Skip to content

Commit 56156cf

Browse files
jketemajketema
committed
Swift: Rewrite UnsafeJsEval to use `DataFlow::ConfigSig
1 parent db641e5 commit 56156cf

File tree

2 files changed

+26
-5
lines changed

2 files changed

+26
-5
lines changed

swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ import codeql.swift.security.UnsafeJsEvalExtensions
1212
/**
1313
* A taint configuration from taint sources to sinks for this query.
1414
*/
15-
class UnsafeJsEvalConfig extends TaintTracking::Configuration {
15+
deprecated class UnsafeJsEvalConfig extends TaintTracking::Configuration {
1616
UnsafeJsEvalConfig() { this = "UnsafeJsEvalConfig" }
1717

1818
override predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
@@ -27,3 +27,25 @@ class UnsafeJsEvalConfig extends TaintTracking::Configuration {
2727
any(UnsafeJsEvalAdditionalTaintStep s).step(nodeFrom, nodeTo)
2828
}
2929
}
30+
31+
/**
32+
* A taint configuration from taint sources to sinks for this query.
33+
*/
34+
module UnsafeJsEvalConfig implements DataFlow::ConfigSig {
35+
predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
36+
37+
predicate isSink(DataFlow::Node node) { node instanceof UnsafeJsEvalSink }
38+
39+
predicate isBarrier(DataFlow::Node sanitizer) {
40+
sanitizer instanceof UnsafeJsEvalSanitizer
41+
}
42+
43+
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
44+
any(UnsafeJsEvalAdditionalTaintStep s).step(nodeFrom, nodeTo)
45+
}
46+
}
47+
48+
/**
49+
* Detect taint flow of taint sources to sinks for this query.
50+
*/
51+
module UnsafeJsEvalFlow = TaintTracking::Global<UnsafeJsEvalConfig>;

swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,11 @@
1515
import swift
1616
import codeql.swift.dataflow.DataFlow
1717
import codeql.swift.security.UnsafeJsEvalQuery
18-
import DataFlow::PathGraph
18+
import UnsafeJsEvalFlow::PathGraph
1919

2020
from
21-
UnsafeJsEvalConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode,
22-
UnsafeJsEvalSink sink
21+
UnsafeJsEvalFlow::PathNode sourceNode, UnsafeJsEvalFlow::PathNode sinkNode, UnsafeJsEvalSink sink
2322
where
24-
config.hasFlowPath(sourceNode, sinkNode) and
23+
UnsafeJsEvalFlow::flowPath(sourceNode, sinkNode) and
2524
sink = sinkNode.getNode()
2625
select sink, sourceNode, sinkNode, "Evaluation of uncontrolled JavaScript from a remote source."

0 commit comments

Comments
 (0)