Refactor content flow into predicate

Benjamin Muskalla · Benjamin Muskalla · commit d7ed325b3f24 · 2021-11-15T16:30:55.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModels.ql b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -35,19 +35,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(DataFlow::Content f |
-      readStep(node1, f, node2) and
-      if f instanceof DataFlow::FieldContent
-      then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
-      else any()
-    )
-    or
-    exists(DataFlow::Content f | storeStep(node1, f, node2) |
-      f instanceof DataFlow::ArrayContent or
-      f instanceof DataFlow::CollectionContent or
-      f instanceof DataFlow::MapKeyContent or
-      f instanceof DataFlow::MapValueContent
-    )
+    isRelevantTaintStep(node1, node2)
   }
 }
 
diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -54,19 +54,7 @@ class FieldToReturnConfig extends TaintTracking::Configuration {
   }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(DataFlow::Content f |
-      readStep(node1, f, node2) and
-      if f instanceof DataFlow::FieldContent
-      then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
-      else any()
-    )
-    or
-    exists(DataFlow::Content f | storeStep(node1, f, node2) |
-      f instanceof DataFlow::ArrayContent or
-      f instanceof DataFlow::CollectionContent or
-      f instanceof DataFlow::MapKeyContent or
-      f instanceof DataFlow::MapValueContent
-    )
+    isRelevantTaintStep(node1, node2)
   }
 
   override DataFlow::FlowFeature getAFeature() {
diff --git a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -2,6 +2,8 @@ import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.internal.ContainerFlow
 private import semmle.code.java.dataflow.internal.DataFlowImplCommon
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.internal.DataFlowPrivate
 
 Method superImpl(Method m) {
   result = m.getAnOverride() and
@@ -132,6 +134,22 @@ predicate isRelevantType(Type t) {
   )
 }
 
+predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  exists(DataFlow::Content f |
+    readStep(node1, f, node2) and
+    if f instanceof DataFlow::FieldContent
+    then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
+    else any()
+  )
+  or
+  exists(DataFlow::Content f | storeStep(node1, f, node2) |
+    f instanceof DataFlow::ArrayContent or
+    f instanceof DataFlow::CollectionContent or
+    f instanceof DataFlow::MapKeyContent or
+    f instanceof DataFlow::MapValueContent
+  )
+}
+
 string returnNodeAsOutput(TargetAPI api, ReturnNodeExt node) {
   if node.getKind() instanceof ValueReturnKind
   then result = "ReturnValue"

Original file line number	Diff line number	Diff line change
`@@ -35,19 +35,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {`
`38`		`- exists(DataFlow::Content f \|`
`39`		`- readStep(node1, f, node2) and`
`40`		`- if f instanceof DataFlow::FieldContent`
`41`		`- then isRelevantType(f.(DataFlow::FieldContent).getField().getType())`
`42`		`- else any()`
`43`		`- )`
`44`		`- or`
`45`		`- exists(DataFlow::Content f \| storeStep(node1, f, node2) \|`
`46`		`- f instanceof DataFlow::ArrayContent or`
`47`		`- f instanceof DataFlow::CollectionContent or`
`48`		`- f instanceof DataFlow::MapKeyContent or`
`49`		`- f instanceof DataFlow::MapValueContent`
`50`		`- )`
	`38`	`+ isRelevantTaintStep(node1, node2)`
`51`	`39`	`}`
`52`	`40`	`}`
`53`	`41`