Deprecate sensitiveResultReceiver

egregius313 · egregius313 · commit ea54ea47b1ad · 2023-04-13T23:06:16.000-04:00
diff --git a/java/ql/lib/change-notes/2023-04-05-deprecated-sensitive-result-receiver-predicate.md b/java/ql/lib/change-notes/2023-04-05-deprecated-sensitive-result-receiver-predicate.md
@@ -0,0 +1,5 @@
+---
+category: deprecated
+---
+* The `sensitiveResultReceiver` predicate in `SensitiveResultReceiverQuery.qll` has been deprecated and replaced with `isSensitiveResultReceiver` in order to use the new dataflow api.
+
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll
@@ -47,9 +47,29 @@ private module SensitiveResultReceiverConfig implements DataFlow::ConfigSig {
 module SensitiveResultReceiverFlow = TaintTracking::Global<SensitiveResultReceiverConfig>;
 
 /**
+ * DEPRECATED: Use `isSensitiveResultReceiver` instead.
+ *
  * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
  */
-predicate sensitiveResultReceiver(
+deprecated predicate sensitiveResultReceiver(
+  DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc
+) {
+  exists(
+    ResultReceiverSendCall call, SensitiveResultReceiverFlow::PathNode srrSrc,
+    SensitiveResultReceiverFlow::PathNode srrSink
+  |
+    src.getNode() = srrSrc.getNode() and sink.getNode() = srrSink.getNode()
+  |
+    SensitiveResultReceiverFlow::flowPath(srrSrc, srrSink) and
+    sink.getNode().asExpr() = call.getSentData() and
+    untrustedResultReceiverSend(recSrc, call)
+  )
+}
+
+/**
+ * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
+ */
+predicate isSensitiveResultReceiver(
   SensitiveResultReceiverFlow::PathNode src, SensitiveResultReceiverFlow::PathNode sink,
   DataFlow::Node recSrc
 ) {
diff --git a/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql b/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
@@ -18,6 +18,6 @@ import SensitiveResultReceiverFlow::PathGraph
 from
   SensitiveResultReceiverFlow::PathNode src, SensitiveResultReceiverFlow::PathNode sink,
   DataFlow::Node recSrc
-where sensitiveResultReceiver(src, sink, recSrc)
+where isSensitiveResultReceiver(src, sink, recSrc)
 select sink, src, sink, "This $@ is sent to a ResultReceiver obtained from $@.", src,
   "sensitive information", recSrc, "this untrusted source"

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +category: deprecated
 +---
 +* The `sensitiveResultReceiver` predicate in `SensitiveResultReceiverQuery.qll` has been deprecated and replaced with `isSensitiveResultReceiver` in order to use the new dataflow api.
++