From 712d8aa3223cbfe9f3b5b98f633c2a6dd678235e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 31 Jan 2025 10:19:21 +0000 Subject: [PATCH 1/2] Java: Update file that was forgotten in the dataflow-stack PR. --- .../code/java/dataflow/DataFlowStack.qll | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/DataFlowStack.qll b/java/ql/lib/semmle/code/java/dataflow/DataFlowStack.qll index ccef18823728..120c548a8a8a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/DataFlowStack.qll +++ b/java/ql/lib/semmle/code/java/dataflow/DataFlowStack.qll @@ -1,14 +1,36 @@ import java private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.internal.DataFlowImplSpecific - private import codeql.dataflowstack.DataFlowStack as DFS private import DFS::DataFlowStackMake as DataFlowStackFactory -module DataFlowStackMake{ - import DataFlowStackFactory::FlowStack +private module DataFlowStackInput implements + DFS::DataFlowStackSig +{ + private module Flow = DataFlow::Global; + + JavaDataFlow::Node getNode(Flow::PathNode n) { result = n.getNode() } + + predicate isSource(Flow::PathNode n) { n.isSource() } + + Flow::PathNode getASuccessor(Flow::PathNode n) { result = n.getASuccessor() } + + JavaDataFlow::DataFlowCallable getARuntimeTarget(JavaDataFlow::DataFlowCall call) { + result.asCallable() = call.asCall().getCallee() + } + + JavaDataFlow::Node getAnArgumentNode(JavaDataFlow::DataFlowCall call) { + result = JavaDataFlow::exprNode(call.asCall().getAnArgument()) + } +} + +module DataFlowStackMake { + import DataFlowStackFactory::FlowStack> } -module BiStackAnalysisMake{ - import DataFlowStackFactory::BiStackAnalysis -} \ No newline at end of file +module BiStackAnalysisMake< + DataFlowStackFactory::DataFlow::ConfigSig ConfigA, + DataFlowStackFactory::DataFlow::ConfigSig ConfigB> +{ + import DataFlowStackFactory::BiStackAnalysis, ConfigB, DataFlowStackInput> +} From 403ad3c7bd8f1c55396049f78f66f774ccff6dc0 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 31 Jan 2025 12:04:34 +0000 Subject: [PATCH 2/2] Shared: Add missing transitive closure. --- shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll | 2 +- .../dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll b/shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll index f99b3125c1b9..945fa7c05be7 100644 --- a/shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll +++ b/shared/dataflowstack/codeql/dataflowstack/DataFlowStack.qll @@ -236,7 +236,7 @@ module DataFlowStackMake Lang> { exists(Flow::PathNode source, Flow::PathNode sink | flowStack = TFlowStack(source, sink) and frame.getPathNode() = DataFlowStack::getASuccessor*(source) and - DataFlowStack::getASuccessor(frame.getPathNode()) = sink + DataFlowStack::getASuccessor*(frame.getPathNode()) = sink ) } diff --git a/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll b/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll index e2a81f81264e..8b3b152e33c5 100644 --- a/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll +++ b/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll @@ -242,7 +242,7 @@ module TaintTrackingStackMake< exists(Flow::PathNode source, Flow::PathNode sink | flowStack = TFlowStack(source, sink) and frame.getPathNode() = TaintTrackingStack::getASuccessor*(source) and - TaintTrackingStack::getASuccessor(frame.getPathNode()) = sink + TaintTrackingStack::getASuccessor*(frame.getPathNode()) = sink ) }