/** Provides taint tracking configurations to be used in Trust Manager queries. */

import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.InsecureTrustManager

/**
 * DEPRECATED: Use `InsecureTrustManagerFlow` instead.
 *
 * A configuration to model the flow of an insecure `TrustManager`
 * to the initialization of an SSL context.
 */
deprecated class InsecureTrustManagerConfiguration extends DataFlow::Configuration {
  InsecureTrustManagerConfiguration() { this = "InsecureTrustManagerConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    source instanceof InsecureTrustManagerSource
  }

  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink }

  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
    (this.isSink(node) or this.isAdditionalFlowStep(node, _)) and
    node.getType() instanceof Array and
    c instanceof DataFlow::ArrayContent
  }
}

/**
 * A configuration to model the flow of an insecure `TrustManager`
 * to the initialization of an SSL context.
 */
module InsecureTrustManagerConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof InsecureTrustManagerSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink }

  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
    (isSink(node) or isAdditionalFlowStep(node, _)) and
    node.getType() instanceof Array and
    c instanceof DataFlow::ArrayContent
  }
}

module InsecureTrustManagerFlow = DataFlow::Global<InsecureTrustManagerConfig>;