C++: Update PrivateCleartextWrite with DataFlow::ConfigSig

jketema · jketema · commit 661160a98e9b · 2023-03-08T15:04:45.000+01:00
diff --git a/cpp/ql/lib/change-notes/2023-03-08-deprecated-dataflow-configurations.md b/cpp/ql/lib/change-notes/2023-03-08-deprecated-dataflow-configurations.md
@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `WriteConfig` taint tracking configuration has been deprecated. Please use `WriteFlow`.
diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll
@@ -36,7 +36,7 @@ module PrivateCleartextWrite {
     }
   }
 
-  class WriteConfig extends TaintTracking::Configuration {
+  deprecated class WriteConfig extends TaintTracking::Configuration {
     WriteConfig() { this = "Write configuration" }
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -46,6 +46,16 @@ module PrivateCleartextWrite {
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
   }
 
+  private module WriteConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+  }
+
+  module WriteFlow = TaintTracking::Make<WriteConfig>;
+
   class PrivateDataSource extends Source {
     PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr }
   }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
@@ -13,10 +13,10 @@
 import cpp
 import experimental.semmle.code.cpp.security.PrivateCleartextWrite
 import experimental.semmle.code.cpp.security.PrivateCleartextWrite::PrivateCleartextWrite
-import DataFlow::PathGraph
+import WriteFlow::PathGraph
 
-from WriteConfig b, DataFlow::PathNode source, DataFlow::PathNode sink
-where b.hasFlowPath(source, sink)
+from WriteFlow::PathNode source, WriteFlow::PathNode sink
+where WriteFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
   "This write into the external location '" + sink.getNode() +
     "' may contain unencrypted data from $@.", source, "this source of private data."

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: deprecated
 +---
 +* The `WriteConfig` taint tracking configuration has been deprecated. Please use `WriteFlow`.
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ module PrivateCleartextWrite {`
`36`	`36`	`}`
`37`	`37`	`}`
`38`	`38`
`39`		`- class WriteConfig extends TaintTracking::Configuration {`
	`39`	`+ deprecated class WriteConfig extends TaintTracking::Configuration {`
`40`	`40`	`WriteConfig() { this = "Write configuration" }`
`41`	`41`
`42`	`42`	`override predicate isSource(DataFlow::Node source) { source instanceof Source }`
`@@ -46,6 +46,16 @@ module PrivateCleartextWrite {`
`46`	`46`	`override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }`
`47`	`47`	`}`
`48`	`48`
	`49`	`+ private module WriteConfig implements DataFlow::ConfigSig {`
	`50`	`+ predicate isSource(DataFlow::Node source) { source instanceof Source }`
	`51`	`+`
	`52`	`+ predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
	`53`	`+`
	`54`	`+ predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`55`	`+ }`
	`56`	`+`
	`57`	`+ module WriteFlow = TaintTracking::Make<WriteConfig>;`
	`58`	`+`
`49`	`59`	`class PrivateDataSource extends Source {`
`50`	`60`	`PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr }`
`51`	`61`	`}`