Merge branch 'main' into useStringComp

java/ql/lib/semmle/code/java/JDK.qll

@@ -144,17 +144,6 @@ class NumberType extends RefType {
   NumberType() { exists(TypeNumber number | hasDescendant(number, this)) }
 }
 
-/** A numeric type, including both primitive and boxed types. */
-class NumericType extends Type {
-  NumericType() {
-    exists(string name |
-      name = [this.(PrimitiveType).getName(), this.(BoxedType).getPrimitiveType().getName()]
-    |
-      name = ["byte", "short", "int", "long", "double", "float"]
-    )
-  }
-}
-
 /** An immutable type. */
 class ImmutableType extends Type {
   ImmutableType() {

java/ql/lib/semmle/code/java/Javadoc.qll

@@ -153,6 +153,15 @@ class KtComment extends Top, @ktcomment {
   /** Gets the full text of this comment. */
   string getText() { ktComments(this, _, result) }
 
+  /** Holds if this comment is an EOL comment. */
+  predicate isEolComment() { ktComments(this, 1, _) }
+
+  /** Holds if this comment is a block comment. */
+  predicate isBlockComment() { ktComments(this, 2, _) }
+
+  /** Holds if this comment is a KDoc comment. */
+  predicate isDocComment() { ktComments(this, 3, _) }
+
   /** Gets the sections of this comment. */
   KtCommentSection getSections() { ktCommentSections(result, this, _) }
 

java/ql/lib/semmle/code/java/Type.qll

@@ -1248,6 +1248,17 @@ class CharacterType extends Type {
   }
 }
 
+/** A numeric type, including both primitive and boxed types. */
+class NumericType extends Type {
+  NumericType() {
+    exists(string name |
+      name = [this.(PrimitiveType).getName(), this.(BoxedType).getPrimitiveType().getName()]
+    |
+      name = ["byte", "short", "int", "long", "double", "float"]
+    )
+  }
+}
+
 /** A numeric or character type, which may be either a primitive or a boxed type. */
 class NumericOrCharType extends Type {
   NumericOrCharType() {

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -781,11 +781,12 @@ module Private {
       )
     }
 
-    pragma[nomagic]
-    private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) {
-      exists(DataFlowCall call |
+    bindingset[ret]
+    private ParamNode summaryArgParam(ArgNode arg, ReturnNodeExt ret, OutNodeExt out) {
+      exists(DataFlowCall call, ReturnKindExt rk |
         result = summaryArgParam0(call, arg) and
-        out = rk.getAnOutNode(call)
+        pragma[only_bind_out](ret).getKind() = pragma[only_bind_into](rk) and
+        out = pragma[only_bind_into](rk).getAnOutNode(call)
       )
     }
 
@@ -797,9 +798,8 @@ module Private {
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
     predicate summaryThroughStep(ArgNode arg, Node out, boolean preservesValue) {
-      exists(ReturnKindExt rk, ReturnNodeExt ret |
-        summaryLocalStep(summaryArgParam(arg, rk, out), ret, preservesValue) and
-        ret.getKind() = rk
+      exists(ReturnNodeExt ret |
+        summaryLocalStep(summaryArgParam(arg, ret, out), ret, preservesValue)
       )
     }
 
@@ -811,10 +811,9 @@ module Private {
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
     predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out) {
-      exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret |
-        summaryReadStep(summaryArgParam(arg, rk, out), c, mid) and
-        summaryLocalStep(mid, ret, _) and
-        ret.getKind() = rk
+      exists(Node mid, ReturnNodeExt ret |
+        summaryReadStep(summaryArgParam(arg, ret, out), c, mid) and
+        summaryLocalStep(mid, ret, _)
       )
     }
 
@@ -826,10 +825,9 @@ module Private {
      * be useful to include in the exposed local data-flow/taint-tracking relations.
      */
     predicate summarySetterStep(ArgNode arg, ContentSet c, Node out) {
-      exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret |
-        summaryLocalStep(summaryArgParam(arg, rk, out), mid, _) and
-        summaryStoreStep(mid, c, ret) and
-        ret.getKind() = rk
+      exists(Node mid, ReturnNodeExt ret |
+        summaryLocalStep(summaryArgParam(arg, ret, out), mid, _) and
+        summaryStoreStep(mid, c, ret)
       )
     }
   }

java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll

@@ -96,8 +96,6 @@ private class IntentFlagsOrDataChangedSanitizer extends IntentUriPermissionManip
  * ```
  */
 private class IntentFlagsOrDataCheckedGuard extends IntentUriPermissionManipulationGuard {
-  Expr condition;
-
   IntentFlagsOrDataCheckedGuard() { intentFlagsOrDataChecked(this, _, _) }
 
   override predicate checks(Expr e, boolean branch) { intentFlagsOrDataChecked(this, e, branch) }

java/ql/src/experimental/semmle/code/java/PathSanitizer.qll

@@ -148,8 +148,6 @@ private predicate isDisallowedWord(CompileTimeConstantExpr word) {
 
 /** A complementary guard that protects against path traversal, by looking for the literal `..`. */
 class PathTraversalGuard extends Guard instanceof MethodAccess {
-  Expr checked;
-
   PathTraversalGuard() {
     super.getMethod().getDeclaringType() instanceof TypeString and
     super.getMethod().hasName(["contains", "indexOf"]) and

java/ql/test/TestUtilities/InlineExpectationsTestPrivate.qll

@@ -4,9 +4,19 @@ import java
  * A class representing line comments in Java, which is simply Javadoc restricted
  * to EOL comments, with an extra accessor used by the InlineExpectations core code
  */
-class ExpectationComment extends Javadoc {
-  ExpectationComment() { isEolComment(this) }
-
+abstract class ExpectationComment extends Top {
   /** Gets the contents of the given comment, _without_ the preceding comment marker (`//`). */
-  string getContents() { result = this.getChild(0).toString() }
+  abstract string getContents();
+}
+
+private class JavadocExpectationComment extends Javadoc, ExpectationComment {
+  JavadocExpectationComment() { isEolComment(this) }
+
+  override string getContents() { result = this.getChild(0).toString() }
+}
+
+private class KtExpectationComment extends KtComment, ExpectationComment {
+  KtExpectationComment() { this.isEolComment() }
+
+  override string getContents() { result = this.getText().suffix(2).trim() }
 }