hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Drive-by: fix oversight in #13823

Browse Source 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
This commit is contained in:
Stephan Brandauer
2023-07-28 18:11:09 +02:00
parent 5ad984f22f
commit 058236877e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll
View File

@@ -56,7 +56,7 @@ abstract class FrameworkModeEndpoint extends TFrameworkModeEndpoint {
class ExplicitParameterEndpoint extends FrameworkModeEndpoint, TExplicitParameter {
Parameter param;
ExplicitParameterEndpoint() { this = TExplicitParameter(param) }
ExplicitParameterEndpoint() { this = TExplicitParameter(param) and param.fromSource() }
override int getIndex() { result = param.getPosition() }
@@ -70,7 +70,7 @@ class ExplicitParameterEndpoint extends FrameworkModeEndpoint, TExplicitParamete
class QualifierEndpoint extends FrameworkModeEndpoint, TQualifier {
Callable callable;
QualifierEndpoint() { this = TQualifier(callable) }
QualifierEndpoint() { this = TQualifier(callable) and not callable.isStatic() and callable.fromSource() }
override int getIndex() { result = -1 }