Java: share isKnownKind between modes

Stephan Brandauer · Stephan Brandauer · commit db61a2d09920 · 2023-05-25T14:16:16.000+02:00
diff --git a/java/ql/src/Telemetry/AutomodelApplicationModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelApplicationModeCharacteristics.qll
@@ -14,6 +14,7 @@ private import semmle.code.java.Expr as Expr
 private import semmle.code.java.security.QueryInjection
 private import semmle.code.java.security.RequestForgery
 private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclusions
+private import AutomodelSharedUtil as AutomodelSharedUtil
 import AutomodelSharedCharacteristics as SharedCharacteristics
 import AutomodelEndpointTypes as AutomodelEndpointTypes
 
@@ -51,31 +52,7 @@ module ApplicationCandidatesImpl implements SharedCharacteristics::CandidateSig
 
   RelatedLocation asLocation(Endpoint e) { result = e.asExpr() }
 
-  predicate isKnownKind(string kind, string humanReadableKind, EndpointType type) {
-    kind = "read-file" and
-    humanReadableKind = "read file" and
-    type instanceof AutomodelEndpointTypes::TaintedPathSinkType
-    or
-    kind = "create-file" and
-    humanReadableKind = "create file" and
-    type instanceof AutomodelEndpointTypes::TaintedPathSinkType
-    or
-    kind = "sql" and
-    humanReadableKind = "mad modeled sql" and
-    type instanceof AutomodelEndpointTypes::SqlSinkType
-    or
-    kind = "open-url" and
-    humanReadableKind = "open url" and
-    type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-    or
-    kind = "jdbc-url" and
-    humanReadableKind = "jdbc url" and
-    type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-    or
-    kind = "command-injection" and
-    humanReadableKind = "command injection" and
-    type instanceof AutomodelEndpointTypes::CommandInjectionSinkType
-  }
+  predicate isKnownKind = AutomodelSharedUtil::isKnownKind/3;
 
   predicate isSink(Endpoint e, string kind) {
     exists(string package, string type, string name, string signature, string ext, string input |
@@ -105,9 +82,6 @@ module ApplicationCandidatesImpl implements SharedCharacteristics::CandidateSig
       or
       exists(Call c | e.asExpr() = c.getQualifier() and input = "Argument[this]")
     )
-    // exists(int paramIdx | e.isParameterOf(_, paramIdx) |
-    //   if paramIdx = -1 then input = "Argument[this]" else input = "Argument[" + paramIdx + "]"
-    // )
   }
 
   /**
diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll
@@ -14,6 +14,7 @@ private import semmle.code.java.Expr as Expr
 private import semmle.code.java.security.QueryInjection
 private import semmle.code.java.security.RequestForgery
 private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclusions
+private import AutomodelSharedUtil as AutomodelSharedUtil
 import AutomodelSharedCharacteristics as SharedCharacteristics
 import AutomodelEndpointTypes as AutomodelEndpointTypes
 
@@ -46,31 +47,7 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig {
 
   RelatedLocation asLocation(Endpoint e) { result = e.asParameter() }
 
-  predicate isKnownKind(string kind, string humanReadableKind, EndpointType type) {
-    kind = "read-file" and
-    humanReadableKind = "read file" and
-    type instanceof AutomodelEndpointTypes::TaintedPathSinkType
-    or
-    kind = "create-file" and
-    humanReadableKind = "create file" and
-    type instanceof AutomodelEndpointTypes::TaintedPathSinkType
-    or
-    kind = "sql" and
-    humanReadableKind = "mad modeled sql" and
-    type instanceof AutomodelEndpointTypes::SqlSinkType
-    or
-    kind = "open-url" and
-    humanReadableKind = "open url" and
-    type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-    or
-    kind = "jdbc-url" and
-    humanReadableKind = "jdbc url" and
-    type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-    or
-    kind = "command-injection" and
-    humanReadableKind = "command injection" and
-    type instanceof AutomodelEndpointTypes::CommandInjectionSinkType
-  }
+  predicate isKnownKind = AutomodelSharedUtil::isKnownKind/3;
 
   predicate isSink(Endpoint e, string kind) {
     exists(string package, string type, string name, string signature, string ext, string input |
diff --git a/java/ql/src/Telemetry/AutomodelSharedUtil.qll b/java/ql/src/Telemetry/AutomodelSharedUtil.qll
@@ -1,3 +1,5 @@
+import AutomodelEndpointTypes as AutomodelEndpointTypes
+
 /**
  * A helper class to represent a string value that can be returned by a query using $@ notation.
  *
@@ -19,3 +21,31 @@ class DollarAtString extends string {
     path = this and sl = 1 and sc = 1 and el = 1 and ec = 1
   }
 }
+
+predicate isKnownKind(
+  string kind, string humanReadableKind, AutomodelEndpointTypes::EndpointType type
+) {
+  kind = "read-file" and
+  humanReadableKind = "read file" and
+  type instanceof AutomodelEndpointTypes::TaintedPathSinkType
+  or
+  kind = "create-file" and
+  humanReadableKind = "create file" and
+  type instanceof AutomodelEndpointTypes::TaintedPathSinkType
+  or
+  kind = "sql" and
+  humanReadableKind = "mad modeled sql" and
+  type instanceof AutomodelEndpointTypes::SqlSinkType
+  or
+  kind = "open-url" and
+  humanReadableKind = "open url" and
+  type instanceof AutomodelEndpointTypes::RequestForgerySinkType
+  or
+  kind = "jdbc-url" and
+  humanReadableKind = "jdbc url" and
+  type instanceof AutomodelEndpointTypes::RequestForgerySinkType
+  or
+  kind = "command-injection" and
+  humanReadableKind = "command injection" and
+  type instanceof AutomodelEndpointTypes::CommandInjectionSinkType
+}
