Simplify sink configuration

Benjamin Muskalla · Benjamin Muskalla · commit 7a7ec06819a6 · 2021-11-10T16:30:20.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSinkModels.ql b/java/ql/src/utils/model-generator/CaptureSinkModels.ql
@@ -15,28 +15,22 @@ class PropagateToSinkConfiguration extends TaintTracking::Configuration {
   PropagateToSinkConfiguration() { this = "public methods calling sinks" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(MethodAccess ma |
-      ma.getAChildExpr() = source.asExpr() and
-      ma.getAnEnclosingStmt().getEnclosingCallable().isPublic() and
-      ma.getAnEnclosingStmt().getEnclosingCallable().fromSource()
-    )
+    source.asParameter().getCallable().isPublic()
   }
 
   override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
 }
 
-string asInputArgument(Expr source) {
-  result = "Argument[" + source.(Argument).getPosition() + "]"
-  or
-  result = "Argument[" + source.(VarAccess).getVariable().(Parameter).getPosition() + "]"
+string asInputArgument(DataFlow::Node source) {
+  result = "Argument[" + source.asParameter().getPosition() + "]"
 }
 
 string captureSink(Callable api) {
   exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
     config.hasFlow(src, sink) and
     sinkNode(sink, kind) and
-    api = src.asExpr().getEnclosingCallable() and
-    result = asSinkModel(api, asInputArgument(src.asExpr()), kind)
+    api = src.asParameter().getCallable() and
+    result = asSinkModel(api, asInputArgument(src), kind)
   )
 }
 
diff --git a/java/ql/test/utils/model-generator/p/Sinks.java b/java/ql/test/utils/model-generator/p/Sinks.java
@@ -10,8 +10,8 @@
 
 public class Sinks {
     
-    public Path copyFileToDirectory(final Path sourceFile, final Path targetDirectory, final CopyOption... copyOptions) throws IOException {
-        return Files.copy(sourceFile, targetDirectory.resolve(sourceFile.getFileName()), copyOptions);
+    public Path copyFileToDirectory(final Path sourceFile, final Path targetFile, final CopyOption... copyOptions) throws IOException {
+        return Files.copy(sourceFile, targetFile, copyOptions);
     }
 
     public String readUrl(final URL url, Charset encoding) throws IOException {

Original file line number	Diff line number	Diff line change
`@@ -15,28 +15,22 @@ class PropagateToSinkConfiguration extends TaintTracking::Configuration {`
`15`	`15`	`PropagateToSinkConfiguration() { this = "public methods calling sinks" }`
`16`	`16`
`17`	`17`	`override predicate isSource(DataFlow::Node source) {`
`18`		`- exists(MethodAccess ma \|`
`19`		`- ma.getAChildExpr() = source.asExpr() and`
`20`		`- ma.getAnEnclosingStmt().getEnclosingCallable().isPublic() and`
`21`		`- ma.getAnEnclosingStmt().getEnclosingCallable().fromSource()`
`22`		`- )`
	`18`	`+ source.asParameter().getCallable().isPublic()`
`23`	`19`	`}`
`24`	`20`
`25`	`21`	`override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }`
`26`	`22`	`}`
`27`	`23`
`28`		`-string asInputArgument(Expr source) {`
`29`		`- result = "Argument[" + source.(Argument).getPosition() + "]"`
`30`		`- or`
`31`		`- result = "Argument[" + source.(VarAccess).getVariable().(Parameter).getPosition() + "]"`
	`24`	`+string asInputArgument(DataFlow::Node source) {`
	`25`	`+ result = "Argument[" + source.asParameter().getPosition() + "]"`
`32`	`26`	`}`
`33`	`27`
`34`	`28`	`string captureSink(Callable api) {`
`35`	`29`	`exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind \|`
`36`	`30`	`config.hasFlow(src, sink) and`
`37`	`31`	`sinkNode(sink, kind) and`
`38`		`- api = src.asExpr().getEnclosingCallable() and`
`39`		`- result = asSinkModel(api, asInputArgument(src.asExpr()), kind)`
	`32`	`+ api = src.asParameter().getCallable() and`
	`33`	`+ result = asSinkModel(api, asInputArgument(src), kind)`
`40`	`34`	`)`
`41`	`35`	`}`
`42`	`36`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,8 @@`
`10`	`10`
`11`	`11`	`public class Sinks {`
`12`	`12`
`13`		`- public Path copyFileToDirectory(final Path sourceFile, final Path targetDirectory, final CopyOption... copyOptions) throws IOException {`
`14`		`- return Files.copy(sourceFile, targetDirectory.resolve(sourceFile.getFileName()), copyOptions);`
	`13`	`+ public Path copyFileToDirectory(final Path sourceFile, final Path targetFile, final CopyOption... copyOptions) throws IOException {`
	`14`	`+ return Files.copy(sourceFile, targetFile, copyOptions);`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`public String readUrl(final URL url, Charset encoding) throws IOException {`