JS: Migrate DeepObjectResourceExhaustion

asgerf · asgerf · commit 15d999a9dc30 · 2024-12-13T10:08:09.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionCustomizations.qll
@@ -11,21 +11,26 @@ private import semmle.javascript.security.TaintedObjectCustomizations
  * DoS attacks due to inefficient handling of user-controlled objects.
  */
 module DeepObjectResourceExhaustion {
+  import semmle.javascript.security.CommonFlowState
+
   /**
    * A data flow source for inefficient handling of user-controlled objects.
    */
   abstract class Source extends DataFlow::Node {
-    /** Gets a flow label to associate with this source. */
-    DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
+    /** Gets a flow state to associate with this source. */
+    FlowState getAFlowState() { result.isTaintedObject() }
+
+    /** DEPRECATED. Use `getAFlowState()` instead. */
+    deprecated DataFlow::FlowLabel getAFlowLabel() { result = this.getAFlowState().toFlowLabel() }
   }
 
   private class TaintedObjectSourceAsSource extends Source instanceof TaintedObject::Source {
-    override DataFlow::FlowLabel getAFlowLabel() { result = TaintedObject::label() }
+    override FlowState getAFlowState() { result.isTaintedObject() }
   }
 
   /** An active threat-model source, considered as a flow source. */
   private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource {
-    override DataFlow::FlowLabel getAFlowLabel() { result.isTaint() }
+    override FlowState getAFlowState() { result.isTaint() }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll
@@ -12,26 +12,26 @@ import DeepObjectResourceExhaustionCustomizations::DeepObjectResourceExhaustion
  * of user-controlled objects.
  */
 module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowLabel;
+  import semmle.javascript.security.CommonFlowState
 
-  predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-    source.(Source).getAFlowLabel() = label
+  predicate isSource(DataFlow::Node source, FlowState state) {
+    source.(Source).getAFlowState() = state
   }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof Sink and label = TaintedObject::label()
+  predicate isSink(DataFlow::Node sink, FlowState state) {
+    sink instanceof Sink and state.isTaintedObject()
   }
 
-  predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) {
-    node = TaintedObject::SanitizerGuard::getABarrierNode(label)
+  predicate isBarrier(DataFlow::Node node, FlowState state) {
+    node = TaintedObject::SanitizerGuard::getABarrierNode(state)
   }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
   predicate isAdditionalFlowStep(
-    DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl
+    DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
   ) {
-    TaintedObject::step(src, trg, inlbl, outlbl)
+    TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2)
   }
 }
 
