Limit LdapAdditionalTaintStep to Ldap configuration

Author: rvermeulen

java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll

@@ -14,4 +14,8 @@ class LdapInjectionFlowConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
 
   override predicate isSanitizer(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+    any(LdapInjectionAdditionalTaintStep a).step(pred, succ)
+  }
 }

java/ql/src/semmle/code/java/security/LdapInjection.qll

@@ -13,6 +13,21 @@ abstract class LdapInjectionSink extends DataFlow::Node { }
 /** A sanitizer that prevents LDAP injection attacks. */
 abstract class LdapInjectionSanitizer extends DataFlow::Node { }
 
+private newtype TUnit = TMkUnit()
+
+class Unit extends TUnit {
+  string toString() { result = "unit" }
+}
+
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to the LdapInjectionFlowConfig.
+ */
+class LdapInjectionAdditionalTaintStep extends Unit {
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}
+
 /** Default sink for LDAP injection vulnerabilities. */
 private class DefaultLdapInjectionSink extends LdapInjectionSink {
   DefaultLdapInjectionSink() {
@@ -374,7 +389,7 @@ private predicate apacheLdapDnGetStep(DataFlow::ExprNode n1, DataFlow::ExprNode
 }
 
 /** A set of additional taint steps to consider when taint tracking LDAP related data flows. */
-class LdapInjectionAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
+private class DefaultLdapInjectionAdditionalTaintStep extends LdapInjectionAdditionalTaintStep {
   override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
     ldapNameStep(node1, node2) or
     ldapNameAddAllStep(node1, node2) or