@@ -18,32 +18,33 @@ import semmle.code.java.dataflow.FlowSources
1818private import semmle.code.java.dataflow.ExternalFlow
1919import semmle.code.java.security.PathCreation
2020import semmle.code.java.security.PathSanitizer
21- import DataFlow:: PathGraph
2221import TaintedPathCommon
2322
24- class TaintedPathConfig extends TaintTracking :: Configuration {
25- TaintedPathConfig ( ) { this = "TaintedPathConfig" }
23+ module TaintedPathConfig implements DataFlow :: ConfigSig {
24+ predicate isSource ( DataFlow :: Node source ) { source instanceof RemoteFlowSource }
2625
27- override predicate isSource ( DataFlow:: Node source ) { source instanceof RemoteFlowSource }
28-
29- override predicate isSink ( DataFlow:: Node sink ) {
26+ predicate isSink ( DataFlow:: Node sink ) {
3027 sink .asExpr ( ) = any ( PathCreation p ) .getAnInput ( )
3128 or
3229 sinkNode ( sink , [ "create-file" , "read-file" ] )
3330 }
3431
35- override predicate isSanitizer ( DataFlow:: Node sanitizer ) {
32+ predicate isBarrier ( DataFlow:: Node sanitizer ) {
3633 sanitizer .getType ( ) instanceof BoxedType or
3734 sanitizer .getType ( ) instanceof PrimitiveType or
3835 sanitizer .getType ( ) instanceof NumberType or
3936 sanitizer instanceof PathInjectionSanitizer
4037 }
4138
42- override predicate isAdditionalTaintStep ( DataFlow:: Node n1 , DataFlow:: Node n2 ) {
39+ predicate isAdditionalFlowStep ( DataFlow:: Node n1 , DataFlow:: Node n2 ) {
4340 any ( TaintedPathAdditionalTaintStep s ) .step ( n1 , n2 )
4441 }
4542}
4643
44+ module TaintedPath = TaintTracking:: Make< TaintedPathConfig > ;
45+
46+ import TaintedPath:: PathGraph
47+
4748/**
4849 * Gets the data-flow node at which to report a path ending at `sink`.
4950 *
@@ -52,13 +53,13 @@ class TaintedPathConfig extends TaintTracking::Configuration {
5253 * continue to report there; otherwise we report directly at `sink`.
5354 */
5455DataFlow:: Node getReportingNode ( DataFlow:: Node sink ) {
55- any ( TaintedPathConfig c ) . hasFlowTo ( sink ) and
56+ TaintedPath :: hasFlowTo ( sink ) and
5657 if exists ( PathCreation pc | pc .getAnInput ( ) = sink .asExpr ( ) )
5758 then result .asExpr ( ) = any ( PathCreation pc | pc .getAnInput ( ) = sink .asExpr ( ) )
5859 else result = sink
5960}
6061
61- from DataFlow :: PathNode source , DataFlow :: PathNode sink , TaintedPathConfig conf
62- where conf . hasFlowPath ( source , sink )
62+ from TaintedPath :: PathNode source , TaintedPath :: PathNode sink
63+ where TaintedPath :: hasFlowPath ( source , sink )
6364select getReportingNode ( sink .getNode ( ) ) , source , sink , "This path depends on a $@." ,
6465 source .getNode ( ) , "user-provided value"
0 commit comments