|
12 | 12 | */ |
13 | 13 |
|
14 | 14 | import javascript |
15 | | -import DataFlow::PathGraph |
16 | 15 | import DecompressionBombs |
17 | 16 |
|
18 | | -class BombConfiguration extends TaintTracking::Configuration { |
19 | | - BombConfiguration() { this = "DecompressionBombs" } |
| 17 | +module DecompressionBombConfig implements DataFlow::ConfigSig { |
| 18 | + predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } |
20 | 19 |
|
21 | | - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } |
| 20 | + predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink } |
22 | 21 |
|
23 | | - override predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionBomb::Sink } |
24 | | - |
25 | | - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { |
| 22 | + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { |
26 | 23 | exists(DecompressionBomb::AdditionalTaintStep addstep | |
27 | 24 | addstep.isAdditionalTaintStep(pred, succ) |
28 | 25 | ) |
29 | 26 | } |
30 | 27 | } |
31 | 28 |
|
32 | | -from BombConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink |
33 | | -where cfg.hasFlowPath(source, sink) |
| 29 | +module DecompressionBombFlow = TaintTracking::Global<DecompressionBombConfig>; |
| 30 | + |
| 31 | +import DecompressionBombFlow::PathGraph |
| 32 | + |
| 33 | +from DecompressionBombFlow::PathNode source, DecompressionBombFlow::PathNode sink |
| 34 | +where DecompressionBombFlow::flowPath(source, sink) |
34 | 35 | select sink.getNode(), source, sink, "This Decompression depends on a $@.", source.getNode(), |
35 | 36 | "potentially untrusted source" |
0 commit comments