@@ -2,7 +2,7 @@ private import python
22private import semmle.python.dataflow.new.DataFlow
33private import experimental.semmle.python.Concepts
44private import semmle.python.ApiGraphs
5- private import semmle.python.dataflow.new.TaintTracking2
5+ private import semmle.python.dataflow.new.TaintTracking
66
77module SmtpLib {
88 /** Gets a reference to `smtplib.SMTP_SSL` */
@@ -31,16 +31,16 @@ module SmtpLib {
3131 * argument. Used because of the impossibility to get local source nodes from `_subparts`'
3232 * `(List|Tuple)` elements.
3333 */
34- private class SmtpMessageConfig extends TaintTracking2 :: Configuration {
35- SmtpMessageConfig ( ) { this = "SMTPMessageConfig" }
34+ private module SmtpMessageConfig implements DataFlow :: ConfigSig {
35+ predicate isSource ( DataFlow :: Node source ) { source = mimeText ( _ ) }
3636
37- override predicate isSource ( DataFlow:: Node source ) { source = mimeText ( _) }
38-
39- override predicate isSink ( DataFlow:: Node sink ) {
37+ predicate isSink ( DataFlow:: Node sink ) {
4038 sink = smtpMimeMultipartInstance ( ) .getACall ( ) .getArgByName ( "_subparts" )
4139 }
4240 }
4341
42+ module SmtpMessageFlow = TaintTracking:: Global< SmtpMessageConfig > ;
43+
4444 /**
4545 * Using the `MimeText` call retrieves the content argument whose type argument equals `mimetype`.
4646 * This call flows into `MIMEMultipart`'s `_subparts` argument or the `.attach()` method call
@@ -87,8 +87,7 @@ module SmtpLib {
8787 sink =
8888 [ sendCall .getArg ( 2 ) , sendCall .getArg ( 2 ) .( DataFlow:: MethodCallNode ) .getObject ( ) ]
8989 .getALocalSource ( ) and
90- any ( SmtpMessageConfig a )
91- .hasFlow ( source , sink .( DataFlow:: CallCfgNode ) .getArgByName ( "_subparts" ) )
90+ SmtpMessageFlow:: flow ( source , sink .( DataFlow:: CallCfgNode ) .getArgByName ( "_subparts" ) )
9291 or
9392 // via .attach()
9493 sink = smtpMimeMultipartInstance ( ) .getReturn ( ) .getMember ( "attach" ) .getACall ( ) and
0 commit comments