Fix taint tracking configurations that broke due to interface change

jketema · jketema · commit 93a0da75b698 · 2022-03-11T12:18:04.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll
@@ -29,7 +29,7 @@ class ImplicitPendingIntentStartConf extends TaintTracking::Configuration {
     any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, node2)
   }
 
-  override predicate isAdditionalFlowStep(
+  override predicate isAdditionalTaintStep(
     DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
     DataFlow::FlowState state2
   ) {
diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -61,7 +61,7 @@ class ThroughFlowConfig extends TaintTracking::Configuration {
     (state instanceof TaintRead or state instanceof TaintStore)
   }
 
-  override predicate isAdditionalFlowStep(
+  override predicate isAdditionalTaintStep(
     DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
     DataFlow::FlowState state2
   ) {
diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll
@@ -47,7 +47,7 @@ module PathInjection {
 
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-    override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
       // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
       node instanceof Path::PathNormalization and
       state instanceof NotNormalized
@@ -60,7 +60,7 @@ module PathInjection {
       guard instanceof SanitizerGuard
     }
 
-    override predicate isAdditionalFlowStep(
+    override predicate isAdditionalTaintStep(
       DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
       DataFlow::FlowState stateTo
     ) {
diff --git a/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll b/python/ql/src/experimental/semmle/python/security/injection/NoSQLInjection.qll
@@ -19,13 +19,13 @@ module NoSQLInjection {
       state instanceof ConvertedToDict
     }
 
-    override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {
+    override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
       // Block `RemoteInput` paths here, since they change state to `ConvertedToDict`
       exists(Decoding decoding | decoding.getFormat() = "JSON" and node = decoding.getOutput()) and
       state instanceof RemoteInput
     }
 
-    override predicate isAdditionalFlowStep(
+    override predicate isAdditionalTaintStep(
       DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
       DataFlow::FlowState stateTo
     ) {

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ class ImplicitPendingIntentStartConf extends TaintTracking::Configuration {`
`29`	`29`	`any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, node2)`
`30`	`30`	`}`
`31`	`31`
`32`		`- override predicate isAdditionalFlowStep(`
	`32`	`+ override predicate isAdditionalTaintStep(`
`33`	`33`	`DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,`
`34`	`34`	`DataFlow::FlowState state2`
`35`	`35`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ class ThroughFlowConfig extends TaintTracking::Configuration {`
`61`	`61`	`(state instanceof TaintRead or state instanceof TaintStore)`
`62`	`62`	`}`
`63`	`63`
`64`		`- override predicate isAdditionalFlowStep(`
	`64`	`+ override predicate isAdditionalTaintStep(`
`65`	`65`	`DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,`
`66`	`66`	`DataFlow::FlowState state2`
`67`	`67`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -19,13 +19,13 @@ module NoSQLInjection {`
`19`	`19`	`state instanceof ConvertedToDict`
`20`	`20`	`}`
`21`	`21`
`22`		`- override predicate isBarrier(DataFlow::Node node, DataFlow::FlowState state) {`
	`22`	`+ override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {`
`23`	`23`	// Block `RemoteInput` paths here, since they change state to `ConvertedToDict`
`24`	`24`	`exists(Decoding decoding \| decoding.getFormat() = "JSON" and node = decoding.getOutput()) and`
`25`	`25`	`state instanceof RemoteInput`
`26`	`26`	`}`
`27`	`27`
`28`		`- override predicate isAdditionalFlowStep(`
	`28`	`+ override predicate isAdditionalTaintStep(`
`29`	`29`	`DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,`
`30`	`30`	`DataFlow::FlowState stateTo`
`31`	`31`	`) {`