hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Only generate models for local supertypes

Browse Source 
Avoid generating models for classes
implementing external SPI (e.g. `FileFilter`).
Keep `toString` models intact as they're
commonly used as taint-propagation method
(e.g. see `Joiner`).
This commit is contained in:
Benjamin Muskalla
2021-10-21 10:59:55 +02:00
parent 157f56f48a
commit 0e9fcc6c39
6 changed files with 51 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/utils/model-generator/CaptureSourceModels.ql
View File

@@ -29,7 +29,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
}
}
// TODO: better way than rely on internals?
// TODO: better way than rely on internals to capture kind?
cached
predicate specificSourceNode(DataFlow::Node node, string output, string kind) {
exists(InterpretNode n | Private::External::isSourceNode(n, output, kind) and n.asNode() = node)