Swift: Rewrite CleartextTransmission to use DataFlow::ConfigSig

jketema · jketema · commit 97575807dfeb · 2023-04-04T09:10:21.000+02:00
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll
@@ -13,7 +13,7 @@ import codeql.swift.security.CleartextTransmissionExtensions
  * A taint configuration from sensitive information to expressions that are
  * transmitted over a network.
  */
-class CleartextTransmissionConfig extends TaintTracking::Configuration {
+deprecated class CleartextTransmissionConfig extends TaintTracking::Configuration {
   CleartextTransmissionConfig() { this = "CleartextTransmissionConfig" }
 
   override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
@@ -33,3 +33,32 @@ class CleartextTransmissionConfig extends TaintTracking::Configuration {
     isSource(node)
   }
 }
+
+/**
+ * A taint configuration from sensitive information to expressions that are
+ * transmitted over a network.
+ */
+module CleartextTransmissionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
+
+  predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink }
+
+  predicate isBarrier(DataFlow::Node sanitizer) {
+    sanitizer instanceof CleartextTransmissionSanitizer
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    any(CleartextTransmissionAdditionalTaintStep s).step(nodeFrom, nodeTo)
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    // make sources barriers so that we only report the closest instance
+    isSource(node)
+  }
+}
+
+/**
+ * Detect taint flow of sensitive information to expressions that are transmitted over
+ * a network.
+ */
+module CleartextTransmissionFlow = TaintTracking::Global<CleartextTransmissionConfig>;
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
@@ -14,10 +14,10 @@
 import swift
 import codeql.swift.dataflow.DataFlow
 import codeql.swift.security.CleartextTransmissionQuery
-import DataFlow::PathGraph
+import CleartextTransmissionFlow::PathGraph
 
-from CleartextTransmissionConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode
-where config.hasFlowPath(sourceNode, sinkNode)
+from CleartextTransmissionFlow::PathNode sourceNode, CleartextTransmissionFlow::PathNode sinkNode
+where CleartextTransmissionFlow::flowPath(sourceNode, sinkNode)
 select sinkNode.getNode(), sourceNode, sinkNode,
   "This operation transmits '" + sinkNode.getNode().toString() +
     "', which may contain unencrypted sensitive data from $@.", sourceNode,
