merge duplicate module into a module file

Author: am0o0

java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql

@@ -12,50 +12,7 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-
-module JwtAuth0 {
-  class PayloadType extends RefType {
-    PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
-  }
-
-  class JwtType extends RefType {
-    JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
-  }
-
-  class JwtVerifierType extends RefType {
-    JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
-  }
-
-  /**
-   * A Method that returns a Decoded Claim of JWT
-   */
-  class GetPayload extends MethodCall {
-    GetPayload() {
-      this.getCallee().getDeclaringType() instanceof PayloadType and
-      this.getCallee().hasName(["getClaim", "getIssuedAt"])
-    }
-  }
-
-  /**
-   * A Method that Decode JWT without signature verification
-   */
-  class Decode extends MethodCall {
-    Decode() {
-      this.getCallee().getDeclaringType() instanceof JwtType and
-      this.getCallee().hasName("decode")
-    }
-  }
-
-  /**
-   * A Method that Decode JWT with signature verification
-   */
-  class Verify extends MethodCall {
-    Verify() {
-      this.getCallee().getDeclaringType() instanceof JwtVerifierType and
-      this.getCallee().hasName("verify")
-    }
-  }
-}
+import JwtAuth0 as JwtAuth0
 
 module JwtDecodeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {

java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifierLocalSource.ql

@@ -12,54 +12,11 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
+import JwtAuth0 as JwtAuth0
 
-module JwtAuth0 {
-  class PayloadType extends RefType {
-    PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
-  }
-
-  class JwtType extends RefType {
-    JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
-  }
-
-  class JwtVerifierType extends RefType {
-    JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
-  }
-
-  /**
-   * A Method that returns a Decoded Claim of JWT
-   */
-  class GetPayload extends MethodCall {
-    GetPayload() {
-      this.getCallee().getDeclaringType() instanceof PayloadType and
-      this.getCallee().hasName(["getClaim", "getIssuedAt"])
-    }
-  }
-
-  /**
-   * A Method that Decode JWT without signature verification
-   */
-  class Decode extends MethodCall {
-    Decode() {
-      this.getCallee().getDeclaringType() instanceof JwtType and
-      this.getCallee().hasName("decode")
-    }
-  }
-
-  /**
-   * A Method that Decode JWT with signature verification
-   */
-  class Verify extends MethodCall {
-    Verify() {
-      this.getCallee().getDeclaringType() instanceof JwtVerifierType and
-      this.getCallee().hasName("verify")
-    }
-  }
-}
 
 module JwtDecodeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-   
     exists(Variable v |
       source.asExpr() = v.getInitializer() and
       v.getType().hasName("String")
@@ -89,11 +46,11 @@ module JwtDecodeConfig implements DataFlow::ConfigSig {
 }
 
 module FlowToJwtVerifyConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { 
+  predicate isSource(DataFlow::Node source) {
     exists(Variable v |
       source.asExpr() = v.getInitializer() and
       v.getType().hasName("String")
-    ) 
+    )
   }
 
   predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(JwtAuth0::Verify a).getArgument(0) }

java/ql/src/experimental/Security/CWE/CWE-347/JwtAuth0.qll

@@ -0,0 +1,43 @@
+import java
+
+class PayloadType extends RefType {
+  PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
+}
+
+class JwtType extends RefType {
+  JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
+}
+
+class JwtVerifierType extends RefType {
+  JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
+}
+
+/**
+ * A Method that returns a Decoded Claim of JWT
+ */
+class GetPayload extends MethodCall {
+  GetPayload() {
+    this.getCallee().getDeclaringType() instanceof PayloadType and
+    this.getCallee().hasName(["getClaim", "getIssuedAt"])
+  }
+}
+
+/**
+ * A Method that Decode JWT without signature verification
+ */
+class Decode extends MethodCall {
+  Decode() {
+    this.getCallee().getDeclaringType() instanceof JwtType and
+    this.getCallee().hasName("decode")
+  }
+}
+
+/**
+ * A Method that Decode JWT with signature verification
+ */
+class Verify extends MethodCall {
+  Verify() {
+    this.getCallee().getDeclaringType() instanceof JwtVerifierType and
+    this.getCallee().hasName("verify")
+  }
+}