Ruby: configsig rb/polynomial-redos

Author: alexrford

ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll

@@ -2,9 +2,9 @@
  * Provides a taint tracking configuration for reasoning about polynomial
  * regular expression denial-of-service attacks.
  *
- * Note, for performance reasons: only import this file if `Configuration` is
- * needed. Otherwise, `PolynomialReDoSCustomizations` should be imported
- * instead.
+ * Note, for performance reasons: only import this file if
+ * `PolynomialReDoSFlow` is needed. Otherwise,
+ * `PolynomialReDoSCustomizations` should be imported instead.
  */
 
 private import codeql.ruby.DataFlow
@@ -13,15 +13,17 @@ private import codeql.ruby.TaintTracking
 /**
  * Provides a taint-tracking configuration for detecting polynomial regular
  * expression denial of service vulnerabilities.
+ * DEPRECATED: Use `PolynomialReDoSFlow`
  */
-module PolynomialReDoS {
+deprecated module PolynomialReDoS {
   import PolynomialReDoSCustomizations::PolynomialReDoS
 
   /**
    * A taint-tracking configuration for detecting polynomial regular expression
    * denial of service vulnerabilities.
+   * DEPRECATED: Use `PolynomialReDoSFlow`
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "PolynomialReDoS" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -35,3 +37,19 @@ module PolynomialReDoS {
     }
   }
 }
+
+private module PolynomialReDoSConfig implements DataFlow::ConfigSig {
+  private import PolynomialReDoSCustomizations::PolynomialReDoS
+
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+}
+
+/**
+ * Taint-tracking for detecting polynomial regular
+ * expression denial of service vulnerabilities.
+ */
+module PolynomialReDoSFlow = TaintTracking::Global<PolynomialReDoSConfig>;

ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql

@@ -13,18 +13,18 @@
  *       external/cwe/cwe-400
  */
 
-import DataFlow::PathGraph
-import codeql.ruby.DataFlow
+import codeql.ruby.security.regexp.PolynomialReDoSCustomizations::PolynomialReDoS as PR
 import codeql.ruby.security.regexp.PolynomialReDoSQuery
+import PolynomialReDoSFlow::PathGraph
 
 from
-  PolynomialReDoS::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink,
-  PolynomialReDoS::Sink sinkNode, PolynomialReDoS::PolynomialBackTrackingTerm regexp
+  PolynomialReDoSFlow::PathNode source, PolynomialReDoSFlow::PathNode sink, PR::Sink sinkNode,
+  PR::PolynomialBackTrackingTerm regexp
 where
-  config.hasFlowPath(source, sink) and
+  PolynomialReDoSFlow::flowPath(source, sink) and
   sinkNode = sink.getNode() and
   regexp = sinkNode.getRegExp()
 select sinkNode.getHighlight(), source, sink,
   "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
     "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression",
-  source.getNode(), source.getNode().(PolynomialReDoS::Source).describe()
+  source.getNode(), source.getNode().(PR::Source).describe()