C#: Re-factor ProcessNameToHashTaintFlow to use the new API.

michaelnebel · michaelnebel · commit e3cbebae304c · 2023-04-13T14:28:27.000+02:00
diff --git a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
@@ -11,23 +11,17 @@
  */
 
 import csharp
-import DataFlow::PathGraph
 import experimental.code.csharp.Cryptography.NonCryptographicHashes
+import DataFlowFromMethodToHash::PathGraph
 
-class DataFlowFromMethodToHash extends TaintTracking::Configuration {
-  DataFlowFromMethodToHash() { this = "DataFlowFromMethodNameToHashFunction" }
+module DataFlowFromMethodToHashConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { isSuspiciousPropertyName(source.asExpr()) }
 
-  /**
-   * Holds if `source` is a relevant data flow source.
-   */
-  override predicate isSource(DataFlow::Node source) { isSuspiciousPropertyName(source.asExpr()) }
-
-  /**
-   * Holds if `sink` is a relevant data flow sink.
-   */
-  override predicate isSink(DataFlow::Node sink) { isGetHash(sink.asExpr()) }
+  predicate isSink(DataFlow::Node sink) { isGetHash(sink.asExpr()) }
 }
 
+module DataFlowFromMethodToHash = TaintTracking::Global<DataFlowFromMethodToHashConfig>;
+
 predicate isGetHash(Expr arg) {
   exists(MethodCall mc |
     (
@@ -48,8 +42,8 @@ predicate isSuspiciousPropertyName(PropertyRead pr) {
   pr.getTarget().hasQualifiedName("System.Diagnostics", "Process", "ProcessName")
 }
 
-from DataFlow::PathNode src, DataFlow::PathNode sink, DataFlowFromMethodToHash conf
-where conf.hasFlow(src.getNode(), sink.getNode())
+from DataFlowFromMethodToHash::PathNode src, DataFlowFromMethodToHash::PathNode sink
+where DataFlowFromMethodToHash::flow(src.getNode(), sink.getNode())
 select src.getNode(), src, sink,
   "The hash is calculated on $@, may be related to a backdoor. Please review the code for possible malicious intent.",
   sink.getNode(), "this process name"
