feat(python): Update XSS Audit query and tests

GeekMasher · GeekMasher · commit 2da3943d44fa · 2024-01-08T15:40:54.000Z
diff --git a/python/src/audit/CWE-079/XssFlaskAudit.ql b/python/src/audit/CWE-079/XssFlaskAudit.ql
@@ -14,7 +14,6 @@
  */
 
 import python
-import DataFlow::PathGraph
 import semmle.python.Concepts
 import semmle.python.ApiGraphs
 import semmle.python.dataflow.new.DataFlow
@@ -33,17 +32,19 @@ class DynamicTemplate extends DataFlow::Node {
   }
 }
 
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "AuditXSSJinja2" }
+module Configuration implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ReflectedXss::Source }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof ReflectedXss::Source }
+  predicate isSink(DataFlow::Node sink) { sink instanceof DynamicTemplate }
 
-  override predicate isSink(DataFlow::Node sink) { sink instanceof DynamicTemplate }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof ReflectedXss::Sanitizer }
+  predicate isBarrier(DataFlow::Node node) { node instanceof ReflectedXss::Sanitizer }
 }
 
-from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module ConfigurationFlow = TaintTracking::Global<Configuration>;
+
+import ConfigurationFlow::PathGraph //importing the path graph from the module
+
+from ConfigurationFlow::PathNode source, ConfigurationFlow::PathNode sink
+where ConfigurationFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.",
   source.getNode(), "user-provided value"
diff --git a/python/test/audit/CWE-079/XssFlaskAudit.expected b/python/test/audit/CWE-079/XssFlaskAudit.expected
@@ -1,15 +1,13 @@
 edges
-| app.py:1:26:1:32 | ControlFlowNode for ImportMember | app.py:1:26:1:32 | GSSA Variable request |
-| app.py:1:26:1:32 | GSSA Variable request | app.py:12:16:12:22 | ControlFlowNode for request |
-| app.py:12:16:12:22 | ControlFlowNode for request | app.py:12:16:12:27 | ControlFlowNode for Attribute |
-| app.py:12:16:12:27 | ControlFlowNode for Attribute | app.py:12:16:12:39 | ControlFlowNode for Subscript |
-| app.py:12:16:12:39 | ControlFlowNode for Subscript | app.py:14:51:14:58 | ControlFlowNode for username |
+| app.py:1:26:1:32 | ControlFlowNode for ImportMember | app.py:1:26:1:32 | ControlFlowNode for request |
+| app.py:1:26:1:32 | ControlFlowNode for request | app.py:12:16:12:22 | ControlFlowNode for request |
+| app.py:12:5:12:12 | ControlFlowNode for username | app.py:14:51:14:58 | ControlFlowNode for username |
+| app.py:12:16:12:22 | ControlFlowNode for request | app.py:12:5:12:12 | ControlFlowNode for username |
 nodes
 | app.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| app.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
+| app.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| app.py:12:5:12:12 | ControlFlowNode for username | semmle.label | ControlFlowNode for username |
 | app.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| app.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| app.py:12:16:12:39 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | app.py:14:51:14:58 | ControlFlowNode for username | semmle.label | ControlFlowNode for username |
 subpaths
 #select
