From def0f47f42ad72ecc45db92cb1f1f35df73bd925 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Thu, 30 Nov 2023 11:13:21 +0100 Subject: [PATCH] Refactor Partial Path Queries --- cpp/src/audit/templates/BackwardsPartialDataFlow.ql | 13 ++++++++----- cpp/src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- cpp/src/audit/templates/HoistSink.ql | 4 ++-- .../src/audit/templates/BackwardsPartialDataFlow.ql | 13 ++++++++----- .../src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- csharp/src/audit/templates/HoistSink.ql | 4 ++-- go/src/audit/templates/BackwardsPartialDataFlow.ql | 13 ++++++++----- go/src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- go/src/audit/templates/HoistSink.ql | 4 ++-- .../src/audit/templates/BackwardsPartialDataFlow.ql | 11 ++++++----- java/src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- java/src/audit/templates/HoistSink.ql | 4 ++-- .../src/audit/templates/BackwardsPartialDataFlow.ql | 13 ++++++++----- .../src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- python/src/audit/templates/HoistSink.ql | 4 ++-- .../src/audit/templates/BackwardsPartialDataFlow.ql | 13 ++++++++----- ruby/src/audit/templates/ForwardPartialDataflow.ql | 13 ++++++++----- ruby/src/audit/templates/HoistSink.ql | 4 ++-- 18 files changed, 106 insertions(+), 72 deletions(-) diff --git a/cpp/src/audit/templates/BackwardsPartialDataFlow.ql b/cpp/src/audit/templates/BackwardsPartialDataFlow.ql index d004f2b4..930365db 100644 --- a/cpp/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/cpp/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/cpp/src/audit/templates/ForwardPartialDataflow.ql b/cpp/src/audit/templates/ForwardPartialDataflow.ql index 01768923..ad1079f0 100644 --- a/cpp/src/audit/templates/ForwardPartialDataflow.ql +++ b/cpp/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/cpp/src/audit/templates/HoistSink.ql b/cpp/src/audit/templates/HoistSink.ql index 5cc0addb..a3f150ed 100644 --- a/cpp/src/audit/templates/HoistSink.ql +++ b/cpp/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/csharp/src/audit/templates/BackwardsPartialDataFlow.ql b/csharp/src/audit/templates/BackwardsPartialDataFlow.ql index e0c0e05b..95dcd0e9 100644 --- a/csharp/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/csharp/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/csharp/src/audit/templates/ForwardPartialDataflow.ql b/csharp/src/audit/templates/ForwardPartialDataflow.ql index 998926b6..c5aefe92 100644 --- a/csharp/src/audit/templates/ForwardPartialDataflow.ql +++ b/csharp/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/csharp/src/audit/templates/HoistSink.ql b/csharp/src/audit/templates/HoistSink.ql index 039b54eb..711010a6 100644 --- a/csharp/src/audit/templates/HoistSink.ql +++ b/csharp/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and exists(Parameter p | n.getNode().asParameter() = p) select dist, n diff --git a/go/src/audit/templates/BackwardsPartialDataFlow.ql b/go/src/audit/templates/BackwardsPartialDataFlow.ql index 267db776..0a80c833 100644 --- a/go/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/go/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/go/src/audit/templates/ForwardPartialDataflow.ql b/go/src/audit/templates/ForwardPartialDataflow.ql index 34eea137..7a271611 100644 --- a/go/src/audit/templates/ForwardPartialDataflow.ql +++ b/go/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/go/src/audit/templates/HoistSink.ql b/go/src/audit/templates/HoistSink.ql index 9a4532a0..6a63d4e8 100644 --- a/go/src/audit/templates/HoistSink.ql +++ b/go/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Make<.. int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/java/src/audit/templates/BackwardsPartialDataFlow.ql b/java/src/audit/templates/BackwardsPartialDataFlow.ql index d9b42c59..2ce45fc9 100644 --- a/java/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/java/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,7 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -28,8 +28,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/java/src/audit/templates/ForwardPartialDataflow.ql b/java/src/audit/templates/ForwardPartialDataflow.ql index 9cff2dc4..32c55596 100644 --- a/java/src/audit/templates/ForwardPartialDataflow.ql +++ b/java/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -28,8 +30,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/java/src/audit/templates/HoistSink.ql b/java/src/audit/templates/HoistSink.ql index 158089b2..2f663974 100644 --- a/java/src/audit/templates/HoistSink.ql +++ b/java/src/audit/templates/HoistSink.ql @@ -28,10 +28,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ExplicitParameterNode select dist, n diff --git a/python/src/audit/templates/BackwardsPartialDataFlow.ql b/python/src/audit/templates/BackwardsPartialDataFlow.ql index 94b49d70..be458c70 100644 --- a/python/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/python/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -32,8 +34,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/python/src/audit/templates/ForwardPartialDataflow.ql b/python/src/audit/templates/ForwardPartialDataflow.ql index 442a9b9a..80f158ba 100644 --- a/python/src/audit/templates/ForwardPartialDataflow.ql +++ b/python/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -29,8 +31,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/python/src/audit/templates/HoistSink.ql b/python/src/audit/templates/HoistSink.ql index 8f346eda..c16410ae 100644 --- a/python/src/audit/templates/HoistSink.ql +++ b/python/src/audit/templates/HoistSink.ql @@ -28,10 +28,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n diff --git a/ruby/src/audit/templates/BackwardsPartialDataFlow.ql b/ruby/src/audit/templates/BackwardsPartialDataFlow.ql index c8361b24..3170aeb9 100644 --- a/ruby/src/audit/templates/BackwardsPartialDataFlow.ql +++ b/ruby/src/audit/templates/BackwardsPartialDataFlow.ql @@ -1,7 +1,9 @@ /** * @name Backwards Partial Dataflow * @description Backwards Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/backwards-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlowRev(n, _, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/ruby/src/audit/templates/ForwardPartialDataflow.ql b/ruby/src/audit/templates/ForwardPartialDataflow.ql index 5e9bb5f4..fda4b7e7 100644 --- a/ruby/src/audit/templates/ForwardPartialDataflow.ql +++ b/ruby/src/audit/templates/ForwardPartialDataflow.ql @@ -1,7 +1,9 @@ /** * @name Forward Partial Dataflow * @description Forward Partial Dataflow - * @kind table + * @kind path-problem + * @precision low + * @problem.severity error * @id githubsecuritylab/forward-partial-dataflow * @tags template */ @@ -27,8 +29,9 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationFwd; -from PartialFlow::PartialPathNode n, int dist -where PartialFlow::partialFlow(_, n, dist) -select dist, n +from PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink +where PartialFlow::partialFlow(source, sink, _) +select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), + "this source" diff --git a/ruby/src/audit/templates/HoistSink.ql b/ruby/src/audit/templates/HoistSink.ql index 4619fb30..24351a4a 100644 --- a/ruby/src/audit/templates/HoistSink.ql +++ b/ruby/src/audit/templates/HoistSink.ql @@ -27,10 +27,10 @@ private module MyFlow = TaintTracking::Global; // or DataFlow::Global< int explorationLimit() { result = 10 } -private module PartialFlow = MyFlow::FlowExploration; +private module PartialFlow = MyFlow::FlowExplorationRev; from PartialFlow::PartialPathNode n, int dist where - PartialFlow::partialFlowRev(n, _, dist) and + PartialFlow::partialFlow(n, _, dist) and n.getNode() instanceof DataFlow::ParameterNode select dist, n