Skip to content

Commit b4130e6

Browse files
egregius313egregius313
committed
Refactor RegexFlowConfigs.qll
1 parent 6681c1a commit b4130e6

File tree

1 file changed

+12
-14
lines changed

1 file changed

+12
-14
lines changed

java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -136,24 +136,22 @@ private class GuavaRegexFlowStep extends RegexAdditionalFlowStep {
136136
}
137137
}
138138

139-
private class RegexFlowConf extends DataFlow2::Configuration {
140-
RegexFlowConf() { this = "RegexFlowConfig" }
139+
private module RegexFlowConfig implements DataFlow::ConfigSig {
140+
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof ExploitableStringLiteral }
141141

142-
override predicate isSource(DataFlow::Node node) {
143-
node.asExpr() instanceof ExploitableStringLiteral
144-
}
145-
146-
override predicate isSink(DataFlow::Node node) { node instanceof RegexFlowSink }
142+
predicate isSink(DataFlow::Node node) { node instanceof RegexFlowSink }
147143

148-
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
144+
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
149145
any(RegexAdditionalFlowStep s).step(node1, node2)
150146
}
151147

152-
override predicate isBarrier(DataFlow::Node node) {
148+
predicate isBarrier(DataFlow::Node node) {
153149
node.getEnclosingCallable().getDeclaringType() instanceof NonSecurityTestClass
154150
}
155151
}
156152

153+
private module RegexFlow = DataFlow::Global<RegexFlowConfig>;
154+
157155
/**
158156
* Holds if `regex` is used as a regex, with the mode `mode` (if known).
159157
* If regex mode is not known, `mode` will be `"None"`.
@@ -162,7 +160,7 @@ private class RegexFlowConf extends DataFlow2::Configuration {
162160
* and therefore may be relevant for ReDoS queries are considered.
163161
*/
164162
predicate usedAsRegex(StringLiteral regex, string mode, boolean match_full_string) {
165-
any(RegexFlowConf c).hasFlow(DataFlow2::exprNode(regex), _) and
163+
RegexFlow::flow(DataFlow::exprNode(regex), _) and
166164
mode = "None" and // TODO: proper mode detection
167165
(if matchesFullString(regex) then match_full_string = true else match_full_string = false)
168166
}
@@ -172,9 +170,9 @@ predicate usedAsRegex(StringLiteral regex, string mode, boolean match_full_strin
172170
* as though it was implicitly surrounded by ^ and $.
173171
*/
174172
private predicate matchesFullString(StringLiteral regex) {
175-
exists(RegexFlowConf c, RegexFlowSink sink |
173+
exists(RegexFlowSink sink |
176174
sink.matchesFullString() and
177-
c.hasFlow(DataFlow2::exprNode(regex), sink)
175+
RegexFlow::flow(DataFlow::exprNode(regex), sink)
178176
)
179177
}
180178

@@ -185,8 +183,8 @@ private predicate matchesFullString(StringLiteral regex) {
185183
* and therefore may be relevant for ReDoS queries are considered.
186184
*/
187185
predicate regexMatchedAgainst(StringLiteral regex, Expr str) {
188-
exists(RegexFlowConf c, RegexFlowSink sink |
186+
exists(RegexFlowSink sink |
189187
str = sink.getStringArgument() and
190-
c.hasFlow(DataFlow2::exprNode(regex), sink)
188+
RegexFlow::flow(DataFlow::exprNode(regex), sink)
191189
)
192190
}

0 commit comments

Comments
 (0)