Convert Forwards/BackwardsDataFlow to new dataflow API

Jami Cogswell · Jami Cogswell · commit 72648d4a8774 · 2025-04-28T22:07:21.000-04:00
diff --git a/javascript/src/audit/templates/BackwardsDataFlow.ql b/javascript/src/audit/templates/BackwardsDataFlow.ql
@@ -9,23 +9,22 @@
  */
 
  import javascript
- import DataFlow::PathGraph
- import semmle.javascript.explore.BackwardDataFlow
+ import BackwardDataFlow::PathGraph
  
- class BackwardDataFlowConfig extends TaintTracking::Configuration {
-   BackwardDataFlowConfig() { this = "BackwardDataFlowConfig" }
+ module BackwardDataFlowConfig implements DataFlow::ConfigSig { 
+  predicate isSource(DataFlow::Node source) { any() }
  
-   // `isSource` is ignored when `semmle.javascript.explore.BackwardDataFlow` is imported.
- 
-   override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
      // Define the sink to run the backwards dataflow from. Eg:
      // sink = API::moduleImport("module").getMember("method").getParameter(0).asSink()
      none()
    }
  }
+
+ module BackwardDataFlow = TaintTracking::Global<BackwardDataFlowConfig>;
  
- from BackwardDataFlowConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
- where cfg.hasFlowPath(source, sink)
+ from BackwardDataFlow::PathNode source, BackwardDataFlow::PathNode sink
+ where BackwardDataFlow::flowPath(source, sink)
  select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
    "this source"
  
diff --git a/javascript/src/audit/templates/ForwardDataFlow.ql b/javascript/src/audit/templates/ForwardDataFlow.ql
@@ -9,23 +9,22 @@
  */
 
  import javascript
- import DataFlow::PathGraph
- import semmle.javascript.explore.ForwardDataFlow
+ import ForwardDataFlow::PathGraph
  
- class ForwardDataFlowConfig extends TaintTracking::Configuration {
-   ForwardDataFlowConfig() { this = "ForwardDataFlowConfig" }
- 
-   override predicate isSource(DataFlow::Node source) {
+ module ForwardDataFlowConfig implements DataFlow::ConfigSig { 
+   predicate isSource(DataFlow::Node source) {
      // Define the source to run the forward dataflow from. Eg:
      // source = API::moduleImport(_).getMember("method").getReturn().asSource()
      none()
    }
- 
-   // `isSink` is ignored when `semmle.javascript.explore.ForwardDataFlow` is imported.
+
+   predicate isSink(DataFlow::Node sink) { any() }
  }
+
+ module ForwardDataFlow = TaintTracking::Global<ForwardDataFlowConfig>;
  
- from ForwardDataFlowConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
- where cfg.hasFlowPath(source, sink)
+ from ForwardDataFlow::PathNode source, ForwardDataFlow::PathNode sink
+ where ForwardDataFlow::flowPath(source, sink)
  select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
    "this source"
  
