Make imports private

Author: owen-mc

java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll

@@ -4,7 +4,7 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.AndroidIntentRedirection
-import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlow
 
 /** A taint tracking configuration for tainted Intents being used to start Android components. */
 module IntentRedirectionConfig implements DataFlow::ConfigSig {

java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll

@@ -4,8 +4,8 @@ import java
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.frameworks.android.Intent
 import semmle.code.java.security.SensitiveActions
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSinks
-import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * Gets regular expression for matching names of Android variables that indicate the value being held contains sensitive information.

java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll

@@ -3,8 +3,8 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.security.ArbitraryApkInstallation
-import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A dataflow configuration for flow from an external source of an APK to the

java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll

@@ -1,9 +1,9 @@
 /** Provides taint-tracking configurations to reason about arithmetic with unvalidated input. */
 
 import java
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.security.ArithmeticCommon
-import semmle.code.java.dataflow.ExternalFlow
 
 /** A taint-tracking configuration to reason about overflow from unvalidated input. */
 module ArithmeticOverflowConfig implements DataFlow::ConfigSig {
@@ -38,12 +38,12 @@ deprecated module RemoteUserInputOverflowConfig = ArithmeticOverflowConfig;
 module ArithmeticUnderflowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
-    underflowBarrier(n) or
-    barrierNode(n, "java/tainted-arithmetic")
-
   predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
 
-  predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
+  predicate isBarrier(DataFlow::Node n) {
+    underflowBarrier(n) or
+    barrierNode(n, "java/tainted-arithmetic")
+  }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 

java/ql/lib/semmle/code/java/security/ArithmeticUncontrolledQuery.qll

@@ -1,11 +1,11 @@
 /** Provides taint-tracking configuration to reason about arithmetic with uncontrolled values. */
 
 import java
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.RandomQuery
 private import semmle.code.java.security.SecurityTests
 private import semmle.code.java.security.ArithmeticCommon
-import semmle.code.java.dataflow.ExternalFlow
 
 private class TaintSource extends DataFlow::ExprNode {
   TaintSource() {

java/ql/lib/semmle/code/java/security/ArithmeticWithExtremeValuesQuery.qll

@@ -1,9 +1,9 @@
 /** Provides predicates and classes for reasoning about arithmetic with extreme values. */
 
 import java
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.security.ArithmeticCommon
-import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A field representing an extreme value.

java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll

@@ -2,9 +2,9 @@
 
 import java
 private import semmle.code.java.security.Encryption
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.Sanitizers
-import semmle.code.java.dataflow.ExternalFlow
 
 private class ShortStringLiteral extends StringLiteral {
   ShortStringLiteral() { this.getValue().length() < 100 }

java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll

@@ -7,7 +7,7 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.SensitiveActions
 import semmle.code.java.controlflow.Guards
-import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * Holds if `ma` is controlled by the condition expression `e`.

java/ql/lib/semmle/code/java/security/ExternalAPIs.qll

@@ -8,7 +8,7 @@ module;
 import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A `Method` that is considered a "safe" external API from a security perspective.

java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll

@@ -1,10 +1,10 @@
 /** Provides a taint-tracking configuration to reason about externally controlled format string vulnerabilities. */
 
 import java
+private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSinks
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.StringFormat
-import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A string format sink node.