Make StoredCommand use new API

owen-mc · owen-mc · commit 4334a51cf381 · 2023-08-10T15:49:15.000+01:00
diff --git a/go/ql/lib/semmle/go/security/StoredCommand.qll b/go/ql/lib/semmle/go/security/StoredCommand.qll
@@ -17,9 +17,11 @@ import CommandInjectionCustomizations
  */
 module StoredCommand {
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A taint-tracking configuration for reasoning about command-injection vulnerabilities.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Configuration() { this = "StoredCommand" }
 
     override predicate isSource(DataFlow::Node source) {
@@ -39,4 +41,18 @@ module StoredCommand {
       guard instanceof CommandInjection::SanitizerGuard
     }
   }
+
+  private module Config implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source instanceof StoredXss::Source and
+      // exclude file names, since those are not generally an issue
+      not source instanceof StoredXss::FileNameSource
+    }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjection::Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof CommandInjection::Sanitizer }
+  }
+
+  module Flow = TaintTracking::Global<Config>;
 }
diff --git a/go/ql/src/Security/CWE-078/StoredCommand.ql b/go/ql/src/Security/CWE-078/StoredCommand.ql
@@ -13,9 +13,9 @@
 
 import go
 import semmle.go.security.StoredCommand
-import DataFlow::PathGraph
+import StoredCommand::Flow::PathGraph
 
-from StoredCommand::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from StoredCommand::Flow::PathNode source, StoredCommand::Flow::PathNode sink
+where StoredCommand::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(),
   "stored value"
