mirror of
https://github.com/github/codeql.git
synced 2025-12-16 00:33:11 +01:00
MethodAccess has been deprecated, Change MethodAccess to MethodCall in query example.
This commit is contained in:
i
@@ -231,7 +231,7 @@ Accesses
|
||||
+--------------------------------+---------------------+
|
||||
| ``a[i]`` | ArrayAccess_ |
|
||||
+--------------------------------+---------------------+
|
||||
| ``f(...)`` | MethodAccess_ |
|
||||
| ``f(...)`` | MethodCall_ |
|
||||
+--------------------------------+ |
|
||||
| ``e.m(...)`` | |
|
||||
+--------------------------------+---------------------+
|
||||
@@ -374,7 +374,7 @@ Further reading
|
||||
.. _ThisAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ThisAccess.html
|
||||
.. _SuperAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$SuperAccess.html
|
||||
.. _ArrayAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ArrayAccess.html
|
||||
.. _MethodAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$MethodAccess.html
|
||||
.. _MethodCall: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$MethodCall.html
|
||||
.. _WildcardTypeAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$WildcardTypeAccess.html
|
||||
.. _FieldAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$FieldAccess.html
|
||||
.. _CastExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$CastExpr.html
|
||||
|
||||
@@ -42,11 +42,11 @@ Running a quick query
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
from MethodAccess ma
|
||||
from MethodCall mc
|
||||
where
|
||||
ma.getMethod().hasName("equals") and
|
||||
ma.getArgument(0).(StringLiteral).getValue() = ""
|
||||
select ma, "This comparison to empty string is inefficient, use isEmpty() instead."
|
||||
mc.getMethod().hasName("equals") and
|
||||
mc.getArgument(0).(StringLiteral).getValue() = ""
|
||||
select mc, "This comparison to empty string is inefficient, use isEmpty() instead."
|
||||
|
||||
Note that CodeQL treats Java and Kotlin as part of the same language, so even though this query starts with ``import java``, it will work for both Java and Kotlin code.
|
||||
|
||||
@@ -55,7 +55,7 @@ Running a quick query
|
||||
.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-1.png
|
||||
:align: center
|
||||
|
||||
If any matching code is found, click a link in the ``ma`` column to view the ``.equals`` expression in the code viewer.
|
||||
If any matching code is found, click a link in the ``mc`` column to view the ``.equals`` expression in the code viewer.
|
||||
|
||||
.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-2.png
|
||||
:align: center
|
||||
@@ -72,15 +72,15 @@ After the initial ``import`` statement, this simple query comprises three parts
|
||||
+==================================================================================================+===================================================================================================================+===================================================================================================+
|
||||
| ``import java`` | Imports the standard CodeQL libraries for Java and Kotlin. | Every query begins with one or more ``import`` statements. |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``from MethodAccess ma`` | Defines the variables for the query. | We use: |
|
||||
| ``from MethodCall mc`` | Defines the variables for the query. | We use: |
|
||||
| | Declarations are of the form: | |
|
||||
| | ``<type> <variable name>`` | - a ``MethodAccess`` variable for call expressions |
|
||||
| | ``<type> <variable name>`` | - a ``MethodCall`` variable for call expressions |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``where ma.getMethod().hasName("equals") and ma.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables. | ``ma.getMethod().hasName("equals")`` restricts ``ma`` to only calls to methods call ``equals``. |
|
||||
| ``where mc.getMethod().hasName("equals") and mc.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables. | ``mc.getMethod().hasName("equals")`` restricts ``mc`` to only calls to methods call ``equals``. |
|
||||
| | | |
|
||||
| | | ``ma.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``. |
|
||||
| | | ``mc.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``. |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``select ma, "This comparison to empty string is inefficient, use isEmpty() instead."`` | Defines what to report for each match. | Reports the resulting ``.equals`` expression with a string that explains the problem. |
|
||||
| ``select mc, "This comparison to empty string is inefficient, use isEmpty() instead."`` | Defines what to report for each match. | Reports the resulting ``.equals`` expression with a string that explains the problem. |
|
||||
| | | |
|
||||
| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | |
|
||||
| | ``select <program element>, "<alert message>"`` | |
|
||||
@@ -110,16 +110,16 @@ In this case, it is not possible to simply use ``o.isEmpty()`` instead, as ``o``
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
ma.getQualifier().getType() instanceof TypeString
|
||||
mc.getQualifier().getType() instanceof TypeString
|
||||
|
||||
The ``where`` clause is now:
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
where
|
||||
ma.getQualifier().getType() instanceof TypeString and
|
||||
ma.getMethod().hasName("equals") and
|
||||
ma.getArgument(0).(StringLiteral).getValue() = ""
|
||||
mc.getQualifier().getType() instanceof TypeString and
|
||||
mc.getMethod().hasName("equals") and
|
||||
mc.getArgument(0).(StringLiteral).getValue() = ""
|
||||
|
||||
#. Re-run the query.
|
||||
|
||||
@@ -141,4 +141,4 @@ Further reading
|
||||
|
||||
.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-java.png
|
||||
|
||||
.. |result-col-1| replace:: The first column corresponds to the expression ``ma`` and is linked to the location in the source code of the project where ``ma`` occurs.
|
||||
.. |result-col-1| replace:: The first column corresponds to the expression ``mc`` and is linked to the location in the source code of the project where ``mc`` occurs.
|
||||
@@ -8,7 +8,7 @@ CodeQL has classes for identifying code that calls other code, and code that can
|
||||
Call graph classes
|
||||
------------------
|
||||
|
||||
The CodeQL library for Java/Kotlin provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodAccess``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
|
||||
The CodeQL library for Java/Kotlin provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodCall``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
|
||||
|
||||
For example, in the following program all callables and calls have been annotated with comments:
|
||||
|
||||
|
||||
@@ -113,7 +113,7 @@ To identify these cases, we can create two CodeQL classes that represent, respec
|
||||
}
|
||||
|
||||
/** class representing calls to java.util.Collection.toArray(T[]) */
|
||||
class CollectionToArrayCall extends MethodAccess {
|
||||
class CollectionToArrayCall extends MethodCall {
|
||||
CollectionToArrayCall() {
|
||||
exists(CollectionToArray m |
|
||||
this.getMethod().getSourceDeclaration().overridesOrInstantiates*(m)
|
||||
@@ -210,7 +210,7 @@ Now we want to identify all calls to ``Collection.contains``, including any meth
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
class JavaUtilCollectionContainsCall extends MethodAccess {
|
||||
class JavaUtilCollectionContainsCall extends MethodCall {
|
||||
JavaUtilCollectionContainsCall() {
|
||||
exists(JavaUtilCollectionContains jucc |
|
||||
this.getMethod().getSourceDeclaration().overrides*(jucc)
|
||||
@@ -297,7 +297,7 @@ Adding these three improvements, our final query becomes:
|
||||
}
|
||||
}
|
||||
|
||||
class JavaUtilCollectionContainsCall extends MethodAccess {
|
||||
class JavaUtilCollectionContainsCall extends MethodCall {
|
||||
JavaUtilCollectionContainsCall() {
|
||||
exists(JavaUtilCollectionContains jucc |
|
||||
this.getMethod().getSourceDeclaration().overrides*(jucc)
|
||||
|
||||
Reference in New Issue
Block a user