Convert dataflow configuration to using new module-configuration

egregius313 · egregius313 · commit da43a6150685 · 2023-03-08T19:19:00.000-05:00
diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
@@ -10,12 +10,10 @@ private import semmle.code.java.security.ArbitraryApkInstallation
  * A dataflow configuration for flow from an external source of an APK to the
  * `setData[AndType][AndNormalize]` method of an intent.
  */
-class ApkConfiguration extends DataFlow::Configuration {
-  ApkConfiguration() { this = "ApkConfiguration" }
+private module ApkConf implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource }
 
-  override predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource }
-
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     exists(MethodAccess ma |
       ma.getMethod() instanceof SetDataMethod and
       ma.getArgument(0) = node.asExpr() and
@@ -28,6 +26,23 @@ class ApkConfiguration extends DataFlow::Configuration {
   }
 }
 
+module ApkConfiguration = DataFlow::Make<ApkConf>;
+
+// class ApkConfiguration extends DataFlow::Configuration {
+//   ApkConfiguration() { this = "ApkConfiguration" }
+//   override predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource }
+//   override predicate isSink(DataFlow::Node node) {
+//     exists(MethodAccess ma |
+//       ma.getMethod() instanceof SetDataMethod and
+//       ma.getArgument(0) = node.asExpr() and
+//       (
+//         any(PackageArchiveMimeTypeConfiguration c).hasFlowToExpr(ma.getQualifier())
+//         or
+//         any(InstallPackageActionConfiguration c).hasFlowToExpr(ma.getQualifier())
+//       )
+//     )
+//   }
+// }
 /**
  * A dataflow configuration tracking the flow from the `android.content.Intent.ACTION_INSTALL_PACKAGE`
  * constant to either the constructor of an intent or the `setAction` method of an intent.
diff --git a/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql b/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
@@ -14,6 +14,6 @@ import java
 import semmle.code.java.security.ArbitraryApkInstallationQuery
 import DataFlow::PathGraph
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, ApkConfiguration config
-where config.hasFlowPath(source, sink)
+from DataFlow::PathNode source, DataFlow::PathNode sink
+where ApkConfiguration::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Arbitrary Android APK installation."
diff --git a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
@@ -10,7 +10,7 @@ class HasApkInstallationTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasApkInstallation" and
-    exists(DataFlow::Node sink, ApkConfiguration conf | conf.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | ApkConfiguration::hasFlowTo(sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       value = ""
