@@ -11,7 +11,41 @@ import DeepObjectResourceExhaustionCustomizations::DeepObjectResourceExhaustion
1111 * A taint tracking configuration for reasoning about DoS attacks due to inefficient handling
1212 * of user-controlled objects.
1313 */
14- class Configuration extends TaintTracking:: Configuration {
14+ module DeepObjectResourceExhaustionConfig implements DataFlow:: StateConfigSig {
15+ class FlowState = DataFlow:: FlowLabel ;
16+
17+ predicate isSource ( DataFlow:: Node source , DataFlow:: FlowLabel label ) {
18+ source .( Source ) .getAFlowLabel ( ) = label
19+ }
20+
21+ predicate isSink ( DataFlow:: Node sink , DataFlow:: FlowLabel label ) {
22+ sink instanceof Sink and label = TaintedObject:: label ( )
23+ }
24+
25+ predicate isBarrier ( DataFlow:: Node node , DataFlow:: FlowLabel label ) {
26+ node = TaintedObject:: SanitizerGuard:: getABarrierNode ( label )
27+ }
28+
29+ predicate isBarrier ( DataFlow:: Node node ) { node instanceof Sanitizer }
30+
31+ predicate isAdditionalFlowStep (
32+ DataFlow:: Node src , DataFlow:: FlowLabel inlbl , DataFlow:: Node trg , DataFlow:: FlowLabel outlbl
33+ ) {
34+ TaintedObject:: step ( src , trg , inlbl , outlbl )
35+ }
36+ }
37+
38+ /**
39+ * Taint tracking for reasoning about DoS attacks due to inefficient handling
40+ * of user-controlled objects.
41+ */
42+ module DeepObjectResourceExhaustionFlow =
43+ TaintTracking:: GlobalWithState< DeepObjectResourceExhaustionConfig > ;
44+
45+ /**
46+ * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead.
47+ */
48+ deprecated class Configuration extends TaintTracking:: Configuration {
1549 Configuration ( ) { this = "DeepObjectResourceExhaustion" }
1650
1751 override predicate isSource ( DataFlow:: Node source , DataFlow:: FlowLabel label ) {
0 commit comments