Refactor CWE-614/InsecureCookie

egregius313 · egregius313 · commit 8856730843f0 · 2023-03-20T12:26:54.000-04:00
diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
@@ -26,10 +26,8 @@ predicate isSafeSecureCookieSetting(Expr e) {
   )
 }
 
-class SecureCookieConfiguration extends DataFlow::Configuration {
-  SecureCookieConfiguration() { this = "SecureCookieConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
+private module SecureCookieConfiguration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     exists(MethodAccess ma, Method m | ma.getMethod() = m |
       m.getDeclaringType() instanceof TypeCookie and
       m.getName() = "setSecure" and
@@ -43,14 +41,16 @@ class SecureCookieConfiguration extends DataFlow::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() =
       any(MethodAccess add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
   }
 }
 
+module SecureCookieFlow = DataFlow::Make<SecureCookieConfiguration>;
+
 from MethodAccess add
 where
   add.getMethod() instanceof ResponseAddCookieMethod and
-  not any(SecureCookieConfiguration df).hasFlowToExpr(add.getArgument(0))
+  not SecureCookieFlow::hasFlowToExpr(add.getArgument(0))
 select add, "Cookie is added to response without the 'secure' flag being set."

Original file line number	Diff line number	Diff line change
`@@ -26,10 +26,8 @@ predicate isSafeSecureCookieSetting(Expr e) {`
`26`	`26`	`)`
`27`	`27`	`}`
`28`	`28`
`29`		`-class SecureCookieConfiguration extends DataFlow::Configuration {`
`30`		`- SecureCookieConfiguration() { this = "SecureCookieConfiguration" }`
`31`		`-`
`32`		`- override predicate isSource(DataFlow::Node source) {`
	`29`	`+private module SecureCookieConfiguration implements DataFlow::ConfigSig {`
	`30`	`+ predicate isSource(DataFlow::Node source) {`
`33`	`31`	`exists(MethodAccess ma, Method m \| ma.getMethod() = m \|`
`34`	`32`	`m.getDeclaringType() instanceof TypeCookie and`
`35`	`33`	`m.getName() = "setSecure" and`
`@@ -43,14 +41,16 @@ class SecureCookieConfiguration extends DataFlow::Configuration {`
`43`	`41`	`)`
`44`	`42`	`}`
`45`	`43`
`46`		`- override predicate isSink(DataFlow::Node sink) {`
	`44`	`+ predicate isSink(DataFlow::Node sink) {`
`47`	`45`	`sink.asExpr() =`
`48`	`46`	`any(MethodAccess add \| add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)`
`49`	`47`	`}`
`50`	`48`	`}`
`51`	`49`
	`50`	`+module SecureCookieFlow = DataFlow::Make<SecureCookieConfiguration>;`
	`51`	`+`
`52`	`52`	`from MethodAccess add`
`53`	`53`	`where`
`54`	`54`	`add.getMethod() instanceof ResponseAddCookieMethod and`
`55`		`- not any(SecureCookieConfiguration df).hasFlowToExpr(add.getArgument(0))`
	`55`	`+ not SecureCookieFlow::hasFlowToExpr(add.getArgument(0))`
`56`	`56`	`select add, "Cookie is added to response without the 'secure' flag being set."`