SafeConstructorTrackingConfig safeConstructorTracking, DataFlow::Node safeTypeUsage,`
`28`		`- MethodCall mc`
`29`		`- \|`
`30`		`- safeConstructorTracking.hasFlow(_, safeTypeUsage) and`
	`26`	`+ not exists(DataFlow::Node safeTypeUsage, MethodCall mc \|`
	`27`	`+ (`
	`28`	`+ DataContractJsonSafeConstructorTracking::flowTo(safeTypeUsage) or`
	`29`	`+ JavaScriptSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or`
	`30`	`+ XmlObjectSerializerDerivedConstructorTracking::flowTo(safeTypeUsage) or`
	`31`	`+ XmlSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or`
	`32`	`+ DataContractSerializerSafeConstructorTracking::flowTo(safeTypeUsage) or`
	`33`	`+ XmlMessageFormatterSafeConstructorTracking::flowTo(safeTypeUsage)`
	`34`	`+ ) and`
`31`	`35`	`mc.getQualifier() = safeTypeUsage.asExpr() and`
`32`	`36`	`mc.getAnArgument() = this.asExpr()`
`33`	`37`	`)`
`@@ -378,9 +382,11 @@ module WeakTypeCreationToUsageTracking =`
`378`	`382`	`TaintTracking::Global<WeakTypeCreationToUsageTrackingConfig>;`
`379`	`383`
`380`	`384`	`/**`
	`385`	`+ * DEPRECATED: Do not extend this class.`
	`386`	`+ *`
`381`	`387`	`* Safe deserializer creation to usage tracking config.`
`382`	`388`	`*/`
`383`		`-abstract class SafeConstructorTrackingConfig extends TaintTracking2::Configuration {`
	`389`	`+abstract deprecated class SafeConstructorTrackingConfig extends TaintTracking2::Configuration {`
`384`	`390`	`bindingset[this]`
`385`	`391`	`SafeConstructorTrackingConfig() { any() }`
`386`	`392`	`}`
`@@ -490,13 +496,8 @@ private class DataContractJsonSerializerDeserializeMethodSink extends DataContra`
`490`	`496`	`}`
`491`	`497`	`}`
`492`	`498`
`493`		`-private class DataContractJsonSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`494`		`-{`
`495`		`- DataContractJsonSafeConstructorTrackingConfiguration() {`
`496`		`- this = "DataContractJsonSafeConstructorTrackingConfiguration"`
`497`		`- }`
`498`		`-`
`499`		`- override predicate isSource(DataFlow::Node source) {`
	`499`	`+private module DataContractJsonSafeConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`500`	`+ predicate isSource(DataFlow::Node source) {`
`500`	`501`	`exists(ObjectCreation oc \|`
`501`	`502`	`oc = source.asExpr() and`
`502`	`503`	`exists(Constructor c \|`
`@@ -508,14 +509,17 @@ private class DataContractJsonSafeConstructorTrackingConfiguration extends SafeC`
`508`	`509`	`)`
`509`	`510`	`}`
`510`	`511`
`511`		`- override predicate isSink(DataFlow::Node sink) {`
	`512`	`+ predicate isSink(DataFlow::Node sink) {`
`512`	`513`	`exists(MethodCall mc \|`
`513`	`514`	`isDataContractJsonSerializerCall(mc, _) and`
`514`	`515`	`mc.getQualifier() = sink.asExpr()`
`515`	`516`	`)`
`516`	`517`	`}`
`517`	`518`	`}`
`518`	`519`
	`520`	`+private module DataContractJsonSafeConstructorTracking =`
	`521`	`+ TaintTracking::Global<DataContractJsonSafeConstructorTrackingConfig>;`
	`522`	`+`
`519`	`523`	`/** JavaScriptSerializer */`
`520`	`524`	`private predicate isJavaScriptSerializerCall(MethodCall mc, Method m) {`
`521`	`525`	`m = mc.getTarget() and`
`@@ -540,13 +544,8 @@ private class JavaScriptSerializerDeserializeMethodSink extends JavaScriptSerial`
`540`	`544`	`}`
`541`	`545`	`}`
`542`	`546`
`543`		`-private class JavaScriptSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`544`		`-{`
`545`		`- JavaScriptSerializerSafeConstructorTrackingConfiguration() {`
`546`		`- this = "JavaScriptSerializerSafeConstructorTrackingConfiguration"`
`547`		`- }`
`548`		`-`
`549`		`- override predicate isSource(DataFlow::Node source) {`
	`547`	`+private module JavaScriptSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`548`	`+ predicate isSource(DataFlow::Node source) {`
`550`	`549`	`exists(ObjectCreation oc \|`
`551`	`550`	`oc = source.asExpr() and`
`552`	`551`	`exists(Constructor c \|`
`@@ -557,14 +556,17 @@ private class JavaScriptSerializerSafeConstructorTrackingConfiguration extends S`
`557`	`556`	`)`
`558`	`557`	`}`
`559`	`558`
`560`		`- override predicate isSink(DataFlow::Node sink) {`
	`559`	`+ predicate isSink(DataFlow::Node sink) {`
`561`	`560`	`exists(MethodCall mc \|`
`562`	`561`	`isJavaScriptSerializerCall(mc, _) and`
`563`	`562`	`mc.getQualifier() = sink.asExpr()`
`564`	`563`	`)`
`565`	`564`	`}`
`566`	`565`	`}`
`567`	`566`
	`567`	`+private module JavaScriptSerializerSafeConstructorTracking =`
	`568`	`+ TaintTracking::Global<JavaScriptSerializerSafeConstructorTrackingConfig>;`
	`569`	`+`
`568`	`570`	`/** XmlObjectSerializer */`
`569`	`571`	`private predicate isXmlObjectSerializerCall(MethodCall mc, Method m) {`
`570`	`572`	`m = mc.getTarget() and`
`@@ -584,13 +586,8 @@ private class XmlObjectSerializerDeserializeMethodSink extends XmlObjectSerializ`
`584`	`586`	`}`
`585`	`587`	`}`
`586`	`588`
`587`		`-private class XmlObjectSerializerDerivedConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`588`		`-{`
`589`		`- XmlObjectSerializerDerivedConstructorTrackingConfiguration() {`
`590`		`- this = "XmlObjectSerializerDerivedConstructorTrackingConfiguration"`
`591`		`- }`
`592`		`-`
`593`		`- override predicate isSource(DataFlow::Node source) {`
	`589`	`+private module XmlObjectSerializerDerivedConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`590`	`+ predicate isSource(DataFlow::Node source) {`
`594`	`591`	`exists(ObjectCreation oc \|`
`595`	`592`	`oc = source.asExpr() and`
`596`	`593`	`exists(ValueOrRefType declaringType \|`
`@@ -604,14 +601,17 @@ private class XmlObjectSerializerDerivedConstructorTrackingConfiguration extends`
`604`	`601`	`)`
`605`	`602`	`}`
`606`	`603`
`607`		`- override predicate isSink(DataFlow::Node sink) {`
	`604`	`+ predicate isSink(DataFlow::Node sink) {`
`608`	`605`	`exists(MethodCall mc \|`
`609`	`606`	`isXmlObjectSerializerCall(mc, _) and`
`610`	`607`	`mc.getQualifier() = sink.asExpr()`
`611`	`608`	`)`
`612`	`609`	`}`
`613`	`610`	`}`
`614`	`611`
	`612`	`+private module XmlObjectSerializerDerivedConstructorTracking =`
	`613`	`+ TaintTracking::Global<XmlObjectSerializerDerivedConstructorTrackingConfig>;`
	`614`	`+`
`615`	`615`	`/** XmlSerializer */`
`616`	`616`	`private predicate isXmlSerializerCall(MethodCall mc, Method m) {`
`617`	`617`	`m = mc.getTarget() and`
`@@ -630,13 +630,8 @@ private class XmlSerializerDeserializeMethodSink extends XmlSerializerSink {`
`630`	`630`	`}`
`631`	`631`	`}`
`632`	`632`
`633`		`-private class XmlSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`634`		`-{`
`635`		`- XmlSerializerSafeConstructorTrackingConfiguration() {`
`636`		`- this = "XmlSerializerSafeConstructorTrackingConfiguration"`
`637`		`- }`
`638`		`-`
`639`		`- override predicate isSource(DataFlow::Node source) {`
	`633`	`+private module XmlSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`634`	`+ predicate isSource(DataFlow::Node source) {`
`640`	`635`	`exists(ObjectCreation oc \|`
`641`	`636`	`oc = source.asExpr() and`
`642`	`637`	`exists(Constructor c \|`
`@@ -648,14 +643,17 @@ private class XmlSerializerSafeConstructorTrackingConfiguration extends SafeCons`
`648`	`643`	`)`
`649`	`644`	`}`
`650`	`645`
`651`		`- override predicate isSink(DataFlow::Node sink) {`
	`646`	`+ predicate isSink(DataFlow::Node sink) {`
`652`	`647`	`exists(MethodCall mc \|`
`653`	`648`	`isXmlSerializerCall(mc, _) and`
`654`	`649`	`mc.getQualifier() = sink.asExpr()`
`655`	`650`	`)`
`656`	`651`	`}`
`657`	`652`	`}`
`658`	`653`
	`654`	`+private module XmlSerializerSafeConstructorTracking =`
	`655`	`+ TaintTracking::Global<XmlSerializerSafeConstructorTrackingConfig>;`
	`656`	`+`
`659`	`657`	`/** DataContractSerializer */`
`660`	`658`	`private predicate isDataContractSerializerCall(MethodCall mc, Method m) {`
`661`	`659`	`m = mc.getTarget() and`
`@@ -678,13 +676,8 @@ private class DataContractSerializerDeserializeMethodSink extends DataContractSe`
`678`	`676`	`}`
`679`	`677`	`}`
`680`	`678`
`681`		`-private class DataContractSerializerSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`682`		`-{`
`683`		`- DataContractSerializerSafeConstructorTrackingConfiguration() {`
`684`		`- this = "DataContractSerializerSafeConstructorTrackingConfiguration"`
`685`		`- }`
`686`		`-`
`687`		`- override predicate isSource(DataFlow::Node source) {`
	`679`	`+private module DataContractSerializerSafeConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`680`	`+ predicate isSource(DataFlow::Node source) {`
`688`	`681`	`exists(ObjectCreation oc \|`
`689`	`682`	`oc = source.asExpr() and`
`690`	`683`	`exists(Constructor c \|`
`@@ -696,14 +689,17 @@ private class DataContractSerializerSafeConstructorTrackingConfiguration extends`
`696`	`689`	`)`
`697`	`690`	`}`
`698`	`691`
`699`		`- override predicate isSink(DataFlow::Node sink) {`
	`692`	`+ predicate isSink(DataFlow::Node sink) {`
`700`	`693`	`exists(MethodCall mc \|`
`701`	`694`	`isDataContractSerializerCall(mc, _) and`
`702`	`695`	`mc.getQualifier() = sink.asExpr()`
`703`	`696`	`)`
`704`	`697`	`}`
`705`	`698`	`}`
`706`	`699`
	`700`	`+private module DataContractSerializerSafeConstructorTracking =`
	`701`	`+ TaintTracking::Global<DataContractSerializerSafeConstructorTrackingConfig>;`
	`702`	`+`
`707`	`703`	`/** XmlMessageFormatter */`
`708`	`704`	`private predicate isXmlMessageFormatterCall(MethodCall mc, Method m) {`
`709`	`705`	`m = mc.getTarget() and`
`@@ -722,13 +718,8 @@ private class XmlMessageFormatterDeserializeMethodSink extends XmlMessageFormatt`
`722`	`718`	`}`
`723`	`719`	`}`
`724`	`720`
`725`		`-private class XmlMessageFormatterSafeConstructorTrackingConfiguration extends SafeConstructorTrackingConfig`
`726`		`-{`
`727`		`- XmlMessageFormatterSafeConstructorTrackingConfiguration() {`
`728`		`- this = "XmlMessageFormatterSafeConstructorTrackingConfiguration"`
`729`		`- }`
`730`		`-`
`731`		`- override predicate isSource(DataFlow::Node source) {`
	`721`	`+private module XmlMessageFormatterSafeConstructorTrackingConfig implements DataFlow::ConfigSig {`
	`722`	`+ predicate isSource(DataFlow::Node source) {`
`732`	`723`	`exists(ObjectCreation oc \|`
`733`	`724`	`oc = source.asExpr() and`
`734`	`725`	`exists(Constructor c \|`
`@@ -740,14 +731,17 @@ private class XmlMessageFormatterSafeConstructorTrackingConfiguration extends Sa`
`740`	`731`	`)`
`741`	`732`	`}`
`742`	`733`
`743`		`- override predicate isSink(DataFlow::Node sink) {`
	`734`	`+ predicate isSink(DataFlow::Node sink) {`
`744`	`735`	`exists(MethodCall mc \|`
`745`	`736`	`isXmlMessageFormatterCall(mc, _) and`
`746`	`737`	`mc.getQualifier() = sink.asExpr()`
`747`	`738`	`)`
`748`	`739`	`}`
`749`	`740`	`}`
`750`	`741`
	`742`	`+private module XmlMessageFormatterSafeConstructorTracking =`
	`743`	`+ TaintTracking::Global<XmlMessageFormatterSafeConstructorTrackingConfig>;`
	`744`	`+`
`751`	`745`	`/** LosFormatter */`
`752`	`746`	`private predicate isLosFormatterCall(MethodCall mc, Method m) {`
`753`	`747`	`m = mc.getTarget() and`