Skip to content

Commit 43fbcc1

Browse files
MathiasVPMathiasVP
committed
C++: Convert all the dataflow configurations to taint configurations.
1 parent dd6b27d commit 43fbcc1

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@ import semmle.code.cpp.security.Security
33
private import semmle.code.cpp.ir.dataflow.DataFlow
44
private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
55
private import semmle.code.cpp.ir.dataflow.DataFlow2
6-
private import semmle.code.cpp.ir.dataflow.DataFlow3
76
private import semmle.code.cpp.ir.IR
87
private import semmle.code.cpp.ir.dataflow.internal.DataFlowDispatch as Dispatch
98
private import semmle.code.cpp.controlflow.IRGuards
109
private import semmle.code.cpp.models.interfaces.Taint
1110
private import semmle.code.cpp.models.interfaces.DataFlow
11+
private import semmle.code.cpp.ir.dataflow.TaintTracking
1212
private import semmle.code.cpp.ir.dataflow.TaintTracking2
1313
private import semmle.code.cpp.ir.dataflow.internal.ModelUtil
1414

@@ -67,23 +67,23 @@ private DataFlow::Node getNodeForExpr(Expr node) {
6767
not argv(node.(VariableAccess).getTarget())
6868
}
6969

70-
private class DefaultTaintTrackingCfg extends DataFlow::Configuration {
70+
private class DefaultTaintTrackingCfg extends TaintTracking::Configuration {
7171
DefaultTaintTrackingCfg() { this = "DefaultTaintTrackingCfg" }
7272

7373
override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
7474

7575
override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
7676

77-
override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
77+
override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
7878
commonTaintStep(n1, n2)
7979
}
8080

81-
override predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) }
81+
override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
8282

83-
override predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
83+
override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
8484
}
8585

86-
private class ToGlobalVarTaintTrackingCfg extends DataFlow::Configuration {
86+
private class ToGlobalVarTaintTrackingCfg extends TaintTracking::Configuration {
8787
ToGlobalVarTaintTrackingCfg() { this = "GlobalVarTaintTrackingCfg" }
8888

8989
override predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
@@ -92,20 +92,20 @@ private class ToGlobalVarTaintTrackingCfg extends DataFlow::Configuration {
9292
sink.asVariable() instanceof GlobalOrNamespaceVariable
9393
}
9494

95-
override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
95+
override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
9696
commonTaintStep(n1, n2)
9797
or
9898
writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable))
9999
or
100100
readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable))
101101
}
102102

103-
override predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) }
103+
override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
104104

105-
override predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
105+
override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
106106
}
107107

108-
private class FromGlobalVarTaintTrackingCfg extends DataFlow3::Configuration {
108+
private class FromGlobalVarTaintTrackingCfg extends TaintTracking2::Configuration {
109109
FromGlobalVarTaintTrackingCfg() { this = "FromGlobalVarTaintTrackingCfg" }
110110

111111
override predicate isSource(DataFlow::Node source) {
@@ -116,7 +116,7 @@ private class FromGlobalVarTaintTrackingCfg extends DataFlow3::Configuration {
116116

117117
override predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
118118

119-
override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
119+
override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
120120
commonTaintStep(n1, n2)
121121
or
122122
// Additional step for flow out of variables. There is no flow _into_
@@ -125,9 +125,9 @@ private class FromGlobalVarTaintTrackingCfg extends DataFlow3::Configuration {
125125
readsVariable(n2.asInstruction(), n1.asVariable())
126126
}
127127

128-
override predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) }
128+
override predicate isSanitizer(DataFlow::Node node) { nodeIsBarrier(node) }
129129

130-
override predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
130+
override predicate isSanitizerIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
131131
}
132132

133133
private predicate readsVariable(LoadInstruction load, Variable var) {

0 commit comments

Comments
 (0)