C#: Re-refactor another SettingsDataFlow to use the new API.

michaelnebel · michaelnebel · commit 8d5ca531265d · 2023-04-17T11:38:37.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
@@ -172,26 +172,24 @@ module XmlReader {
       isNetFrameworkBefore(this.(MethodCall).getTarget().getDeclaringType(), "4.0")
       or
       // bad settings flow here
-      exists(SettingsDataFlowConfig flow, ObjectCreation settings |
-        flow.hasFlow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and
+      exists(ObjectCreation settings |
+        SettingsDataFlow::flow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and
         XmlSettings::dtdEnabledSettings(settings, evidence, reason)
       )
     }
 
     private predicate insecureResolver(string reason, Expr evidence) {
       // bad settings flow here
-      exists(SettingsDataFlowConfig flow, ObjectCreation settings |
-        flow.hasFlow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and
+      exists(ObjectCreation settings |
+        SettingsDataFlow::flow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and
         XmlSettings::insecureResolverSettings(settings, evidence, reason)
       )
       // default is secure
     }
   }
 
-  private class SettingsDataFlowConfig extends DataFlow2::Configuration {
-    SettingsDataFlowConfig() { this = "SettingsDataFlowConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
+  private module SettingsDataFlowConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
       // flow from places where we construct an XmlReaderSettings
       source
           .asExpr()
@@ -202,10 +200,12 @@ module XmlReader {
           .hasQualifiedName("System.Xml", "XmlReaderSettings")
     }
 
-    override predicate isSink(DataFlow::Node sink) {
+    predicate isSink(DataFlow::Node sink) {
       sink.asExpr() = any(InsecureXmlReaderCreate create).getSettings()
     }
   }
+
+  private module SettingsDataFlow = DataFlow::Global<SettingsDataFlowConfig>;
 }
 
 /** Provides predicates related to `System.Xml.XmlTextReader`. */

Original file line number	Diff line number	Diff line change
`@@ -172,26 +172,24 @@ module XmlReader {`
`172`	`172`	`isNetFrameworkBefore(this.(MethodCall).getTarget().getDeclaringType(), "4.0")`
`173`	`173`	`or`
`174`	`174`	`// bad settings flow here`
`175`		`- exists(SettingsDataFlowConfig flow, ObjectCreation settings \|`
`176`		`- flow.hasFlow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and`
	`175`	`+ exists(ObjectCreation settings \|`
	`176`	`+ SettingsDataFlow::flow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and`
`177`	`177`	`XmlSettings::dtdEnabledSettings(settings, evidence, reason)`
`178`	`178`	`)`
`179`	`179`	`}`
`180`	`180`
`181`	`181`	`private predicate insecureResolver(string reason, Expr evidence) {`
`182`	`182`	`// bad settings flow here`
`183`		`- exists(SettingsDataFlowConfig flow, ObjectCreation settings \|`
`184`		`- flow.hasFlow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and`
	`183`	`+ exists(ObjectCreation settings \|`
	`184`	`+ SettingsDataFlow::flow(DataFlow::exprNode(settings), DataFlow::exprNode(this.getSettings())) and`
`185`	`185`	`XmlSettings::insecureResolverSettings(settings, evidence, reason)`
`186`	`186`	`)`
`187`	`187`	`// default is secure`
`188`	`188`	`}`
`189`	`189`	`}`
`190`	`190`
`191`		`- private class SettingsDataFlowConfig extends DataFlow2::Configuration {`
`192`		`- SettingsDataFlowConfig() { this = "SettingsDataFlowConfig" }`
`193`		`-`
`194`		`- override predicate isSource(DataFlow::Node source) {`
	`191`	`+ private module SettingsDataFlowConfig implements DataFlow::ConfigSig {`
	`192`	`+ predicate isSource(DataFlow::Node source) {`
`195`	`193`	`// flow from places where we construct an XmlReaderSettings`
`196`	`194`	`source`
`197`	`195`	`.asExpr()`
`@@ -202,10 +200,12 @@ module XmlReader {`
`202`	`200`	`.hasQualifiedName("System.Xml", "XmlReaderSettings")`
`203`	`201`	`}`
`204`	`202`
`205`		`- override predicate isSink(DataFlow::Node sink) {`
	`203`	`+ predicate isSink(DataFlow::Node sink) {`
`206`	`204`	`sink.asExpr() = any(InsecureXmlReaderCreate create).getSettings()`
`207`	`205`	`}`
`208`	`206`	`}`
	`207`	`+`
	`208`	`+ private module SettingsDataFlow = DataFlow::Global<SettingsDataFlowConfig>;`
`209`	`209`	`}`
`210`	`210`
`211`	`211`	/** Provides predicates related to `System.Xml.XmlTextReader`. */