Skip to content

Commit 47c5db0

Browse files
egregius313egregius313
committed
Refactor OpenStream.ql
1 parent 5bd9aae commit 47c5db0

1 file changed

Lines changed: 11 additions & 9 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import java
1515
import semmle.code.java.dataflow.TaintTracking
1616
import semmle.code.java.dataflow.FlowSources
1717
import semmle.code.java.dataflow.ExternalFlow
18-
import DataFlow::PathGraph
18+
import RemoteUrlToOpenStreamFlow::PathGraph
1919

2020
class UrlConstructor extends ClassInstanceExpr {
2121
UrlConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl }
@@ -28,30 +28,32 @@ class UrlConstructor extends ClassInstanceExpr {
2828
}
2929
}
3030

31-
class RemoteUrlToOpenStreamFlowConfig extends TaintTracking::Configuration {
32-
RemoteUrlToOpenStreamFlowConfig() { this = "OpenStream::RemoteURLToOpenStreamFlowConfig" }
31+
module RemoteUrlToOpenStreamFlowConfig implements DataFlow::ConfigSig {
32+
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
3333

34-
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
35-
36-
override predicate isSink(DataFlow::Node sink) {
34+
predicate isSink(DataFlow::Node sink) {
3735
exists(MethodAccess m |
3836
sink.asExpr() = m.getQualifier() and m.getMethod() instanceof UrlOpenStreamMethod
3937
)
4038
or
4139
sinkNode(sink, "url-open-stream")
4240
}
4341

44-
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
42+
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
4543
exists(UrlConstructor u |
4644
node1.asExpr() = u.stringArg() and
4745
node2.asExpr() = u
4846
)
4947
}
5048
}
5149

52-
from DataFlow::PathNode source, DataFlow::PathNode sink, MethodAccess call
50+
module RemoteUrlToOpenStreamFlow = TaintTracking::Global<RemoteUrlToOpenStreamFlowConfig>;
51+
52+
from
53+
RemoteUrlToOpenStreamFlow::PathNode source, RemoteUrlToOpenStreamFlow::PathNode sink,
54+
MethodAccess call
5355
where
5456
sink.getNode().asExpr() = call.getQualifier() and
55-
any(RemoteUrlToOpenStreamFlowConfig c).hasFlowPath(source, sink)
57+
RemoteUrlToOpenStreamFlow::flowPath(source, sink)
5658
select call, source, sink,
5759
"URL on which openStream is called may have been constructed from remote source."

0 commit comments

Comments
 (0)