hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15499 from github/max-schaefer/automodel-functional-interface-expr

Browse Source 
Automodel: Do not consider `@FunctionalInterface`-typed expressions as candidates.
This commit is contained in:
Max Schaefer
2024-02-02 14:28:41 +00:00
committed by GitHub
parent 6b13a8c568 e47b021050
commit 21c0422dc7
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll
View File

@@ -600,6 +600,15 @@ private class OtherArgumentToModeledMethodCharacteristic extends Characteristics
}
}
/**
* Holds if the type of the given expression is annotated with `@FunctionalInterface`.
*/
predicate hasFunctionalInterfaceType(Expr e) {
exists(RefType tp | tp = e.getType().getErasure() |
tp.getAnAssociatedAnnotation().getType().hasQualifiedName("java.lang", "FunctionalInterface")
)
}
/**
* A characteristic that marks functional expression as likely not sinks.
*
@@ -608,7 +617,11 @@ private class OtherArgumentToModeledMethodCharacteristic extends Characteristics
private class FunctionValueCharacteristic extends CharacteristicsImpl::LikelyNotASinkCharacteristic {
FunctionValueCharacteristic() { this = "function value" }
override predicate appliesToEndpoint(Endpoint e) { e.asNode().asExpr() instanceof FunctionalExpr }
override predicate appliesToEndpoint(Endpoint e) {
exists(Expr expr | expr = e.asNode().asExpr() |
expr instanceof FunctionalExpr or hasFunctionalInterfaceType(expr)
)
}
}
/**

9
java/ql/automodel/test/AutomodelApplicationModeExtraction/Test.java
View File

@@ -9,6 +9,7 @@ import java.nio.file.Paths;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import java.io.File;
import java.io.FileFilter;
import java.nio.file.FileVisitOption;
import java.net.URLConnection;
import java.util.concurrent.FutureTask;
@@ -22,7 +23,7 @@ class Test {
}
public static void callSupplier(Supplier<String> supplier) {
supplier.get(); // $ sourceModelCandidate=get():ReturnValue sinkModelCandidate=get():Argument[this]
supplier.get(); // $ sourceModelCandidate=get():ReturnValue
}
public static void copyFiles(Path source, Path target, CopyOption option) throws Exception {
@@ -65,6 +66,12 @@ class Test {
public static void WebSocketExample(URLConnection c) throws Exception {
c.getInputStream(); // $ sinkModelCandidate=getInputStream():Argument[this] positiveSourceExample=getInputStream():ReturnValue(remote) // not a source candidate (manual modeling)
}
public static void fileFilterExample(File f, FileFilter ff) {
f.listFiles( // $ sinkModelCandidate=listFiles(FileFilter):Argument[this]
ff
); // $ sourceModelCandidate=listFiles(FileFilter):ReturnValue
}
}
class OverrideTest extends Exception {