C#: Re-factor AssemblyPathInjection to use the new API.

michaelnebel · michaelnebel · commit 9a62f51694d9 · 2023-04-13T14:54:25.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
@@ -15,20 +15,18 @@
 import csharp
 import semmle.code.csharp.security.dataflow.flowsources.Remote
 import semmle.code.csharp.commons.Util
-import DataFlow::PathGraph
+import AssemblyPathInjection::PathGraph
 
 /**
  * A taint-tracking configuration for untrusted user input used to load a DLL.
  */
-class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "DLLInjection" }
-
-  override predicate isSource(DataFlow::Node source) {
+module AssemblyPathInjectionConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source instanceof RemoteFlowSource or
     source.asExpr() = any(MainMethod main).getParameter(0).getAnAccess()
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc, string name, int arg |
       mc.getTarget().getName().matches(name) and
       mc.getTarget()
@@ -48,7 +46,12 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
   }
 }
 
-from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+/**
+ * A taint-tracking module for untrusted user input used to load a DLL.
+ */
+module AssemblyPathInjection = TaintTracking::Global<AssemblyPathInjectionConfig>;
+
+from AssemblyPathInjection::PathNode source, AssemblyPathInjection::PathNode sink
+where AssemblyPathInjection::flowPath(source, sink)
 select sink.getNode(), source, sink, "This assembly path depends on a $@.", source,
   "user-provided value"
