C++: Cleaner solution.

geoffw0 · geoffw0 · commit b5bcbd303ea4 · 2021-01-06T18:22:31.000Z
diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -28,7 +28,9 @@ class Configuration extends TaintTrackingConfiguration {
     exists(SQLLikeFunction runSql | runSql.outermostWrapperFunctionCall(tainted, _))
   }
 
-  override predicate isAdditionalBarrier(Expr e) { e.getUnspecifiedType() instanceof IntegralType }
+  override predicate isBarrier(Expr e) {
+    super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType
+  }
 }
 
 from
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -545,8 +545,8 @@ module TaintedWithPath {
     /** Override this to specify which elements are sinks in this configuration. */
     abstract predicate isSink(Element e);
 
-    /** Override this to specify additional barriers in this configuration. */
-    predicate isAdditionalBarrier(Expr node) { none() }
+    /** Override this to specify which expressions are barriers in this configuration. */
+    predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }
 
     /**
      * Override this predicate to `any()` to allow taint to flow through global
@@ -582,10 +582,8 @@ module TaintedWithPath {
     }
 
     override predicate isBarrier(DataFlow::Node node) {
-      nodeIsBarrier(node)
-      or
       exists(TaintTrackingConfiguration cfg, Expr e |
-        cfg.isAdditionalBarrier(e) and node = getNodeForExpr(e)
+        cfg.isBarrier(e) and node = getNodeForExpr(e)
       )
     }
 

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,9 @@ class Configuration extends TaintTrackingConfiguration {`
`28`	`28`	`exists(SQLLikeFunction runSql \| runSql.outermostWrapperFunctionCall(tainted, _))`
`29`	`29`	`}`
`30`	`30`
`31`		`- override predicate isAdditionalBarrier(Expr e) { e.getUnspecifiedType() instanceof IntegralType }`
	`31`	`+ override predicate isBarrier(Expr e) {`
	`32`	`+ super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType`
	`33`	`+ }`
`32`	`34`	`}`
`33`	`35`
`34`	`36`	`from`
Original file line number	Diff line number	Diff line change
`@@ -545,8 +545,8 @@ module TaintedWithPath {`
`545`	`545`	`/** Override this to specify which elements are sinks in this configuration. */`
`546`	`546`	`abstract predicate isSink(Element e);`
`547`	`547`
`548`		`- /** Override this to specify additional barriers in this configuration. */`
`549`		`- predicate isAdditionalBarrier(Expr node) { none() }`
	`548`	`+ /** Override this to specify which expressions are barriers in this configuration. */`
	`549`	`+ predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }`
`550`	`550`
`551`	`551`	`/**`
`552`	`552`	* Override this predicate to `any()` to allow taint to flow through global
`@@ -582,10 +582,8 @@ module TaintedWithPath {`
`582`	`582`	`}`
`583`	`583`
`584`	`584`	`override predicate isBarrier(DataFlow::Node node) {`
`585`		`- nodeIsBarrier(node)`
`586`		`- or`
`587`	`585`	`exists(TaintTrackingConfiguration cfg, Expr e \|`
`588`		`- cfg.isAdditionalBarrier(e) and node = getNodeForExpr(e)`
	`586`	`+ cfg.isBarrier(e) and node = getNodeForExpr(e)`
`589`	`587`	`)`
`590`	`588`	`}`
`591`	`589`