/
TaintedPath.qll
42 lines (32 loc) · 1.39 KB
/
TaintedPath.qll
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/**
* Provides a taint tracking configuration for reasoning about path-traversal vulnerabilities.
*
* Note: for performance reasons, only import this file if `TaintedPath::Configuration` is needed,
* otherwise `TaintedPathCustomizations` should be imported instead.
*/
import go
/** Provides a taint tracking configuration for reasoning about path-traversal vulnerabilities. */
module TaintedPath {
import TaintedPathCustomizations::TaintedPath
/**
* DEPRECATED: Use `Flow` instead.
*
* A taint-tracking configuration for reasoning about path-traversal vulnerabilities.
*/
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "TaintedPath" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
}
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}
/** Tracks taint flow for reasoning about path-traversal vulnerabilities. */
module Flow = TaintTracking::Global<Config>;
}