Move getSourceType to SourceNode

egregius313 · egregius313 · commit 31d4d0ca5701 · 2024-02-29T12:03:00.000-05:00
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
@@ -49,6 +49,8 @@ module EntityFramework {
     StoredFlowSource() {
       this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
     }
+
+    override string getSourceType() { result = "ORM mapped property" }
   }
 
   private class EFClass extends Class {
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
@@ -91,6 +91,8 @@ module NHibernate {
     StoredFlowSource() {
       this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
     }
+
+    override string getSourceType() { result = "ORM mapped property" }
   }
 
   /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/FlowSources.qll
@@ -14,6 +14,9 @@ abstract class SourceNode extends DataFlow::Node {
    * Gets a string that represents the source kind with respect to threat modeling.
    */
   abstract string getThreatModel();
+
+  /** Gets a string that describes the type of this flow source. */
+  abstract string getSourceType();
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Local.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Local.qll
@@ -9,8 +9,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 /** A data flow source of local data. */
 abstract class LocalFlowSource extends SourceNode {
-  /** Gets a string that describes the type of this local flow source. */
-  abstract string getSourceType();
+  override string getSourceType() { result = "local flow source" }
 
   override string getThreatModel() { result = "local" }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
@@ -17,8 +17,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 /** A data flow source of remote user input. */
 abstract class RemoteFlowSource extends SourceNode {
-  /** Gets a string that describes the type of this remote flow source. */
-  abstract string getSourceType();
+  override string getSourceType() { result = "remote flow source" }
 
   override string getThreatModel() { result = "remote" }
 }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
@@ -13,6 +13,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 /** A data flow source of stored user input. */
 abstract class StoredFlowSource extends SourceNode {
+  // override string getSourceType() { result = "stored flow source" }
   override string getThreatModel() { result = "local" }
 }
 
@@ -21,6 +22,8 @@ abstract class StoredFlowSource extends SourceNode {
  */
 abstract class DatabaseInputSource extends StoredFlowSource {
   override string getThreatModel() { result = "database" }
+
+  override string getSourceType() { result = "database input" }
 }
 
 /**
@@ -76,4 +79,6 @@ class FileStreamStoredFlowSource extends StoredFlowSource {
   FileStreamStoredFlowSource() { sourceNode(this, "file") }
 
   override string getThreatModel() { result = "file" }
+
+  override string getSourceType() { result = "file stream" }
 }

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ module EntityFramework {`
`49`	`49`	`StoredFlowSource() {`
`50`	`50`	`this.asExpr() = any(PropertyRead read \| read.getTarget() instanceof MappedProperty)`
`51`	`51`	`}`
	`52`	`+`
	`53`	`+ override string getSourceType() { result = "ORM mapped property" }`
`52`	`54`	`}`
`53`	`55`
`54`	`56`	`private class EFClass extends Class {`
Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,8 @@ module NHibernate {`
`91`	`91`	`StoredFlowSource() {`
`92`	`92`	`this.asExpr() = any(PropertyRead read \| read.getTarget() instanceof MappedProperty)`
`93`	`93`	`}`
	`94`	`+`
	`95`	`+ override string getSourceType() { result = "ORM mapped property" }`
`94`	`96`	`}`
`95`	`97`
`96`	`98`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,9 @@ abstract class SourceNode extends DataFlow::Node {`
`14`	`14`	`* Gets a string that represents the source kind with respect to threat modeling.`
`15`	`15`	`*/`
`16`	`16`	`abstract string getThreatModel();`
	`17`	`+`
	`18`	`+ /** Gets a string that describes the type of this flow source. */`
	`19`	`+ abstract string getSourceType();`
`17`	`20`	`}`
`18`	`21`
`19`	`22`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources`
`9`	`9`
`10`	`10`	`/** A data flow source of local data. */`
`11`	`11`	`abstract class LocalFlowSource extends SourceNode {`
`12`		`- /** Gets a string that describes the type of this local flow source. */`
`13`		`- abstract string getSourceType();`
	`12`	`+ override string getSourceType() { result = "local flow source" }`
`14`	`13`
`15`	`14`	`override string getThreatModel() { result = "local" }`
`16`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources`
`17`	`17`
`18`	`18`	`/** A data flow source of remote user input. */`
`19`	`19`	`abstract class RemoteFlowSource extends SourceNode {`
`20`		`- /** Gets a string that describes the type of this remote flow source. */`
`21`		`- abstract string getSourceType();`
	`20`	`+ override string getSourceType() { result = "remote flow source" }`
`22`	`21`
`23`	`22`	`override string getThreatModel() { result = "remote" }`
`24`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.FlowSources`
`13`	`13`
`14`	`14`	`/** A data flow source of stored user input. */`
`15`	`15`	`abstract class StoredFlowSource extends SourceNode {`
	`16`	`+ // override string getSourceType() { result = "stored flow source" }`
`16`	`17`	`override string getThreatModel() { result = "local" }`
`17`	`18`	`}`
`18`	`19`
`@@ -21,6 +22,8 @@ abstract class StoredFlowSource extends SourceNode {`
`21`	`22`	`*/`
`22`	`23`	`abstract class DatabaseInputSource extends StoredFlowSource {`
`23`	`24`	`override string getThreatModel() { result = "database" }`
	`25`	`+`
	`26`	`+ override string getSourceType() { result = "database input" }`
`24`	`27`	`}`
`25`	`28`
`26`	`29`	`/**`
`@@ -76,4 +79,6 @@ class FileStreamStoredFlowSource extends StoredFlowSource {`
`76`	`79`	`FileStreamStoredFlowSource() { sourceNode(this, "file") }`
`77`	`80`
`78`	`81`	`override string getThreatModel() { result = "file" }`
	`82`	`+`
	`83`	`+ override string getSourceType() { result = "file stream" }`
`79`	`84`	`}`