Java: Refactor CaptureSourceModel to enable re-use.

michaelnebel · michaelnebel · commit 45234b16316c · 2022-03-29T11:07:56.000+02:00
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModels.ql b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -4,41 +4,8 @@
  * @id java/utils/model-generator/sink-models
  */
 
-import java
-private import semmle.code.java.dataflow.TaintTracking
-private import semmle.code.java.dataflow.ExternalFlow
-private import semmle.code.java.dataflow.internal.DataFlowImplCommon
 private import ModelGeneratorUtils
-
-class FromSourceConfiguration extends TaintTracking::Configuration {
-  FromSourceConfiguration() { this = "FromSourceConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(TargetApi c |
-      sink instanceof ReturnNodeExt and
-      sink.getEnclosingCallable() = c
-    )
-  }
-
-  override DataFlow::FlowFeature getAFeature() {
-    result instanceof DataFlow::FeatureHasSinkCallContext
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isRelevantTaintStep(node1, node2)
-  }
-}
-
-string captureSource(TargetApi api) {
-  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
-    config.hasFlow(source, sink) and
-    sourceNode(source, kind) and
-    api = sink.getEnclosingCallable() and
-    result = asSourceModel(api, returnNodeAsOutput(sink), kind)
-  )
-}
+private import CaptureSourceModels
 
 from TargetApi api, string sink
 where sink = captureSource(api)
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModels.qll b/java/ql/src/utils/model-generator/CaptureSourceModels.qll
@@ -0,0 +1,32 @@
+private import CaptureSourceModelsSpecific
+private import ModelGeneratorUtils
+
+class FromSourceConfiguration extends TaintTracking::Configuration {
+  FromSourceConfiguration() { this = "FromSourceConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(TargetApi c |
+      sink instanceof ReturnNodeExt and
+      sink.getEnclosingCallable() = c
+    )
+  }
+
+  override DataFlow::FlowFeature getAFeature() {
+    result instanceof DataFlow::FeatureHasSinkCallContext
+  }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    isRelevantTaintStep(node1, node2)
+  }
+}
+
+string captureSource(TargetApi api) {
+  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
+    config.hasFlow(source, sink) and
+    sourceNode(source, kind) and
+    api = sink.getEnclosingCallable() and
+    result = asSourceModel(api, returnNodeAsOutput(sink), kind)
+  )
+}
diff --git a/java/ql/src/utils/model-generator/CaptureSourceModelsSpecific.qll b/java/ql/src/utils/model-generator/CaptureSourceModelsSpecific.qll
@@ -0,0 +1,4 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.ExternalFlow
+import semmle.code.java.dataflow.internal.DataFlowImplCommon
