Capture model for defining interface

Instead of modeling individual implementations, take a more general approach of reuse dataflows for interfaces defined by a library. This allows tracking flows across all implementations and aligns better with how we manually model frameworks. This may have some FPs given all possible flows are modeled for a specific interface but also covers more scenarios where we don't know which implementation of an interface is used.
2026-04-28 10:15:14 +02:00 · 2021-10-20 13:30:25 +02:00
parent f36bb8baaf
commit 157f56f48a
3 changed files with 56 additions and 2 deletions
--- a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
+++ b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -17,6 +17,9 @@
 | p;Joiner;false;setEmptyValue;(CharSequence);;Argument[-1];ReturnValue;value; |
 | p;Joiner;false;setEmptyValue;(CharSequence);;Argument[0];Argument[-1];taint; |
 | p;Joiner;false;toString;();;Argument[-1];ReturnValue;taint; |
+| p;MultipleImpls$Strat2;true;getValue;();;Argument[-1];ReturnValue;taint; |
+| p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[-1];taint; |
+| p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;addTo;(String,List);;Argument[0];Element of Argument[1];taint; |
 | p;ParamFlow;true;returnArrayElement;(String[]);;ArrayElement of Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;returnCollectionElement;(List);;Element of Argument[0];ReturnValue;taint; |
--- a/java/ql/test/utils/model-generator/p/MultipleImpls.java
+++ b/java/ql/test/utils/model-generator/p/MultipleImpls.java
@@ -0,0 +1,38 @@
+package p;
+
+import java.util.concurrent.Callable;
+
+public class MultipleImpls {
+    
+    public static interface Strategy {
+        String doSomething(String value);
+    }
+
+    public static class Strat1 implements Strategy {
+        public String doSomething(String value) {
+            return value;
+        }
+    }
+
+    // implements in different library should not count as impl
+    public static class Strat3 implements Callable<String> {
+
+        @Override
+        public String call() throws Exception {
+            return null;
+        }
+
+    }
+    public static class Strat2 implements Strategy {
+        private String foo;
+
+        public String doSomething(String value) {
+            this.foo = value;
+            return "none";
+        }
+        
+        public String getValue() {
+            return this.foo;
+        }
+    }
+}