From 5165999e9e2d7340c0530d6f5ab08a3e93a6be48 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 24 Nov 2023 21:59:30 +0100 Subject: [PATCH 1/2] C++: Deprecate `isUserInput`, `userInputArgument`, and `userInputReturned` --- .../lib/semmle/code/cpp/security/Security.qll | 18 +++++++----------- .../code/cpp/security/SecurityOptions.qll | 4 ++-- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/security/Security.qll b/cpp/ql/lib/semmle/code/cpp/security/Security.qll index 7a73144f5fa..63bdd685a20 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Security.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Security.qll @@ -45,7 +45,7 @@ class SecurityOptions extends string { /** * The argument of the given function is filled in from user input. */ - predicate userInputArgument(FunctionCall functionCall, int arg) { + deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { exists(string fname | functionCall.getTarget().hasGlobalOrStdName(fname) and exists(functionCall.getArgument(arg)) and @@ -73,7 +73,7 @@ class SecurityOptions extends string { /** * The return value of the given function is filled in from user input. */ - predicate userInputReturned(FunctionCall functionCall) { + deprecated predicate userInputReturned(FunctionCall functionCall) { exists(string fname | functionCall.getTarget().getName() = fname and ( @@ -91,12 +91,8 @@ class SecurityOptions extends string { /** * DEPRECATED: Users should override `userInputReturned()` instead. - * - * note: this function is not formally tagged as `deprecated` since the - * new `userInputReturned` uses it to provide compatibility with older - * custom SecurityOptions.qll files. */ - predicate userInputReturn(string function) { none() } + deprecated predicate userInputReturn(string function) { none() } /** * The argument of the given function is used for running a process or loading @@ -117,7 +113,7 @@ class SecurityOptions extends string { * computed from user input. Such expressions are treated as * sources of taint. */ - predicate isUserInput(Expr expr, string cause) { + deprecated predicate isUserInput(Expr expr, string cause) { exists(FunctionCall fc, int i | this.userInputArgument(fc, i) and expr = fc.getArgument(i) and @@ -178,17 +174,17 @@ predicate argv(Parameter argv) { predicate isPureFunction(string name) { exists(SecurityOptions opts | opts.isPureFunction(name)) } /** Convenience accessor for SecurityOptions.userInputArgument */ -predicate userInputArgument(FunctionCall functionCall, int arg) { +deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { exists(SecurityOptions opts | opts.userInputArgument(functionCall, arg)) } /** Convenience accessor for SecurityOptions.userInputReturn */ -predicate userInputReturned(FunctionCall functionCall) { +deprecated predicate userInputReturned(FunctionCall functionCall) { exists(SecurityOptions opts | opts.userInputReturned(functionCall)) } /** Convenience accessor for SecurityOptions.isUserInput */ -predicate isUserInput(Expr expr, string cause) { +deprecated predicate isUserInput(Expr expr, string cause) { exists(SecurityOptions opts | opts.isUserInput(expr, cause)) } diff --git a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll index 64babe419c3..81815971478 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll @@ -23,7 +23,7 @@ class CustomSecurityOptions extends SecurityOptions { none() // rules to match custom functions replace this line } - override predicate userInputArgument(FunctionCall functionCall, int arg) { + deprecated override predicate userInputArgument(FunctionCall functionCall, int arg) { SecurityOptions.super.userInputArgument(functionCall, arg) or exists(string fname | @@ -36,7 +36,7 @@ class CustomSecurityOptions extends SecurityOptions { ) } - override predicate userInputReturned(FunctionCall functionCall) { + deprecated override predicate userInputReturned(FunctionCall functionCall) { SecurityOptions.super.userInputReturned(functionCall) or exists(string fname | From c6b0a2363a6ad97dfea16be34daa2b96678f413c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 8 Dec 2023 13:31:32 +0100 Subject: [PATCH 2/2] C++: Add change note --- cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md diff --git a/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md b/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md new file mode 100644 index 00000000000..89b7a9007c5 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.