Refactor Security.CWE.CWE-134.ExternallyControlledFormatString

egregius313 · egregius313 · commit d34dbbc96f07 · 2023-03-17T15:17:18.000-04:00
diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
@@ -13,25 +13,29 @@
 import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.StringFormat
-import DataFlow::PathGraph
 
-class ExternallyControlledFormatStringConfig extends TaintTracking::Configuration {
-  ExternallyControlledFormatStringConfig() { this = "ExternallyControlledFormatStringConfig" }
+module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(StringFormat formatCall).getFormatArgument()
   }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof NumericType or node.getType() instanceof BooleanType
   }
 }
 
+module ExternallyControlledFormatStringFlow =
+  TaintTracking::Make<ExternallyControlledFormatStringConfig>;
+
+import ExternallyControlledFormatStringFlow::PathGraph
+
 from
-  DataFlow::PathNode source, DataFlow::PathNode sink, StringFormat formatCall,
-  ExternallyControlledFormatStringConfig conf
-where conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument()
+  ExternallyControlledFormatStringFlow::PathNode source,
+  ExternallyControlledFormatStringFlow::PathNode sink, StringFormat formatCall
+where
+  ExternallyControlledFormatStringFlow::hasFlowPath(source, sink) and
+  sink.getNode().asExpr() = formatCall.getFormatArgument()
 select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.",
   source.getNode(), "user-provided value"
diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql
@@ -13,23 +13,25 @@
 import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.StringFormat
-import DataFlow::PathGraph
 
-class ExternallyControlledFormatStringLocalConfig extends TaintTracking::Configuration {
-  ExternallyControlledFormatStringLocalConfig() {
-    this = "ExternallyControlledFormatStringLocalConfig"
-  }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
+private module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(StringFormat formatCall).getFormatArgument()
   }
 }
 
+module ExternallyControlledFormatStringLocalFlow =
+  TaintTracking::Make<ExternallyControlledFormatStringLocalConfig>;
+
+import ExternallyControlledFormatStringLocalFlow::PathGraph
+
 from
-  DataFlow::PathNode source, DataFlow::PathNode sink, StringFormat formatCall,
-  ExternallyControlledFormatStringLocalConfig conf
-where conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = formatCall.getFormatArgument()
+  ExternallyControlledFormatStringLocalFlow::PathNode source,
+  ExternallyControlledFormatStringLocalFlow::PathNode sink, StringFormat formatCall
+where
+  ExternallyControlledFormatStringLocalFlow::hasFlowPath(source, sink) and
+  sink.getNode().asExpr() = formatCall.getFormatArgument()
 select formatCall.getFormatArgument(), source, sink, "Format string depends on a $@.",
   source.getNode(), "user-provided value"
