Add corrected code - still has some errors

Keith Hoodlet · Keith Hoodlet · commit 837f32ecd68f · 2023-08-24T17:01:57.000-04:00
diff --git a/java/CWE-611/XXELocal.ql b/java/CWE-611/XXELocal.ql
@@ -20,21 +20,22 @@ import semmle.code.java.dataflow.TaintTracking2
 //import DataFlow::PathGraph
 import github.LocalSources
 
-class SafeSAXSourceFlowConfig extends TaintTracking2::Configuration {
-  SafeSAXSourceFlowConfig() { this = "XmlParsers::SafeSAXSourceFlowConfig" }
 
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxSource }
+module SafeSAXSourceFlowConfig implements DataFlow::ConfigSig{
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxSource }
 
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(XmlParserCall parse).getSink()
   }
 
-  override int fieldFlowBranchLimit() { result = 0 }
+  int fieldFlowBranchLimit() { result = 0 }
 }
 
+module SafeSAXSourceFlow = TaintTracking::Global<SafeSAXSourceFlowConfig>;
+
 class UnsafeXxeSink extends DataFlow::ExprNode {
   UnsafeXxeSink() {
-    not exists(SafeSAXSourceFlowConfig safeSource | safeSource.hasFlowTo(this)) and
+    not exists(SafeSAXSourceFlow::flowPath(this)) and
     exists(XmlParserCall parse |
       parse.getSink() = this.getExpr() and
       not parse.isSafe()
@@ -43,7 +44,9 @@ class UnsafeXxeSink extends DataFlow::ExprNode {
 }
 
 module XXELocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
+  predicate isSource(DataFlow::Node source) { 
+    source instanceof LocalUserInput and
+    not exists(DataFlow::Node src | src.asExpr() instanceof SafeSaxSource)}
 
   predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
 }
