From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 11 Dec 2024 12:53:00 +0000 (+0100)
Subject: github: Update chunk_from_chars() CodeQL query to new data flow API
X-Git-Tag: android-2.5.3~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a465c54805c17157ad21167b79dbdb78ce90bda6;p=thirdparty%2Fstrongswan.git

github: Update chunk_from_chars() CodeQL query to new data flow API
---

diff --git a/.github/codeql/cpp-queries/chunk_from_chars.ql b/.github/codeql/cpp-queries/chunk_from_chars.ql
index f60e3e7c94..5855cb9cc7 100644
--- a/.github/codeql/cpp-queries/chunk_from_chars.ql
+++ b/.github/codeql/cpp-queries/chunk_from_chars.ql
@@ -10,8 +10,7 @@
  * @precision very-high
  */
 import cpp
-import DataFlow::PathGraph
-import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.new.DataFlow
 
 class ChunkFromChars extends Expr {
   ChunkFromChars() {
@@ -23,29 +22,30 @@ class ChunkFromChars extends Expr {
   }
 }
 
-class ChunkFromCharsUsage extends DataFlow::Configuration {
-  ChunkFromCharsUsage() { this = "ChunkFromCharsUsage" }
-
-  override predicate isSource(DataFlow::Node source) {
+module ChunkFromCharsConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source.asExpr() instanceof ChunkFromChars
   }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(sink.asExpr())
   }
 
-  override predicate isBarrierOut(DataFlow::Node node) {
+  predicate isBarrierOut(DataFlow::Node node) {
     /* don't track beyond function calls */
     exists(FunctionCall fc | node.asExpr().getParent*() = fc)
   }
 }
 
+module ChunkFromCharsFlow = DataFlow::Global<ChunkFromCharsConfig>;
+import ChunkFromCharsFlow::PathGraph
+
 BlockStmt enclosingBlock(BlockStmt b) {
   result = b.getEnclosingBlock()
 }
 
-from ChunkFromCharsUsage usage, DataFlow::PathNode source, DataFlow::PathNode sink
+from ChunkFromCharsFlow::PathNode source, ChunkFromCharsFlow::PathNode sink
 where
-  usage.hasFlowPath(source, sink)
+  ChunkFromCharsFlow::flowPath(source, sink)
   and not source.getNode().asExpr().getEnclosingBlock() = enclosingBlock*(sink.getNode().asExpr().getEnclosingBlock())
 select source, source, sink, "Invalid use of chunk_from_chars() result in sibling/parent block."