Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration

Author: atorralba

java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql

@@ -14,22 +14,9 @@
  */
 
 import java
-import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.security.InsecureBasicAuth
+import semmle.code.java.security.InsecureBasicAuthQuery
 import DataFlow::PathGraph
 
-class BasicAuthFlowConfig extends TaintTracking::Configuration {
-  BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 from DataFlow::PathNode source, DataFlow::PathNode sink, BasicAuthFlowConfig config
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Insecure basic authentication from $@.", source.getNode(),

java/ql/src/semmle/code/java/security/InsecureBasicAuth.qll

@@ -30,7 +30,7 @@ private class DefaultInsecureBasicAuthSource extends InsecureBasicAuthSource {
 }
 
 /**
- * A sink that represents a method that set Basic Authentication.
+ * A sink that represents a method that sets Basic Authentication.
  * Extend this class to add your own Insecure Basic Authentication sinks.
  */
 abstract class InsecureBasicAuthSink extends DataFlow::Node { }

java/ql/src/semmle/code/java/security/InsecureBasicAuthQuery.qll

@@ -0,0 +1,21 @@
+/** Provides taint tracking configurations to be used in Insecure Basic Authentication queries. */
+
+import java
+import semmle.code.java.security.InsecureBasicAuth
+import semmle.code.java.dataflow.TaintTracking
+
+/**
+ * A taint tracking configuration for the Basic authentication scheme
+ * being used in HTTP connections.
+ */
+class BasicAuthFlowConfig extends TaintTracking::Configuration {
+  BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" }
+
+  override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
+
+  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
+  }
+}

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuthTest.ql

@@ -1,29 +1,17 @@
 import java
-import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.InsecureBasicAuth
+import semmle.code.java.security.InsecureBasicAuthQuery
 import TestUtilities.InlineExpectationsTest
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "test:cwe:insecure-basic-auth" }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 class HasInsecureBasicAuthTest extends InlineExpectationsTest {
   HasInsecureBasicAuthTest() { this = "HasInsecureBasicAuthTest" }
 
   override string getARelevantTag() { result = "hasInsecureBasicAuth" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasInsecureBasicAuth" and
-    exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) |
+    exists(DataFlow::Node src, DataFlow::Node sink, BasicAuthFlowConfig conf |
+      conf.hasFlow(src, sink)
+    |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""