Java: temp revert of neutral filtering

2026-04-27 17:55:19 +02:00 · 2023-03-21 10:22:02 -04:00
parent 8046ec2f78
commit 128a6a3951
4 changed files with 10 additions and 12 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
@@ -171,8 +171,7 @@ class SummarizedCallableBase extends TSummarizedCallableBase {

 class SummarizedCallable = Impl::Public::SummarizedCallable;

-class NeutralCallable = Impl::Public::NeutralCallable;
-
+// class NeutralCallable = Impl::Public::NeutralCallable;
 /**
 * An adapter class to add the flow summaries specified on `SyntheticCallable`
 * to `SummarizedCallable`.
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
@@ -11,8 +11,8 @@ private module DispatchImpl {
  private predicate hasHighConfidenceTarget(Call c) {
    exists(SummarizedCallable sc | sc.getACall() = c and not sc.isAutoGenerated())
    or
-    exists(NeutralCallable nc | nc.getACall() = c and nc.isManual())
-    or
+    // exists(NeutralCallable nc | nc.getACall() = c and nc.isManual())
+    // or
    exists(Callable srcTgt |
      srcTgt = VirtualDispatch::viableCallable(c) and
      not VirtualDispatch::lowConfidenceDispatchTarget(c, srcTgt)
--- a/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
+++ b/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
@@ -236,12 +236,11 @@ private VirtualMethodAccess objectToString(ObjNode n) {
  result.getQualifier() = n.asExpr() and sink(n)
 }

-/**
- * Holds if `ma` is an `Object.toString()` call taking possibly improved type
- * bounds into account.
- */
-predicate objectToStringCall(VirtualMethodAccess ma) { ma = objectToString(_) }
-
+// /**
+//  * Holds if `ma` is an `Object.toString()` call taking possibly improved type
+//  * bounds into account.
+//  */
+// predicate objectToStringCall(VirtualMethodAccess ma) { ma = objectToString(_) }
 /**
 * Holds if the qualifier of the `Object.toString()` call `ma` might have type `t`.
 */
--- a/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
+++ b/java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
@@ -93,8 +93,8 @@ private module Dispatch {
      exists(RefType t | qualUnionType(ma, t, false) |
        lowConfidenceDispatchType(t.getSourceDeclaration())
      )
-    ) and
-    not ObjFlow::objectToStringCall(ma)
+    ) //and
+    //not ObjFlow::objectToStringCall(ma)
  }

  private predicate lowConfidenceDispatchType(SrcRefType t) {