Make DivideByZero use new API

owen-mc · owen-mc · commit ea1f39683daf · 2023-08-10T15:49:35.000+01:00
The extra nodes in .expected files are due to the changes from #13717, which are not applied to configuration classes extending DataFlow::Configuration or TaintTracking::Configuration.
diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.ql b/go/ql/src/experimental/CWE-369/DivideByZero.ql
@@ -10,7 +10,6 @@
  */
 
 import go
-import DataFlow::PathGraph
 import semmle.go.dataflow.internal.TaintTrackingUtil
 
 /**
@@ -31,28 +30,30 @@ predicate divideByZeroSanitizerGuard(DataFlow::Node g, Expr e, boolean branch) {
 /**
  * A taint-tracking configuration for reasoning about division by zero, where divisor is user-controlled and unchecked.
  */
-class DivideByZeroCheckConfig extends TaintTracking::Configuration {
-  DivideByZeroCheckConfig() { this = "DivideByZeroCheckConfig" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
       f.hasQualifiedName("strconv", ["Atoi", "ParseInt", "ParseUint", "ParseFloat"]) and
-      pred = cn.getArgument(0) and
-      succ = cn.getResult(0)
+      node1 = cn.getArgument(0) and
+      node2 = cn.getResult(0)
     )
   }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     node = DataFlow::BarrierGuard<divideByZeroSanitizerGuard/3>::getABarrierNode()
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink = DataFlow::exprNode(any(QuoExpr e).getRightOperand())
   }
 }
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, DivideByZeroCheckConfig cfg
-where cfg.hasFlowPath(source, sink)
+module Flow = TaintTracking::Global<Config>;
+
+import Flow::PathGraph
+
+from Flow::PathNode source, Flow::PathNode sink
+where Flow::flowPath(source, sink)
 select sink, source, sink, "This variable might be zero leading to a division-by-zero panic."
diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected
@@ -1,34 +1,50 @@
 edges
 | DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query |
-| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:12:16:12:20 | value |
+| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 |
+| DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value |
+| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] |
 | DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query |
 | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion |
 | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value |
 | DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query |
-| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:26:16:26:20 | value |
+| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 |
+| DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value |
+| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] |
 | DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query |
-| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:33:16:33:20 | value |
+| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 |
+| DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value |
+| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] |
 | DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query |
-| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:40:16:40:20 | value |
+| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 |
+| DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value |
+| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] |
 | DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query |
 | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion |
 | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value |
 nodes
 | DivideByZero.go:10:12:10:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:10:12:10:24 | call to Query | semmle.label | call to Query |
+| DivideByZero.go:11:2:11:33 | ... := ...[0] | semmle.label | ... := ...[0] |
+| DivideByZero.go:11:27:11:32 | param1 | semmle.label | param1 |
 | DivideByZero.go:12:16:12:20 | value | semmle.label | value |
 | DivideByZero.go:17:12:17:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:17:12:17:24 | call to Query | semmle.label | call to Query |
 | DivideByZero.go:18:11:18:24 | type conversion | semmle.label | type conversion |
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
 | DivideByZero.go:24:12:24:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:24:12:24:24 | call to Query | semmle.label | call to Query |
+| DivideByZero.go:25:2:25:45 | ... := ...[0] | semmle.label | ... := ...[0] |
+| DivideByZero.go:25:31:25:36 | param1 | semmle.label | param1 |
 | DivideByZero.go:26:16:26:20 | value | semmle.label | value |
 | DivideByZero.go:31:12:31:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:31:12:31:24 | call to Query | semmle.label | call to Query |
+| DivideByZero.go:32:2:32:43 | ... := ...[0] | semmle.label | ... := ...[0] |
+| DivideByZero.go:32:33:32:38 | param1 | semmle.label | param1 |
 | DivideByZero.go:33:16:33:20 | value | semmle.label | value |
 | DivideByZero.go:38:12:38:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:38:12:38:24 | call to Query | semmle.label | call to Query |
+| DivideByZero.go:39:2:39:46 | ... := ...[0] | semmle.label | ... := ...[0] |
+| DivideByZero.go:39:32:39:37 | param1 | semmle.label | param1 |
 | DivideByZero.go:40:16:40:20 | value | semmle.label | value |
 | DivideByZero.go:54:12:54:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:54:12:54:24 | call to Query | semmle.label | call to Query |
