Skip to content

Commit 727bdde

Browse files
d10cd10c
authored
Merge pull request #20607 from d10c/d10c/update-diff-informed-testing
Update diff-informed testing to always treat sources and sinks as alert locations
2 parents 8d49f26 + a0975e7 commit 727bdde

File tree

76 files changed

+134
-152
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

76 files changed

+134
-152
lines changed

actions/ql/lib/codeql/actions/security/ArgumentInjectionQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -100,8 +100,6 @@ private module ArgumentInjectionConfig implements DataFlow::ConfigSig {
100100

101101
predicate observeDiffInformedIncrementalMode() { any() }
102102

103-
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
104-
105103
Location getASelectedSinkLocation(DataFlow::Node sink) {
106104
result = sink.getLocation()
107105
or

actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -333,8 +333,6 @@ private module ArtifactPoisoningConfig implements DataFlow::ConfigSig {
333333

334334
predicate observeDiffInformedIncrementalMode() { any() }
335335

336-
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
337-
338336
Location getASelectedSinkLocation(DataFlow::Node sink) {
339337
result = sink.getLocation()
340338
or

actions/ql/lib/codeql/actions/security/CodeInjectionQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,8 +80,6 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
8080

8181
predicate observeDiffInformedIncrementalMode() { any() }
8282

83-
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
84-
8583
Location getASelectedSinkLocation(DataFlow::Node sink) {
8684
result = sink.getLocation()
8785
or

actions/ql/lib/codeql/actions/security/EnvPathInjectionQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -130,8 +130,6 @@ private module EnvPathInjectionConfig implements DataFlow::ConfigSig {
130130

131131
predicate observeDiffInformedIncrementalMode() { any() }
132132

133-
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
134-
135133
Location getASelectedSinkLocation(DataFlow::Node sink) {
136134
result = sink.getLocation()
137135
or

actions/ql/lib/codeql/actions/security/EnvVarInjectionQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -184,8 +184,6 @@ private module EnvVarInjectionConfig implements DataFlow::ConfigSig {
184184

185185
predicate observeDiffInformedIncrementalMode() { any() }
186186

187-
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
188-
189187
Location getASelectedSinkLocation(DataFlow::Node sink) {
190188
result = sink.getLocation()
191189
or

actions/ql/lib/codeql/actions/security/OutputClobberingQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -212,8 +212,6 @@ private module OutputClobberingConfig implements DataFlow::ConfigSig {
212212
}
213213

214214
predicate observeDiffInformedIncrementalMode() { any() }
215-
216-
Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
217215
}
218216

219217
/** Tracks flow of unsafe user input that is used to construct and evaluate an environment variable. */

actions/ql/lib/codeql/actions/security/RequestForgeryQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,6 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig {
1818
predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink }
1919

2020
predicate observeDiffInformedIncrementalMode() { any() }
21-
22-
Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
2321
}
2422

2523
/** Tracks flow of unsafe user input that is used to construct and evaluate a system command. */

actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@ private module SecretExfiltrationConfig implements DataFlow::ConfigSig {
1717
predicate isSink(DataFlow::Node sink) { sink instanceof SecretExfiltrationSink }
1818

1919
predicate observeDiffInformedIncrementalMode() { any() }
20-
21-
Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
2220
}
2321

2422
/** Tracks flow of unsafe user input that is used in a context where it may lead to a secret exfiltration. */

actions/ql/src/Models/CompositeActionsSinks.ql

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,6 @@ private module MyConfig implements DataFlow::ConfigSig {
2626
}
2727

2828
predicate observeDiffInformedIncrementalMode() { any() }
29-
30-
Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
3129
}
3230

3331
module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/CompositeActionsSources.ql

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,6 @@ private module MyConfig implements DataFlow::ConfigSig {
3636
}
3737

3838
predicate observeDiffInformedIncrementalMode() { any() }
39-
40-
Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
4139
}
4240

4341
module MyFlow = TaintTracking::Global<MyConfig>;

0 commit comments

Comments
 (0)