diff --git a/cpp/src/audit/templates/BackwardsPartialDataFlow.ql b/cpp/src/audit/templates/BackwardsPartialDataFlow.ql index d004f2b4..930365db 100644 --- a/cpp/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/cpp/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/cpp/src/audit/templates/ForwardPartialDataflow.ql b/cpp/src/audit/templates/ForwardPartialDataflow.ql index 01768923..ad1079f0 100644 --- a/cpp/src/audit/templates/ForwardPartialDataflow.ql +++ b/cpp/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/cpp/src/audit/templates/HoistSink.ql b/cpp/src/audit/templates/HoistSink.ql index 5cc0addb..a3f150ed 100644 --- a/cpp/src/audit/templates/HoistSink.ql +++ b/cpp/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/csharp/src/audit/templates/BackwardsPartialDataFlow.ql b/csharp/src/audit/templates/BackwardsPartialDataFlow.ql index e0c0e05b..95dcd0e9 100644 --- a/csharp/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/csharp/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/csharp/src/audit/templates/ForwardPartialDataflow.ql b/csharp/src/audit/templates/ForwardPartialDataflow.ql index 998926b6..c5aefe92 100644 --- a/csharp/src/audit/templates/ForwardPartialDataflow.ql +++ b/csharp/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/csharp/src/audit/templates/HoistSink.ql b/csharp/src/audit/templates/HoistSink.ql index 039b54eb..711010a6 100644 --- a/csharp/src/audit/templates/HoistSink.ql +++ b/csharp/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and exists(Parameter p | n.getNode().asParameter() = p) select dist, n diff --git a/go/src/audit/templates/BackwardsPartialDataFlow.ql b/go/src/audit/templates/BackwardsPartialDataFlow.ql index 267db776..0a80c833 100644 --- a/go/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/go/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/go/src/audit/templates/ForwardPartialDataflow.ql b/go/src/audit/templates/ForwardPartialDataflow.ql index 34eea137..7a271611 100644 --- a/go/src/audit/templates/ForwardPartialDataflow.ql +++ b/go/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/go/src/audit/templates/HoistSink.ql b/go/src/audit/templates/HoistSink.ql index 9a4532a0..6a63d4e8 100644 --- a/go/src/audit/templates/HoistSink.ql +++ b/go/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Make<.. int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/java/src/audit/templates/BackwardsPartialDataFlow.ql b/java/src/audit/templates/BackwardsPartialDataFlow.ql index d9b42c59..2ce45fc9 100644 --- a/java/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/java/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,7 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -28,8 +28,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/java/src/audit/templates/ForwardPartialDataflow.ql b/java/src/audit/templates/ForwardPartialDataflow.ql index 9cff2dc4..32c55596 100644 --- a/java/src/audit/templates/ForwardPartialDataflow.ql +++ b/java/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -28,8 +30,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/java/src/audit/templates/HoistSink.ql b/java/src/audit/templates/HoistSink.ql index 158089b2..2f663974 100644 --- a/java/src/audit/templates/HoistSink.ql +++ b/java/src/audit/templates/HoistSink.ql @@ -28,10 +28,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ExplicitParameterNode select dist, n diff --git a/python/src/audit/templates/BackwardsPartialDataFlow.ql b/python/src/audit/templates/BackwardsPartialDataFlow.ql index 94b49d70..be458c70 100644 --- a/python/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/python/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -32,8 +34,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/python/src/audit/templates/ForwardPartialDataflow.ql b/python/src/audit/templates/ForwardPartialDataflow.ql index 442a9b9a..80f158ba 100644 --- a/python/src/audit/templates/ForwardPartialDataflow.ql +++ b/python/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -29,8 +31,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/python/src/audit/templates/HoistSink.ql b/python/src/audit/templates/HoistSink.ql index 8f346eda..c16410ae 100644 --- a/python/src/audit/templates/HoistSink.ql +++ b/python/src/audit/templates/HoistSink.ql @@ -28,10 +28,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/ruby/src/audit/templates/BackwardsPartialDataFlow.ql b/ruby/src/audit/templates/BackwardsPartialDataFlow.ql index c8361b24..3170aeb9 100644 --- a/ruby/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/ruby/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/ruby/src/audit/templates/ForwardPartialDataflow.ql b/ruby/src/audit/templates/ForwardPartialDataflow.ql index 5e9bb5f4..fda4b7e7 100644 --- a/ruby/src/audit/templates/ForwardPartialDataflow.ql +++ b/ruby/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/ruby/src/audit/templates/HoistSink.ql b/ruby/src/audit/templates/HoistSink.ql index 4619fb30..24351a4a 100644 --- a/ruby/src/audit/templates/HoistSink.ql +++ b/ruby/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n