@@ -217,13 +217,23 @@ module TaintTracking {
217217 * Note: For performance reasons, all subclasses of this class should be part
218218 * of the standard library. Override `Configuration::isAdditionalTaintStep`
219219 * for analysis-specific taint steps.
220+ *
221+ * This class has multiple kinds of `step` predicates; these all have the same
222+ * effect on taint-tracking configurations. However, the categorization of steps
223+ * allows some data-flow configurations to opt in to specific kinds of taint steps.
220224 */
221225 class SharedTaintStep extends Unit {
222226 /**
223227 * Holds if `pred` → `succ` should be considered a taint-propagating
224228 * data flow edge.
225229 */
226- abstract predicate step ( DataFlow:: Node pred , DataFlow:: Node succ ) ;
230+ predicate step ( DataFlow:: Node pred , DataFlow:: Node succ ) { none ( ) }
231+
232+ /**
233+ * Holds if `pred` → `succ` should be considered a taint-propagating
234+ * data flow edge, in the URI category.
235+ */
236+ predicate uriStep ( DataFlow:: Node pred , DataFlow:: Node succ ) { none ( ) }
227237 }
228238
229239 /**
@@ -233,6 +243,12 @@ module TaintTracking {
233243 any ( SharedTaintStep step ) .step ( pred , succ )
234244 or
235245 any ( AdditionalTaintStep step ) .step ( pred , succ )
246+ or
247+ uriStep ( pred , succ )
248+ }
249+
250+ predicate uriStep ( DataFlow:: Node pred , DataFlow:: Node succ ) {
251+ any ( SharedTaintStep step ) .uriStep ( pred , succ )
236252 }
237253
238254 /**
0 commit comments