Python: Move BarrierGuards to own file

Author: RasmusWL

python/ql/src/semmle/python/dataflow/new/BarrierGuards.qll

@@ -0,0 +1,46 @@
+/** Provides commonly used BarrierGuards. */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+
+/** A validation of unknown node by comparing with a constant string value. */
+class StringConstCompare extends DataFlow::BarrierGuard, CompareNode {
+  ControlFlowNode checked_node;
+  boolean safe_branch;
+
+  StringConstCompare() {
+    exists(StrConst str_const, Cmpop op |
+      op = any(Eq eq) and safe_branch = true
+      or
+      op = any(NotEq ne) and safe_branch = false
+    |
+      this.operands(str_const.getAFlowNode(), op, checked_node)
+      or
+      this.operands(checked_node, op, str_const.getAFlowNode())
+    )
+    or
+    exists(ControlFlowNode str_const_iterable, Cmpop op |
+      op = any(In in_) and safe_branch = true
+      or
+      op = any(NotIn ni) and safe_branch = false
+    |
+      this.operands(checked_node, op, str_const_iterable) and
+      (
+        str_const_iterable instanceof SequenceNode
+        or
+        str_const_iterable instanceof SetNode
+      ) and
+      forall(ControlFlowNode elem |
+        elem = str_const_iterable.(SequenceNode).getAnElement()
+        or
+        elem = str_const_iterable.(SetNode).getAnElement()
+      |
+        elem.getNode() instanceof StrConst
+      )
+    )
+  }
+
+  override predicate checks(ControlFlowNode node, boolean branch) {
+    node = checked_node and branch = safe_branch
+  }
+}

python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll

@@ -355,51 +355,6 @@ class BarrierGuard extends GuardNode {
   }
 }
 
-/** Provides commonly used BarrierGuards */
-module BarrierGuard {
-  /** A validation of unknown node by comparing with a constant string value. */
-  class StringConstCompare extends BarrierGuard, CompareNode {
-    ControlFlowNode checked_node;
-    boolean safe_branch;
-
-    StringConstCompare() {
-      exists(StrConst str_const, Cmpop op |
-        op = any(Eq eq) and safe_branch = true
-        or
-        op = any(NotEq ne) and safe_branch = false
-      |
-        this.operands(str_const.getAFlowNode(), op, checked_node)
-        or
-        this.operands(checked_node, op, str_const.getAFlowNode())
-      )
-      or
-      exists(ControlFlowNode str_const_iterable, Cmpop op |
-        op = any(In in_) and safe_branch = true
-        or
-        op = any(NotIn ni) and safe_branch = false
-      |
-        this.operands(checked_node, op, str_const_iterable) and
-        (
-          str_const_iterable instanceof SequenceNode
-          or
-          str_const_iterable instanceof SetNode
-        ) and
-        forall(ControlFlowNode elem |
-          elem = str_const_iterable.(SequenceNode).getAnElement()
-          or
-          elem = str_const_iterable.(SetNode).getAnElement()
-        |
-          elem.getNode() instanceof StrConst
-        )
-      )
-    }
-
-    override predicate checks(ControlFlowNode node, boolean branch) {
-      node = checked_node and branch = safe_branch
-    }
-  }
-}
-
 /**
  * Algebraic datatype for tracking data content associated with values.
  * Content can be collection elements or object attributes.

python/ql/src/semmle/python/security/dataflow/CodeInjection.qll

@@ -8,6 +8,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
 
 /**
  * A taint-tracking configuration for detecting code injection vulnerabilities.
@@ -20,6 +21,6 @@ class CodeInjectionConfiguration extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink = any(CodeExecution e).getCode() }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }

python/ql/src/semmle/python/security/dataflow/CommandInjection.qll

@@ -8,6 +8,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
 
 /**
  * A taint-tracking configuration for detecting command injection vulnerabilities.
@@ -50,6 +51,6 @@ class CommandInjectionConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }

python/ql/src/semmle/python/security/dataflow/PathInjection.qll

@@ -31,6 +31,7 @@ import semmle.python.dataflow.new.TaintTracking2
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
 import ChainedConfigs12
+import semmle.python.dataflow.new.BarrierGuards
 
 // ---------------------------------------------------------------------------
 // Case 1. The path is never normalized.
@@ -48,7 +49,7 @@ class PathNotNormalizedConfiguration extends TaintTracking::Configuration {
   override predicate isSanitizer(DataFlow::Node node) { node instanceof Path::PathNormalization }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }
 
@@ -74,7 +75,7 @@ class FirstNormalizationConfiguration extends TaintTracking::Configuration {
   override predicate isSanitizerOut(DataFlow::Node node) { node instanceof Path::PathNormalization }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }
 
@@ -91,7 +92,7 @@ class NormalizedPathNotCheckedConfiguration extends TaintTracking2::Configuratio
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
     guard instanceof Path::SafeAccessCheck
     or
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }
 

python/ql/src/semmle/python/security/dataflow/ReflectedXSS.qll

@@ -8,6 +8,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
 
 /**
  * A taint-tracking configuration for detecting reflected server-side cross-site
@@ -26,6 +27,6 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }

python/ql/src/semmle/python/security/dataflow/SqlInjection.qll

@@ -8,6 +8,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
 
 /**
  * A taint-tracking configuration for detecting SQL injection vulnerabilities.
@@ -20,6 +21,6 @@ class SQLInjectionConfiguration extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink = any(SqlExecution e).getSql() }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }

python/ql/src/semmle/python/security/dataflow/UnsafeDeserialization.qll

@@ -8,6 +8,7 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import semmle.python.dataflow.new.RemoteFlowSources
+import semmle.python.dataflow.new.BarrierGuards
 
 /**
  * A taint-tracking configuration for detecting arbitrary code execution
@@ -26,6 +27,6 @@ class UnsafeDeserializationConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.ql

@@ -1,7 +1,8 @@
 import experimental.dataflow.tainttracking.TestTaintLib
+import semmle.python.dataflow.new.BarrierGuards
 
 class CustomSanitizerOverrides extends TestTaintTrackingConfiguration {
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof DataFlow::BarrierGuard::StringConstCompare
+    guard instanceof StringConstCompare
   }
 }