Merge pull request #15732 from github/max-schaefer/more-sink-types

max-schaefer · web-flow · commit f2935caa5cd8 · 2024-02-27T15:52:45.000Z
Automodel: Add four more sink types.
diff --git a/java/ql/automodel/src/AutomodelEndpointTypes.qll b/java/ql/automodel/src/AutomodelEndpointTypes.qll
@@ -50,6 +50,26 @@ class CommandInjectionSinkType extends SinkType {
   CommandInjectionSinkType() { this = "command-injection" }
 }
 
+/** A sink relevant to file storage. */
+class FileContentStoreSinkType extends SinkType {
+  FileContentStoreSinkType() { this = "file-content-store" }
+}
+
+/** A sink relevant to HTML injection. */
+class HtmlInjectionSinkType extends SinkType {
+  HtmlInjectionSinkType() { this = "html-injection" }
+}
+
+/** A sink relevant to LDAP injection. */
+class LdapInjectionSinkType extends SinkType {
+  LdapInjectionSinkType() { this = "ldap-injection" }
+}
+
+/** A sink relevant to URL redirection. */
+class UrlRedirectionSinkType extends SinkType {
+  UrlRedirectionSinkType() { this = "url-redirection" }
+}
+
 /** A class for source types that can be predicted by a classifier. */
 abstract class SourceType extends EndpointType {
   bindingset[this]
diff --git a/java/ql/automodel/src/AutomodelJavaUtil.qll b/java/ql/automodel/src/AutomodelJavaUtil.qll
@@ -28,20 +28,7 @@ class DollarAtString extends string {
  * descriptions.
  */
 predicate isKnownKind(string kind, AutomodelEndpointTypes::EndpointType type) {
-  kind = "path-injection" and
-  type instanceof AutomodelEndpointTypes::PathInjectionSinkType
-  or
-  kind = "sql-injection" and
-  type instanceof AutomodelEndpointTypes::SqlInjectionSinkType
-  or
-  kind = "request-forgery" and
-  type instanceof AutomodelEndpointTypes::RequestForgerySinkType
-  or
-  kind = "command-injection" and
-  type instanceof AutomodelEndpointTypes::CommandInjectionSinkType
-  or
-  kind = "remote" and
-  type instanceof AutomodelEndpointTypes::RemoteSourceType
+  kind = type.getKind()
 }
 
 /**
