hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify StaticInitializationVectorSource

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Fosstars
2021-08-26 09:41:05 +02:00
parent 23e2322635
commit 1dd4bf00ac
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
View File

@@ -11,7 +11,7 @@ private predicate initializedWithConstants(ArrayCreationExpr array) {
or
// creating a multidimensional array with an initializer like `{ new byte[8], new byte[16] }`
// This works around https://github.com/github/codeql/issues/6552 -- change me once there is
// a better way to distinguish nested initializers that create zero-filled arrays
// a better way to distinguish nested initializers that create zero-filled arrays
// (e.g. `new byte[1]`) from those with an initializer list (`new byte[] { 1 }` or just `{ 1 }`)
array.getInit().getAnInit().getAChildExpr() instanceof IntegerLiteral
or
@@ -85,9 +85,7 @@ private class ArrayUpdateConfig extends TaintTracking2::Configuration {
private class StaticInitializationVectorSource extends DataFlow::Node {
StaticInitializationVectorSource() {
exists(StaticByteArrayCreation array | array = this.asExpr() |
not exists(ArrayUpdate update, ArrayUpdateConfig config |
config.hasFlow(DataFlow2::exprNode(array), DataFlow2::exprNode(update.getArray()))
)
not exists(ArrayUpdateConfig config | config.hasFlow(DataFlow2::exprNode(array), _))
)
}
}