Merge pull request #12980 from yoff/python/update-taint-debug

yoff · web-flow · commit f62bbf2d4cac · 2023-05-10T11:40:21.000+02:00
python: update debug queries
diff --git a/python/ql/test/experimental/dataflow/testConfig.qll b/python/ql/test/experimental/dataflow/testConfig.qll
@@ -46,6 +46,4 @@ class TestConfiguration extends DataFlow::Configuration {
   }
 
   override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
-
-  override int explorationLimit() { result = 5 }
 }
diff --git a/python/ql/test/experimental/dataflow/testTaintConfig.qll b/python/ql/test/experimental/dataflow/testTaintConfig.qll
@@ -46,6 +46,4 @@ class TestConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
-
-  override int explorationLimit() { result = 5 }
 }
diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql
@@ -9,17 +9,27 @@
 // 3. if necessary, look at partial paths by (un)commenting appropriate lines
 import python
 import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
 import experimental.meta.InlineTaintTest::Conf
-// import DataFlow::PartialPathGraph
-import DataFlow::PathGraph
 
-class Conf extends TestTaintTrackingConfiguration {
-  // override int explorationLimit() { result = 5 }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    any(TestTaintTrackingConfiguration c).isSource(source)
+  }
+
+  predicate isSink(DataFlow::Node source) { any(TestTaintTrackingConfiguration c).isSink(source) }
 }
 
-// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink
-// where config.hasPartialFlow(source, sink, _)
-from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module Flows = TaintTracking::Global<Config>;
+
+import Flows::PathGraph
+
+// int explorationLimit() { result = 5 }
+// module FlowsPartial = Flows::FlowExploration<explorationLimit/0>;
+// import FlowsPartial::PartialPathGraph
+from Flows::PathNode source, Flows::PathNode sink
+where Flows::flowPath(source, sink)
+// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink
+// where FlowsPartial::partialFlow(source, sink, _)
 select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
   "this source"
diff --git a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql
@@ -10,16 +10,23 @@
 import python
 import semmle.python.dataflow.new.DataFlow
 import experimental.dataflow.testConfig
-// import DataFlow::PartialPathGraph
-import DataFlow::PathGraph
 
-class Conf extends TestConfiguration {
-  override int explorationLimit() { result = 5 }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { any(TestConfiguration c).isSource(source) }
+
+  predicate isSink(DataFlow::Node source) { any(TestConfiguration c).isSink(source) }
 }
 
-// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink
-// where config.hasPartialFlow(source, sink, _)
-from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
+module Flows = DataFlow::Global<Config>;
+
+import Flows::PathGraph
+
+// int explorationLimit() { result = 5 }
+// module FlowsPartial = Flows::FlowExploration<explorationLimit/0>;
+// import FlowsPartial::PartialPathGraph
+from Flows::PathNode source, Flows::PathNode sink
+where Flows::flowPath(source, sink)
+// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink
+// where FlowsPartial::partialFlow(source, sink, _)
+select sink.getNode(), source, sink, "This node receives flow from $@.", source.getNode(),
   "this source"

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,4 @@ class TestConfiguration extends DataFlow::Configuration {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }`
`49`		`-`
`50`		`- override int explorationLimit() { result = 5 }`
`51`	`49`	`}`