Merge pull request #12731 from michaelnebel/csharp/refactorcleatextstorage

michaelnebel · web-flow · commit b5b0d6007486 · 2023-04-12T09:32:56.000+02:00
C#: Re-factor CleartextStorage to use the new API.
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
@@ -24,9 +24,11 @@ abstract class Sink extends DataFlow::ExprNode { }
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
 /**
+ * DEPRECATED: Use `ClearTextStorage` instead.
+ *
  * A taint-tracking configuration for cleartext storage of sensitive information.
  */
-class TaintTrackingConfiguration extends TaintTracking::Configuration {
+deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
   TaintTrackingConfiguration() { this = "ClearTextStorage" }
 
   override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -36,6 +38,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
   override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 }
 
+/**
+ * A taint-tracking configuration for cleartext storage of sensitive information.
+ */
+private module ClearTextStorageConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+}
+
+/**
+ * A taint-tracking module for cleartext storage of sensitive information.
+ */
+module ClearTextStorage = TaintTracking::Global<ClearTextStorageConfig>;
+
 /** A source of sensitive data. */
 class SensitiveExprSource extends Source {
   SensitiveExprSource() { this.getExpr() instanceof SensitiveExpr }
diff --git a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
@@ -15,9 +15,9 @@
 
 import csharp
 import semmle.code.csharp.security.dataflow.CleartextStorageQuery
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import ClearTextStorage::PathGraph
 
-from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from ClearTextStorage::PathNode source, ClearTextStorage::PathNode sink
+where ClearTextStorage::flowPath(source, sink)
 select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.",
   source.getNode(), source.toString()
