Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 07f50e2

Browse files
aschackmullaschackmull
authored
Merge pull request #11182 from aschackmull/mad/split-configs
Java/C#: Split active configurations for model generator
2 parents 859dc7b + fc4f93c commit 07f50e2

10 files changed

Lines changed: 88 additions & 33 deletions

File tree

csharp/ql/src/utils/model-generator/CaptureSinkModels.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88

99
import internal.CaptureModels
1010

11+
class Activate extends ActiveConfiguration {
12+
override predicate activateToSinkConfig() { any() }
13+
}
14+
1115
from DataFlowTargetApi api, string sink
1216
where sink = captureSink(api)
1317
select sink order by sink

csharp/ql/src/utils/model-generator/CaptureSourceModels.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88

99
import internal.CaptureModels
1010

11+
class Activate extends ActiveConfiguration {
12+
override predicate activateFromSourceConfig() { any() }
13+
}
14+
1115
from DataFlowTargetApi api, string source
1216
where source = captureSource(api)
1317
select source order by source

csharp/ql/src/utils/model-generator/internal/CaptureModels.qll

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,14 @@
55

66
private import CaptureModelsSpecific
77

8+
class ActiveConfiguration extends Unit {
9+
predicate activateThroughFlowConfig() { none() }
10+
11+
predicate activateFromSourceConfig() { none() }
12+
13+
predicate activateToSinkConfig() { none() }
14+
}
15+
816
class DataFlowTargetApi extends TargetApiSpecific {
917
DataFlowTargetApi() { isRelevantForDataFlowModels(this) }
1018
}
@@ -140,7 +148,9 @@ private class TaintStore extends DataFlow::FlowState {
140148
* This can be used to generate Flow summaries for APIs from parameter to return.
141149
*/
142150
private class ThroughFlowConfig extends TaintTracking::Configuration {
143-
ThroughFlowConfig() { this = "ThroughFlowConfig" }
151+
ThroughFlowConfig() {
152+
this = "ThroughFlowConfig" and any(ActiveConfiguration ac).activateThroughFlowConfig()
153+
}
144154

145155
override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
146156
source instanceof DataFlow::ParameterNode and
@@ -210,7 +220,9 @@ string captureThroughFlow(DataFlowTargetApi api) {
210220
* via its return (then the API itself becomes a source).
211221
*/
212222
private class FromSourceConfiguration extends TaintTracking::Configuration {
213-
FromSourceConfiguration() { this = "FromSourceConfiguration" }
223+
FromSourceConfiguration() {
224+
this = "FromSourceConfiguration" and any(ActiveConfiguration ac).activateFromSourceConfig()
225+
}
214226

215227
override predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }
216228

@@ -250,8 +262,13 @@ string captureSource(DataFlowTargetApi api) {
250262
* This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field)
251263
* into an existing known sink (then the API itself becomes a sink).
252264
*/
253-
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
254-
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
265+
private class PropagateToSinkConfiguration extends TaintTracking::Configuration {
266+
PropagateToSinkConfiguration() {
267+
this = "parameters or fields flowing into sinks" and
268+
any(ActiveConfiguration ac).activateToSinkConfig()
269+
}
270+
271+
override predicate isSource(DataFlow::Node source) { apiSource(source) }
255272

256273
override predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }
257274

csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ module TaintTracking = CS::TaintTracking;
1919

2020
class Type = CS::Type;
2121

22+
class Unit = DataFlowPrivate::Unit;
23+
2224
/**
2325
* Holds if any of the parameters of `api` are `System.Func<>`.
2426
*/
@@ -174,15 +176,11 @@ private predicate isRelevantMemberAccess(DataFlow::Node node) {
174176
}
175177

176178
/**
177-
* Language specific parts of the `PropagateToSinkConfiguration`.
179+
* Holds if `source` is an api entrypoint relevant for creating sink models.
178180
*/
179-
class PropagateToSinkConfigurationSpecific extends CS::TaintTracking::Configuration {
180-
PropagateToSinkConfigurationSpecific() { this = "parameters or fields flowing into sinks" }
181-
182-
override predicate isSource(DataFlow::Node source) {
183-
(isRelevantMemberAccess(source) or source instanceof DataFlow::ParameterNode) and
184-
isRelevantForModels(source.getEnclosingCallable())
185-
}
181+
predicate apiSource(DataFlow::Node source) {
182+
(isRelevantMemberAccess(source) or source instanceof DataFlow::ParameterNode) and
183+
isRelevantForModels(source.getEnclosingCallable())
186184
}
187185

188186
/**

csharp/ql/src/utils/model-generator/internal/CaptureSummaryFlow.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
private import CaptureModels
22

3+
private class Activate extends ActiveConfiguration {
4+
override predicate activateThroughFlowConfig() { any() }
5+
}
6+
37
/**
48
* Capture fluent APIs that return `this`.
59
* Example of a fluent API:

java/ql/src/utils/model-generator/CaptureSinkModels.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88

99
import internal.CaptureModels
1010

11+
class Activate extends ActiveConfiguration {
12+
override predicate activateToSinkConfig() { any() }
13+
}
14+
1115
from DataFlowTargetApi api, string sink
1216
where sink = captureSink(api)
1317
select sink order by sink

java/ql/src/utils/model-generator/CaptureSourceModels.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88

99
import internal.CaptureModels
1010

11+
class Activate extends ActiveConfiguration {
12+
override predicate activateFromSourceConfig() { any() }
13+
}
14+
1115
from DataFlowTargetApi api, string source
1216
where source = captureSource(api)
1317
select source order by source

java/ql/src/utils/model-generator/internal/CaptureModels.qll

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,14 @@
55

66
private import CaptureModelsSpecific
77

8+
class ActiveConfiguration extends Unit {
9+
predicate activateThroughFlowConfig() { none() }
10+
11+
predicate activateFromSourceConfig() { none() }
12+
13+
predicate activateToSinkConfig() { none() }
14+
}
15+
816
class DataFlowTargetApi extends TargetApiSpecific {
917
DataFlowTargetApi() { isRelevantForDataFlowModels(this) }
1018
}
@@ -140,7 +148,9 @@ private class TaintStore extends DataFlow::FlowState {
140148
* This can be used to generate Flow summaries for APIs from parameter to return.
141149
*/
142150
private class ThroughFlowConfig extends TaintTracking::Configuration {
143-
ThroughFlowConfig() { this = "ThroughFlowConfig" }
151+
ThroughFlowConfig() {
152+
this = "ThroughFlowConfig" and any(ActiveConfiguration ac).activateThroughFlowConfig()
153+
}
144154

145155
override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
146156
source instanceof DataFlow::ParameterNode and
@@ -210,7 +220,9 @@ string captureThroughFlow(DataFlowTargetApi api) {
210220
* via its return (then the API itself becomes a source).
211221
*/
212222
private class FromSourceConfiguration extends TaintTracking::Configuration {
213-
FromSourceConfiguration() { this = "FromSourceConfiguration" }
223+
FromSourceConfiguration() {
224+
this = "FromSourceConfiguration" and any(ActiveConfiguration ac).activateFromSourceConfig()
225+
}
214226

215227
override predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }
216228

@@ -250,8 +262,13 @@ string captureSource(DataFlowTargetApi api) {
250262
* This can be used to generate Sink summaries for APIs, if the API propagates a parameter (or enclosing type field)
251263
* into an existing known sink (then the API itself becomes a sink).
252264
*/
253-
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
254-
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
265+
private class PropagateToSinkConfiguration extends TaintTracking::Configuration {
266+
PropagateToSinkConfiguration() {
267+
this = "parameters or fields flowing into sinks" and
268+
any(ActiveConfiguration ac).activateToSinkConfig()
269+
}
270+
271+
override predicate isSource(DataFlow::Node source) { apiSource(source) }
255272

256273
override predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }
257274

java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll

Lines changed: 16 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ module TaintTracking = Tt::TaintTracking;
1818

1919
class Type = J::Type;
2020

21+
class Unit = J::Unit;
22+
2123
private J::Method superImpl(J::Method m) {
2224
result = m.getAnOverride() and
2325
not exists(result.getAnOverride()) and
@@ -223,24 +225,21 @@ predicate isOwnInstanceAccessNode(ReturnNode node) {
223225
}
224226

225227
/**
226-
* Language specific parts of the `PropagateToSinkConfiguration`.
228+
* Holds if `source` is an api entrypoint relevant for creating sink models.
227229
*/
228-
class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration {
229-
PropagateToSinkConfigurationSpecific() { this = "parameters or fields flowing into sinks" }
230-
231-
override predicate isSource(DataFlow::Node source) {
232-
(
233-
source.asExpr().(J::FieldAccess).isOwnFieldAccess() or
234-
source instanceof DataFlow::ParameterNode
235-
) and
236-
source.getEnclosingCallable().isPublic() and
237-
exists(J::RefType t |
238-
t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and
239-
not t instanceof J::TypeObject and
240-
t.isPublic()
241-
) and
242-
isRelevantForModels(source.getEnclosingCallable())
243-
}
230+
predicate apiSource(DataFlow::Node source) {
231+
(
232+
source.asExpr().(J::FieldAccess).isOwnFieldAccess() or
233+
source instanceof DataFlow::ParameterNode
234+
) and
235+
source.getEnclosingCallable().isPublic() and
236+
exists(J::RefType t |
237+
t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and
238+
not t instanceof J::TypeObject and
239+
t.isPublic()
240+
) and
241+
isRelevantForModels(source.getEnclosingCallable()) and
242+
exists(asPartialModel(source.getEnclosingCallable()))
244243
}
245244

246245
/**

java/ql/src/utils/model-generator/internal/CaptureSummaryFlow.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
private import CaptureModels
22

3+
private class Activate extends ActiveConfiguration {
4+
override predicate activateThroughFlowConfig() { any() }
5+
}
6+
37
/**
48
* Capture fluent APIs that return `this`.
59
* Example of a fluent API:

0 commit comments

Comments
 (0)