diff --git a/config/identical-files.json b/config/identical-files.json index 68b8fcbd3036..dc3d06471533 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -32,16 +32,6 @@ "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForPathname.qll", "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll" ], - "TaintTracking Java/C++/C#/Go/Python/Ruby/Swift": [ - "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll", - "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll", - "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll", - "go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll", - "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll", - "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll", - "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll", - "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll" - ], "TaintTracking Legacy Configuration Java/C++/C#/Go/Python/Ruby/Swift": [ "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll", diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll index fcee9801e78e..8a8db1bdcce4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll @@ -25,6 +25,10 @@ import semmle.code.cpp.dataflow.DataFlow2 * global (inter-procedural) taint-tracking analyses. */ deprecated module TaintTracking { - import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..3f917d698020 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C++-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module CppOldTaintTracking implements InputSig { + import TaintTrackingUtil +} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll index bea9364884c1..89a8eba21992 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll @@ -39,7 +39,7 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } /** * Holds if `node` should be a sanitizer in all global taint flow configurations diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll index 23cef94c1c3d..87e037aad9b6 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/new/TaintTracking.qll @@ -23,6 +23,10 @@ import semmle.code.cpp.dataflow.new.DataFlow2 * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.ir.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll index f3449904420a..6f2bfcdd6aa0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/TaintTracking.qll @@ -19,6 +19,10 @@ import semmle.code.cpp.ir.dataflow.DataFlow import semmle.code.cpp.ir.dataflow.DataFlow2 module TaintTracking { - import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.ir.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.cpp.ir.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..f62468087b9e --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C++-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module CppTaintTracking implements InputSig { + import TaintTrackingUtil +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index 028f5bad9dae..50e45e3081db 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -112,7 +112,7 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } /** * Holds if `node` should be a sanitizer in all global taint flow configurations diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll index 57f499ffa21a..7243d36b05d3 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTracking.qll @@ -6,6 +6,10 @@ import csharp module TaintTracking { - import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.csharp.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..17a0d2c3c1a4 --- /dev/null +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides C#-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module CsharpTaintTracking implements InputSig { + import TaintTrackingPrivate +} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 53b61ed59748..d7e2444c7d5c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -25,7 +25,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private predicate localCilTaintStep(CIL::DataFlowNode src, CIL::DataFlowNode sink) { src = sink.(CIL::BinaryArithmeticExpr).getAnOperand() or diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll index 2f0bb5ea1167..2c028a0e34a8 100644 --- a/go/ql/lib/semmle/go/dataflow/TaintTracking.qll +++ b/go/ql/lib/semmle/go/dataflow/TaintTracking.qll @@ -10,6 +10,10 @@ import semmle.go.dataflow.DataFlow * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import semmle.go.dataflow.internal.tainttracking1.TaintTracking + import semmle.go.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.go.dataflow.internal.DataFlowImplSpecific + private import semmle.go.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.go.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..f52499df2321 --- /dev/null +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Go-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module GoTaintTracking implements InputSig { + import TaintTrackingUtil +} diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 21d3f482f6c9..1f453c8c8f0b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -47,7 +47,7 @@ private Type getElementType(Type containerType) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(Type containerType | node instanceof DataFlow::ArgumentNode and getElementType*(node.getType()) = containerType diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll index 37a26bf38bf9..ad7b88381a8a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll @@ -8,6 +8,10 @@ import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule module TaintTracking { - import semmle.code.java.dataflow.internal.tainttracking1.TaintTracking + import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.code.java.dataflow.internal.DataFlowImplSpecific + private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import semmle.code.java.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..ba30b102a208 --- /dev/null +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Java-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module JavaTaintTracking implements InputSig { + import TaintTrackingUtil +} diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 6f8dbb1771b4..5d609087c938 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -177,7 +177,7 @@ private RefType getElementType(RefType container) { * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { exists(RefType container | (node.asExpr() instanceof Argument or node instanceof ArgumentNode) and getElementType*(node.getType()) = container diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll index 6b7a23035593..aa80e7c7148d 100644 --- a/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll +++ b/python/ql/lib/semmle/python/dataflow/new/TaintTracking.qll @@ -15,6 +15,10 @@ private import python * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import internal.tainttracking1.TaintTracking + import semmle.python.dataflow.new.internal.tainttracking1.TaintTrackingParameter::Public + private import semmle.python.dataflow.new.internal.DataFlowImplSpecific + private import semmle.python.dataflow.new.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import internal.tainttracking1.TaintTrackingImpl } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..6f65d2343443 --- /dev/null +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Python-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module PythonTaintTracking implements InputSig { + import TaintTrackingPrivate +} diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index 3a23f790a444..4b90d0d82d3f 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -16,7 +16,7 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() } * of `c` at sinks and inputs to additional taint steps. */ bindingset[node] -predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() } +predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() } private module Cached { /** diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/ruby/ql/lib/codeql/ruby/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/TaintTracking.qll index 7746fcff8351..461a423e1f1d 100644 --- a/ruby/ql/lib/codeql/ruby/TaintTracking.qll +++ b/ruby/ql/lib/codeql/ruby/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.ruby.dataflow.internal.tainttracking1.TaintTracking + import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.ruby.dataflow.internal.DataFlowImplSpecific + private import codeql.ruby.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.ruby.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..fe733ee5d95a --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,10 @@ +/** + * Provides Ruby-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module RubyTaintTracking implements InputSig { + import TaintTrackingPrivate +} diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -} diff --git a/shared/dataflow/change-notes/2023-08-04-taint-tracking.md b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md new file mode 100644 index 000000000000..000d7ea265c3 --- /dev/null +++ b/shared/dataflow/change-notes/2023-08-04-taint-tracking.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The shared taint-tracking library is now part of the dataflow qlpack. diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll new file mode 100644 index 000000000000..73960fbca1db --- /dev/null +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -0,0 +1,110 @@ +/** + * Provides modules for performing local (intra-procedural) and + * global (inter-procedural) taint-tracking analyses. + */ + +private import DataFlow as DF +private import internal.DataFlowImpl + +/** + * Provides language-specific taint-tracking parameters. + */ +signature module InputSig { + /** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ + predicate defaultTaintSanitizer(Lang::Node node); + + /** + * Holds if the additional step from `src` to `sink` should be included in all + * global taint flow configurations. + */ + predicate defaultAdditionalTaintStep(Lang::Node src, Lang::Node sink); + + /** + * Holds if taint flow configurations should allow implicit reads of `c` at sinks + * and inputs to additional taint steps. + */ + bindingset[node] + predicate defaultImplicitTaintRead(Lang::Node node, Lang::ContentSet c); +} + +/** + * Construct the modules for taint-tracking analyses. + */ +module TaintFlowMake TaintTrackingLang> { + private import TaintTrackingLang + private import DF::DataFlowMake as DataFlow + private import MakeImpl as DataFlowInternal + + private module AddTaintDefaults implements + DataFlowInternal::FullStateConfigSig + { + import Config + + predicate isBarrier(DataFlowLang::Node node) { + Config::isBarrier(node) or defaultTaintSanitizer(node) + } + + predicate isAdditionalFlowStep(DataFlowLang::Node node1, DataFlowLang::Node node2) { + Config::isAdditionalFlowStep(node1, node2) or + defaultAdditionalTaintStep(node1, node2) + } + + predicate allowImplicitRead(DataFlowLang::Node node, DataFlowLang::ContentSet c) { + Config::allowImplicitRead(node, c) + or + ( + Config::isSink(node) or + Config::isSink(node, _) or + Config::isAdditionalFlowStep(node, _) or + Config::isAdditionalFlowStep(node, _, _, _) + ) and + defaultImplicitTaintRead(node, c) + } + } + + /** + * Constructs a global taint tracking computation. + */ + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + import DataFlowInternal::Impl + } + + /** DEPRECATED: Use `Global` instead. */ + deprecated module Make implements DataFlow::GlobalFlowSig { + import Global + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + import DataFlowInternal::Impl + } + + /** DEPRECATED: Use `GlobalWithState` instead. */ + deprecated module MakeWithState implements + DataFlow::GlobalFlowSig + { + import GlobalWithState + } +} diff --git a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll index 3ac713704950..2dcb4e239c60 100644 --- a/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll +++ b/swift/ql/lib/codeql/swift/dataflow/TaintTracking.qll @@ -3,6 +3,10 @@ * global (inter-procedural) taint-tracking analyses. */ module TaintTracking { - import codeql.swift.dataflow.internal.tainttracking1.TaintTracking + import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingParameter::Public + private import codeql.swift.dataflow.internal.DataFlowImplSpecific + private import codeql.swift.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake import codeql.swift.dataflow.internal.tainttracking1.TaintTrackingImpl } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll new file mode 100644 index 000000000000..fd00fa5e8f16 --- /dev/null +++ b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingImplSpecific.qll @@ -0,0 +1,11 @@ +/** + * Provides Swift-specific definitions for use in the taint tracking library. + */ + +private import codeql.dataflow.TaintTracking +private import DataFlowImplSpecific + +module SwiftTaintTracking implements InputSig { + import TaintTrackingPrivate + import TaintTrackingPublic +} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll deleted file mode 100644 index 171a01376828..000000000000 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTracking.qll +++ /dev/null @@ -1,75 +0,0 @@ -/** - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ - -import TaintTrackingParameter::Public -private import TaintTrackingParameter::Private - -private module AddTaintDefaults implements - DataFlowInternal::FullStateConfigSig -{ - import Config - - predicate isBarrier(DataFlow::Node node) { - Config::isBarrier(node) or defaultTaintSanitizer(node) - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - Config::isAdditionalFlowStep(node1, node2) or - defaultAdditionalTaintStep(node1, node2) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - Config::allowImplicitRead(node, c) - or - ( - Config::isSink(node) or - Config::isSink(node, _) or - Config::isAdditionalFlowStep(node, _) or - Config::isAdditionalFlowStep(node, _, _, _) - ) and - defaultImplicitTaintRead(node, c) - } -} - -/** - * Constructs a global taint tracking computation. - */ -module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `Global` instead. */ -deprecated module Make implements DataFlow::GlobalFlowSig { - import Global -} - -/** - * Constructs a global taint tracking computation using flow state. - */ -module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - import DataFlowInternal::Impl -} - -/** DEPRECATED: Use `GlobalWithState` instead. */ -deprecated module MakeWithState implements DataFlow::GlobalFlowSig { - import GlobalWithState -}