diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll index 711b8dd5dbbe..b83d4fce814f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll @@ -7,10 +7,11 @@ private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.dataflow.internal.DataFlowImplSpecific private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific private import codeql.dataflowstack.TaintTrackingStack as TTS -private import TTS::TaintTrackingStackMake as TaintTrackingStackFactory -private module TaintTrackingStackInput - implements TTS::TaintTrackingStackSig +module LanguageTaintTrackingStack = TTS::LanguageTaintTracking; + +private module TaintTrackingStackInput + implements LanguageTaintTrackingStack::DataFlowGroup::TaintTrackingStackSig> { private module Flow = TaintTracking::Global; @@ -29,13 +30,13 @@ private module TaintTrackingStackInput { - import TaintTrackingStackFactory::FlowStack> +module DataFlowStackMake { + import LanguageTaintTrackingStack::FlowStack, Config, TaintTrackingStackInput> } module BiStackAnalysisMake< - TaintTrackingStackFactory::DataFlow::ConfigSig ConfigA, - TaintTrackingStackFactory::DataFlow::ConfigSig ConfigB> -{ - import TaintTrackingStackFactory::BiStackAnalysis, ConfigB, TaintTrackingStackInput> + DataFlow::ConfigSig ConfigA, + DataFlow::ConfigSig ConfigB +>{ + import LanguageTaintTrackingStack::BiStackAnalysis, TaintTrackingStackInput, ConfigB, TaintTracking::Global, TaintTrackingStackInput> } \ No newline at end of file diff --git a/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll b/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll index 202619d75bc9..763e4438ea79 100644 --- a/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll +++ b/shared/dataflowstack/codeql/dataflowstack/TaintTrackingStack.qll @@ -5,43 +5,58 @@ private import codeql.dataflow.DataFlow as DF private import codeql.dataflow.TaintTracking as TT private import codeql.util.Location -signature module TaintTrackingStackSig< - LocationSig Location, DF::InputSig Lang, TT::InputSig TTLang, - DF::Configs::ConfigSig Config> -{ - Lang::Node getNode(TT::TaintFlowMake::Global::PathNode n); +/** + * A Language-initialized grouping of DataFlow types and primitives. + */ +module LanguageTaintTracking Lang, TT::InputSig TTLang>{ + module AbstractDF = DF::Configs; + module AbstractDataFlow = DF::DataFlowMake; + module AbstractTaintFlow = TT::TaintFlowMake; + module AbstractTaintFlowOverlay = TT::TaintFlowMakeOverlay; + + /** + * A collection of modules that are scoped to a specific DataFlow config implementation + */ + module DataFlowGroup{ + + module MyConfig = Config; + module TaintFlowGlobal = AbstractTaintFlow::Global; + module TaintFlowOverlayGlobal = AbstractTaintFlowOverlay::Global; - predicate isSource(TT::TaintFlowMake::Global::PathNode n); + /** + * A Taint tracking implementation, paramaterized over a DataFlow type + */ + signature module TaintTrackingStackSig{ - TT::TaintFlowMake::Global::PathNode getASuccessor( - TT::TaintFlowMake::Global::PathNode n - ); + Lang::Node getNode(GlobalFlow::PathNode n); - Lang::DataFlowCallable getARuntimeTarget(Lang::DataFlowCall call); + predicate isSource(GlobalFlow::PathNode n); - Lang::Node getAnArgumentNode(Lang::DataFlowCall call); -} + GlobalFlow::PathNode getASuccessor( + GlobalFlow::PathNode n + ); -module TaintTrackingStackMake< - LocationSig Location, DF::InputSig Lang, TT::InputSig TTLang> -{ - module DataFlow = DF::DataFlowMake; + Lang::DataFlowCallable getARuntimeTarget(Lang::DataFlowCall call); - module TaintTracking = TT::TaintFlowMake; + Lang::Node getAnArgumentNode(Lang::DataFlowCall call); + } + } module BiStackAnalysis< - DF::Configs::ConfigSig ConfigA, - TaintTrackingStackSig TaintTrackingStackA, - DF::Configs::ConfigSig ConfigB, - TaintTrackingStackSig TaintTrackingStackB> + AbstractDF::ConfigSig ConfigA, + AbstractDataFlow::GlobalFlowSig GlobalFlowA, + DataFlowGroup::TaintTrackingStackSig TaintTrackingStackA, + AbstractDF::ConfigSig ConfigB, + AbstractDataFlow::GlobalFlowSig GlobalFlowB, + DataFlowGroup::TaintTrackingStackSig TaintTrackingStackB> { - module FlowA = TaintTracking::Global; + module FlowA = GlobalFlowA; - module FlowStackA = FlowStack; + module FlowStackA = FlowStack; - module FlowB = TaintTracking::Global; + module FlowB = GlobalFlowB; - module FlowStackB = FlowStack; + module FlowStackB = FlowStack; /** * Holds if either the Stack associated with `sourceNodeA` is a subset of the stack associated with `sourceNodeB` @@ -59,10 +74,10 @@ module TaintTrackingStackMake< flowStackA = FlowStackA::createFlowStack(sourceNodeA, sinkNodeA) and flowStackB = FlowStackB::createFlowStack(sourceNodeB, sinkNodeB) and ( - BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackA, + BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackA, flowStackB) or - BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackB, + BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackB, flowStackA) ) ) @@ -87,10 +102,10 @@ module TaintTrackingStackMake< flowStackA = FlowStackA::createFlowStack(sourceNodeA, sinkNodeA) and flowStackB = FlowStackB::createFlowStack(sourceNodeB, sinkNodeB) and ( - BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackA, + BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackA, flowStackB) or - BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackB, + BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackB, flowStackA) ) ) @@ -103,7 +118,7 @@ module TaintTrackingStackMake< * The top of stackA is in stackB and the bottom of stackA is then some successor further down stackB. */ predicate flowStackIsSubsetOf(FlowStackA::FlowStack flowStackA, FlowStackB::FlowStack flowStackB) { - BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackA, + BiStackAnalysisImpl::flowStackIsSubsetOf(flowStackA, flowStackB) } @@ -115,20 +130,23 @@ module TaintTrackingStackMake< predicate flowStackIsConvergingTerminatingSubsetOf( FlowStackA::FlowStack flowStackA, FlowStackB::FlowStack flowStackB ) { - BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackA, + BiStackAnalysisImpl::flowStackIsConvergingTerminatingSubsetOf(flowStackA, flowStackB) } } private module BiStackAnalysisImpl< - DF::Configs::ConfigSig ConfigA, - TaintTrackingStackSig DataFlowStackA, - DF::Configs::ConfigSig ConfigB, - TaintTrackingStackSig DataFlowStackB> + AbstractDataFlow::GlobalFlowSig GlobalFlowA, + AbstractDF::ConfigSig ConfigA, + DataFlowGroup::TaintTrackingStackSig DataFlowStackA, + AbstractDataFlow::GlobalFlowSig GlobalFlowB, + AbstractDF::ConfigSig ConfigB, + DataFlowGroup::TaintTrackingStackSig DataFlowStackB> { - module FlowStackA = FlowStack; - module FlowStackB = FlowStack; + module FlowStackA = FlowStack; + + module FlowStackB = FlowStack; /** * Holds if stackA is a subset of stackB, @@ -173,10 +191,11 @@ module TaintTrackingStackMake< } module FlowStack< - DF::Configs::ConfigSig Config, - TaintTrackingStackSig TaintTrackingStack> + AbstractDataFlow::GlobalFlowSig GlobalFlow, + AbstractDF::ConfigSig Config, + DataFlowGroup::TaintTrackingStackSig TaintTrackingStack> { - private module Flow = TT::TaintFlowMake::Global; + private module Flow = GlobalFlow; /** * Determines whether or not the given PathNode is a source @@ -436,4 +455,4 @@ module TaintTrackingStackMake< } } } -} +} \ No newline at end of file