From 05bf13b020e780aea02e6b2e758ff66bf4cf16cd Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 11:27:14 +0200 Subject: [PATCH] use getCallable predicate --- .../AutomodelEndpointCharacteristics.qll | 24 ++++++++++--------- .../AutomodelExtractPositiveExamples.ql | 15 ++++-------- .../AutomodelSharedCharacteristics.qll | 2 +- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index c091a763dee..90420dafec0 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -78,11 +78,11 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { Endpoint e, string package, string type, boolean subtypes, string name, string signature, string ext, string input ) { - package = e.getEnclosingCallable().getDeclaringType().getPackage().toString() and - type = e.getEnclosingCallable().getDeclaringType().getName() and + package = getCallable(e).getDeclaringType().getPackage().toString() and + type = getCallable(e).getDeclaringType().getName() and subtypes = false and - name = e.getEnclosingCallable().getName() and - signature = ExternalFlow::paramsString(e.getEnclosingCallable()) and + name = getCallable(e).getName() and + signature = ExternalFlow::paramsString(getCallable(e)) and ext = "" and exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") } @@ -116,13 +116,15 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { RelatedLocation getRelatedLocation(Endpoint e, string name) { name = "Callable-JavaDoc" and - result = e.getEnclosingCallable().(Documentable).getJavadoc() + result = getCallable(e).(Documentable).getJavadoc() or name = "Class-JavaDoc" and -result = e.getEnclosingCallable().getDeclaringType().(Documentable).getJavadoc() + result = getCallable(e).getDeclaringType().(Documentable).getJavadoc() } } +Callable getCallable(Endpoint e) { result = e.getEnclosingCallable() } + module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; class EndpointCharacteristic = CharacteristicsImpl::EndpointCharacteristic; @@ -180,8 +182,8 @@ private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASin override predicate appliesToEndpoint(Endpoint e) { not CandidatesImpl::isSink(e, _) and - e.getEnclosingCallable().getName().matches("is%") and - e.getEnclosingCallable().getReturnType() instanceof BooleanType + getCallable(e).getName().matches("is%") and + getCallable(e).getReturnType() instanceof BooleanType } } @@ -199,7 +201,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not override predicate appliesToEndpoint(Endpoint e) { not CandidatesImpl::isSink(e, _) and exists(Callable callable | - callable = e.getEnclosingCallable() and + callable = getCallable(e) and ( callable.getName().toLowerCase() = "exists" or callable.getName().toLowerCase() = "notexists" @@ -216,7 +218,7 @@ private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkChara ExceptionCharacteristic() { this = "exception" } override predicate appliesToEndpoint(Endpoint e) { - e.getEnclosingCallable().getDeclaringType().getASupertype*() instanceof TypeThrowable + getCallable(e).getDeclaringType().getASupertype*() instanceof TypeThrowable } } @@ -257,7 +259,7 @@ private class NonPublicMethodCharacteristic extends CharacteristicsImpl::Uninter { NonPublicMethodCharacteristic() { this = "non-public method" } - override predicate appliesToEndpoint(Endpoint e) { not e.getEnclosingCallable().isPublic() } + override predicate appliesToEndpoint(Endpoint e) { not getCallable(e).isPublic() } } /** diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 2175b3133cb..15dcb930573 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -21,17 +21,10 @@ where // Extract positive examples of sinks belonging to the existing ATM query configurations. ( CharacteristicsImpl::isKnownSink(sink, sinkType) and - // If there are _any_ erroneous endpoints, return an error message for all rows. This will prevent us from - // accidentally running this query when there's a codex-generated data extension file in `java/ql/lib/ext`. - if not erroneousEndpoints(_, _, _, _, _, true) - then - message = - sinkType + "\n" + - // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) - else - message = - "Error: There are erroneous endpoints! Please check whether there's a codex-generated data extension file in `java/ql/lib/ext`." + message = + sinkType + "\n" + + // Extract the needed metadata for this endpoint. + any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) ) select sink, message + "\nrelated locations: $@, $@", CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Callable-JavaDoc"), diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 12d8ab21470..9b44ccc2809 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -19,7 +19,7 @@ signature module CandidateSig { class Endpoint; /** - * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes. + * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes (eg., `Top`). */ class RelatedLocation;