Refactor CWE-089 Sql queries

Author: egregius313

java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql

@@ -25,28 +25,27 @@ class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
   }
 }
 
-class UncontrolledStringBuilderSourceFlowConfig extends TaintTracking::Configuration {
-  UncontrolledStringBuilderSourceFlowConfig() {
-    this = "SqlConcatenated::UncontrolledStringBuilderSourceFlowConfig"
-  }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof UncontrolledStringBuilderSource }
+private module UncontrolledStringBuilderSourceFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { src instanceof UncontrolledStringBuilderSource }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
   }
 }
 
+module UncontrolledStringBuilderSourceFlow =
+  TaintTracking::Make<UncontrolledStringBuilderSourceFlowConfig>;
+
 from QueryInjectionSink query, Expr uncontrolled
 where
   (
     builtFromUncontrolledConcat(query.asExpr(), uncontrolled)
     or
-    exists(StringBuilderVar sbv, UncontrolledStringBuilderSourceFlowConfig conf |
+    exists(StringBuilderVar sbv |
       uncontrolledStringBuilderQuery(sbv, uncontrolled) and
-      conf.hasFlow(DataFlow::exprNode(sbv.getToStringCall()), query)
+      UncontrolledStringBuilderSourceFlow::hasFlow(DataFlow::exprNode(sbv.getToStringCall()), query)
     )
   ) and
   not queryTaintedBy(query, _, _)

java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql

@@ -15,26 +15,29 @@
 import semmle.code.java.Expr
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.SqlInjectionQuery
-import DataFlow::PathGraph
 
-class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configuration {
-  LocalUserInputToQueryInjectionFlowConfig() { this = "LocalUserInputToQueryInjectionFlowConfig" }
+private module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
 
-  override predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
+  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
   }
 
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
   }
 }
 
+module LocalUserInputToQueryInjectionFlow =
+  TaintTracking::Make<LocalUserInputToQueryInjectionFlowConfig>;
+
+import LocalUserInputToQueryInjectionFlow::PathGraph
+
 from
-  DataFlow::PathNode source, DataFlow::PathNode sink, LocalUserInputToQueryInjectionFlowConfig conf
-where conf.hasFlowPath(source, sink)
+  LocalUserInputToQueryInjectionFlow::PathNode source,
+  LocalUserInputToQueryInjectionFlow::PathNode sink
+where LocalUserInputToQueryInjectionFlow::hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
   "user-provided value"