Merge pull request #220 from advanced-security/knewbury01/dataflow-lib-upgrade-simple

Begin dataflow lib upgrade generic portions

Author: jeongsoolee09

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPCqlInjectionQuery.qll

@@ -166,16 +166,14 @@ class CqlClauseParserCallWithStringConcat instanceof CqlClauseParserCall {
  * instead (notice the lack of parentheses around the template literal), then the `where` call
  * becomes a parser call of the template literal following it and thus acts as a sanitizer.
  */
-class CqlInjectionConfiguration extends TaintTracking::Configuration {
-  CqlInjectionConfiguration() { this = "CQL injection from untrusted data" }
+module CqlInjectionConfiguration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
 
-  override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
+  predicate isSink(DataFlow::Node node) { node instanceof CqlInjectionSink }
 
-  override predicate isSink(DataFlow::Node node) { node instanceof CqlInjectionSink }
+  predicate isBarrier(DataFlow::Node node) { node instanceof SqlInjection::Sanitizer }
 
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof SqlInjection::Sanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node start, DataFlow::Node end) {
+  predicate isAdditionalFlowStep(DataFlow::Node start, DataFlow::Node end) {
     /*
      * 1. Given a call to a CQL parser, jump from the argument to the parser call itself.
      */

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPLogInjectionQuery.qll

@@ -43,19 +43,19 @@ class CdsLogSink extends DataFlow::Node {
   }
 }
 
-class CAPLogInjectionConfiguration extends LogInjectionConfiguration {
-  override predicate isSource(DataFlow::Node start) {
-    super.isSource(start)
+module CAPLogInjectionConfiguration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node start) {
+    LogInjectionConfig::isSource(start)
     or
     start instanceof RemoteFlowSource
   }
 
-  override predicate isBarrier(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     exists(HandlerParameterData handlerParameterData |
       node = handlerParameterData and
       not handlerParameterData.getType() = ["cds.String", "cds.LargeString"]
     )
   }
 
-  override predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }
+  predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }
 }

javascript/frameworks/cap/src/cqlinjection/CqlInjection.ql

@@ -11,11 +11,14 @@
  */
 
 import javascript
-import DataFlow::PathGraph
 import advanced_security.javascript.frameworks.cap.CAPCqlInjectionQuery
 
-from CqlInjectionConfiguration sql, DataFlow::PathNode source, DataFlow::PathNode sink
-where sql.hasFlowPath(source, sink)
+module CqlInjectionConfigurationFlow = TaintTracking::Global<CqlInjectionConfiguration>;
+
+import CqlInjectionConfigurationFlow::PathGraph
+
+from CqlInjectionConfigurationFlow::PathNode source, CqlInjectionConfigurationFlow::PathNode sink
+where CqlInjectionConfigurationFlow::flowPath(source, sink)
 select sink.getNode().(CqlInjectionSink).getQuery(), source, sink,
   "This CQL query contains a string concatenation with a $@.", source.getNode(),
   "user-provided value"

javascript/frameworks/cap/src/loginjection/LogInjection.ql

@@ -11,11 +11,15 @@
  */
 
 import javascript
-import DataFlow::PathGraph
 import advanced_security.javascript.frameworks.cap.dataflow.DataFlow
 import advanced_security.javascript.frameworks.cap.CAPLogInjectionQuery
 
-from CAPLogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module CAPLogInjectionConfigurationFlow = TaintTracking::Global<CAPLogInjectionConfiguration>;
+
+import CAPLogInjectionConfigurationFlow::PathGraph
+
+from
+  CAPLogInjectionConfigurationFlow::PathNode source, CAPLogInjectionConfigurationFlow::PathNode sink
+where CAPLogInjectionConfigurationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(),
   "user-provided value"

javascript/frameworks/cap/src/sensitive-exposure/SensitiveExposure.ql

@@ -14,7 +14,6 @@
 import javascript
 import advanced_security.javascript.frameworks.cap.CDS
 import advanced_security.javascript.frameworks.cap.CAPLogInjectionQuery
-import DataFlow::PathGraph
 
 EntityReferenceFromEntities entityAccesses(string entityNamespace) {
   entityNamespace = result.getEntitiesCallNamespace()
@@ -40,18 +39,18 @@ class SensitiveExposureFieldSource instanceof PropRead {
   string toString() { result = super.toString() }
 }
 
-class SensitiveLogExposureConfig extends TaintTracking::Configuration {
-  SensitiveLogExposureConfig() { this = "SensitiveLogExposure" }
+module SensitiveLogExposureConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof SensitiveExposureFieldSource }
 
-  override predicate isSource(DataFlow::Node source) {
-    source instanceof SensitiveExposureFieldSource
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof CdsLogSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof CdsLogSink }
 }
 
-from SensitiveLogExposureConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module SensitiveLogExposureConfigFlow = TaintTracking::Global<SensitiveLogExposureConfig>;
+
+import SensitiveLogExposureConfigFlow::PathGraph
+
+from SensitiveLogExposureConfigFlow::PathNode source, SensitiveLogExposureConfigFlow::PathNode sink
+where SensitiveLogExposureConfigFlow::flowPath(source, sink)
 select sink, source, sink,
   "Log entry depends on the $@ field which is annotated as potentially sensitive.",
   source.getNode().(SensitiveExposureFieldSource).getCdsField(),