Make StringBreak use new API

owen-mc · owen-mc · commit 6c91f777761a · 2023-08-10T15:49:17.000+01:00
diff --git a/go/ql/lib/semmle/go/security/StringBreak.qll b/go/ql/lib/semmle/go/security/StringBreak.qll
@@ -14,10 +14,12 @@ module StringBreak {
   import StringBreakCustomizations::StringBreak
 
   /**
+   * DEPRECATED: Use `Flow` instead.
+   *
    * A taint-tracking configuration for reasoning about unsafe-quoting vulnerabilities,
    * parameterized with the type of quote being tracked.
    */
-  class Configuration extends TaintTracking::Configuration {
+  deprecated class Configuration extends TaintTracking::Configuration {
     Quote quote;
 
     Configuration() { this = "StringBreak" + quote }
@@ -31,4 +33,21 @@ module StringBreak {
 
     override predicate isSanitizer(DataFlow::Node nd) { quote = nd.(Sanitizer).getQuote() }
   }
+
+  private module Config implements DataFlow::StateConfigSig {
+    /** The type of quote being tracked by this configuration. */
+    class FlowState = Quote;
+
+    predicate isSource(DataFlow::Node source, FlowState state) {
+      source instanceof Source and exists(state)
+    }
+
+    predicate isSink(DataFlow::Node sink, FlowState state) { state = sink.(Sink).getQuote() }
+
+    predicate isBarrier(DataFlow::Node node, FlowState state) {
+      state = node.(Sanitizer).getQuote()
+    }
+  }
+
+  module Flow = TaintTracking::GlobalWithState<Config>;
 }
diff --git a/go/ql/src/Security/CWE-089/StringBreak.expected b/go/ql/src/Security/CWE-089/StringBreak.expected
@@ -0,0 +1,8 @@
+edges
+| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON |
+nodes
+| StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
+| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
+subpaths
+#select
+| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |
diff --git a/go/ql/src/Security/CWE-089/StringBreak.ql b/go/ql/src/Security/CWE-089/StringBreak.ql
@@ -17,10 +17,10 @@
 
 import go
 import semmle.go.security.StringBreak
-import DataFlow::PathGraph
+import StringBreak::Flow::PathGraph
 
-from StringBreak::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from StringBreak::Flow::PathNode source, StringBreak::Flow::PathNode sink
+where StringBreak::Flow::flowPath(source, sink)
 select sink.getNode(), source, sink,
-  "If this $@ contains a " + cfg.getQuote().getType() + " quote, it could break out of " +
-    "the enclosing quotes.", source.getNode(), "JSON value"
+  "If this $@ contains a " + sink.getNode().(StringBreak::Sink).getQuote().getType() +
+    " quote, it could break out of " + "the enclosing quotes.", source.getNode(), "JSON value"
