JavaScript: Make flow summaries work for non-taint configurations.

Max Schaefer · Max Schaefer · commit e06ed503ec58 · 2019-08-02T11:45:41.000+01:00
With flow labels it often makes more sense to use a `DataFlow::Configuration` rather than a `TaintTracking::Configuration`, so flow summaries should support both.
diff --git a/javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql b/javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql
@@ -11,7 +11,7 @@ import Configurations
 import PortalExitSource
 import SinkFromAnnotation
 
-from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
+from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
 where
   cfg.hasFlowPath(source, sink) and
   p = source.getNode().(PortalExitSource).getPortal() and
diff --git a/javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql b/javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql
@@ -11,7 +11,7 @@ import Configurations
 import PortalEntrySink
 import SourceFromAnnotation
 
-from TaintTracking::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
+from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Portal p
 where
   cfg.hasFlowPath(source, sink) and
   p = sink.getNode().(PortalEntrySink).getPortal() and
diff --git a/javascript/ql/src/Security/Summaries/PortalEntrySink.qll b/javascript/ql/src/Security/Summaries/PortalEntrySink.qll
@@ -11,8 +11,7 @@ class PortalEntrySink extends DataFlow::AdditionalSink {
   PortalEntrySink() { this = p.getAnEntryNode(true) }
 
   override predicate isSinkFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
-    cfg instanceof TaintTracking::Configuration and
-    lbl = any(DataFlow::FlowLabel l)
+    any()
   }
 
   /** Gets the portal of which this is an entry node. */
diff --git a/javascript/ql/src/Security/Summaries/PortalExitSource.qll b/javascript/ql/src/Security/Summaries/PortalExitSource.qll
@@ -11,8 +11,7 @@ class PortalExitSource extends DataFlow::AdditionalSource {
   PortalExitSource() { this = p.getAnExitNode(true) }
 
   override predicate isSourceFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {
-    cfg instanceof TaintTracking::Configuration and
-    lbl = any(DataFlow::FlowLabel l)
+    any()
   }
 
   /** Gets the portal of which this is an exit node. */

Original file line number	Diff line number	Diff line change
`@@ -11,8 +11,7 @@ class PortalEntrySink extends DataFlow::AdditionalSink {`
`11`	`11`	`PortalEntrySink() { this = p.getAnEntryNode(true) }`
`12`	`12`
`13`	`13`	`override predicate isSinkFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {`
`14`		`- cfg instanceof TaintTracking::Configuration and`
`15`		`- lbl = any(DataFlow::FlowLabel l)`
	`14`	`+ any()`
`16`	`15`	`}`
`17`	`16`
`18`	`17`	`/** Gets the portal of which this is an entry node. */`
Original file line number	Diff line number	Diff line change
`@@ -11,8 +11,7 @@ class PortalExitSource extends DataFlow::AdditionalSource {`
`11`	`11`	`PortalExitSource() { this = p.getAnExitNode(true) }`
`12`	`12`
`13`	`13`	`override predicate isSourceFor(DataFlow::Configuration cfg, DataFlow::FlowLabel lbl) {`
`14`		`- cfg instanceof TaintTracking::Configuration and`
`15`		`- lbl = any(DataFlow::FlowLabel l)`
	`14`	`+ any()`
`16`	`15`	`}`
`17`	`16`
`18`	`17`	`/** Gets the portal of which this is an exit node. */`