Rust: Have CleartextTransmissionSink extend QuerySink::Range.

geoffw0 · geoffw0 · commit 9183ed5755aa · 2025-03-24T14:16:09.000Z
diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
@@ -37,7 +37,7 @@ module CleartextLogging {
   private class SensitiveDataAsSource extends Source instanceof SensitiveData { }
 
   /** A sink for logging from model data. */
-  private class ModelsAsDataSinks extends Sink {
-    ModelsAsDataSinks() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) }
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) }
   }
 }
diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -10,32 +10,39 @@ private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
 
 /**
- * A data flow sink for cleartext transmission vulnerabilities. That is,
- * a `DataFlow::Node` of something that is transmitted over a network.
+ * Provides default sources, sinks and barriers for detecting cleartext
+ * transmission vulnerabilities, as well as extension points for adding your
+ * own.
  */
-abstract class CleartextTransmissionSink extends QuerySink::Range {
-  override string getSinkType() { result = "CleartextTransmission" }
-}
+module CleartextTransmission {
+  /**
+   * A data flow sink for cleartext transmission vulnerabilities. That is,
+   * a `DataFlow::Node` of something that is transmitted over a network.
+   */
+  abstract class Sink extends QuerySink::Range {
+    override string getSinkType() { result = "CleartextTransmission" }
+  }
 
-/**
- * A barrier for cleartext transmission vulnerabilities.
- */
-abstract class CleartextTransmissionBarrier extends DataFlow::Node { }
+  /**
+   * A barrier for cleartext transmission vulnerabilities.
+   */
+  abstract class Barrier extends DataFlow::Node { }
 
-/**
- * A unit class for adding additional flow steps.
- */
-class CleartextTransmissionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a flow
-   * step for paths related to cleartext transmission vulnerabilities.
+   * A unit class for adding additional flow steps.
    */
-  abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
-}
+  class AdditionalFlowStep extends Unit {
+    /**
+     * Holds if the step from `node1` to `node2` should be considered a flow
+     * step for paths related to cleartext transmission vulnerabilities.
+     */
+    abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
+  }
 
-/**
- * A sink defined through MaD.
- */
-private class MadCleartextTransmissionSink extends CleartextTransmissionSink {
-  MadCleartextTransmissionSink() { sinkNode(this, "transmission") }
+  /**
+   * A sink defined through MaD.
+   */
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { sinkNode(this, "transmission") }
+  }
 }
diff --git a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
@@ -52,7 +52,7 @@ module SqlInjection {
   }
 
   /** A sink for sql-injection from model data. */
-  private class ModelsAsDataSinks extends Sink {
-    ModelsAsDataSinks() { sinkNode(this, "sql-injection") }
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { sinkNode(this, "sql-injection") }
   }
 }
diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
@@ -24,12 +24,12 @@ import codeql.rust.security.CleartextTransmissionExtensions
 module CleartextTransmissionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) { node instanceof SensitiveData }
 
-  predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink }
+  predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmission::Sink }
 
-  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmission::Barrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo)
+    any(CleartextTransmission::AdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isBarrierIn(DataFlow::Node node) {

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ module CleartextLogging {`
`37`	`37`	`private class SensitiveDataAsSource extends Source instanceof SensitiveData { }`
`38`	`38`
`39`	`39`	`/** A sink for logging from model data. */`
`40`		`- private class ModelsAsDataSinks extends Sink {`
`41`		`- ModelsAsDataSinks() { exists(string s \| sinkNode(this, s) and s.matches("log-injection%")) }`
	`40`	`+ private class ModelsAsDataSink extends Sink {`
	`41`	`+ ModelsAsDataSink() { exists(string s \| sinkNode(this, s) and s.matches("log-injection%")) }`
`42`	`42`	`}`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ module SqlInjection {`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`/** A sink for sql-injection from model data. */`
`55`		`- private class ModelsAsDataSinks extends Sink {`
`56`		`- ModelsAsDataSinks() { sinkNode(this, "sql-injection") }`
	`55`	`+ private class ModelsAsDataSink extends Sink {`
	`56`	`+ ModelsAsDataSink() { sinkNode(this, "sql-injection") }`
`57`	`57`	`}`
`58`	`58`	`}`