Refactor

owen-mc · owen-mc · commit 7e8c83bf2e0e · 2026-04-22T13:26:24.000+01:00
diff --git a/go/ql/lib/semmle/go/Concepts.qll b/go/ql/lib/semmle/go/Concepts.qll
@@ -574,18 +574,19 @@ module Cryptography {
    * is one) have been initialized separately.
    */
   abstract class EncryptionOperation extends CryptographicOperation::Range {
-    DataFlow::Node encryptionFlowTarget;
-    DataFlow::Node inputNode;
+    abstract DataFlow::Node getEncryptionFlowTarget();
+
+    abstract DataFlow::Node getInputNode();
 
     override DataFlow::Node getInitialization() {
-      EncryptionFlow::flow(result, encryptionFlowTarget)
+      EncryptionFlow::flow(result, this.getEncryptionFlowTarget())
     }
 
     override EncryptionAlgorithm getAlgorithm() {
       result = this.getInitialization().(EncryptionAlgorithmInit).getAlgorithm()
     }
 
-    override DataFlow::Node getAnInput() { result = inputNode }
+    override DataFlow::Node getAnInput() { result = this.getInputNode() }
 
     override BlockMode getBlockMode() {
       result = this.getInitialization().(BlockModeInit).getMode()
@@ -601,8 +602,12 @@ module Cryptography {
     int inputArg;
 
     EncryptionMethodCall() {
-      encryptionFlowTarget = super.getReceiver() and
-      inputNode = super.getArgument(inputArg)
+      exists(super.getReceiver()) and
+      exists(super.getArgument(inputArg))
     }
+
+    override DataFlow::Node getEncryptionFlowTarget() { result = super.getReceiver() }
+
+    override DataFlow::Node getInputNode() { result = super.getArgument(inputArg) }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/CryptoLibraries.qll b/go/ql/lib/semmle/go/frameworks/CryptoLibraries.qll
@@ -381,6 +381,9 @@ private module Crypto {
     }
 
     private class StreamReader extends EncryptionOperation {
+      DataFlow::Node encryptionFlowTarget;
+      DataFlow::Node inputNode;
+
       StreamReader() {
         lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamReader") and
         exists(DataFlow::Write w, DataFlow::Node base, Field f |
@@ -394,6 +397,10 @@ private module Crypto {
           DataFlow::localFlow(base, this)
         )
       }
+
+      override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }
+
+      override DataFlow::Node getInputNode() { result = inputNode }
     }
 
     /**
@@ -402,9 +409,10 @@ private module Crypto {
      * so it only works within one function.
      */
     private class StreamWriter extends EncryptionOperation {
+      DataFlow::Node encryptionFlowTarget;
+
       StreamWriter() {
         lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamWriter") and
-        inputNode = this and
         exists(DataFlow::Write w, DataFlow::Node base, Field f |
           w.writesField(base, f, encryptionFlowTarget) and
           f.hasQualifiedName("crypto/cipher", "StreamWriter", "S")
@@ -413,6 +421,10 @@ private module Crypto {
           TaintTracking::localTaint(base, this.(DataFlow::PostUpdateNode).getPreUpdateNode())
         )
       }
+
+      override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }
+
+      override DataFlow::Node getInputNode() { result = this }
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -381,6 +381,9 @@ private module Crypto {`
`381`	`381`	`}`
`382`	`382`
`383`	`383`	`private class StreamReader extends EncryptionOperation {`
	`384`	`+ DataFlow::Node encryptionFlowTarget;`
	`385`	`+ DataFlow::Node inputNode;`
	`386`	`+`
`384`	`387`	`StreamReader() {`
`385`	`388`	`lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamReader") and`
`386`	`389`	`exists(DataFlow::Write w, DataFlow::Node base, Field f \|`
`@@ -394,6 +397,10 @@ private module Crypto {`
`394`	`397`	`DataFlow::localFlow(base, this)`
`395`	`398`	`)`
`396`	`399`	`}`
	`400`	`+`
	`401`	`+ override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }`
	`402`	`+`
	`403`	`+ override DataFlow::Node getInputNode() { result = inputNode }`
`397`	`404`	`}`
`398`	`405`
`399`	`406`	`/**`
`@@ -402,9 +409,10 @@ private module Crypto {`
`402`	`409`	`* so it only works within one function.`
`403`	`410`	`*/`
`404`	`411`	`private class StreamWriter extends EncryptionOperation {`
	`412`	`+ DataFlow::Node encryptionFlowTarget;`
	`413`	`+`
`405`	`414`	`StreamWriter() {`
`406`	`415`	`lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamWriter") and`
`407`		`- inputNode = this and`
`408`	`416`	`exists(DataFlow::Write w, DataFlow::Node base, Field f \|`
`409`	`417`	`w.writesField(base, f, encryptionFlowTarget) and`
`410`	`418`	`f.hasQualifiedName("crypto/cipher", "StreamWriter", "S")`
`@@ -413,6 +421,10 @@ private module Crypto {`
`413`	`421`	`TaintTracking::localTaint(base, this.(DataFlow::PostUpdateNode).getPreUpdateNode())`
`414`	`422`	`)`
`415`	`423`	`}`
	`424`	`+`
	`425`	`+ override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }`
	`426`	`+`
	`427`	`+ override DataFlow::Node getInputNode() { result = this }`
`416`	`428`	`}`
`417`	`429`	`}`
`418`	`430`	`}`