JS: Port TaintBarriers test

Author: asgerf

javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll

@@ -6,16 +6,14 @@ StringOps::ConcatenationRoot sinkConcatenation() {
   result.getConstantStringParts().matches("<sink>%</sink>")
 }
 
-class ExampleConfiguration extends TaintTracking::Configuration {
-  ExampleConfiguration() { this = "ExampleConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
+module TestConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source.asExpr().(CallExpr).getCalleeName() = "SOURCE"
     or
     source = sourceVariable()
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(CallExpr callExpr |
       callExpr.getCalleeName() = "SINK" and
       DataFlow::valueNode(callExpr.getArgument(0)) = sink
@@ -24,19 +22,40 @@ class ExampleConfiguration extends TaintTracking::Configuration {
     sink = sinkConcatenation()
   }
 
-  override predicate isSanitizerIn(DataFlow::Node node) { node = sourceVariable() }
+  predicate isBarrierIn(DataFlow::Node node) { node = sourceVariable() }
 
-  override predicate isSanitizerOut(DataFlow::Node node) { node = sinkConcatenation() }
+  predicate isBarrierOut(DataFlow::Node node) { node = sinkConcatenation() }
 
-  override predicate isSanitizer(DataFlow::Node node) {
+  additional predicate isBarrier1(DataFlow::Node node) {
     exists(CallExpr callExpr |
       callExpr.getCalleeName() = "SANITIZE" and
       DataFlow::valueNode(callExpr.getArgument(0)) = node
     )
   }
 
+  predicate isBarrier(DataFlow::Node node) {
+    isBarrier1(node)
+    or
+    node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode()
+  }
+}
+
+module TestFlow = TaintTracking::Global<TestConfig>;
+
+class ExampleConfiguration extends TaintTracking::Configuration {
+  ExampleConfiguration() { this = "ExampleConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) }
+
+  override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) }
+
+  override predicate isSanitizerIn(DataFlow::Node node) { TestConfig::isBarrierIn(node) }
+
+  override predicate isSanitizerOut(DataFlow::Node node) { TestConfig::isBarrierOut(node) }
+
+  override predicate isSanitizer(DataFlow::Node node) { TestConfig::isBarrier1(node) }
+
   override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
-    // add additional generic sanitizers
     guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer
   }
 }

javascript/ql/test/library-tests/TaintBarriers/tests.expected

@@ -1,3 +1,4 @@
+legacyDataFlowDifference
 isBarrier
 isLabeledBarrier
 | ExampleConfiguration | tst.js:6:14:6:14 | v | taint |

javascript/ql/test/library-tests/TaintBarriers/tests.ql

@@ -16,5 +16,7 @@ query predicate sanitizingGuard(TaintTracking::SanitizerGuardNode g, Expr e, boo
 }
 
 query predicate taintedSink(DataFlow::Node source, DataFlow::Node sink) {
-  exists(ExampleConfiguration cfg | cfg.hasFlow(source, sink))
+  TestFlow::flow(source, sink)
 }
+
+import testUtilities.LegacyDataFlowDiff::DataFlowDiff<TestFlow, ExampleConfiguration>