Merge pull request #10718 from tamasvajk/kotlin-internal-repr

Kotlin: ignore properties in `java/internal-representation-exposure` check
2025-12-22 11:46:32 +01:00 · 2022-10-10 13:58:55 +02:00
parent 87b971c78f cd64faf635
commit 1cf2db1a0b
5 changed files with 15 additions and 2 deletions
--- a/Hiding/ExposeRepresentation.ql
+++ b/Hiding/ExposeRepresentation.ql
@@ -120,8 +120,12 @@ predicate exposesByStore(Callable c, Field f, Expr why, string whyText) {

 from Callable c, Field f, Expr why, string whyText
 where
-  exposesByReturn(c, f, why, whyText) or
-  exposesByStore(c, f, why, whyText)
+  (
+    exposesByReturn(c, f, why, whyText) or
+    exposesByStore(c, f, why, whyText)
+  ) and
+  // Kotlin properties expose internal representation, but it's not accidental, so ignore them
+  not exists(Property p | p.getBackingField() = f)
 select c,
  c.getName() + " exposes the internal representation stored in field " + f.getName() +
    ". The value may be modified $@.", why.getLocation(), whyText
--- a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.expected
+++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.expected
--- a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.qlref
+++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposeRepresentation.qlref
@@ -0,0 +1 @@
+Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
--- a/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposesRep.kt
+++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/ExposesRep.kt
@@ -0,0 +1,3 @@
+class ExposesRep {
+    val strings: Array<String?> = arrayOfNulls(1)
+}
--- a/java/ql/test/kotlin/query-tests/ExposeRepresentation/User.kt
+++ b/java/ql/test/kotlin/query-tests/ExposeRepresentation/User.kt
@@ -0,0 +1,5 @@
+class User {
+    fun test1(er: ExposesRep) {
+        er.strings[0] = "Hello world"
+    }
+}
				`@@ -0,0 +1 @@`
				`Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql`