Refactor query tests

egregius313 · egregius313 · commit 66f971e70d26 · 2023-04-17T23:48:06.000-04:00
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql b/java/ql/test/query-tests/security/CWE-079/semmle/tests/XSS.ql
@@ -1,30 +1,31 @@
 import java
+import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XSS
 import TestUtilities.InlineExpectationsTest
 
-class XssConfig extends TaintTracking::Configuration {
-  XssConfig() { this = "XSSConfig" }
+module XssConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
+  predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer }
 
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(XssAdditionalTaintStep s).step(node1, node2)
   }
 }
 
+module XssFlow = TaintTracking::Global<XssConfig>;
+
 class XssTest extends InlineExpectationsTest {
   XssTest() { this = "XssTest" }
 
   override string getARelevantTag() { result = "xss" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "xss" and
-    exists(DataFlow::Node sink, XssConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | XssFlow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""
diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql b/java/ql/test/query-tests/security/CWE-089/semmle/examples/springjdbc.ql
@@ -3,34 +3,34 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.QueryInjection
 import TestUtilities.InlineExpectationsTest
 
-private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
-  QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) {
+private module QueryInjectionFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) {
     src.asExpr() = any(MethodAccess ma | ma.getMethod().hasName("source"))
   }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof PrimitiveType or
     node.getType() instanceof BoxedType or
     node.getType() instanceof NumberType
   }
 
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
   }
 }
 
+private module QueryInjectionFlow = TaintTracking::Global<QueryInjectionFlowConfig>;
+
 class HasFlowTest extends InlineExpectationsTest {
   HasFlowTest() { this = "HasFlowTest" }
 
   override string getARelevantTag() { result = "sqlInjection" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "sqlInjection" and
-    exists(DataFlow::Node sink, QueryInjectionFlowConfig conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | QueryInjectionFlow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""
diff --git a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql
@@ -4,22 +4,22 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XPath
 import TestUtilities.InlineExpectationsTest
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "test:xml:xpathinjection" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }
 
+module Flow = TaintTracking::Global<Config>;
+
 class HasXPathInjectionTest extends InlineExpectationsTest {
   HasXPathInjectionTest() { this = "HasXPathInjectionTest" }
 
   override string getARelevantTag() { result = "hasXPathInjection" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasXPathInjection" and
-    exists(DataFlow::Node sink, Conf conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | Flow::flowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""
