Make ConditionalBypass use new API

owen-mc · owen-mc · commit 00ea023fdba9 · 2023-08-10T15:49:37.000+01:00
diff --git a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
@@ -15,27 +15,27 @@ import go
 /**
  * A taint-tracking configuration for reasoning about conditional bypass.
  */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "ConditionalBypass" }
-
-  override predicate isSource(DataFlow::Node source) {
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source instanceof UntrustedFlowSource
     or
     source = any(Field f | f.hasQualifiedName("net/http", "Request", "Host")).getARead()
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(ComparisonExpr c | c.getAnOperand() = sink.asExpr())
   }
 }
 
+module Flow = TaintTracking::Global<Config>;
+
 from
-  Configuration config, DataFlow::PathNode lhsSource, DataFlow::PathNode lhs,
-  DataFlow::PathNode rhsSource, DataFlow::PathNode rhs, ComparisonExpr c
+  DataFlow::Node lhsSource, DataFlow::Node lhs, DataFlow::Node rhsSource, DataFlow::Node rhs,
+  ComparisonExpr c
 where
-  config.hasFlowPath(rhsSource, rhs) and
-  rhs.getNode().asExpr() = c.getRightOperand() and
-  config.hasFlowPath(lhsSource, lhs) and
-  lhs.getNode().asExpr() = c.getLeftOperand()
-select c, "This comparison of a $@ with another $@ can be bypassed by a malicious user.",
-  lhsSource.getNode(), "user-controlled value", rhsSource.getNode(), "user-controlled value"
+  Flow::flow(rhsSource, rhs) and
+  rhs.asExpr() = c.getRightOperand() and
+  Flow::flow(lhsSource, lhs) and
+  lhs.asExpr() = c.getLeftOperand()
+select c, "This comparison of a $@ with another $@ can be bypassed by a malicious user.", lhsSource,
+  "user-controlled value", rhsSource, "user-controlled value"
