Update dataflow library in LogInjection.ql

knewbury01 · knewbury01 · commit dad02753b865 · 2025-08-15T18:41:16.000-04:00
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPLogInjectionQuery.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPLogInjectionQuery.qll
@@ -43,19 +43,19 @@ class CdsLogSink extends DataFlow::Node {
   }
 }
 
-class CAPLogInjectionConfiguration extends LogInjectionConfiguration {
-  override predicate isSource(DataFlow::Node start) {
-    super.isSource(start)
+module CAPLogInjectionConfiguration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node start) {
+    LogInjectionConfig::isSource(start)
     or
     start instanceof RemoteFlowSource
   }
 
-  override predicate isBarrier(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     exists(HandlerParameterData handlerParameterData |
       node = handlerParameterData and
       not handlerParameterData.getType() = ["cds.String", "cds.LargeString"]
     )
   }
 
-  override predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }
+  predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }
 }
diff --git a/javascript/frameworks/cap/src/loginjection/LogInjection.ql b/javascript/frameworks/cap/src/loginjection/LogInjection.ql
@@ -11,11 +11,15 @@
  */
 
 import javascript
-import DataFlow::PathGraph
 import advanced_security.javascript.frameworks.cap.dataflow.DataFlow
 import advanced_security.javascript.frameworks.cap.CAPLogInjectionQuery
 
-from CAPLogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module CAPLogInjectionConfigurationFlow = TaintTracking::Global<CAPLogInjectionConfiguration>;
+
+import CAPLogInjectionConfigurationFlow::PathGraph
+
+from
+  CAPLogInjectionConfigurationFlow::PathNode source, CAPLogInjectionConfigurationFlow::PathNode sink
+where CAPLogInjectionConfigurationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(),
   "user-provided value"
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/log-injection-not-depending-on-request.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/log-injection-not-depending-on-request.expected
@@ -1,6 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
 edges
+nodes
+subpaths
 #select
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-type-sanitized/log-injection-type-sanitized.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-type-sanitized/log-injection-type-sanitized.expected
@@ -1,6 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
 edges
+nodes
+subpaths
 #select
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/log-injection-with-complete-protocol-none.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/log-injection-with-complete-protocol-none.expected
@@ -1,6 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
 edges
+nodes
+subpaths
 #select
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/log-injection-with-service1-protocol-none.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/log-injection-with-service1-protocol-none.expected
@@ -1,20 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
-| srv/service2.js:7:15:7:31 | { messageToPass } |
-| srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:9:32:9:44 | messageToPass |
 edges
-| srv/service2.js:7:15:7:31 | { messageToPass } | srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass | srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:7:15:7:31 | { messageToPass } |
-| srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:7:15:7:31 | { messageToPass } |
+nodes
+subpaths
 #select
-| srv/service2.js:9:32:9:44 | messageToPass | srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:9:32:9:44 | messageToPass | Log entry depends on a $@. | srv/service2.js:7:35:7:42 | msg.data | user-provided value |
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/log-injection-with-service2-protocol-none.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/log-injection-with-service2-protocol-none.expected
@@ -1,36 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
-| srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:7:19:7:46 | messageToPass |
-| srv/service1.js:7:21:7:33 | messageToPass |
-| srv/service1.js:7:39:7:46 | req.data |
-| srv/service1.js:7:39:7:46 | req.data |
-| srv/service1.js:9:36:9:52 | { messageToPass } |
-| srv/service1.js:9:38:9:50 | messageToPass |
-| srv/service2.js:6:29:6:31 | msg |
-| srv/service2.js:7:15:7:31 | { messageToPass } |
-| srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:35:7:37 | msg |
-| srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:9:32:9:44 | messageToPass |
 edges
-| srv/service1.js:7:19:7:35 | { messageToPass } | srv/service1.js:7:21:7:33 | messageToPass |
-| srv/service1.js:7:19:7:46 | messageToPass | srv/service1.js:9:38:9:50 | messageToPass |
-| srv/service1.js:7:21:7:33 | messageToPass | srv/service1.js:7:19:7:46 | messageToPass |
-| srv/service1.js:7:39:7:46 | req.data | srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:7:39:7:46 | req.data | srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:9:36:9:52 | { messageToPass } | srv/service2.js:6:29:6:31 | msg |
-| srv/service1.js:9:38:9:50 | messageToPass | srv/service1.js:9:36:9:52 | { messageToPass } |
-| srv/service2.js:6:29:6:31 | msg | srv/service2.js:7:35:7:37 | msg |
-| srv/service2.js:7:15:7:31 | { messageToPass } | srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass | srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:35:7:37 | msg | srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:7:15:7:31 | { messageToPass } |
+nodes
+subpaths
 #select
-| srv/service2.js:9:32:9:44 | messageToPass | srv/service1.js:7:39:7:46 | req.data | srv/service2.js:9:32:9:44 | messageToPass | Log entry depends on a $@. | srv/service1.js:7:39:7:46 | req.data | user-provided value |
diff --git a/javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/log-injection-without-protocol-none.expected b/javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/log-injection-without-protocol-none.expected
@@ -1,39 +1,4 @@
-WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
-WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
-nodes
-| srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:7:19:7:46 | messageToPass |
-| srv/service1.js:7:21:7:33 | messageToPass |
-| srv/service1.js:7:39:7:46 | req.data |
-| srv/service1.js:7:39:7:46 | req.data |
-| srv/service1.js:9:36:9:52 | { messageToPass } |
-| srv/service1.js:9:38:9:50 | messageToPass |
-| srv/service2.js:6:29:6:31 | msg |
-| srv/service2.js:7:15:7:31 | { messageToPass } |
-| srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:35:7:37 | msg |
-| srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:9:32:9:44 | messageToPass |
 edges
-| srv/service1.js:7:19:7:35 | { messageToPass } | srv/service1.js:7:21:7:33 | messageToPass |
-| srv/service1.js:7:19:7:46 | messageToPass | srv/service1.js:9:38:9:50 | messageToPass |
-| srv/service1.js:7:21:7:33 | messageToPass | srv/service1.js:7:19:7:46 | messageToPass |
-| srv/service1.js:7:39:7:46 | req.data | srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:7:39:7:46 | req.data | srv/service1.js:7:19:7:35 | { messageToPass } |
-| srv/service1.js:9:36:9:52 | { messageToPass } | srv/service2.js:6:29:6:31 | msg |
-| srv/service1.js:9:38:9:50 | messageToPass | srv/service1.js:9:36:9:52 | { messageToPass } |
-| srv/service2.js:6:29:6:31 | msg | srv/service2.js:7:35:7:37 | msg |
-| srv/service2.js:7:15:7:31 | { messageToPass } | srv/service2.js:7:17:7:29 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:15:7:42 | messageToPass | srv/service2.js:9:32:9:44 | messageToPass |
-| srv/service2.js:7:17:7:29 | messageToPass | srv/service2.js:7:15:7:42 | messageToPass |
-| srv/service2.js:7:35:7:37 | msg | srv/service2.js:7:35:7:42 | msg.data |
-| srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:7:15:7:31 | { messageToPass } |
-| srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:7:15:7:31 | { messageToPass } |
+nodes
+subpaths
 #select
-| srv/service2.js:9:32:9:44 | messageToPass | srv/service1.js:7:39:7:46 | req.data | srv/service2.js:9:32:9:44 | messageToPass | Log entry depends on a $@. | srv/service1.js:7:39:7:46 | req.data | user-provided value |
-| srv/service2.js:9:32:9:44 | messageToPass | srv/service2.js:7:35:7:42 | msg.data | srv/service2.js:9:32:9:44 | messageToPass | Log entry depends on a $@. | srv/service2.js:7:35:7:42 | msg.data | user-provided value |

Original file line number	Diff line number	Diff line change
`@@ -43,19 +43,19 @@ class CdsLogSink extends DataFlow::Node {`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
`46`		`-class CAPLogInjectionConfiguration extends LogInjectionConfiguration {`
`47`		`- override predicate isSource(DataFlow::Node start) {`
`48`		`- super.isSource(start)`
	`46`	`+module CAPLogInjectionConfiguration implements DataFlow::ConfigSig {`
	`47`	`+ predicate isSource(DataFlow::Node start) {`
	`48`	`+ LogInjectionConfig::isSource(start)`
`49`	`49`	`or`
`50`	`50`	`start instanceof RemoteFlowSource`
`51`	`51`	`}`
`52`	`52`
`53`		`- override predicate isBarrier(DataFlow::Node node) {`
	`53`	`+ predicate isBarrier(DataFlow::Node node) {`
`54`	`54`	`exists(HandlerParameterData handlerParameterData \|`
`55`	`55`	`node = handlerParameterData and`
`56`	`56`	`not handlerParameterData.getType() = ["cds.String", "cds.LargeString"]`
`57`	`57`	`)`
`58`	`58`	`}`
`59`	`59`
`60`		`- override predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }`
	`60`	`+ predicate isSink(DataFlow::Node end) { end instanceof CdsLogSink }`
`61`	`61`	`}`