Python: Adopt Query.qll suffix for dataflow config defs

RasmusWL · RasmusWL · commit 1bf8fa6a3bc6 · 2022-03-21T14:53:53.000+01:00
This commit in itself makes everything break, but should make it easy to
follow the overall changes being made.
diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll
@@ -14,10 +14,7 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
 
-/**
- * Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information".
- */
-module CleartextLogging {
+
   import CleartextLoggingCustomizations::CleartextLogging
 
   /**
@@ -36,4 +33,3 @@ module CleartextLogging {
       node instanceof Sanitizer
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll
@@ -14,10 +14,6 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
 
-/**
- * Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information".
- */
-module CleartextStorage {
   import CleartextStorageCustomizations::CleartextStorage
 
   /**
@@ -36,4 +32,3 @@ module CleartextStorage {
       node instanceof Sanitizer
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
- */
-module CodeInjection {
   import CodeInjectionCustomizations::CodeInjection
 
   /**
@@ -32,7 +28,6 @@ module CodeInjection {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
- */
-module CommandInjection {
   import CommandInjectionCustomizations::CommandInjection
 
   /**
@@ -32,7 +28,6 @@ module CommandInjection {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll
@@ -12,14 +12,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 
-/**
- * Provides aint-tracking configurations for detecting LDAP injection vulnerabilities.class
- *
- * Two configurations are provided. One is for detecting LDAP injection
- * via the distinguished name (DN). The other is for detecting LDAP injection
- * via the filter. These require different escapings.
- */
-module LdapInjection {
   import LdapInjectionCustomizations::LdapInjection
 
   /**
@@ -57,4 +49,3 @@ module LdapInjection {
       guard instanceof FilterSanitizerGuard
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll
@@ -10,10 +10,6 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
- */
-module LogInjection {
   import LogInjectionCustomizations::LogInjection
 
   /**
@@ -32,4 +28,3 @@ module LogInjection {
       guard instanceof SanitizerGuard
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
@@ -11,10 +11,6 @@ private import semmle.python.Concepts
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "path injection" vulnerabilities.
- */
-module PathInjection {
   import PathInjectionCustomizations::PathInjection
 
   /**
@@ -79,7 +75,7 @@ module PathInjection {
   class NormalizedUnchecked extends DataFlow::FlowState {
     NormalizedUnchecked() { this = "NormalizedUnchecked" }
   }
-}
+
 
 // ---------------------------------------------------------------------------
 // Old, deprecated code
diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
- */
-module PolynomialReDoS {
   import PolynomialReDoSCustomizations::PolynomialReDoS
 
   /**
@@ -32,4 +28,3 @@ module PolynomialReDoS {
       guard instanceof SanitizerGuard
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
- */
-module ReflectedXss {
   import ReflectedXSSCustomizations::ReflectedXss
 
   /**
@@ -32,7 +28,6 @@ module ReflectedXss {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /** DEPRECATED: Alias for ReflectedXss */
 deprecated module ReflectedXSS = ReflectedXss;
diff --git a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll
@@ -11,11 +11,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting regular expression injection
- * vulnerabilities.
- */
-module RegexInjection {
   import RegexInjectionCustomizations::RegexInjection
 
   /**
@@ -34,4 +29,3 @@ module RegexInjection {
       guard instanceof SanitizerGuard
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
@@ -11,23 +11,19 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 
-/**
- * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
- * See `PartialServerSideRequestForgery` for a variant without this requirement.
- *
- * You should use the `partOfFullyControlledRequest` to only select results where all
- * URL parts are fully controlled.
- */
-module FullServerSideRequestForgery {
-  import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
+import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
 
   /**
    * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
+   *
+   * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
+   * See `PartialServerSideRequestForgery` for a variant without this requirement.
+   *
+   * You should use the `fullyControlledRequest` to only select results where all
+   * URL parts are fully controlled.
    */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "FullServerSideRequestForgery" }
+  class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
+    FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
@@ -43,33 +39,26 @@ module FullServerSideRequestForgery {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * Holds if all URL parts of `request` is fully user controlled.
  */
 predicate fullyControlledRequest(HTTP::Client::Request request) {
-  exists(FullServerSideRequestForgery::Configuration fullConfig |
+  exists(FullServerSideRequestForgeryConfiguration fullConfig |
     forall(DataFlow::Node urlPart | urlPart = request.getAUrlPart() |
       fullConfig.hasFlow(_, urlPart)
     )
   )
 }
 
-/**
- * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has results, even when the attacker does not have full control over the URL.
- * See `FullServerSideRequestForgery` for variant that has this requirement.
- */
-module PartialServerSideRequestForgery {
-  import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
-
   /**
    * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
+   *
+   * This configuration has results, even when the attacker does not have full control over the URL.
+   * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.
    */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "PartialServerSideRequestForgery" }
+  class PartialServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
+    PartialServerSideRequestForgeryConfiguration() { this = "PartialServerSideRequestForgery" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
@@ -81,4 +70,3 @@ module PartialServerSideRequestForgery {
       guard instanceof SanitizerGuard
     }
   }
-}
diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "SQL injection" vulnerabilities.
- */
-module SqlInjection {
   import SqlInjectionCustomizations::SqlInjection
 
   /**
@@ -32,7 +28,6 @@ module SqlInjection {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
- */
-module StackTraceExposure {
   import StackTraceExposureCustomizations::StackTraceExposure
 
   /**
@@ -41,7 +37,6 @@ module StackTraceExposure {
       )
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities.
- */
-module UnsafeDeserialization {
   import UnsafeDeserializationCustomizations::UnsafeDeserialization
 
   /**
@@ -32,7 +28,6 @@ module UnsafeDeserialization {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities.
- */
-module UrlRedirect {
   import UrlRedirectCustomizations::UrlRedirect
 
   /**
@@ -32,7 +28,6 @@ module UrlRedirect {
       guard instanceof SanitizerGuard
     }
   }
-}
 
 /**
  * DEPRECATED: Don't extend this class for customization, since this will lead to bad
diff --git a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll
diff --git a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 
-/**
- * Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
- */
-module XpathInjection {
   import XpathInjectionCustomizations::XpathInjection
 
   /**
@@ -32,4 +28,3 @@ module XpathInjection {
       guard instanceof SanitizerGuard
     }
   }
-}

Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,7 @@ private import semmle.python.dataflow.new.RemoteFlowSources`
`14`	`14`	`private import semmle.python.dataflow.new.BarrierGuards`
`15`	`15`	`private import semmle.python.dataflow.new.SensitiveDataSources`
`16`	`16`
`17`		`-/**`
`18`		`- * Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information".`
`19`		`- */`
`20`		`-module CleartextLogging {`
	`17`	`+`
`21`	`18`	`import CleartextLoggingCustomizations::CleartextLogging`
`22`	`19`
`23`	`20`	`/**`
`@@ -36,4 +33,3 @@ module CleartextLogging {`
`36`	`33`	`node instanceof Sanitizer`
`37`	`34`	`}`
`38`	`35`	`}`
`39`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,6 @@ private import semmle.python.dataflow.new.RemoteFlowSources`
`14`	`14`	`private import semmle.python.dataflow.new.BarrierGuards`
`15`	`15`	`private import semmle.python.dataflow.new.SensitiveDataSources`
`16`	`16`
`17`		`-/**`
`18`		`- * Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information".`
`19`		`- */`
`20`		`-module CleartextStorage {`
`21`	`17`	`import CleartextStorageCustomizations::CleartextStorage`
`22`	`18`
`23`	`19`	`/**`
`@@ -36,4 +32,3 @@ module CleartextStorage {`
`36`	`32`	`node instanceof Sanitizer`
`37`	`33`	`}`
`38`	`34`	`}`
`39`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -10,10 +10,6 @@ import python`
`10`	`10`	`import semmle.python.dataflow.new.DataFlow`
`11`	`11`	`import semmle.python.dataflow.new.TaintTracking`
`12`	`12`
`13`		`-/**`
`14`		`- * Provides a taint-tracking configuration for tracking untrusted user input used in log entries.`
`15`		`- */`
`16`		`-module LogInjection {`
`17`	`13`	`import LogInjectionCustomizations::LogInjection`
`18`	`14`
`19`	`15`	`/**`
`@@ -32,4 +28,3 @@ module LogInjection {`
`32`	`28`	`guard instanceof SanitizerGuard`
`33`	`29`	`}`
`34`	`30`	`}`
`35`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -10,10 +10,6 @@ private import python`
`10`	`10`	`import semmle.python.dataflow.new.DataFlow`
`11`	`11`	`import semmle.python.dataflow.new.TaintTracking`
`12`	`12`
`13`		`-/**`
`14`		`- * Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.`
`15`		`- */`
`16`		`-module PolynomialReDoS {`
`17`	`13`	`import PolynomialReDoSCustomizations::PolynomialReDoS`
`18`	`14`
`19`	`15`	`/**`
`@@ -32,4 +28,3 @@ module PolynomialReDoS {`
`32`	`28`	`guard instanceof SanitizerGuard`
`33`	`29`	`}`
`34`	`30`	`}`
`35`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -11,11 +11,6 @@ private import python`
`11`	`11`	`import semmle.python.dataflow.new.DataFlow`
`12`	`12`	`import semmle.python.dataflow.new.TaintTracking`
`13`	`13`
`14`		`-/**`
`15`		`- * Provides a taint-tracking configuration for detecting regular expression injection`
`16`		`- * vulnerabilities.`
`17`		`- */`
`18`		`-module RegexInjection {`
`19`	`14`	`import RegexInjectionCustomizations::RegexInjection`
`20`	`15`
`21`	`16`	`/**`
`@@ -34,4 +29,3 @@ module RegexInjection {`
`34`	`29`	`guard instanceof SanitizerGuard`
`35`	`30`	`}`
`36`	`31`	`}`
`37`		`-}`