JS: Update TaintedUrlSuffix test

asgerf · asgerf · commit 14ca1c134b28 · 2024-12-13T10:08:07.000+01:00
diff --git a/javascript/ql/test/library-tests/TaintedUrlSuffix/test.ql b/javascript/ql/test/library-tests/TaintedUrlSuffix/test.ql
@@ -3,17 +3,17 @@ import testUtilities.InlineExpectationsTest
 import semmle.javascript.security.TaintedUrlSuffix
 
 module TestConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowLabel;
+  import semmle.javascript.security.CommonFlowState
 
-  predicate isSource(DataFlow::Node node, DataFlow::FlowLabel state) {
-    node = TaintedUrlSuffix::source() and state = TaintedUrlSuffix::label()
+  predicate isSource(DataFlow::Node node, FlowState state) {
+    node = TaintedUrlSuffix::source() and state.isTaintedUrlSuffix()
     or
     node instanceof RemoteFlowSource and
     not node = TaintedUrlSuffix::source() and
     state.isTaint()
   }
 
-  predicate isSink(DataFlow::Node node, DataFlow::FlowLabel state) { none() }
+  predicate isSink(DataFlow::Node node, FlowState state) { none() }
 
   predicate isSink(DataFlow::Node node) {
     exists(DataFlow::CallNode call |
@@ -23,14 +23,13 @@ module TestConfig implements DataFlow::StateConfigSig {
   }
 
   predicate isAdditionalFlowStep(
-    DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2,
-    DataFlow::FlowLabel state2
+    DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
   ) {
-    TaintedUrlSuffix::step(node1, node2, state1, state2)
+    TaintedUrlSuffix::isAdditionalFlowStep(node1, state1, node2, state2)
   }
 
-  predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) {
-    TaintedUrlSuffix::isBarrier(node, label)
+  predicate isBarrier(DataFlow::Node node, FlowState state) {
+    TaintedUrlSuffix::isStateBarrier(node, state)
   }
 }
 
@@ -44,7 +43,7 @@ module InlineTest implements TestSig {
     exists(TestFlow::PathNode src, TestFlow::PathNode sink | TestFlow::flowPath(src, sink) |
       sink.getLocation() = location and
       element = "" and
-      value = sink.getState()
+      value = sink.getState().toString()
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -3,17 +3,17 @@ import testUtilities.InlineExpectationsTest`
`3`	`3`	`import semmle.javascript.security.TaintedUrlSuffix`
`4`	`4`
`5`	`5`	`module TestConfig implements DataFlow::StateConfigSig {`
`6`		`- class FlowState = DataFlow::FlowLabel;`
	`6`	`+ import semmle.javascript.security.CommonFlowState`
`7`	`7`
`8`		`- predicate isSource(DataFlow::Node node, DataFlow::FlowLabel state) {`
`9`		`- node = TaintedUrlSuffix::source() and state = TaintedUrlSuffix::label()`
	`8`	`+ predicate isSource(DataFlow::Node node, FlowState state) {`
	`9`	`+ node = TaintedUrlSuffix::source() and state.isTaintedUrlSuffix()`
`10`	`10`	`or`
`11`	`11`	`node instanceof RemoteFlowSource and`
`12`	`12`	`not node = TaintedUrlSuffix::source() and`
`13`	`13`	`state.isTaint()`
`14`	`14`	`}`
`15`	`15`
`16`		`- predicate isSink(DataFlow::Node node, DataFlow::FlowLabel state) { none() }`
	`16`	`+ predicate isSink(DataFlow::Node node, FlowState state) { none() }`
`17`	`17`
`18`	`18`	`predicate isSink(DataFlow::Node node) {`
`19`	`19`	`exists(DataFlow::CallNode call \|`
`@@ -23,14 +23,13 @@ module TestConfig implements DataFlow::StateConfigSig {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`predicate isAdditionalFlowStep(`
`26`		`- DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2,`
`27`		`- DataFlow::FlowLabel state2`
	`26`	`+ DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2`
`28`	`27`	`) {`
`29`		`- TaintedUrlSuffix::step(node1, node2, state1, state2)`
	`28`	`+ TaintedUrlSuffix::isAdditionalFlowStep(node1, state1, node2, state2)`
`30`	`29`	`}`
`31`	`30`
`32`		`- predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) {`
`33`		`- TaintedUrlSuffix::isBarrier(node, label)`
	`31`	`+ predicate isBarrier(DataFlow::Node node, FlowState state) {`
	`32`	`+ TaintedUrlSuffix::isStateBarrier(node, state)`
`34`	`33`	`}`
`35`	`34`	`}`
`36`	`35`
`@@ -44,7 +43,7 @@ module InlineTest implements TestSig {`
`44`	`43`	`exists(TestFlow::PathNode src, TestFlow::PathNode sink \| TestFlow::flowPath(src, sink) \|`
`45`	`44`	`sink.getLocation() = location and`
`46`	`45`	`element = "" and`
`47`		`- value = sink.getState()`
	`46`	`+ value = sink.getState().toString()`
`48`	`47`	`)`
`49`	`48`	`}`
`50`	`49`	`}`