Java: Introduce a class of dataflow nodes for the threat modeling.

michaelnebel · michaelnebel · commit 9a112dde66f9 · 2023-10-03T09:16:38.000+02:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
@@ -26,6 +26,6 @@ private string getChildThreatModel(string group) { threatModelGrouping(result, g
  * Holds if the source model kind `kind` is relevant for generic queries
  * under the current threat model configuration.
  */
-predicate sourceModelKindConfig(string kind) {
+predicate currentThreatModel(string kind) {
   exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group))
 }
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -29,6 +29,35 @@ import semmle.code.java.frameworks.struts.StrutsActions
 import semmle.code.java.frameworks.Thrift
 import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
 private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlowConfiguration
+
+/**
+ * A data flow source.
+ */
+abstract class SourceNode extends DataFlow::Node {
+  /**
+   * Gets a string that represents the source kind with respect to threat modeling.
+   */
+  abstract string getThreatModel();
+}
+
+/**
+ * A class of data flow sources that respects the
+ * current threat model configuration.
+ */
+class ThreatModelFlowSource extends DataFlow::Node {
+  ThreatModelFlowSource() {
+    // Expansive threat model.
+    currentThreatModel("all") and
+    (this instanceof SourceNode or sourceNode(this, _))
+    or
+    exists(string kind |
+      // Specific threat model.
+      currentThreatModel(kind) and
+      (this.(SourceNode).getThreatModel() = kind or sourceNode(this, kind))
+    )
+  }
+}
 
 /** A data flow source of remote user input. */
 abstract class RemoteFlowSource extends DataFlow::Node {
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
@@ -1,5 +1,5 @@
 import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
 
 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+  ExternalFlowConfiguration::currentThreatModel(kind)
 }
diff --git a/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql b/java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
@@ -1,5 +1,5 @@
 import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
 
 query predicate supportedThreatModels(string kind) {
-  ExternalFlowConfiguration::sourceModelKindConfig(kind)
+  ExternalFlowConfiguration::currentThreatModel(kind)
 }

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,6 @@ private string getChildThreatModel(string group) { threatModelGrouping(result, g`
`26`	`26`	* Holds if the source model kind `kind` is relevant for generic queries
`27`	`27`	`* under the current threat model configuration.`
`28`	`28`	`*/`
`29`		`-predicate sourceModelKindConfig(string kind) {`
	`29`	`+predicate currentThreatModel(string kind) {`
`30`	`30`	`exists(string group \| supportedThreatModels(group) and kind = getChildThreatModel*(group))`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration`
`2`	`2`
`3`	`3`	`query predicate supportedThreatModels(string kind) {`
`4`		`- ExternalFlowConfiguration::sourceModelKindConfig(kind)`
	`4`	`+ ExternalFlowConfiguration::currentThreatModel(kind)`
`5`	`5`	`}`