JS: Migrate CorsPermissiveConfiguration

Author: asgerf

javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationCustomizations.qll

@@ -10,6 +10,45 @@ import Apollo::Apollo
 
 /** Module containing sources, sinks, and sanitizers for overly permissive CORS configurations. */
 module CorsPermissiveConfiguration {
+  private newtype TFlowState =
+    TTaint() or
+    TTrueOrNull() or
+    TWildcard()
+
+  /** A flow state to asociate with a tracked value. */
+  class FlowState extends TFlowState {
+    /** Gets a string representation of this flow state. */
+    string toString() {
+      this = TTaint() and result = "taint"
+      or
+      this = TTrueOrNull() and result = "true-or-null"
+      or
+      this = TWildcard() and result = "wildcard"
+    }
+
+    deprecated DataFlow::FlowLabel toFlowLabel() {
+      this = TTaint() and result.isTaint()
+      or
+      this = TTrueOrNull() and result instanceof TrueAndNull
+      or
+      this = TWildcard() and result instanceof Wildcard
+    }
+  }
+
+  /** Predicates for working with flow states. */
+  module FlowState {
+    deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }
+
+    /** A tainted value. */
+    FlowState taint() { result = TTaint() }
+
+    /** A `true` or `null` value. */
+    FlowState trueOrNull() { result = TTrueOrNull() }
+
+    /** A `"*"` value. */
+    FlowState wildcard() { result = TWildcard() }
+  }
+
   /**
    * A data flow source for permissive CORS configuration.
    */
@@ -38,18 +77,18 @@ module CorsPermissiveConfiguration {
   }
 
   /** A flow label representing `true` and `null` values. */
-  abstract class TrueAndNull extends DataFlow::FlowLabel {
+  abstract deprecated class TrueAndNull extends DataFlow::FlowLabel {
     TrueAndNull() { this = "TrueAndNull" }
   }
 
-  TrueAndNull truenullLabel() { any() }
+  deprecated TrueAndNull truenullLabel() { any() }
 
   /** A flow label representing `*` value. */
-  abstract class Wildcard extends DataFlow::FlowLabel {
+  abstract deprecated class Wildcard extends DataFlow::FlowLabel {
     Wildcard() { this = "Wildcard" }
   }
 
-  Wildcard wildcardLabel() { any() }
+  deprecated Wildcard wildcardLabel() { any() }
 
   /** An overly permissive value for `origin` (Apollo) */
   class TrueNullValue extends Source {

javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfigurationQuery.qll

@@ -10,25 +10,26 @@
 
 import javascript
 import CorsPermissiveConfigurationCustomizations::CorsPermissiveConfiguration
+private import CorsPermissiveConfigurationCustomizations::CorsPermissiveConfiguration as CorsPermissiveConfiguration
 
 /**
  * A data flow configuration for overly permissive CORS configuration.
  */
 module CorsPermissiveConfigurationConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowLabel;
+  class FlowState = CorsPermissiveConfiguration::FlowState;
 
-  predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-    source instanceof TrueNullValue and label = truenullLabel()
+  predicate isSource(DataFlow::Node source, FlowState state) {
+    source instanceof TrueNullValue and state = FlowState::trueOrNull()
     or
-    source instanceof WildcardValue and label = wildcardLabel()
+    source instanceof WildcardValue and state = FlowState::wildcard()
     or
-    source instanceof RemoteFlowSource and label = DataFlow::FlowLabel::taint()
+    source instanceof RemoteFlowSource and state = FlowState::taint()
   }
 
-  predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof CorsApolloServer and label = [DataFlow::FlowLabel::taint(), truenullLabel()]
+  predicate isSink(DataFlow::Node sink, FlowState state) {
+    sink instanceof CorsApolloServer and state = [FlowState::taint(), FlowState::trueOrNull()]
     or
-    sink instanceof ExpressCors and label = [DataFlow::FlowLabel::taint(), wildcardLabel()]
+    sink instanceof ExpressCors and state = [FlowState::taint(), FlowState::wildcard()]
   }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
@@ -44,11 +45,11 @@ deprecated class Configuration extends TaintTracking::Configuration {
   Configuration() { this = "CorsPermissiveConfiguration" }
 
   override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-    CorsPermissiveConfigurationConfig::isSource(source, label)
+    CorsPermissiveConfigurationConfig::isSource(source, FlowState::fromFlowLabel(label))
   }
 
   override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    CorsPermissiveConfigurationConfig::isSink(sink, label)
+    CorsPermissiveConfigurationConfig::isSink(sink, FlowState::fromFlowLabel(label))
   }
 
   override predicate isSanitizer(DataFlow::Node node) {
@@ -57,10 +58,10 @@ deprecated class Configuration extends TaintTracking::Configuration {
   }
 }
 
-private class WildcardActivated extends DataFlow::FlowLabel, Wildcard {
+deprecated private class WildcardActivated extends DataFlow::FlowLabel, Wildcard {
   WildcardActivated() { this = this }
 }
 
-private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull {
+deprecated private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull {
   TrueAndNullActivated() { this = this }
 }