@@ -58,21 +58,24 @@ module TaintedUrlSuffix {
5858
5959 /** Gets the `tainted-url-suffix` flow state. */
6060 FlowState taintedUrlSuffix ( ) { result .isTaintedUrlSuffix ( ) }
61+
62+ /** DEPRECATED. Gets the flow state correpsonding to `label`. */
63+ deprecated FlowState fromFlowLabel ( DataFlow:: FlowLabel label ) { result .toFlowLabel ( ) = label }
6164 }
6265
6366 /**
6467 * The flow label representing a URL with a tainted query and fragment part.
6568 *
6669 * Can also be accessed using `TaintedUrlSuffix::label()`.
6770 */
68- abstract class TaintedUrlSuffixLabel extends FlowLabel {
71+ abstract deprecated class TaintedUrlSuffixLabel extends FlowLabel {
6972 TaintedUrlSuffixLabel ( ) { this = "tainted-url-suffix" }
7073 }
7174
7275 /**
7376 * Gets the flow label representing a URL with a tainted query and fragment part.
7477 */
75- FlowLabel label ( ) { result instanceof TaintedUrlSuffixLabel }
78+ deprecated FlowLabel label ( ) { result instanceof TaintedUrlSuffixLabel }
7679
7780 /** Gets a remote flow source that is a tainted URL query or fragment part from `window.location`. */
7881 ClientSideRemoteFlowSource source ( ) {
@@ -84,22 +87,39 @@ module TaintedUrlSuffix {
8487 }
8588
8689 /**
90+ * DEPRECATED. Use `isStateBarrier(node, state)` instead.
91+ *
8792 * Holds if `node` should be a barrier for the given `label`.
8893 *
8994 * This should be used in the `isBarrier` predicate of a configuration that uses the tainted-url-suffix
9095 * label.
9196 */
92- predicate isBarrier ( Node node , FlowLabel label ) {
93- label = label ( ) and
94- DataFlowPrivate:: optionalBarrier ( node , "split-url-suffix" )
97+ deprecated predicate isBarrier ( Node node , FlowLabel label ) {
98+ isStateBarrier ( node , FlowState:: fromFlowLabel ( label ) )
99+ }
100+
101+ /**
102+ * Holds if `node` should be blocked in `state`.
103+ */
104+ predicate isStateBarrier ( Node node , FlowState state ) {
105+ DataFlowPrivate:: optionalBarrier ( node , "split-url-suffix" ) and
106+ state .isTaintedUrlSuffix ( )
107+ }
108+
109+ /**
110+ * DEPRECATED. Use `isAdditionalFlowStep` instead.
111+ */
112+ deprecated predicate step ( Node src , Node dst , FlowLabel srclbl , FlowLabel dstlbl ) {
113+ isAdditionalFlowStep ( src , FlowState:: fromFlowLabel ( srclbl ) , dst ,
114+ FlowState:: fromFlowLabel ( dstlbl ) )
95115 }
96116
97117 /**
98- * Holds if there is a flow step `src -> dst` involving the URL suffix taint label .
118+ * Holds if there is a flow step `src -> dst` involving the URL suffix flow state .
99119 *
100120 * This handles steps through string operations, promises, URL parsers, and URL accessors.
101121 */
102- predicate step ( Node src , Node dst , FlowLabel srclbl , FlowLabel dstlbl ) {
122+ predicate isAdditionalFlowStep ( Node src , FlowState srclbl , Node dst , FlowState dstlbl ) {
103123 // Transition from tainted-url-suffix to general taint when entering the second array element
104124 // of a split('#') or split('?') array.
105125 //
@@ -108,12 +128,12 @@ module TaintedUrlSuffix {
108128 // Technically we should also preverse tainted-url-suffix when entering the first array element of such
109129 // a split, but this mostly leads to FPs since we currently don't track if the taint has been through URI-decoding.
110130 // (The query/fragment parts are often URI-decoded in practice, but not the other URL parts are not)
111- srclbl = label ( ) and
131+ srclbl . isTaintedUrlSuffix ( ) and
112132 dstlbl .isTaint ( ) and
113133 DataFlowPrivate:: optionalStep ( src , "split-url-suffix-post" , dst )
114134 or
115135 // Transition from URL suffix to full taint when extracting the query/fragment part.
116- srclbl = label ( ) and
136+ srclbl . isTaintedUrlSuffix ( ) and
117137 dstlbl .isTaint ( ) and
118138 (
119139 exists ( MethodCallNode call , string name |
0 commit comments