diff --git a/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll b/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll index 0dae848c15da..c600bb1672d8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll @@ -1,122 +1,39 @@ /** Provides classes representing various flow sinks for data flow / taint tracking. */ -private import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks as FlowSinks -/** - * A data flow sink node. - */ -abstract class SinkNode extends DataFlow::Node { } +final class SinkNode = FlowSinks::ApiSinkNode; /** * Module that adds all API like sinks to `SinkNode`, excluding sinks for cryptography based * queries, and queries where sinks are not succifiently defined (eg. using broad method name matching). */ -private module ApiSinks { - private import semmle.code.java.security.AndroidSensitiveCommunicationQuery as AndroidSensitiveCommunicationQuery - private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation - private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery - private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery - private import semmle.code.java.security.CleartextStorageCookieQuery as CleartextStorageCookieQuery - private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery - private import semmle.code.java.security.ExternallyControlledFormatStringQuery as ExternallyControlledFormatStringQuery - private import semmle.code.java.security.InsecureBasicAuth as InsecureBasicAuth - private import semmle.code.java.security.IntentUriPermissionManipulation as IntentUriPermissionManipulation - private import semmle.code.java.security.InsecureLdapAuth as InsecureLdapAuth - private import semmle.code.java.security.InsecureTrustManager as InsecureTrustManager - private import semmle.code.java.security.JndiInjection as JndiInjection - private import semmle.code.java.security.JWT as Jwt - private import semmle.code.java.security.OgnlInjection as OgnlInjection - private import semmle.code.java.security.SensitiveResultReceiverQuery as SensitiveResultReceiverQuery - private import semmle.code.java.security.SensitiveUiQuery as SensitiveUiQuery - private import semmle.code.java.security.SpelInjection as SpelInjection - private import semmle.code.java.security.SpelInjectionQuery as SpelInjectionQuery - private import semmle.code.java.security.QueryInjection as QueryInjection - private import semmle.code.java.security.TempDirLocalInformationDisclosureQuery as TempDirLocalInformationDisclosureQuery - private import semmle.code.java.security.UnsafeAndroidAccess as UnsafeAndroidAccess - private import semmle.code.java.security.UnsafeContentUriResolution as UnsafeContentUriResolution - private import semmle.code.java.security.UnsafeDeserializationQuery as UnsafeDeserializationQuery - private import semmle.code.java.security.UrlRedirect as UrlRedirect - private import semmle.code.java.security.WebviewDebuggingEnabledQuery as WebviewDebuggingEnabledQuery - private import semmle.code.java.security.XPath as Xpath - private import semmle.code.java.security.XSS as Xss - - private class AndoidIntentRedirectionQuerySinks extends SinkNode instanceof AndroidSensitiveCommunicationQuery::SensitiveCommunicationSink - { } - - private class ArbitraryApkInstallationSinks extends SinkNode instanceof ArbitraryApkInstallation::SetDataSink - { } - - private class CleartextStorageAndroidDatabaseQuerySinks extends SinkNode instanceof CleartextStorageAndroidDatabaseQuery::LocalDatabaseSink - { } - - private class CleartextStorageAndroidFilesystemQuerySinks extends SinkNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileSink - { } - - private class CleartextStorageCookieQuerySinks extends SinkNode instanceof CleartextStorageCookieQuery::CookieStoreSink - { } - - private class CleartextStorageSharedPrefsQuerySinks extends SinkNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesSink - { } - - private class ExternallyControlledFormatStringQuerySinks extends SinkNode instanceof ExternallyControlledFormatStringQuery::StringFormatSink - { } - - private class InsecureBasicAuthSinks extends SinkNode instanceof InsecureBasicAuth::InsecureBasicAuthSink - { } - - private class InsecureTrustManagerSinks extends SinkNode instanceof InsecureTrustManager::InsecureTrustManagerSink - { } - - private class IntentUriPermissionManipulationSinks extends SinkNode instanceof IntentUriPermissionManipulation::IntentUriPermissionManipulationSink - { } - - private class InsecureLdapAuthSinks extends SinkNode instanceof InsecureLdapAuth::InsecureLdapUrlSink - { } - - private class JndiInjectionSinks extends SinkNode instanceof JndiInjection::JndiInjectionSink { } - - private class JwtSinks extends SinkNode instanceof Jwt::JwtParserWithInsecureParseSink { } - - private class OgnlInjectionSinks extends SinkNode instanceof OgnlInjection::OgnlInjectionSink { } - - private class SensitiveResultReceiverQuerySinks extends SinkNode instanceof SensitiveResultReceiverQuery::SensitiveResultReceiverSink - { } - - private class SensitiveUiQuerySinks extends SinkNode instanceof SensitiveUiQuery::TextFieldSink { - } - - private class SpelInjectionSinks extends SinkNode instanceof SpelInjection::SpelExpressionEvaluationSink - { } - - private class QueryInjectionSinks extends SinkNode instanceof QueryInjection::QueryInjectionSink { - } - - private class TempDirLocalInformationDisclosureSinks extends SinkNode instanceof TempDirLocalInformationDisclosureQuery::MethodFileDirectoryCreationSink - { } - - private class UnsafeAndroidAccessSinks extends SinkNode instanceof UnsafeAndroidAccess::UrlResourceSink - { } - - private class UnsafeContentUriResolutionSinks extends SinkNode instanceof UnsafeContentUriResolution::ContentUriResolutionSink - { } - - private class UnsafeDeserializationQuerySinks extends SinkNode instanceof UnsafeDeserializationQuery::UnsafeDeserializationSink - { } - - private class UrlRedirectSinks extends SinkNode instanceof UrlRedirect::UrlRedirectSink { } - - private class WebviewDebugEnabledQuery extends SinkNode instanceof WebviewDebuggingEnabledQuery::WebviewDebugSink - { } - - private class XPathSinks extends SinkNode instanceof Xpath::XPathInjectionSink { } - - private class XssSinks extends SinkNode instanceof Xss::XssSink { } - - /** - * Add all models as data sinks. - */ - private class SinkNodeExternal extends SinkNode { - SinkNodeExternal() { sinkNode(this, _) } - } +private module AllApiSinks { + private import semmle.code.java.security.AndroidSensitiveCommunicationQuery + private import semmle.code.java.security.ArbitraryApkInstallation + private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery + private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery + private import semmle.code.java.security.CleartextStorageCookieQuery + private import semmle.code.java.security.CleartextStorageSharedPrefsQuery + private import semmle.code.java.security.ExternallyControlledFormatStringQuery + private import semmle.code.java.security.InsecureBasicAuth + private import semmle.code.java.security.IntentUriPermissionManipulation + private import semmle.code.java.security.InsecureLdapAuth + private import semmle.code.java.security.InsecureTrustManager + private import semmle.code.java.security.JndiInjection + private import semmle.code.java.security.JWT + private import semmle.code.java.security.OgnlInjection + private import semmle.code.java.security.SensitiveResultReceiverQuery + private import semmle.code.java.security.SensitiveUiQuery + private import semmle.code.java.security.SpelInjection + private import semmle.code.java.security.SpelInjectionQuery + private import semmle.code.java.security.QueryInjection + private import semmle.code.java.security.TempDirLocalInformationDisclosureQuery + private import semmle.code.java.security.UnsafeAndroidAccess + private import semmle.code.java.security.UnsafeContentUriResolution + private import semmle.code.java.security.UnsafeDeserializationQuery + private import semmle.code.java.security.UrlRedirect + private import semmle.code.java.security.WebviewDebuggingEnabledQuery + private import semmle.code.java.security.XPath + private import semmle.code.java.security.XSS } diff --git a/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll b/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll index 61025262cb52..5f825ad5445f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll @@ -1,69 +1,23 @@ /** Provides classes representing various flow sources for data flow / taint tracking. */ -private import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources as FlowSources -/** - * A data flow source node. - */ -abstract class SourceNode extends DataFlow::Node { } +final class SourceNode = FlowSources::ApiSourceNode; /** * Module that adds all API like sources to `SourceNode`, excluding some sources for cryptography based * queries, and queries where sources are not succifiently defined (eg. using broad method name matching). */ -private module ApiSources { - private import FlowSources as FlowSources - private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation - private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery - private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery - private import semmle.code.java.security.CleartextStorageCookieQuery as CleartextStorageCookieQuery - private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery - private import semmle.code.java.security.ImplicitPendingIntentsQuery as ImplicitPendingIntentsQuery - private import semmle.code.java.security.ImproperIntentVerificationQuery as ImproperIntentVerificationQuery - private import semmle.code.java.security.InsecureTrustManager as InsecureTrustManager - private import semmle.code.java.security.JWT as Jwt - private import semmle.code.java.security.StackTraceExposureQuery as StackTraceExposureQuery - private import semmle.code.java.security.ZipSlipQuery as ZipSlipQuery - - private class FlowSourcesSourceNode extends SourceNode instanceof FlowSources::SourceNode { } - - private class ArbitraryApkInstallationSources extends SourceNode instanceof ArbitraryApkInstallation::ExternalApkSource - { } - - private class CleartextStorageAndroidDatabaseQuerySources extends SourceNode instanceof CleartextStorageAndroidDatabaseQuery::LocalDatabaseOpenMethodCallSource - { } - - private class CleartextStorageAndroidFilesystemQuerySources extends SourceNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileOpenCallSource - { } - - private class CleartextStorageCookieQuerySources extends SourceNode instanceof CleartextStorageCookieQuery::CookieSource - { } - - private class CleartextStorageSharedPrefsQuerySources extends SourceNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesEditorMethodCallSource - { } - - private class ImplicitPendingIntentsQuerySources extends SourceNode instanceof ImplicitPendingIntentsQuery::ImplicitPendingIntentSource - { } - - private class ImproperIntentVerificationQuerySources extends SourceNode instanceof ImproperIntentVerificationQuery::VerifiedIntentConfigSource - { } - - private class InsecureTrustManagerSources extends SourceNode instanceof InsecureTrustManager::InsecureTrustManagerSource - { } - - private class JwtSources extends SourceNode instanceof Jwt::JwtParserWithInsecureParseSource { } - - private class StackTraceExposureQuerySources extends SourceNode instanceof StackTraceExposureQuery::GetMessageFlowSource - { } - - private class ZipSlipQuerySources extends SourceNode instanceof ZipSlipQuery::ArchiveEntryNameMethodSource - { } - - /** - * Add all models as data sources. - */ - private class SourceNodeExternal extends SourceNode { - SourceNodeExternal() { sourceNode(this, _) } - } +private module AllApiSources { + private import semmle.code.java.security.ArbitraryApkInstallation + private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery + private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery + private import semmle.code.java.security.CleartextStorageCookieQuery + private import semmle.code.java.security.CleartextStorageSharedPrefsQuery + private import semmle.code.java.security.ImplicitPendingIntentsQuery + private import semmle.code.java.security.ImproperIntentVerificationQuery + private import semmle.code.java.security.InsecureTrustManager + private import semmle.code.java.security.JWT + private import semmle.code.java.security.StackTraceExposureQuery + private import semmle.code.java.security.ZipSlipQuery } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSinks.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSinks.qll new file mode 100644 index 000000000000..3b7fd191779c --- /dev/null +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSinks.qll @@ -0,0 +1,18 @@ +/** Provides classes representing various flow sinks for data flow / taint tracking. */ + +private import java +private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.DataFlow + +/** + * A data flow sink node for an API, which should be considered + * supported for a modeling perspective. + */ +abstract class ApiSinkNode extends DataFlow::Node { } + +/** + * Add all models as data sinks. + */ +private class ApiSinkNodeExternal extends ApiSinkNode { + ApiSinkNodeExternal() { sinkNode(this, _) } +} diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 49d7bda4e448..f28cc9984871 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -387,3 +387,18 @@ class AndroidJavascriptInterfaceMethodParameter extends RemoteFlowSource { result = "Parameter of method with JavascriptInterface annotation" } } + +/** + * A data flow source node for an API, which should be considered + * supported for a modeling perspective. + */ +abstract class ApiSourceNode extends DataFlow::Node { } + +private class AddSourceNodes extends ApiSourceNode instanceof SourceNode { } + +/** + * Add all models as data sources. + */ +private class ApiSourceNodeExternal extends ApiSourceNode { + ApiSourceNodeExternal() { sourceNode(this, _) } +} diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll index 9773d00849fd..607ced09b2cf 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.frameworks.android.Intent import semmle.code.java.security.SensitiveActions +private import semmle.code.java.dataflow.FlowSinks /** * Gets regular expression for matching names of Android variables that indicate the value being held contains sensitive information. @@ -154,7 +155,7 @@ deprecated class SensitiveCommunicationConfig extends TaintTracking::Configurati /** * A class of sensitive communication sink nodes. */ -class SensitiveCommunicationSink extends DataFlow::Node { +class SensitiveCommunicationSink extends ApiSinkNode { SensitiveCommunicationSink() { isSensitiveBroadcastSink(this) or diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll index 3aa59286fcd0..d7c5fe94f28a 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.frameworks.android.Intent import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.FlowSources /** A string literal that represents the MIME type for Android APKs. */ @@ -48,7 +49,7 @@ class SetDataMethod extends Method { } /** A dataflow sink for the URI of an intent. */ -class SetDataSink extends DataFlow::ExprNode { +class SetDataSink extends ApiSinkNode, DataFlow::ExprNode { SetDataSink() { exists(MethodCall ma | this.getExpr() = ma.getQualifier() and @@ -69,7 +70,7 @@ class UriConstructorMethod extends Method { * A dataflow source representing the URIs which an APK not controlled by the * application may come from. Including external storage and web URLs. */ -class ExternalApkSource extends DataFlow::Node { +class ExternalApkSource extends ApiSourceNode { ExternalApkSource() { sourceNode(this, "android-external-storage-dir") or this.asExpr().(MethodCall).getMethod() instanceof UriConstructorMethod or diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll index 5d212ea45f23..b4162f2c6957 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll @@ -6,6 +6,8 @@ import semmle.code.java.frameworks.android.ContentProviders import semmle.code.java.frameworks.android.Intent import semmle.code.java.frameworks.android.SQLite import semmle.code.java.security.CleartextStorageQuery +private import semmle.code.java.dataflow.FlowSinks +private import semmle.code.java.dataflow.FlowSources private class LocalDatabaseCleartextStorageSink extends CleartextStorageSink { LocalDatabaseCleartextStorageSink() { localDatabaseInput(_, this.asExpr()) } @@ -99,14 +101,14 @@ private predicate localDatabaseStore(DataFlow::Node database, MethodCall store) /** * A class of local database open method call source nodes. */ -class LocalDatabaseOpenMethodCallSource extends DataFlow::Node { +class LocalDatabaseOpenMethodCallSource extends ApiSourceNode { LocalDatabaseOpenMethodCallSource() { this.asExpr() instanceof LocalDatabaseOpenMethodCall } } /** * A class of local database sink nodes. */ -class LocalDatabaseSink extends DataFlow::Node { +class LocalDatabaseSink extends ApiSinkNode { LocalDatabaseSink() { localDatabaseInput(this, _) or localDatabaseStore(this, _) } } diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll index 90749120fce6..8b1af7b4971f 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll @@ -5,9 +5,11 @@ import java import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.security.CleartextStorageQuery import semmle.code.xml.AndroidManifest +private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks +private import semmle.code.java.dataflow.FlowSources private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink { AndroidFilesystemCleartextStorageSink() { @@ -82,14 +84,14 @@ private class CloseFileMethod extends Method { /** * A class of local file open call source nodes. */ -class LocalFileOpenCallSource extends DataFlow::Node { +class LocalFileOpenCallSource extends ApiSourceNode { LocalFileOpenCallSource() { this.asExpr() instanceof LocalFileOpenCall } } /** * A class of local file sink nodes. */ -class LocalFileSink extends DataFlow::Node { +class LocalFileSink extends ApiSinkNode { LocalFileSink() { filesystemInput(this, _) or closesFile(this, _) diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll index 379d52eb5497..c3684646bdd3 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll @@ -4,6 +4,8 @@ import java import semmle.code.java.dataflow.DataFlow deprecated import semmle.code.java.dataflow.DataFlow3 import semmle.code.java.security.CleartextStorageQuery +private import semmle.code.java.dataflow.FlowSinks +private import semmle.code.java.dataflow.FlowSources private class CookieCleartextStorageSink extends CleartextStorageSink { CookieCleartextStorageSink() { this.asExpr() = cookieInput(_) } @@ -40,14 +42,14 @@ private predicate cookieStore(DataFlow::Node cookie, Expr store) { /** * A class of cookie source nodes. */ -class CookieSource extends DataFlow::Node { +class CookieSource extends ApiSourceNode { CookieSource() { this.asExpr() instanceof Cookie } } /** * A class of cookie store sink nodes. */ -class CookieStoreSink extends DataFlow::Node { +class CookieStoreSink extends ApiSinkNode { CookieStoreSink() { cookieStore(this, _) } } diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll index c09fb3cc61a6..80dc2fca1f4f 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll @@ -4,6 +4,8 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.frameworks.android.SharedPreferences import semmle.code.java.security.CleartextStorageQuery +private import semmle.code.java.dataflow.FlowSinks +private import semmle.code.java.dataflow.FlowSources private class SharedPrefsCleartextStorageSink extends CleartextStorageSink { SharedPrefsCleartextStorageSink() { @@ -70,7 +72,7 @@ private predicate sharedPreferencesStore(DataFlow::Node editor, MethodCall m) { /** * A shared preferences editor method call source nodes. */ -class SharedPreferencesEditorMethodCallSource extends DataFlow::Node { +class SharedPreferencesEditorMethodCallSource extends ApiSourceNode { SharedPreferencesEditorMethodCallSource() { this.asExpr() instanceof SharedPreferencesEditorMethodCall } @@ -79,7 +81,7 @@ class SharedPreferencesEditorMethodCallSource extends DataFlow::Node { /** * A class of shared preferences sink nodes. */ -class SharedPreferencesSink extends DataFlow::Node { +class SharedPreferencesSink extends ApiSinkNode { SharedPreferencesSink() { sharedPreferencesInput(this, _) or sharedPreferencesStore(this, _) diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll index 2fc622325dea..8d6fe0426c3c 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll @@ -1,13 +1,14 @@ /** Provides a taint-tracking configuration to reason about externally controlled format string vulnerabilities. */ import java +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.StringFormat /** * A class of string format sink nodes. */ -class StringFormatSink extends DataFlow::Node { +class StringFormatSink extends ApiSinkNode { StringFormatSink() { this.asExpr() = any(StringFormat formatCall).getFormatArgument() } } diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll index 4cac7715b98a..5c4094de3d32 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll @@ -2,6 +2,7 @@ import java private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.frameworks.android.Intent private import semmle.code.java.frameworks.android.PendingIntent @@ -27,7 +28,7 @@ class NoState extends PendingIntentState, TNoState { } /** A source for an implicit `PendingIntent` flow. */ -abstract class ImplicitPendingIntentSource extends DataFlow::Node { +abstract class ImplicitPendingIntentSource extends ApiSourceNode { /** * DEPRECATED: Open-ended flow state is not intended to be part of the extension points. * diff --git a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll index 92bcac5b50e0..e8bfc97b0fc9 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.xml.AndroidManifest import semmle.code.java.frameworks.android.Intent +private import semmle.code.java.dataflow.FlowSources /** An `onReceive` method of a `BroadcastReceiver` */ private class OnReceiveMethod extends Method { @@ -16,7 +17,7 @@ private class OnReceiveMethod extends Method { /** * A class of verified intent source nodes. */ -class VerifiedIntentConfigSource extends DataFlow::Node { +class VerifiedIntentConfigSource extends ApiSourceNode { VerifiedIntentConfigSource() { this.asParameter() = any(OnReceiveMethod orm).getIntentParameter() } diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll index df9b6bdf4a11..b21492406adf 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.HttpsUrls +private import semmle.code.java.dataflow.FlowSinks /** * A source that represents HTTP URLs. @@ -20,7 +21,7 @@ private class DefaultInsecureBasicAuthSource extends InsecureBasicAuthSource { * A sink that represents a method that sets Basic Authentication. * Extend this class to add your own Insecure Basic Authentication sinks. */ -abstract class InsecureBasicAuthSink extends DataFlow::Node { } +abstract class InsecureBasicAuthSink extends ApiSinkNode { } /** A default sink representing methods that set an Authorization header. */ private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink { diff --git a/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll b/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll index 9a8cd91b1fcf..52d58afc9e76 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuth.qll @@ -2,6 +2,7 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.frameworks.Networking private import semmle.code.java.frameworks.Jndi @@ -32,7 +33,7 @@ class InsecureLdapUrl extends Expr { /** * A sink representing the construction of a `DirContextEnvironment`. */ -class InsecureLdapUrlSink extends DataFlow::Node { +class InsecureLdapUrlSink extends ApiSinkNode { InsecureLdapUrlSink() { exists(ConstructorCall cc | cc.getConstructedType().getAnAncestor() instanceof TypeDirContext and diff --git a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll index d82f088cf155..41d8f28573ca 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll @@ -2,11 +2,12 @@ import java private import semmle.code.java.controlflow.Guards +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.security.Encryption private import semmle.code.java.security.SecurityFlag /** The creation of an insecure `TrustManager`. */ -abstract class InsecureTrustManagerSource extends DataFlow::Node { } +abstract class InsecureTrustManagerSource extends ApiSourceNode { } private class DefaultInsecureTrustManagerSource extends InsecureTrustManagerSource { DefaultInsecureTrustManagerSource() { @@ -18,7 +19,7 @@ private class DefaultInsecureTrustManagerSource extends InsecureTrustManagerSour * The use of a `TrustManager` in an SSL context. * Intentionally insecure connections are not considered sinks. */ -abstract class InsecureTrustManagerSink extends DataFlow::Node { +abstract class InsecureTrustManagerSink extends ApiSinkNode { InsecureTrustManagerSink() { not isGuardedByInsecureFlag(this) } } diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll index 4309af8b3c80..2f9470f2bb9a 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll @@ -6,6 +6,7 @@ import java private import semmle.code.java.controlflow.Guards private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.frameworks.android.Android private import semmle.code.java.frameworks.android.Intent @@ -14,7 +15,7 @@ private import semmle.code.java.frameworks.android.Intent * A sink for Intent URI permission manipulation vulnerabilities in Android, * that is, method calls that return an Intent as the result of an Activity. */ -abstract class IntentUriPermissionManipulationSink extends DataFlow::Node { } +abstract class IntentUriPermissionManipulationSink extends ApiSinkNode { } /** * A sanitizer that makes sure that an Intent is safe to be returned to another Activity. diff --git a/java/ql/lib/semmle/code/java/security/JWT.qll b/java/ql/lib/semmle/code/java/security/JWT.qll index 183495d85652..c84ebffabdbd 100644 --- a/java/ql/lib/semmle/code/java/security/JWT.qll +++ b/java/ql/lib/semmle/code/java/security/JWT.qll @@ -2,9 +2,11 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks +private import semmle.code.java.dataflow.FlowSources /** A method access that assigns signing keys to a JWT parser. */ -class JwtParserWithInsecureParseSource extends DataFlow::Node { +class JwtParserWithInsecureParseSource extends ApiSourceNode { JwtParserWithInsecureParseSource() { exists(MethodCall ma, Method m | m.getDeclaringType().getAnAncestor() instanceof TypeJwtParser or @@ -24,7 +26,7 @@ class JwtParserWithInsecureParseSource extends DataFlow::Node { * the qualifier of a call to a `parse(token, handler)` method * where the `handler` is considered insecure. */ -class JwtParserWithInsecureParseSink extends DataFlow::Node { +class JwtParserWithInsecureParseSink extends ApiSinkNode { MethodCall insecureParseMa; JwtParserWithInsecureParseSink() { diff --git a/java/ql/lib/semmle/code/java/security/JndiInjection.qll b/java/ql/lib/semmle/code/java/security/JndiInjection.qll index d7282996057d..3df8d6df378e 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjection.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjection.qll @@ -3,11 +3,12 @@ import java private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.frameworks.Jndi private import semmle.code.java.frameworks.SpringLdap /** A data flow sink for unvalidated user input that is used in JNDI lookup. */ -abstract class JndiInjectionSink extends DataFlow::Node { } +abstract class JndiInjectionSink extends ApiSinkNode { } /** A sanitizer for JNDI injection vulnerabilities. */ abstract class JndiInjectionSanitizer extends DataFlow::Node { } diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll index d5297702bef4..37f31618fc32 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll @@ -2,6 +2,7 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.frameworks.MyBatis @@ -10,7 +11,7 @@ private import semmle.code.java.frameworks.MyBatis * * Extend this class to add your own OGNL injection sinks. */ -abstract class OgnlInjectionSink extends DataFlow::Node { } +abstract class OgnlInjectionSink extends ApiSinkNode { } /** * A unit class for adding additional taint steps. diff --git a/java/ql/lib/semmle/code/java/security/QueryInjection.qll b/java/ql/lib/semmle/code/java/security/QueryInjection.qll index aa92aa16a14c..df316155ba1a 100644 --- a/java/ql/lib/semmle/code/java/security/QueryInjection.qll +++ b/java/ql/lib/semmle/code/java/security/QueryInjection.qll @@ -5,9 +5,10 @@ import semmle.code.java.dataflow.DataFlow import semmle.code.java.frameworks.javaee.Persistence private import semmle.code.java.frameworks.MyBatis private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks /** A sink for database query language injection vulnerabilities. */ -abstract class QueryInjectionSink extends DataFlow::Node { } +abstract class QueryInjectionSink extends ApiSinkNode { } /** * A unit class for adding additional taint steps. diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll index 13a4b562a50e..c0179860a01d 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.SensitiveActions +private import semmle.code.java.dataflow.FlowSinks private class ResultReceiverSendCall extends MethodCall { ResultReceiverSendCall() { @@ -53,7 +54,7 @@ deprecated private class SensitiveResultReceiverConf extends TaintTracking::Conf /** * A class of sensitive result receiver sink nodes. */ -class SensitiveResultReceiverSink extends DataFlow::Node { +class SensitiveResultReceiverSink extends ApiSinkNode { SensitiveResultReceiverSink() { exists(ResultReceiverSendCall call | untrustedResultReceiverSend(_, call) and diff --git a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll index 884ab40a3239..f9ff3f240409 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll @@ -2,6 +2,7 @@ import java private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.security.SensitiveActions private import semmle.code.java.frameworks.android.Layout @@ -54,9 +55,9 @@ private class MaskCall extends MethodCall { } /** - * A class of test field sink nodes. + * A class of text field sink nodes. */ -class TextFieldSink extends DataFlow::Node { +class TextFieldSink extends ApiSinkNode { TextFieldSink() { exists(SetTextCall call | this.asExpr() = call.getStringArgument() and diff --git a/java/ql/lib/semmle/code/java/security/SpelInjection.qll b/java/ql/lib/semmle/code/java/security/SpelInjection.qll index 1aed2049afe4..13eb195eae46 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjection.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjection.qll @@ -2,10 +2,11 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.frameworks.spring.SpringExpression /** A data flow sink for unvalidated user input that is used to construct SpEL expressions. */ -abstract class SpelExpressionEvaluationSink extends DataFlow::ExprNode { } +abstract class SpelExpressionEvaluationSink extends ApiSinkNode, DataFlow::ExprNode { } /** * A unit class for adding additional taint steps. diff --git a/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll b/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll index 2e4b31b7785e..5de0b0098e93 100644 --- a/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StackTraceExposureQuery.qll @@ -2,6 +2,7 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.security.InformationLeak @@ -98,7 +99,7 @@ predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stac /** * A class of get message source nodes. */ -class GetMessageFlowSource extends DataFlow::Node { +class GetMessageFlowSource extends ApiSourceNode { GetMessageFlowSource() { exists(Method method | this.asExpr().(MethodCall).getMethod() = method | method.hasName("getMessage") and diff --git a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll index 970363fe5439..96db99fe1b4a 100644 --- a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll @@ -1,6 +1,7 @@ /** Provides classes to reason about local information disclosure in a temporary directory. */ import java +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.os.OSCheck private import semmle.code.java.security.TempDirUtils @@ -156,7 +157,7 @@ module TempDirSystemGetPropertyToCreate = /** * A class of method file directory creation sink nodes. */ -class MethodFileDirectoryCreationSink extends DataFlow::Node { +class MethodFileDirectoryCreationSink extends ApiSinkNode { MethodFileDirectoryCreationSink() { exists(MethodCall ma | ma.getMethod() instanceof MethodFileDirectoryCreation | ma.getQualifier() = this.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll index 499475cff3ec..afd3af221bed 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll @@ -4,6 +4,7 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.frameworks.android.WebView private import semmle.code.java.frameworks.kotlin.Kotlin @@ -12,7 +13,7 @@ private import semmle.code.java.frameworks.kotlin.Kotlin * * Extend this class to add your own Unsafe Resource Fetching sinks. */ -abstract class UrlResourceSink extends DataFlow::Node { +abstract class UrlResourceSink extends ApiSinkNode { /** * Gets a description of this vulnerability. */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll index 5537add5a2ca..b19d06bbf88c 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll @@ -1,13 +1,14 @@ /** Provides classes to reason about vulnerabilites related to content URIs. */ import java +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.frameworks.android.Android private import semmle.code.java.security.PathSanitizer private import semmle.code.java.security.Sanitizers /** A URI that gets resolved by a `ContentResolver`. */ -abstract class ContentUriResolutionSink extends DataFlow::Node { } +abstract class ContentUriResolutionSink extends ApiSinkNode { } /** A sanitizer for content URIs. */ abstract class ContentUriResolutionSanitizer extends DataFlow::Node { } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index 272c483f7a21..734ad4c89fe6 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -3,6 +3,7 @@ */ import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.TaintTracking2 private import semmle.code.java.dispatch.VirtualDispatch private import semmle.code.java.frameworks.Kryo @@ -235,7 +236,7 @@ predicate unsafeDeserialization(MethodCall ma, Expr sink) { } /** A sink for unsafe deserialization. */ -class UnsafeDeserializationSink extends DataFlow::ExprNode { +class UnsafeDeserializationSink extends ApiSinkNode, DataFlow::ExprNode { UnsafeDeserializationSink() { unsafeDeserialization(_, this.getExpr()) } /** Gets a call that triggers unsafe deserialization. */ diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll index e806905c1674..02f66e3f0e95 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll @@ -2,14 +2,15 @@ import java import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.frameworks.Servlets import semmle.code.java.frameworks.ApacheHttp +private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.frameworks.JaxWS private import semmle.code.java.security.RequestForgery /** A URL redirection sink. */ -abstract class UrlRedirectSink extends DataFlow::Node { } +abstract class UrlRedirectSink extends ApiSinkNode { } /** A URL redirection sanitizer. */ abstract class UrlRedirectSanitizer extends DataFlow::Node { } diff --git a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll index d2a21be95e0a..c7fd51b1c367 100644 --- a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll +++ b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.controlflow.Guards import semmle.code.java.security.SecurityTests +private import semmle.code.java.dataflow.FlowSinks /** Holds if `ex` looks like a check that this is a debug build. */ private predicate isDebugCheck(Expr ex) { @@ -47,7 +48,7 @@ deprecated class WebviewDebugEnabledConfig extends DataFlow::Configuration { /** * A class of webview debug sink nodes. */ -class WebviewDebugSink extends DataFlow::Node { +class WebviewDebugSink extends ApiSinkNode { WebviewDebugSink() { exists(MethodCall ma | ma.getMethod().hasQualifiedName("android.webkit", "WebView", "setWebContentsDebuggingEnabled") and diff --git a/java/ql/lib/semmle/code/java/security/XPath.qll b/java/ql/lib/semmle/code/java/security/XPath.qll index 573d6530b330..c2992fdc272a 100644 --- a/java/ql/lib/semmle/code/java/security/XPath.qll +++ b/java/ql/lib/semmle/code/java/security/XPath.qll @@ -3,12 +3,13 @@ import java import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSinks /** * A sink that represents a method that interprets XPath expressions. * Extend this class to add your own XPath Injection sinks. */ -abstract class XPathInjectionSink extends DataFlow::Node { } +abstract class XPathInjectionSink extends ApiSinkNode { } /** A default sink representing methods susceptible to XPath Injection attacks. */ private class DefaultXPathInjectionSink extends XPathInjectionSink { diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index aa69e5e7865f..daf025141f5f 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -10,9 +10,11 @@ private import semmle.code.java.frameworks.hudson.Hudson import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.dataflow.FlowSinks /** A sink that represent a method that outputs data without applying contextual output encoding. */ -abstract class XssSink extends DataFlow::Node { } +abstract class XssSink extends ApiSinkNode { } /** A sanitizer that neutralizes dangerous characters that can be used to perform a XSS attack. */ abstract class XssSanitizer extends DataFlow::Node { } @@ -108,7 +110,7 @@ class XssVulnerableWriterSource extends MethodCall { /** * A class of xss vulnerable writer source nodes. */ -class XssVulnerableWriterSourceNode extends DataFlow::Node { +class XssVulnerableWriterSourceNode extends ApiSourceNode { XssVulnerableWriterSourceNode() { this.asExpr() instanceof XssVulnerableWriterSource } } diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index f6f3b1bf27c4..0ab889f73725 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.PathSanitizer private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.security.PathCreation /** @@ -24,7 +25,7 @@ private class ArchiveEntryNameMethod extends Method { /** * A class of entry name method source nodes. */ -class ArchiveEntryNameMethodSource extends DataFlow::Node { +class ArchiveEntryNameMethodSource extends ApiSourceNode { ArchiveEntryNameMethodSource() { this.asExpr().(MethodCall).getMethod() instanceof ArchiveEntryNameMethod }