@@ -83,25 +83,23 @@ private class ArrayUpdate extends Expr {
8383/**
8484 * A config that tracks dataflow from creating an array to an operation that updates it.
8585 */
86- private class ArrayUpdateConfig extends DataFlow2 :: Configuration {
87- ArrayUpdateConfig ( ) { this = "ArrayUpdateConfig" }
86+ private module ArrayUpdateConfig implements DataFlow :: ConfigSig {
87+ predicate isSource ( DataFlow :: Node source ) { source . asExpr ( ) instanceof StaticByteArrayCreation }
8888
89- override predicate isSource ( DataFlow:: Node source ) {
90- source .asExpr ( ) instanceof StaticByteArrayCreation
91- }
89+ predicate isSink ( DataFlow:: Node sink ) { sink .asExpr ( ) = any ( ArrayUpdate upd ) .getArray ( ) }
9290
93- override predicate isSink ( DataFlow:: Node sink ) { sink .asExpr ( ) = any ( ArrayUpdate upd ) .getArray ( ) }
94-
95- override predicate isBarrierOut ( DataFlow:: Node node ) { this .isSink ( node ) }
91+ predicate isBarrierOut ( DataFlow:: Node node ) { isSink ( node ) }
9692}
9793
94+ private module ArrayUpdateFlow = DataFlow:: Global< ArrayUpdateConfig > ;
95+
9896/**
9997 * A source that defines an array that doesn't get updated.
10098 */
10199private class StaticInitializationVectorSource extends DataFlow:: Node {
102100 StaticInitializationVectorSource ( ) {
103101 exists ( StaticByteArrayCreation array | array = this .asExpr ( ) |
104- not exists ( ArrayUpdateConfig config | config . hasFlow ( DataFlow2:: exprNode ( array ) , _) ) and
102+ not ArrayUpdateFlow :: flow ( DataFlow2:: exprNode ( array ) , _) and
105103 // Reduce FPs from utility methods that return an empty array in an exceptional case
106104 not exists ( ReturnStmt ret |
107105 array .getADimension ( ) .( CompileTimeConstantExpr ) .getIntValue ( ) = 0 and
@@ -146,9 +144,11 @@ private predicate createInitializationVectorSpecStep(DataFlow::Node fromNode, Da
146144}
147145
148146/**
147+ * DEPRECATED: Use `StaticInitializationVectorFlow` instead.
148+ *
149149 * A config that tracks dataflow to initializing a cipher with a static initialization vector.
150150 */
151- class StaticInitializationVectorConfig extends TaintTracking:: Configuration {
151+ deprecated class StaticInitializationVectorConfig extends TaintTracking:: Configuration {
152152 StaticInitializationVectorConfig ( ) { this = "StaticInitializationVectorConfig" }
153153
154154 override predicate isSource ( DataFlow:: Node source ) {
@@ -161,3 +161,19 @@ class StaticInitializationVectorConfig extends TaintTracking::Configuration {
161161 createInitializationVectorSpecStep ( fromNode , toNode )
162162 }
163163}
164+
165+ /**
166+ * A config that tracks dataflow to initializing a cipher with a static initialization vector.
167+ */
168+ private module StaticInitializationVectorConfig implements DataFlow:: ConfigSig {
169+ predicate isSource ( DataFlow:: Node source ) { source instanceof StaticInitializationVectorSource }
170+
171+ predicate isSink ( DataFlow:: Node sink ) { sink instanceof EncryptionInitializationSink }
172+
173+ predicate isAdditionalFlowStep ( DataFlow:: Node fromNode , DataFlow:: Node toNode ) {
174+ createInitializationVectorSpecStep ( fromNode , toNode )
175+ }
176+ }
177+
178+ /** Tracks the flow from a static initialization vector to the initialization of a cipher */
179+ module StaticInitializationVectorFlow = TaintTracking:: Global< StaticInitializationVectorConfig > ;
0 commit comments