mirror of
https://github.com/github/codeql.git
synced 2026-02-11 20:51:06 +01:00
Merge pull request #21267 from aschackmull/java/rename-misc
Java: Rename several AST predicates.
This commit is contained in:
Anders Schack-Mulligen
@@ -2,7 +2,7 @@ import java
|
||||
|
||||
from UnaryExpr ue
|
||||
where
|
||||
not exists(ue.getExpr())
|
||||
not exists(ue.getOperand())
|
||||
or
|
||||
exists(Expr e, int i | e.isNthChildOf(ue, i) and i != 0)
|
||||
select ue
|
||||
|
||||
@@ -10,5 +10,5 @@
|
||||
import java
|
||||
|
||||
from ReturnStmt r
|
||||
where r.getResult() instanceof NullLiteral
|
||||
where r.getExpr() instanceof NullLiteral
|
||||
select r
|
||||
|
||||
@@ -11,7 +11,7 @@ import java
|
||||
|
||||
from ConditionalExpr e
|
||||
where
|
||||
e.getTrueExpr().getType() != e.getFalseExpr().getType() and
|
||||
not e.getTrueExpr().getType() instanceof NullType and
|
||||
not e.getFalseExpr().getType() instanceof NullType
|
||||
e.getThen().getType() != e.getElse().getType() and
|
||||
not e.getThen().getType() instanceof NullType and
|
||||
not e.getElse().getType() instanceof NullType
|
||||
select e
|
||||
|
||||
12
java/ql/lib/change-notes/2026-02-04-renames.md
Normal file
12
java/ql/lib/change-notes/2026-02-04-renames.md
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* Renamed the following predicates to increase uniformity across languages. The `getBody` predicate already existed on `LoopStmt`, but is now properly inherited.
|
||||
- `UnaryExpr.getExpr` to `getOperand`.
|
||||
- `ConditionalExpr.getTrueExpr` to `getThen`.
|
||||
- `ConditionalExpr.getFalseExpr` to `getElse`.
|
||||
- `ReturnStmt.getResult` to `getExpr`.
|
||||
- `WhileStmt.getStmt` to `getBody`.
|
||||
- `DoStmt.getStmt` to `getBody`.
|
||||
- `ForStmt.getStmt` to `getBody`.
|
||||
- `EnhancedForStmt.getStmt` to `getBody`.
|
||||
@@ -22,7 +22,7 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
|
||||
boolean calculateBooleanValue(Expr e) {
|
||||
// No casts relevant to booleans.
|
||||
// `!` is the only unary operator that evaluates to a boolean.
|
||||
result = getBoolVal(e.(LogNotExpr).getExpr()).booleanNot()
|
||||
result = getBoolVal(e.(LogNotExpr).getOperand()).booleanNot()
|
||||
or
|
||||
// Handle binary expressions that have integer operands and a boolean result.
|
||||
exists(BinaryExpr b, int left, int right |
|
||||
@@ -115,11 +115,11 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
|
||||
else result = val
|
||||
)
|
||||
or
|
||||
result = getIntVal(e.(PlusExpr).getExpr())
|
||||
result = getIntVal(e.(PlusExpr).getOperand())
|
||||
or
|
||||
result = -getIntVal(e.(MinusExpr).getExpr())
|
||||
result = -getIntVal(e.(MinusExpr).getOperand())
|
||||
or
|
||||
result = getIntVal(e.(BitNotExpr).getExpr()).bitNot()
|
||||
result = getIntVal(e.(BitNotExpr).getOperand()).bitNot()
|
||||
or
|
||||
// No `int` value for `LogNotExpr`.
|
||||
exists(BinaryExpr b, int v1, int v2 |
|
||||
|
||||
@@ -827,7 +827,7 @@ private module ControlFlowGraphImpl {
|
||||
index = 1 and result = e.getRightOperand()
|
||||
)
|
||||
or
|
||||
index = 0 and result = this.(UnaryExpr).getExpr()
|
||||
index = 0 and result = this.(UnaryExpr).getOperand()
|
||||
or
|
||||
index = 0 and result = this.(CastingExpr).getExpr()
|
||||
or
|
||||
@@ -849,7 +849,7 @@ private module ControlFlowGraphImpl {
|
||||
or
|
||||
index = 0 and result = this.(ClassExpr).getExpr()
|
||||
or
|
||||
index = 0 and result = this.(ReturnStmt).getResult()
|
||||
index = 0 and result = this.(ReturnStmt).getExpr()
|
||||
or
|
||||
index = 0 and result = this.(ThrowStmt).getExpr()
|
||||
or
|
||||
@@ -1044,7 +1044,7 @@ private module ControlFlowGraphImpl {
|
||||
or
|
||||
// The last node of a `LogNotExpr` is in its sub-expression with an inverted boolean completion
|
||||
// (or a `normalCompletion`).
|
||||
exists(Completion subcompletion | last(n.(LogNotExpr).getExpr(), last, subcompletion) |
|
||||
exists(Completion subcompletion | last(n.(LogNotExpr).getOperand(), last, subcompletion) |
|
||||
subcompletion = NormalCompletion() and
|
||||
completion = NormalCompletion() and
|
||||
not inBooleanContext(n)
|
||||
@@ -1356,7 +1356,7 @@ private module ControlFlowGraphImpl {
|
||||
(
|
||||
result = first(n.asExpr().(AndLogicalExpr).getLeftOperand()) or
|
||||
result = first(n.asExpr().(OrLogicalExpr).getLeftOperand()) or
|
||||
result = first(n.asExpr().(LogNotExpr).getExpr()) or
|
||||
result = first(n.asExpr().(LogNotExpr).getOperand()) or
|
||||
result = first(n.asExpr().(ConditionalExpr).getCondition())
|
||||
)
|
||||
or
|
||||
@@ -1427,7 +1427,7 @@ private module ControlFlowGraphImpl {
|
||||
condentry = first(for.getCondition())
|
||||
or
|
||||
// ...or the body if the for doesn't include a condition.
|
||||
not exists(for.getCondition()) and condentry = first(for.getStmt())
|
||||
not exists(for.getCondition()) and condentry = first(for.getBody())
|
||||
|
|
||||
// From the entry point, which is the for statement itself, control goes to either the first init expression...
|
||||
n.asStmt() = for and result = first(for.getInit(0)) and completion = NormalCompletion()
|
||||
@@ -1448,7 +1448,7 @@ private module ControlFlowGraphImpl {
|
||||
// The true-successor of the condition is the body of the for loop.
|
||||
last(for.getCondition(), n, completion) and
|
||||
completion = BooleanCompletion(true, _) and
|
||||
result = first(for.getStmt())
|
||||
result = first(for.getBody())
|
||||
or
|
||||
// The updates execute sequentially, after which control is transferred to the condition.
|
||||
exists(int i | last(for.getUpdate(i), n, completion) and completion = NormalCompletion() |
|
||||
@@ -1458,7 +1458,7 @@ private module ControlFlowGraphImpl {
|
||||
)
|
||||
or
|
||||
// The back edge of the loop: control goes to either the first update or the condition if no updates exist.
|
||||
last(for.getStmt(), n, completion) and
|
||||
last(for.getBody(), n, completion) and
|
||||
continues(completion, for) and
|
||||
(
|
||||
result = first(for.getUpdate(0))
|
||||
@@ -1479,11 +1479,11 @@ private module ControlFlowGraphImpl {
|
||||
or
|
||||
// ...and then control goes to the body of the loop.
|
||||
n.asExpr() = for.getVariable() and
|
||||
result = first(for.getStmt()) and
|
||||
result = first(for.getBody()) and
|
||||
completion = NormalCompletion()
|
||||
or
|
||||
// Finally, the back edge of the loop goes to reassign the variable.
|
||||
last(for.getStmt(), n, completion) and
|
||||
last(for.getBody(), n, completion) and
|
||||
continues(completion, for) and
|
||||
result.asExpr() = for.getVariable()
|
||||
)
|
||||
@@ -1492,7 +1492,7 @@ private module ControlFlowGraphImpl {
|
||||
result = first(n.asStmt().(WhileStmt).getCondition()) and completion = NormalCompletion()
|
||||
or
|
||||
// ...and do-while loops start at the body.
|
||||
result = first(n.asStmt().(DoStmt).getStmt()) and completion = NormalCompletion()
|
||||
result = first(n.asStmt().(DoStmt).getBody()) and completion = NormalCompletion()
|
||||
or
|
||||
exists(LoopStmt loop | loop instanceof WhileStmt or loop instanceof DoStmt |
|
||||
// Control goes from the condition via a true-completion to the body...
|
||||
|
||||
@@ -69,7 +69,7 @@ class AssignmentConversionContext extends ConversionSite {
|
||||
class ReturnConversionSite extends ConversionSite {
|
||||
ReturnStmt r;
|
||||
|
||||
ReturnConversionSite() { this = r.getResult() }
|
||||
ReturnConversionSite() { this = r.getExpr() }
|
||||
|
||||
override Type getConversionTarget() { result = r.getEnclosingCallable().getReturnType() }
|
||||
|
||||
|
||||
@@ -113,7 +113,7 @@ class Expr extends ExprParent, @expr {
|
||||
if this instanceof CastingExpr or this instanceof NotNullExpr
|
||||
then
|
||||
result = this.(CastingExpr).getExpr().getUnderlyingExpr() or
|
||||
result = this.(NotNullExpr).getExpr().getUnderlyingExpr()
|
||||
result = this.(NotNullExpr).getOperand().getUnderlyingExpr()
|
||||
else result = this
|
||||
}
|
||||
}
|
||||
@@ -144,13 +144,13 @@ class CompileTimeConstantExpr extends Expr {
|
||||
this.(CastingExpr).getExpr().isCompileTimeConstant()
|
||||
or
|
||||
// The unary operators `+`, `-`, `~`, and `!` (but not `++` or `--`).
|
||||
this.(PlusExpr).getExpr().isCompileTimeConstant()
|
||||
this.(PlusExpr).getOperand().isCompileTimeConstant()
|
||||
or
|
||||
this.(MinusExpr).getExpr().isCompileTimeConstant()
|
||||
this.(MinusExpr).getOperand().isCompileTimeConstant()
|
||||
or
|
||||
this.(BitNotExpr).getExpr().isCompileTimeConstant()
|
||||
this.(BitNotExpr).getOperand().isCompileTimeConstant()
|
||||
or
|
||||
this.(LogNotExpr).getExpr().isCompileTimeConstant()
|
||||
this.(LogNotExpr).getOperand().isCompileTimeConstant()
|
||||
or
|
||||
// The multiplicative operators `*`, `/`, and `%`,
|
||||
// the additive operators `+` and `-`,
|
||||
@@ -166,8 +166,8 @@ class CompileTimeConstantExpr extends Expr {
|
||||
// The ternary conditional operator ` ? : `.
|
||||
exists(ConditionalExpr e | this = e |
|
||||
e.getCondition().isCompileTimeConstant() and
|
||||
e.getTrueExpr().isCompileTimeConstant() and
|
||||
e.getFalseExpr().isCompileTimeConstant()
|
||||
e.getThen().isCompileTimeConstant() and
|
||||
e.getElse().isCompileTimeConstant()
|
||||
)
|
||||
or
|
||||
// Access to a final variable initialized by a compile-time constant.
|
||||
@@ -943,7 +943,7 @@ class LogicExpr extends Expr {
|
||||
/** Gets an operand of this logical expression. */
|
||||
Expr getAnOperand() {
|
||||
this.(BinaryExpr).getAnOperand() = result or
|
||||
this.(UnaryExpr).getExpr() = result
|
||||
this.(UnaryExpr).getOperand() = result
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1039,8 +1039,15 @@ class ReferenceEqualityTest extends EqualityTest {
|
||||
|
||||
/** A common super-class that represents unary operator expressions. */
|
||||
class UnaryExpr extends Expr, @unaryexpr {
|
||||
/**
|
||||
* DEPRECATED: Use `getOperand()` instead.
|
||||
*
|
||||
* Gets the operand expression.
|
||||
*/
|
||||
deprecated Expr getExpr() { result.getParent() = this }
|
||||
|
||||
/** Gets the operand expression. */
|
||||
Expr getExpr() { result.getParent() = this }
|
||||
Expr getOperand() { result.getParent() = this }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1305,7 +1312,7 @@ class LambdaExpr extends FunctionalExpr, @lambdaexpr {
|
||||
|
||||
/** Gets the body of this lambda expression, if it is an expression. */
|
||||
Expr getExprBody() {
|
||||
this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getResult()
|
||||
this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getExpr()
|
||||
}
|
||||
|
||||
/** Gets the body of this lambda expression, if it is a statement. */
|
||||
@@ -1340,7 +1347,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref {
|
||||
exists(Stmt stmt |
|
||||
stmt = this.asMethod().getBody().(SingletonBlock).getStmt() and
|
||||
(
|
||||
result = stmt.(ReturnStmt).getResult()
|
||||
result = stmt.(ReturnStmt).getExpr()
|
||||
or
|
||||
// Note: Currently never an ExprStmt, but might change once https://github.com/github/codeql/issues/3605 is fixed
|
||||
result = stmt.(ExprStmt).getExpr()
|
||||
@@ -1457,26 +1464,42 @@ class ConditionalExpr extends Expr, @conditionalexpr {
|
||||
Expr getCondition() { result.isNthChildOf(this, 0) }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `getThen()` instead.
|
||||
*
|
||||
* Gets the expression that is evaluated if the condition of this
|
||||
* conditional expression evaluates to `true`.
|
||||
*/
|
||||
Expr getTrueExpr() { result.isNthChildOf(this, 1) }
|
||||
deprecated Expr getTrueExpr() { result.isNthChildOf(this, 1) }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `getElse()` instead.
|
||||
*
|
||||
* Gets the expression that is evaluated if the condition of this
|
||||
* conditional expression evaluates to `false`.
|
||||
*/
|
||||
deprecated Expr getFalseExpr() { result.isNthChildOf(this, 2) }
|
||||
|
||||
/**
|
||||
* Gets the expression that is evaluated if the condition of this
|
||||
* conditional expression evaluates to `true`.
|
||||
*/
|
||||
Expr getThen() { result.isNthChildOf(this, 1) }
|
||||
|
||||
/**
|
||||
* Gets the expression that is evaluated if the condition of this
|
||||
* conditional expression evaluates to `false`.
|
||||
*/
|
||||
Expr getFalseExpr() { result.isNthChildOf(this, 2) }
|
||||
Expr getElse() { result.isNthChildOf(this, 2) }
|
||||
|
||||
/**
|
||||
* Gets the expression that is evaluated by the specific branch of this
|
||||
* conditional expression. If `true` that is `getTrueExpr()`, if `false`
|
||||
* it is `getFalseExpr()`.
|
||||
* conditional expression. If `true` that is `getThen()`, if `false`
|
||||
* it is `getElse()`.
|
||||
*/
|
||||
Expr getBranchExpr(boolean branch) {
|
||||
branch = true and result = this.getTrueExpr()
|
||||
branch = true and result = this.getThen()
|
||||
or
|
||||
branch = false and result = this.getFalseExpr()
|
||||
branch = false and result = this.getElse()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1773,14 +1796,14 @@ class VariableUpdate extends Expr {
|
||||
VariableUpdate() {
|
||||
this.(Assignment).getDest() instanceof VarAccess or
|
||||
this instanceof LocalVariableDeclExpr or
|
||||
this.(UnaryAssignExpr).getExpr() instanceof VarAccess
|
||||
this.(UnaryAssignExpr).getOperand() instanceof VarAccess
|
||||
}
|
||||
|
||||
/** Gets the destination of this variable update. */
|
||||
Variable getDestVar() {
|
||||
result.getAnAccess() = this.(Assignment).getDest() or
|
||||
result = this.(LocalVariableDeclExpr).getVariable() or
|
||||
result.getAnAccess() = this.(UnaryAssignExpr).getExpr()
|
||||
result.getAnAccess() = this.(UnaryAssignExpr).getOperand()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1970,7 +1993,7 @@ class VarAccess extends Expr, @varaccess {
|
||||
*/
|
||||
predicate isVarWrite() {
|
||||
exists(Assignment a | a.getDest() = this) or
|
||||
exists(UnaryAssignExpr e | e.getExpr() = this)
|
||||
exists(UnaryAssignExpr e | e.getOperand() = this)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -680,13 +680,13 @@ class GetterMethod extends Method {
|
||||
GetterMethod() {
|
||||
this.hasNoParameters() and
|
||||
exists(ReturnStmt s, Field f | s = this.getBody().(SingletonBlock).getStmt() |
|
||||
s.getResult() = f.getAnAccess()
|
||||
s.getExpr() = f.getAnAccess()
|
||||
)
|
||||
}
|
||||
|
||||
/** Gets the field whose value is returned by this getter method. */
|
||||
Field getField() {
|
||||
exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getResult() = result.getAnAccess())
|
||||
exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getExpr() = result.getAnAccess())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -257,7 +257,7 @@ private class PpUnaryExpr extends PpAst, UnaryExpr {
|
||||
i = 2 and result = "--" and this instanceof PostDecExpr
|
||||
}
|
||||
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getExpr() }
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getOperand() }
|
||||
}
|
||||
|
||||
private class PpCastExpr extends PpAst, CastExpr {
|
||||
@@ -351,9 +351,9 @@ private class PpConditionalExpr extends PpAst, ConditionalExpr {
|
||||
override PpAst getChild(int i) {
|
||||
i = 0 and result = this.getCondition()
|
||||
or
|
||||
i = 2 and result = this.getTrueExpr()
|
||||
i = 2 and result = this.getThen()
|
||||
or
|
||||
i = 4 and result = this.getFalseExpr()
|
||||
i = 4 and result = this.getElse()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -577,7 +577,7 @@ private class PpForStmt extends PpAst, ForStmt {
|
||||
or
|
||||
i = 1 + this.lastUpdateIndex() and result = ")"
|
||||
or
|
||||
i = 2 + this.lastUpdateIndex() and result = " " and this.getStmt() instanceof BlockStmt
|
||||
i = 2 + this.lastUpdateIndex() and result = " " and this.getBody() instanceof BlockStmt
|
||||
}
|
||||
|
||||
private int lastInitIndex() { result = 3 + 2 * max(int j | exists(this.getInit(j))) }
|
||||
@@ -587,7 +587,7 @@ private class PpForStmt extends PpAst, ForStmt {
|
||||
}
|
||||
|
||||
override predicate newline(int i) {
|
||||
i = 2 + this.lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
|
||||
i = 2 + this.lastUpdateIndex() and not this.getBody() instanceof BlockStmt
|
||||
}
|
||||
|
||||
override PpAst getChild(int i) {
|
||||
@@ -599,11 +599,11 @@ private class PpForStmt extends PpAst, ForStmt {
|
||||
or
|
||||
exists(int j | result = this.getUpdate(j) and i = 4 + this.lastInitIndex() + 2 * j)
|
||||
or
|
||||
i = 3 + this.lastUpdateIndex() and result = this.getStmt()
|
||||
i = 3 + this.lastUpdateIndex() and result = this.getBody()
|
||||
}
|
||||
|
||||
override predicate indents(int i) {
|
||||
i = 3 + this.lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
|
||||
i = 3 + this.lastUpdateIndex() and not this.getBody() instanceof BlockStmt
|
||||
}
|
||||
}
|
||||
|
||||
@@ -616,7 +616,7 @@ private class PpEnhancedForStmt extends PpAst, EnhancedForStmt {
|
||||
i = 4 and result = " : "
|
||||
or
|
||||
i = 6 and
|
||||
if this.getStmt() instanceof BlockStmt then result = ") " else result = ")"
|
||||
if this.getBody() instanceof BlockStmt then result = ") " else result = ")"
|
||||
}
|
||||
|
||||
override PpAst getChild(int i) {
|
||||
@@ -626,10 +626,10 @@ private class PpEnhancedForStmt extends PpAst, EnhancedForStmt {
|
||||
or
|
||||
i = 5 and result = this.getExpr()
|
||||
or
|
||||
i = 7 and result = this.getStmt()
|
||||
i = 7 and result = this.getBody()
|
||||
}
|
||||
|
||||
override predicate indents(int i) { i = 7 and not this.getStmt() instanceof BlockStmt }
|
||||
override predicate indents(int i) { i = 7 and not this.getBody() instanceof BlockStmt }
|
||||
}
|
||||
|
||||
private class PpWhileStmt extends PpAst, WhileStmt {
|
||||
@@ -638,40 +638,40 @@ private class PpWhileStmt extends PpAst, WhileStmt {
|
||||
or
|
||||
i = 2 and result = ")"
|
||||
or
|
||||
i = 3 and result = " " and this.getStmt() instanceof BlockStmt
|
||||
i = 3 and result = " " and this.getBody() instanceof BlockStmt
|
||||
}
|
||||
|
||||
override predicate newline(int i) { i = 3 and not this.getStmt() instanceof BlockStmt }
|
||||
override predicate newline(int i) { i = 3 and not this.getBody() instanceof BlockStmt }
|
||||
|
||||
override PpAst getChild(int i) {
|
||||
i = 1 and result = this.getCondition()
|
||||
or
|
||||
i = 4 and result = this.getStmt()
|
||||
i = 4 and result = this.getBody()
|
||||
}
|
||||
|
||||
override predicate indents(int i) { i = 4 and not this.getStmt() instanceof BlockStmt }
|
||||
override predicate indents(int i) { i = 4 and not this.getBody() instanceof BlockStmt }
|
||||
}
|
||||
|
||||
private class PpDoStmt extends PpAst, DoStmt {
|
||||
override string getPart(int i) {
|
||||
i = 0 and result = "do"
|
||||
or
|
||||
i in [1, 3] and result = " " and this.getStmt() instanceof BlockStmt
|
||||
i in [1, 3] and result = " " and this.getBody() instanceof BlockStmt
|
||||
or
|
||||
i = 4 and result = "while ("
|
||||
or
|
||||
i = 6 and result = ");"
|
||||
}
|
||||
|
||||
override predicate newline(int i) { i in [1, 3] and not this.getStmt() instanceof BlockStmt }
|
||||
override predicate newline(int i) { i in [1, 3] and not this.getBody() instanceof BlockStmt }
|
||||
|
||||
override PpAst getChild(int i) {
|
||||
i = 2 and result = this.getStmt()
|
||||
i = 2 and result = this.getBody()
|
||||
or
|
||||
i = 5 and result = this.getCondition()
|
||||
}
|
||||
|
||||
override predicate indents(int i) { i = 2 and not this.getStmt() instanceof BlockStmt }
|
||||
override predicate indents(int i) { i = 2 and not this.getBody() instanceof BlockStmt }
|
||||
}
|
||||
|
||||
private class PpTryStmt extends PpAst, TryStmt {
|
||||
@@ -854,7 +854,7 @@ private class PpSynchronizedStmt extends PpAst, SynchronizedStmt {
|
||||
|
||||
private class PpReturnStmt extends PpAst, ReturnStmt {
|
||||
override string getPart(int i) {
|
||||
if exists(this.getResult())
|
||||
if exists(this.getExpr())
|
||||
then
|
||||
i = 0 and result = "return "
|
||||
or
|
||||
@@ -864,7 +864,7 @@ private class PpReturnStmt extends PpAst, ReturnStmt {
|
||||
)
|
||||
}
|
||||
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getResult() }
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getExpr() }
|
||||
}
|
||||
|
||||
private class PpThrowStmt extends PpAst, ThrowStmt {
|
||||
|
||||
@@ -140,7 +140,7 @@ class IfStmt extends ConditionalStmt, @ifstmt {
|
||||
}
|
||||
|
||||
/** A `for` loop. */
|
||||
class ForStmt extends ConditionalStmt, @forstmt {
|
||||
class ForStmt extends ConditionalStmt, LoopStmtImpl, @forstmt {
|
||||
/**
|
||||
* Gets an initializer expression of the loop.
|
||||
*
|
||||
@@ -167,8 +167,15 @@ class ForStmt extends ConditionalStmt, @forstmt {
|
||||
index = result.getIndex() - 3
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `getBody()` instead.
|
||||
*
|
||||
* Gets the body of this `for` loop.
|
||||
*/
|
||||
deprecated Stmt getStmt() { result.getParent() = this and result.getIndex() = 2 }
|
||||
|
||||
/** Gets the body of this `for` loop. */
|
||||
Stmt getStmt() { result.getParent() = this and result.getIndex() = 2 }
|
||||
override Stmt getBody() { result.getParent() = this and result.getIndex() = 2 }
|
||||
|
||||
/**
|
||||
* Gets a variable that is used as an iteration variable: it is defined,
|
||||
@@ -184,14 +191,14 @@ class ForStmt extends ConditionalStmt, @forstmt {
|
||||
Variable getAnIterationVariable() {
|
||||
// Check that the variable is assigned to, incremented or decremented in the update expression, and...
|
||||
exists(Expr update | update = this.getAnUpdate().getAChildExpr*() |
|
||||
update.(UnaryAssignExpr).getExpr() = result.getAnAccess() or
|
||||
update.(UnaryAssignExpr).getOperand() = result.getAnAccess() or
|
||||
update = result.getAnAssignedValue()
|
||||
) and
|
||||
// ...that it is checked or used in the condition.
|
||||
this.getCondition().getAChildExpr*() = result.getAnAccess()
|
||||
}
|
||||
|
||||
override string pp() { result = "for (...;...;...) " + this.getStmt().pp() }
|
||||
override string pp() { result = "for (...;...;...) " + this.getBody().pp() }
|
||||
|
||||
override string toString() { result = "for (...;...;...)" }
|
||||
|
||||
@@ -201,17 +208,24 @@ class ForStmt extends ConditionalStmt, @forstmt {
|
||||
}
|
||||
|
||||
/** An enhanced `for` loop. (Introduced in Java 5.) */
|
||||
class EnhancedForStmt extends Stmt, @enhancedforstmt {
|
||||
class EnhancedForStmt extends LoopStmtImpl, @enhancedforstmt {
|
||||
/** Gets the local variable declaration expression of this enhanced `for` loop. */
|
||||
LocalVariableDeclExpr getVariable() { result.getParent() = this }
|
||||
|
||||
/** Gets the expression over which this enhanced `for` loop iterates. */
|
||||
Expr getExpr() { result.isNthChildOf(this, 1) }
|
||||
|
||||
/** Gets the body of this enhanced `for` loop. */
|
||||
Stmt getStmt() { result.getParent() = this }
|
||||
/**
|
||||
* DEPRECATED: Use `getBody()` instead.
|
||||
*
|
||||
* Gets the body of this enhanced `for` loop.
|
||||
*/
|
||||
deprecated Stmt getStmt() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "for (... : ...) " + this.getStmt().pp() }
|
||||
/** Gets the body of this enhanced `for` loop. */
|
||||
override Stmt getBody() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "for (... : ...) " + this.getBody().pp() }
|
||||
|
||||
override string toString() { result = "for (... : ...)" }
|
||||
|
||||
@@ -221,14 +235,21 @@ class EnhancedForStmt extends Stmt, @enhancedforstmt {
|
||||
}
|
||||
|
||||
/** A `while` loop. */
|
||||
class WhileStmt extends ConditionalStmt, @whilestmt {
|
||||
class WhileStmt extends ConditionalStmt, LoopStmtImpl, @whilestmt {
|
||||
/** Gets the boolean condition of this `while` loop. */
|
||||
override Expr getCondition() { result.getParent() = this }
|
||||
|
||||
/** Gets the body of this `while` loop. */
|
||||
Stmt getStmt() { result.getParent() = this }
|
||||
/**
|
||||
* DEPRECATED: Use `getBody()` instead.
|
||||
*
|
||||
* Gets the body of this `while` loop.
|
||||
*/
|
||||
deprecated Stmt getStmt() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "while (...) " + this.getStmt().pp() }
|
||||
/** Gets the body of this `while` loop. */
|
||||
override Stmt getBody() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "while (...) " + this.getBody().pp() }
|
||||
|
||||
override string toString() { result = "while (...)" }
|
||||
|
||||
@@ -238,14 +259,21 @@ class WhileStmt extends ConditionalStmt, @whilestmt {
|
||||
}
|
||||
|
||||
/** A `do` loop. */
|
||||
class DoStmt extends ConditionalStmt, @dostmt {
|
||||
class DoStmt extends ConditionalStmt, LoopStmtImpl, @dostmt {
|
||||
/** Gets the condition of this `do` loop. */
|
||||
override Expr getCondition() { result.getParent() = this }
|
||||
|
||||
/** Gets the body of this `do` loop. */
|
||||
Stmt getStmt() { result.getParent() = this }
|
||||
/**
|
||||
* DEPRECATED: Use `getBody()` instead.
|
||||
*
|
||||
* Gets the body of this `do` loop.
|
||||
*/
|
||||
deprecated Stmt getStmt() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "do " + this.getStmt().pp() + " while (...)" }
|
||||
/** Gets the body of this `do` loop. */
|
||||
override Stmt getBody() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "do " + this.getBody().pp() + " while (...)" }
|
||||
|
||||
override string toString() { result = "do ... while (...)" }
|
||||
|
||||
@@ -258,30 +286,16 @@ class DoStmt extends ConditionalStmt, @dostmt {
|
||||
* A loop statement, including `for`, enhanced `for`,
|
||||
* `while` and `do` statements.
|
||||
*/
|
||||
class LoopStmt extends Stmt {
|
||||
LoopStmt() {
|
||||
this instanceof ForStmt or
|
||||
this instanceof EnhancedForStmt or
|
||||
this instanceof WhileStmt or
|
||||
this instanceof DoStmt
|
||||
}
|
||||
|
||||
abstract private class LoopStmtImpl extends Stmt {
|
||||
/** Gets the body of this loop statement. */
|
||||
Stmt getBody() {
|
||||
result = this.(ForStmt).getStmt() or
|
||||
result = this.(EnhancedForStmt).getStmt() or
|
||||
result = this.(WhileStmt).getStmt() or
|
||||
result = this.(DoStmt).getStmt()
|
||||
}
|
||||
abstract Stmt getBody();
|
||||
|
||||
/** Gets the boolean condition of this loop statement. */
|
||||
Expr getCondition() {
|
||||
result = this.(ForStmt).getCondition() or
|
||||
result = this.(WhileStmt).getCondition() or
|
||||
result = this.(DoStmt).getCondition()
|
||||
}
|
||||
Expr getCondition() { none() }
|
||||
}
|
||||
|
||||
final class LoopStmt = LoopStmtImpl;
|
||||
|
||||
/** A `try` statement. */
|
||||
class TryStmt extends Stmt, @trystmt {
|
||||
/** Gets the block of the `try` statement. */
|
||||
@@ -627,9 +641,16 @@ class SynchronizedStmt extends Stmt, @synchronizedstmt {
|
||||
|
||||
/** A `return` statement. */
|
||||
class ReturnStmt extends Stmt, @returnstmt {
|
||||
/** Gets the expression returned by this `return` statement, if any. */
|
||||
/**
|
||||
* DEPRECATED: Use `getExpr()` instead.
|
||||
*
|
||||
* Gets the expression returned by this `return` statement, if any.
|
||||
*/
|
||||
Expr getResult() { result.getParent() = this }
|
||||
|
||||
/** Gets the expression returned by this `return` statement, if any. */
|
||||
Expr getExpr() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "return ..." }
|
||||
|
||||
override string toString() { result = "return ..." }
|
||||
|
||||
@@ -93,7 +93,7 @@ class ArithExpr extends Expr {
|
||||
) and
|
||||
forall(Expr e |
|
||||
e = this.(BinaryExpr).getAnOperand() or
|
||||
e = this.(UnaryAssignExpr).getExpr() or
|
||||
e = this.(UnaryAssignExpr).getOperand() or
|
||||
e = this.(AssignOp).getSource()
|
||||
|
|
||||
e.getType() instanceof NumType
|
||||
@@ -114,7 +114,7 @@ class ArithExpr extends Expr {
|
||||
*/
|
||||
Expr getLeftOperand() {
|
||||
result = this.(BinaryExpr).getLeftOperand() or
|
||||
result = this.(UnaryAssignExpr).getExpr() or
|
||||
result = this.(UnaryAssignExpr).getOperand() or
|
||||
result = this.(AssignOp).getDest()
|
||||
}
|
||||
|
||||
@@ -128,7 +128,7 @@ class ArithExpr extends Expr {
|
||||
/** Gets an operand of this arithmetic expression. */
|
||||
Expr getAnOperand() {
|
||||
result = this.(BinaryExpr).getAnOperand() or
|
||||
result = this.(UnaryAssignExpr).getExpr() or
|
||||
result = this.(UnaryAssignExpr).getOperand() or
|
||||
result = this.(AssignOp).getSource()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ import java
|
||||
* Used as basis for the transitive closure in `exprImplies`.
|
||||
*/
|
||||
private predicate exprImpliesStep(Expr e1, boolean b1, Expr e2, boolean b2) {
|
||||
e1.(LogNotExpr).getExpr() = e2 and
|
||||
e1.(LogNotExpr).getOperand() = e2 and
|
||||
b2 = b1.booleanNot() and
|
||||
(b1 = true or b1 = false)
|
||||
or
|
||||
|
||||
@@ -279,9 +279,7 @@ private module GuardsInput implements SharedGuards::InputSig<Location, ControlFl
|
||||
}
|
||||
}
|
||||
|
||||
class NotExpr extends Expr instanceof J::LogNotExpr {
|
||||
Expr getOperand() { result = this.(J::LogNotExpr).getExpr() }
|
||||
}
|
||||
class NotExpr = J::LogNotExpr;
|
||||
|
||||
class IdExpr extends Expr {
|
||||
IdExpr() { this instanceof AssignExpr or this instanceof CastExpr }
|
||||
@@ -317,13 +315,7 @@ private module GuardsInput implements SharedGuards::InputSig<Location, ControlFl
|
||||
)
|
||||
}
|
||||
|
||||
class ConditionalExpr extends Expr instanceof J::ConditionalExpr {
|
||||
Expr getCondition() { result = super.getCondition() }
|
||||
|
||||
Expr getThen() { result = super.getTrueExpr() }
|
||||
|
||||
Expr getElse() { result = super.getFalseExpr() }
|
||||
}
|
||||
class ConditionalExpr = J::ConditionalExpr;
|
||||
|
||||
class Parameter = J::Parameter;
|
||||
|
||||
@@ -357,7 +349,7 @@ private module GuardsInput implements SharedGuards::InputSig<Location, ControlFl
|
||||
GuardsInput::Expr getAReturnExpr() {
|
||||
exists(ReturnStmt ret |
|
||||
this = ret.getEnclosingCallable() and
|
||||
ret.getResult() = result
|
||||
ret.getExpr() = result
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -49,9 +49,7 @@ class ConstantMethod extends Method {
|
||||
// Just one return statement
|
||||
count(ReturnStmt rs | rs.getEnclosingCallable() = this) = 1 and
|
||||
// Which returns a constant expr
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = this |
|
||||
rs.getResult() instanceof ConstantExpr
|
||||
) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = this | rs.getExpr() instanceof ConstantExpr) and
|
||||
// And this method is not overridden
|
||||
not exists(Method m | m.overrides(this))
|
||||
}
|
||||
@@ -61,7 +59,7 @@ class ConstantMethod extends Method {
|
||||
*/
|
||||
ConstantExpr getConstantValue() {
|
||||
exists(ReturnStmt returnStmt | returnStmt.getEnclosingCallable() = this |
|
||||
result = returnStmt.getResult()
|
||||
result = returnStmt.getExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,8 +86,8 @@ Expr clearlyNotNullExpr(Expr reason) {
|
||||
or
|
||||
exists(ConditionalExpr c, Expr r1, Expr r2 |
|
||||
c = result and
|
||||
c.getTrueExpr() = clearlyNotNullExpr(r1) and
|
||||
c.getFalseExpr() = clearlyNotNullExpr(r2) and
|
||||
c.getThen() = clearlyNotNullExpr(r1) and
|
||||
c.getElse() = clearlyNotNullExpr(r2) and
|
||||
(reason = r1 or reason = r2)
|
||||
)
|
||||
or
|
||||
|
||||
@@ -64,7 +64,7 @@ private predicate unboxed(Expr e) {
|
||||
bin.getType() instanceof PrimitiveType
|
||||
)
|
||||
or
|
||||
exists(UnaryExpr un | un.getExpr() = e)
|
||||
exists(UnaryExpr un | un.getOperand() = e)
|
||||
or
|
||||
exists(ChooseExpr cond | cond.getType() instanceof PrimitiveType | cond.getAResultExpr() = e)
|
||||
or
|
||||
@@ -73,7 +73,7 @@ private predicate unboxed(Expr e) {
|
||||
exists(Parameter p | p.getType() instanceof PrimitiveType and p.getAnArgument() = e)
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
ret.getEnclosingCallable().getReturnType() instanceof PrimitiveType and ret.getResult() = e
|
||||
ret.getEnclosingCallable().getReturnType() instanceof PrimitiveType and ret.getExpr() = e
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -173,23 +173,23 @@ module Sem implements Semantic<Location> {
|
||||
}
|
||||
|
||||
class NegateExpr extends UnaryExpr instanceof MinusExpr {
|
||||
override Expr getOperand() { result = super.getExpr() }
|
||||
override Expr getOperand() { result = MinusExpr.super.getOperand() }
|
||||
}
|
||||
|
||||
class PreIncExpr extends UnaryExpr instanceof J::PreIncExpr {
|
||||
override Expr getOperand() { result = super.getExpr() }
|
||||
override Expr getOperand() { result = J::PreIncExpr.super.getOperand() }
|
||||
}
|
||||
|
||||
class PreDecExpr extends UnaryExpr instanceof J::PreDecExpr {
|
||||
override Expr getOperand() { result = super.getExpr() }
|
||||
override Expr getOperand() { result = J::PreDecExpr.super.getOperand() }
|
||||
}
|
||||
|
||||
class PostIncExpr extends UnaryExpr instanceof J::PostIncExpr {
|
||||
override Expr getOperand() { result = super.getExpr() }
|
||||
override Expr getOperand() { result = J::PostIncExpr.super.getOperand() }
|
||||
}
|
||||
|
||||
class PostDecExpr extends UnaryExpr instanceof J::PostDecExpr {
|
||||
override Expr getOperand() { result = super.getExpr() }
|
||||
override Expr getOperand() { result = J::PostDecExpr.super.getOperand() }
|
||||
}
|
||||
|
||||
class CopyValueExpr extends UnaryExpr {
|
||||
@@ -200,7 +200,7 @@ module Sem implements Semantic<Location> {
|
||||
}
|
||||
|
||||
override Expr getOperand() {
|
||||
result = this.(J::PlusExpr).getExpr() or
|
||||
result = this.(J::PlusExpr).getOperand() or
|
||||
result = this.(J::AssignExpr).getSource() or
|
||||
result = this.(J::LocalVariableDeclExpr).getInit()
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ module FlowStepsInput implements UniversalFlow::UniversalFlowInput<Location> {
|
||||
n2.asSsa().(Base::SsaPhiDefinition).getAnUltimateDefinition() = n1.asSsa()
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
n2.asMethod() = ret.getEnclosingCallable() and ret.getResult() = n1.asExpr()
|
||||
n2.asMethod() = ret.getEnclosingCallable() and ret.getExpr() = n1.asExpr()
|
||||
)
|
||||
or
|
||||
viableImpl_v1(n2.asExpr()) = n1.asMethod()
|
||||
@@ -137,7 +137,7 @@ module FlowStepsInput implements UniversalFlow::UniversalFlowInput<Location> {
|
||||
or
|
||||
n2.asSsa().(Base::SsaCapturedDefinition).captures(n1.asSsa())
|
||||
or
|
||||
n2.asExpr().(NotNullExpr).getExpr() = n1.asExpr()
|
||||
n2.asExpr().(NotNullExpr).getOperand() = n1.asExpr()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -87,7 +87,7 @@ private module BaseSsaImpl {
|
||||
result = TLocalVar(v.getCallable(), v)
|
||||
)
|
||||
or
|
||||
result.getAnAccess() = upd.(UnaryAssignExpr).getExpr()
|
||||
result.getAnAccess() = upd.(UnaryAssignExpr).getOperand()
|
||||
}
|
||||
|
||||
/** Holds if `n` updates the local variable `v`. */
|
||||
|
||||
@@ -510,7 +510,7 @@ module Private {
|
||||
/** A data flow node that occurs as the result of a `ReturnStmt`. */
|
||||
class ReturnNode extends Node {
|
||||
ReturnNode() {
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getResult()) or
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getExpr()) or
|
||||
this.(FlowSummaryNode).isReturn()
|
||||
}
|
||||
|
||||
|
||||
@@ -201,7 +201,7 @@ predicate simpleAstFlowStep(Expr e1, Expr e2) {
|
||||
or
|
||||
e2 = any(StmtExpr stmtExpr | e1 = stmtExpr.getResultExpr())
|
||||
or
|
||||
e2 = any(NotNullExpr nne | e1 = nne.getExpr())
|
||||
e2 = any(NotNullExpr nne | e1 = nne.getOperand())
|
||||
or
|
||||
e2.(WhenExpr).getBranch(_).getAResult() = e1
|
||||
or
|
||||
|
||||
@@ -302,7 +302,7 @@ private module Cached {
|
||||
result = TLocalVar(v.getCallable(), v)
|
||||
)
|
||||
or
|
||||
result.getAnAccess() = upd.(UnaryAssignExpr).getExpr()
|
||||
result.getAnAccess() = upd.(UnaryAssignExpr).getOperand()
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -69,10 +69,10 @@ module Private {
|
||||
|
||||
/** Returns the operand of this expression. */
|
||||
Expr getOperand() {
|
||||
result = this.(J::PreIncExpr).getExpr() or
|
||||
result = this.(J::PreDecExpr).getExpr() or
|
||||
result = this.(J::MinusExpr).getExpr() or
|
||||
result = this.(J::BitNotExpr).getExpr()
|
||||
result = this.(J::PreIncExpr).getOperand() or
|
||||
result = this.(J::PreDecExpr).getOperand() or
|
||||
result = this.(J::MinusExpr).getOperand() or
|
||||
result = this.(J::BitNotExpr).getOperand()
|
||||
}
|
||||
|
||||
/** Returns the operation representing this expression. */
|
||||
@@ -258,12 +258,12 @@ private module Impl {
|
||||
|
||||
/** Returns the operand of the operation if `e` is a decrement. */
|
||||
Expr getDecrementOperand(Element e) {
|
||||
result = e.(PostDecExpr).getExpr() or result = e.(PreDecExpr).getExpr()
|
||||
result = e.(PostDecExpr).getOperand() or result = e.(PreDecExpr).getOperand()
|
||||
}
|
||||
|
||||
/** Returns the operand of the operation if `e` is an increment. */
|
||||
Expr getIncrementOperand(Element e) {
|
||||
result = e.(PostIncExpr).getExpr() or result = e.(PreIncExpr).getExpr()
|
||||
result = e.(PostIncExpr).getOperand() or result = e.(PreIncExpr).getOperand()
|
||||
}
|
||||
|
||||
/** Gets the variable underlying the implicit SSA variable `v`. */
|
||||
@@ -287,14 +287,14 @@ private module Impl {
|
||||
|
||||
/** Holds if `f` is accessed in an increment operation. */
|
||||
predicate fieldIncrementOperationOperand(Field f) {
|
||||
any(PostIncExpr inc).getExpr() = f.getAnAccess() or
|
||||
any(PreIncExpr inc).getExpr() = f.getAnAccess()
|
||||
any(PostIncExpr inc).getOperand() = f.getAnAccess() or
|
||||
any(PreIncExpr inc).getOperand() = f.getAnAccess()
|
||||
}
|
||||
|
||||
/** Holds if `f` is accessed in a decrement operation. */
|
||||
predicate fieldDecrementOperationOperand(Field f) {
|
||||
any(PostDecExpr dec).getExpr() = f.getAnAccess() or
|
||||
any(PreDecExpr dec).getExpr() = f.getAnAccess()
|
||||
any(PostDecExpr dec).getOperand() = f.getAnAccess() or
|
||||
any(PreDecExpr dec).getOperand() = f.getAnAccess()
|
||||
}
|
||||
|
||||
/** Returns possible signs of `f` based on the declaration. */
|
||||
@@ -316,9 +316,9 @@ private module Impl {
|
||||
/** Returns a sub expression of `e` for expression types where the sign depends on the child. */
|
||||
Expr getASubExprWithSameSign(Expr e) {
|
||||
result = e.(AssignExpr).getSource() or
|
||||
result = e.(PlusExpr).getExpr() or
|
||||
result = e.(PostIncExpr).getExpr() or
|
||||
result = e.(PostDecExpr).getExpr() or
|
||||
result = e.(PlusExpr).getOperand() or
|
||||
result = e.(PostIncExpr).getOperand() or
|
||||
result = e.(PostDecExpr).getOperand() or
|
||||
result = e.(ChooseExpr).getAResultExpr() or
|
||||
result = e.(CastingExpr).getExpr()
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ VarAccess valueAccess(EnumConstant e) {
|
||||
or
|
||||
exists(Assignment a | a.getSource() = valueFlow+(result))
|
||||
or
|
||||
exists(ReturnStmt r | r.getResult() = valueFlow+(result))
|
||||
exists(ReturnStmt r | r.getExpr() = valueFlow+(result))
|
||||
or
|
||||
exists(LocalVariableDeclExpr v | v.getInit() = valueFlow+(result))
|
||||
or
|
||||
|
||||
@@ -354,7 +354,7 @@ private module TrackLambda<methodDispatchSig/1 lambdaDispatch0> {
|
||||
predicate returnStep(Node n1, LocalSourceNode n2) {
|
||||
exists(ReturnStmt ret, Method m |
|
||||
ret.getEnclosingCallable() = m and
|
||||
ret.getResult() = n1.asExpr() and
|
||||
ret.getExpr() = n1.asExpr() and
|
||||
m = dispatch(n2.asExpr())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -53,7 +53,7 @@ private predicate viableArgParam(ArgumentNode arg, ParameterNode p) {
|
||||
private predicate returnStep(Node n1, Node n2) {
|
||||
exists(ReturnStmt ret, Method m |
|
||||
ret.getEnclosingCallable() = m and
|
||||
ret.getResult() = n1.asExpr() and
|
||||
ret.getExpr() = n1.asExpr() and
|
||||
pragma[only_bind_out](m) = dispatchCand(n2.asExpr())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -424,7 +424,7 @@ private class JaxRSXssSink extends XssSink {
|
||||
exists(JaxRsResourceMethod resourceMethod, ReturnStmt rs |
|
||||
resourceMethod = any(JaxRsResourceClass resourceClass).getAResourceMethod() and
|
||||
rs.getEnclosingCallable() = resourceMethod and
|
||||
this.asExpr() = rs.getResult()
|
||||
this.asExpr() = rs.getExpr()
|
||||
|
|
||||
not exists(resourceMethod.getProducesAnnotation())
|
||||
or
|
||||
|
||||
@@ -386,7 +386,7 @@ class MockitoMockedObject extends Expr {
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
this.(MethodCall).getMethod() = ret.getEnclosingCallable() and
|
||||
ret.getResult() instanceof MockitoMockedObject
|
||||
ret.getExpr() instanceof MockitoMockedObject
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ class MyBatisInjectionSink extends DataFlow::Node {
|
||||
a.getType() instanceof MyBatisProvider and
|
||||
m.getDeclaringType() = a.getValue(["type", "value"]).(TypeLiteral).getTypeName().getType() and
|
||||
m.hasName(a.getValue("method").(StringLiteral).getValue()) and
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getResult() and ret.getEnclosingCallable() = m)
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getExpr() and ret.getEnclosingCallable() = m)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ private predicate threadLocalInitialValue(ClassInstanceExpr cie, Method initialV
|
||||
exists(RefType t, ReturnStmt ret |
|
||||
cie.getConstructedType().getSourceDeclaration() = t and
|
||||
t.getASourceSupertype+().hasQualifiedName("java.lang", "ThreadLocal") and
|
||||
ret.getResult() = init and
|
||||
ret.getExpr() = init and
|
||||
ret.getEnclosingCallable() = initialValue and
|
||||
initialValue.hasName("initialValue") and
|
||||
initialValue.getDeclaringType() = t
|
||||
|
||||
@@ -37,7 +37,7 @@ private class AsyncTaskOnPostExecuteAdditionalValueStep extends AdditionalValueS
|
||||
|
|
||||
onPostExecute.getDeclaringType() = runInBackground.getDeclaringType()
|
||||
|
|
||||
node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getResult() and
|
||||
node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getExpr() and
|
||||
node2.asParameter() = onPostExecute.getParameter(0)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ class LiveLiteralMethod extends Method {
|
||||
|
||||
private predicate methodReturns(Method m, Expr res) {
|
||||
exists(ReturnStmt r |
|
||||
r.getResult() = res and
|
||||
r.getExpr() = res and
|
||||
r.getEnclosingCallable() = m
|
||||
)
|
||||
}
|
||||
|
||||
@@ -279,7 +279,7 @@ private predicate reaches(Expr src, Argument arg) {
|
||||
or
|
||||
exists(StmtExpr e | e.getResultExpr() = src | reaches(e, arg))
|
||||
or
|
||||
exists(NotNullExpr e | e.getExpr() = src | reaches(e, arg))
|
||||
exists(NotNullExpr e | e.getOperand() = src | reaches(e, arg))
|
||||
or
|
||||
exists(WhenExpr e | e.getBranch(_).getAResult() = src | reaches(e, arg))
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@ ThisAccess forbiddenThisUse(Callable c) {
|
||||
result.getEnclosingCallable() = c and
|
||||
(
|
||||
exists(MethodCall ma | ma.getAnArgument() = result) or
|
||||
exists(ReturnStmt rs | rs.getResult() = result)
|
||||
exists(ReturnStmt rs | rs.getExpr() = result)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ private class SpringXssSink extends XSS::XssSink {
|
||||
SpringXssSink() {
|
||||
exists(SpringRequestMappingMethod requestMappingMethod, ReturnStmt rs |
|
||||
requestMappingMethod = rs.getEnclosingCallable() and
|
||||
this.asExpr() = rs.getResult() and
|
||||
this.asExpr() = rs.getExpr() and
|
||||
(
|
||||
not specifiesContentType(requestMappingMethod) or
|
||||
isXssVulnerableContentTypeExpr(requestMappingMethod.getAProducesExpr())
|
||||
|
||||
@@ -58,9 +58,9 @@ private class HttpResponseGetDescriptionStep extends AdditionalValueStep {
|
||||
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
|
||||
exists(ReturnStmt s, GenerateResponseMethod m |
|
||||
s.getEnclosingCallable() instanceof HudsonWebMethod and
|
||||
boundOrStaticType(s.getResult(), m.getDeclaringType().getADescendant())
|
||||
boundOrStaticType(s.getExpr(), m.getDeclaringType().getADescendant())
|
||||
|
|
||||
n1.asExpr() = s.getResult() and
|
||||
n1.asExpr() = s.getExpr() and
|
||||
n2.(DataFlow::InstanceParameterNode).getCallable() = m
|
||||
)
|
||||
}
|
||||
|
||||
@@ -113,7 +113,7 @@ predicate upcastToWiderType(Expr e) {
|
||||
or
|
||||
exists(CastingExpr c | c.getExpr() = e and t2 = c.getType())
|
||||
or
|
||||
exists(ReturnStmt ret | ret.getResult() = e and t2 = ret.getEnclosingCallable().getReturnType())
|
||||
exists(ReturnStmt ret | ret.getExpr() = e and t2 = ret.getEnclosingCallable().getReturnType())
|
||||
or
|
||||
exists(Parameter p | p.getAnArgument() = e and t2 = p.getType())
|
||||
or
|
||||
|
||||
@@ -25,7 +25,7 @@ class IsValidFragmentMethod extends Method {
|
||||
predicate isUnsafe() {
|
||||
this.getDeclaringType().(AndroidActivity).isExported() and
|
||||
forex(ReturnStmt retStmt | retStmt.getEnclosingCallable() = this |
|
||||
retStmt.getResult().(BooleanLiteral).getBooleanValue() = true
|
||||
retStmt.getExpr().(BooleanLiteral).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -75,7 +75,7 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig {
|
||||
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
|
||||
n1.asExpr() = n2.asExpr().(BinaryExpr).getAnOperand()
|
||||
or
|
||||
n1.asExpr() = n2.asExpr().(UnaryExpr).getExpr()
|
||||
n1.asExpr() = n2.asExpr().(UnaryExpr).getOperand()
|
||||
or
|
||||
exists(MethodCall mc, string methodName |
|
||||
mc.getMethod().hasQualifiedName("org.owasp.esapi", "Encoder", methodName) and
|
||||
|
||||
@@ -107,7 +107,7 @@ private class StaticInitializationVectorSource extends DataFlow::Node {
|
||||
// Reduce FPs from utility methods that return an empty array in an exceptional case
|
||||
not exists(ReturnStmt ret |
|
||||
array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and
|
||||
DataFlow::localExprFlow(array, ret.getResult())
|
||||
DataFlow::localExprFlow(array, ret.getExpr())
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
|
||||
) {
|
||||
exists(ConstructorCall cc, FunctionalExpr fe |
|
||||
cc.getConstructedType() instanceof KryoPoolBuilder and
|
||||
fe.asMethod().getBody().getAStmt().(ReturnStmt).getResult() = node1.asExpr() and
|
||||
fe.asMethod().getBody().getAStmt().(ReturnStmt).getExpr() = node1.asExpr() and
|
||||
node2.asExpr() = cc and
|
||||
cc.getArgument(0) = fe
|
||||
)
|
||||
|
||||
@@ -13,7 +13,7 @@ private import semmle.code.java.dataflow.ExternalFlow
|
||||
*/
|
||||
private predicate alwaysReturnsTrue(HostnameVerifierVerify m) {
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = m |
|
||||
rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ class PointlessLoop extends WhileStmt {
|
||||
this.getCondition().(BooleanLiteral).getBooleanValue() = true and
|
||||
// The only `break` must be the last statement.
|
||||
forall(BreakStmt break | break.getTarget() = this |
|
||||
this.getStmt().(BlockStmt).getLastStmt() = break
|
||||
this.getBody().(BlockStmt).getLastStmt() = break
|
||||
) and
|
||||
// No `continue` statements.
|
||||
not exists(ContinueStmt continue | continue.getTarget() = this)
|
||||
|
||||
@@ -32,7 +32,7 @@ class AnyAssignment extends Expr {
|
||||
/** The expression modified by this assignment. */
|
||||
Expr getDest() {
|
||||
this.(Assignment).getDest() = result or
|
||||
this.(UnaryAssignExpr).getExpr() = result
|
||||
this.(UnaryAssignExpr).getOperand() = result
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ class Iterable extends Class {
|
||||
exists(Method m |
|
||||
m.getDeclaringType().getSourceDeclaration() = this and
|
||||
m.getName() = "iterator" and
|
||||
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() = result
|
||||
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() = result
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ class EmptyIterableIterator extends IterableIterator {
|
||||
.(SingletonBlock)
|
||||
.getStmt()
|
||||
.(ReturnStmt)
|
||||
.getResult()
|
||||
.getExpr()
|
||||
.(BooleanLiteral)
|
||||
.getBooleanValue() = false
|
||||
)
|
||||
|
||||
@@ -25,5 +25,5 @@ where
|
||||
t instanceof PrimitiveType and
|
||||
not t instanceof CharType
|
||||
)
|
||||
select ce, "Mismatch between types of branches: $@ and $@.", ce.getTrueExpr(),
|
||||
ce.getTrueExpr().getType().getName(), ce.getFalseExpr(), ce.getFalseExpr().getType().getName()
|
||||
select ce, "Mismatch between types of branches: $@ and $@.", ce.getThen(),
|
||||
ce.getThen().getType().getName(), ce.getElse(), ce.getElse().getType().getName()
|
||||
|
||||
@@ -39,7 +39,7 @@ predicate containsSpecialCollection(Expr e, SpecialCollectionCreation origin) {
|
||||
or
|
||||
exists(Call c, ReturnStmt r | e = c |
|
||||
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
|
||||
containsSpecialCollection(r.getResult(), origin)
|
||||
containsSpecialCollection(r.getExpr(), origin)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) {
|
||||
or
|
||||
exists(Call c, ReturnStmt r | e = c |
|
||||
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
|
||||
iterOfSpecialCollection(r.getResult(), origin)
|
||||
iterOfSpecialCollection(r.getExpr(), origin)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ where
|
||||
exists(AssignExpr assgn | va = assgn.getDest() | assgn.getSource() instanceof FreshContainer)
|
||||
or
|
||||
// ...a return (but only if `v` is a local variable)
|
||||
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va)
|
||||
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getExpr() = va)
|
||||
or
|
||||
// ...or a call to a query method on `v`.
|
||||
exists(MethodCall ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod)
|
||||
|
||||
@@ -32,13 +32,13 @@ predicate checksReferenceEquality(EqualsMethod em) {
|
||||
eq.getAnOperand().(VarAccess).getVariable() = em.getParameter(0) and
|
||||
(
|
||||
// `{ return (ojb==this); }`
|
||||
eq = blk.getStmt().(ReturnStmt).getResult()
|
||||
eq = blk.getStmt().(ReturnStmt).getExpr()
|
||||
or
|
||||
// `{ if (ojb==this) return true; else return false; }`
|
||||
exists(IfStmt ifStmt | ifStmt = blk.getStmt() |
|
||||
eq = ifStmt.getCondition() and
|
||||
ifStmt.getThen().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = true and
|
||||
ifStmt.getElse().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = false
|
||||
ifStmt.getThen().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = true and
|
||||
ifStmt.getElse().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = false
|
||||
)
|
||||
)
|
||||
)
|
||||
@@ -47,7 +47,7 @@ predicate checksReferenceEquality(EqualsMethod em) {
|
||||
// More precisely, we check whether the body of `em` is of the form `return super.equals(o);`,
|
||||
// where `o` is the (only) parameter of `em`, and the invoked method is a reference equality check.
|
||||
exists(SuperMethodCall sup |
|
||||
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() and
|
||||
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() and
|
||||
sup.getArgument(0) = em.getParameter(0).getAnAccess() and
|
||||
checksReferenceEquality(sup.getCallee())
|
||||
)
|
||||
|
||||
@@ -22,7 +22,7 @@ class RefiningEquals extends EqualsMethod {
|
||||
// ... on the (only) parameter of this method ...
|
||||
sup.getArgument(0).(VarAccess).getVariable() = this.getAParameter() and
|
||||
// ... and its result is implied by the result of `ret`.
|
||||
exprImplies(ret.getResult(), true, sup, true)
|
||||
exprImplies(ret.getExpr(), true, sup, true)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ class ReferenceEquals extends EqualsMethod {
|
||||
exists(BlockStmt b, ReturnStmt ret, EQExpr eq |
|
||||
this.getBody() = b and
|
||||
b.getStmt(0) = ret and
|
||||
ret.getResult() = eq and
|
||||
ret.getExpr() = eq and
|
||||
eq.getAnOperand() = this.getAParameter().getAnAccess() and
|
||||
(eq.getAnOperand() instanceof ThisAccess or eq.getAnOperand() instanceof FieldAccess)
|
||||
)
|
||||
|
||||
@@ -27,8 +27,8 @@ class StringValue extends Expr {
|
||||
)
|
||||
or
|
||||
// Ternary conditional operator.
|
||||
this.(ConditionalExpr).getTrueExpr().(StringValue).isInterned() and
|
||||
this.(ConditionalExpr).getFalseExpr().(StringValue).isInterned()
|
||||
this.(ConditionalExpr).getThen().(StringValue).isInterned() and
|
||||
this.(ConditionalExpr).getElse().(StringValue).isInterned()
|
||||
or
|
||||
// Values of type `String` that are compile-time constant expressions (JLS 15.28).
|
||||
this instanceof CompileTimeConstantExpr
|
||||
@@ -38,7 +38,7 @@ class StringValue extends Expr {
|
||||
or
|
||||
// Method accesses whose results are all interned.
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodCall).getMethod() |
|
||||
rs.getResult().(StringValue).isInterned()
|
||||
rs.getExpr().(StringValue).isInterned()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -134,8 +134,8 @@ Expr overFlowCand() {
|
||||
result.(LocalVariableDeclExpr).getInit() = overFlowCand()
|
||||
or
|
||||
exists(ConditionalExpr c | c = result |
|
||||
c.getTrueExpr() = overFlowCand() and
|
||||
c.getFalseExpr() = overFlowCand()
|
||||
c.getThen() = overFlowCand() and
|
||||
c.getElse() = overFlowCand()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ predicate delegatingOverride(Method sub, Method sup) {
|
||||
delegatingSuperCall(stmt.(ExprStmt).getExpr(), sup)
|
||||
or
|
||||
// ...or a `return` statement containing such a call.
|
||||
delegatingSuperCall(stmt.(ReturnStmt).getResult(), sup)
|
||||
delegatingSuperCall(stmt.(ReturnStmt).getExpr(), sup)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ predicate castTo(ClassInstanceExpr cie, RefType to) {
|
||||
or
|
||||
exists(Call call, int n | call.getArgument(n) = cie | to = call.getCallee().getParameterType(n))
|
||||
or
|
||||
exists(ReturnStmt ret | ret.getResult() = cie | to = ret.getEnclosingCallable().getReturnType())
|
||||
exists(ReturnStmt ret | ret.getExpr() = cie | to = ret.getEnclosingCallable().getReturnType())
|
||||
or
|
||||
exists(ArrayCreationExpr ace | ace.getInit().getAnInit() = cie |
|
||||
to = ace.getType().(Array).getComponentType()
|
||||
|
||||
@@ -31,13 +31,13 @@ private predicate nonChaining(Method m) {
|
||||
|
||||
private predicate nonChainingReturn(Method m, ReturnStmt ret) {
|
||||
// The wrong `this` is returned.
|
||||
ret.getResult() instanceof ThisAccess and
|
||||
ret.getResult().getType() != m.getDeclaringType()
|
||||
ret.getExpr() instanceof ThisAccess and
|
||||
ret.getExpr().getType() != m.getDeclaringType()
|
||||
or
|
||||
// A method call to the wrong method is returned.
|
||||
ret.getResult() instanceof MethodCall and
|
||||
ret.getExpr() instanceof MethodCall and
|
||||
exists(MethodCall delegateCall, Method delegate |
|
||||
delegateCall = ret.getResult() and
|
||||
delegateCall = ret.getExpr() and
|
||||
delegate = delegateCall.getMethod()
|
||||
|
|
||||
delegate.getDeclaringType() != m.getDeclaringType()
|
||||
@@ -54,7 +54,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) {
|
||||
or
|
||||
// Something else is returned.
|
||||
not (
|
||||
ret.getResult() instanceof ThisAccess or
|
||||
ret.getResult() instanceof MethodCall
|
||||
ret.getExpr() instanceof ThisAccess or
|
||||
ret.getExpr() instanceof MethodCall
|
||||
)
|
||||
}
|
||||
|
||||
@@ -45,13 +45,13 @@ predicate castFlow(ArrayCast ce, Variable v) {
|
||||
}
|
||||
|
||||
predicate returnedFrom(ArrayCast ce, Method m) {
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getResult() = ce)
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getExpr() = ce)
|
||||
or
|
||||
exists(Variable v | castFlow(ce, v) | returnedVariableFrom(v, m))
|
||||
}
|
||||
|
||||
predicate returnedVariableFrom(Variable v, Method m) {
|
||||
exists(ReturnStmt ret | ret.getResult() = v.getAnAccess() and ret.getEnclosingCallable() = m)
|
||||
exists(ReturnStmt ret | ret.getExpr() = v.getAnAccess() and ret.getEnclosingCallable() = m)
|
||||
}
|
||||
|
||||
predicate rawTypeConversion(RawType source, ParameterizedType target) {
|
||||
|
||||
@@ -37,12 +37,12 @@ class EmptyLoop extends Stmt {
|
||||
exists(ForStmt stmt | stmt = this |
|
||||
not exists(stmt.getAnInit()) and
|
||||
not exists(stmt.getAnUpdate()) and
|
||||
stmt.getStmt() instanceof Empty
|
||||
stmt.getBody() instanceof Empty
|
||||
)
|
||||
or
|
||||
this.(WhileStmt).getStmt() instanceof Empty
|
||||
this.(WhileStmt).getBody() instanceof Empty
|
||||
or
|
||||
this.(DoStmt).getStmt() instanceof Empty
|
||||
this.(DoStmt).getBody() instanceof Empty
|
||||
}
|
||||
|
||||
Expr getCondition() {
|
||||
|
||||
@@ -41,7 +41,7 @@ private class VulnerableJHipsterRandomUtilMethod extends Method {
|
||||
this.getReturnType() instanceof TypeString and
|
||||
exists(ReturnStmt s |
|
||||
s = this.getBody().(SingletonBlock).getStmt() and
|
||||
s.getResult() instanceof PredictableApacheRandomStringUtilsMethodCall
|
||||
s.getExpr() instanceof PredictableApacheRandomStringUtilsMethodCall
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -96,7 +96,7 @@ predicate probablyNeverEscapes(LocalVariableDecl v) {
|
||||
// Not assigned directly to another variable.
|
||||
not exists(Assignment a | a.getSource() = v.getAnAccess()) and
|
||||
// Not returned.
|
||||
not exists(ReturnStmt r | r.getResult() = v.getAnAccess()) and
|
||||
not exists(ReturnStmt r | r.getExpr() = v.getAnAccess()) and
|
||||
// All assignments are to new instances of a class.
|
||||
forex(Expr e | e = v.getAnAssignedValue() | e instanceof ClassInstanceExpr)
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ predicate subCondition(Expr cond, Expr subcond, boolean negated) {
|
||||
or
|
||||
subCondition(cond.(OrLogicalExpr).getAnOperand(), subcond, negated)
|
||||
or
|
||||
subCondition(cond.(LogNotExpr).getExpr(), subcond, negated.booleanNot())
|
||||
subCondition(cond.(LogNotExpr).getOperand(), subcond, negated.booleanNot())
|
||||
}
|
||||
|
||||
from
|
||||
|
||||
@@ -40,9 +40,9 @@ class BoolCompare extends EqualityTest {
|
||||
|
||||
predicate conditionalWithBool(ConditionalExpr c, string pattern, string rewrite) {
|
||||
exists(boolean truebranch |
|
||||
c.getTrueExpr().(BooleanLiteral).getBooleanValue() = truebranch and
|
||||
not c.getFalseExpr() instanceof BooleanLiteral and
|
||||
not c.getFalseExpr().getType() instanceof NullType and
|
||||
c.getThen().(BooleanLiteral).getBooleanValue() = truebranch and
|
||||
not c.getElse() instanceof BooleanLiteral and
|
||||
not c.getElse().getType() instanceof NullType and
|
||||
(
|
||||
truebranch = true and pattern = "A ? true : B" and rewrite = "A || B"
|
||||
or
|
||||
@@ -51,9 +51,9 @@ predicate conditionalWithBool(ConditionalExpr c, string pattern, string rewrite)
|
||||
)
|
||||
or
|
||||
exists(boolean falsebranch |
|
||||
not c.getTrueExpr() instanceof BooleanLiteral and
|
||||
not c.getTrueExpr().getType() instanceof NullType and
|
||||
c.getFalseExpr().(BooleanLiteral).getBooleanValue() = falsebranch and
|
||||
not c.getThen() instanceof BooleanLiteral and
|
||||
not c.getThen().getType() instanceof NullType and
|
||||
c.getElse().(BooleanLiteral).getBooleanValue() = falsebranch and
|
||||
(
|
||||
falsebranch = true and pattern = "A ? B : true" and rewrite = "!A || B"
|
||||
or
|
||||
@@ -62,8 +62,8 @@ predicate conditionalWithBool(ConditionalExpr c, string pattern, string rewrite)
|
||||
)
|
||||
or
|
||||
exists(boolean truebranch, boolean falsebranch |
|
||||
c.getTrueExpr().(BooleanLiteral).getBooleanValue() = truebranch and
|
||||
c.getFalseExpr().(BooleanLiteral).getBooleanValue() = falsebranch and
|
||||
c.getThen().(BooleanLiteral).getBooleanValue() = truebranch and
|
||||
c.getElse().(BooleanLiteral).getBooleanValue() = falsebranch and
|
||||
(
|
||||
truebranch = true and falsebranch = false and pattern = "A ? true : false" and rewrite = "A"
|
||||
or
|
||||
@@ -98,9 +98,9 @@ where
|
||||
or
|
||||
conditionalWithBool(e, pattern, rewrite)
|
||||
or
|
||||
e.(LogNotExpr).getExpr().(ComparisonOrEquality).negate(pattern, rewrite)
|
||||
e.(LogNotExpr).getOperand().(ComparisonOrEquality).negate(pattern, rewrite)
|
||||
or
|
||||
e.(LogNotExpr).getExpr() instanceof LogNotExpr and
|
||||
e.(LogNotExpr).getOperand() instanceof LogNotExpr and
|
||||
pattern = "!!A" and
|
||||
rewrite = "A"
|
||||
)
|
||||
|
||||
@@ -35,7 +35,7 @@ predicate notDeliberatelyBoxed(LocalBoxedVar v) {
|
||||
)
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
ret.getResult() = a and
|
||||
ret.getExpr() = a and
|
||||
ret.getEnclosingCallable().getReturnType() instanceof RefType
|
||||
)
|
||||
)
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
import java
|
||||
import DeadLocals
|
||||
|
||||
predicate minusOne(MinusExpr e) { e.getExpr().(Literal).getValue() = "1" }
|
||||
predicate minusOne(MinusExpr e) { e.getOperand().(Literal).getValue() = "1" }
|
||||
|
||||
predicate flowStep(Expr decl, Expr init) {
|
||||
decl = init
|
||||
|
||||
@@ -66,7 +66,7 @@ where
|
||||
fr.getField() = f and
|
||||
not f.getDeclaringType() instanceof EnumType and
|
||||
forall(Assignment ae | ae.getDest() = f.getAnAccess() | ae.getSource() instanceof NullLiteral) and
|
||||
not exists(UnaryAssignExpr ua | ua.getExpr() = f.getAnAccess()) and
|
||||
not exists(UnaryAssignExpr ua | ua.getOperand() = f.getAnAccess()) and
|
||||
not f.isFinal() and
|
||||
// Exclude fields that may be accessed reflectively.
|
||||
not reflectivelyWritten(f) and
|
||||
|
||||
@@ -51,7 +51,7 @@ predicate storesArray(Callable c, int i, Field f) {
|
||||
predicate returnsArray(Callable c, Field f) {
|
||||
f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and
|
||||
relevantType(f.getType()) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getResult() = f.getAnAccess()) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getExpr() = f.getAnAccess()) and
|
||||
not c.isStatic()
|
||||
}
|
||||
|
||||
@@ -71,7 +71,7 @@ predicate mayWriteToArray(Expr modified) {
|
||||
)
|
||||
or
|
||||
// return __array__; ... method()[1] = 0
|
||||
exists(ReturnStmt rs | modified = rs.getResult() and relevantType(modified.getType()) |
|
||||
exists(ReturnStmt rs | modified = rs.getExpr() and relevantType(modified.getType()) |
|
||||
exists(Callable enclosing, MethodCall ma |
|
||||
enclosing = rs.getEnclosingCallable() and ma.getMethod().getSourceDeclaration() = enclosing
|
||||
|
|
||||
|
||||
@@ -28,8 +28,8 @@ predicate nonEmptyArrayLiteralOrNull(Expr e) {
|
||||
e instanceof NullLiteral
|
||||
or
|
||||
exists(ConditionalExpr cond | cond = e |
|
||||
nonEmptyArrayLiteralOrNull(cond.getTrueExpr()) and
|
||||
nonEmptyArrayLiteralOrNull(cond.getFalseExpr())
|
||||
nonEmptyArrayLiteralOrNull(cond.getThen()) and
|
||||
nonEmptyArrayLiteralOrNull(cond.getElse())
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -126,7 +126,7 @@ private predicate delegate(Method caller, Method callee) {
|
||||
exists(MethodCall ma | ma.getMethod() = callee |
|
||||
exists(Stmt stmt | stmt = caller.getBody().(SingletonBlock).getStmt() |
|
||||
wrappedAccess(stmt.(ExprStmt).getExpr(), ma) or
|
||||
wrappedAccess(stmt.(ReturnStmt).getResult(), ma)
|
||||
wrappedAccess(stmt.(ReturnStmt).getExpr(), ma)
|
||||
) and
|
||||
forex(Parameter p, int i, Expr arg | p = caller.getParameter(i) and ma.getArgument(i) = arg |
|
||||
// The parameter is propagated without modification.
|
||||
|
||||
@@ -3,7 +3,7 @@ import java
|
||||
predicate getterFor(Method m, Field f) {
|
||||
m.getName().matches("get%") and
|
||||
m.getDeclaringType() = f.getDeclaringType() and
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getResult() = f.getAnAccess())
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getExpr() = f.getAnAccess())
|
||||
}
|
||||
|
||||
predicate setterFor(Method m, Field f) {
|
||||
|
||||
@@ -56,9 +56,7 @@ predicate boxed(PrimitiveExpr e) {
|
||||
or
|
||||
flowTarget(e).getType() instanceof BoxedType
|
||||
or
|
||||
exists(ConditionalExpr cond | cond instanceof BoxedExpr |
|
||||
cond.getTrueExpr() = e or cond.getFalseExpr() = e
|
||||
)
|
||||
exists(ConditionalExpr cond | cond instanceof BoxedExpr | cond.getABranchExpr() = e)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -125,10 +125,10 @@ private class StringFormatMethod extends StringCombiningMethod {
|
||||
class SpringViewManipulationSink extends DataFlow::ExprNode {
|
||||
SpringViewManipulationSink() {
|
||||
exists(ReturnStmt r, SpringRequestMappingMethod m |
|
||||
r.getResult() = this.asExpr() and
|
||||
r.getExpr() = this.asExpr() and
|
||||
m.getBody().getAStmt() = r and
|
||||
not m.isResponseBody() and
|
||||
r.getResult().getType() instanceof TypeString
|
||||
r.getExpr().getType() instanceof TypeString
|
||||
)
|
||||
or
|
||||
exists(ConstructorCall c | c.getConstructedType() instanceof ModelAndView |
|
||||
|
||||
@@ -48,7 +48,7 @@ private class JxBrowserLoadHandler extends RefType {
|
||||
|
||||
private predicate isOnCertificateErrorMethodSafe(Method m) {
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = m |
|
||||
rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ class NoMaybeElement extends MaybeElement {
|
||||
}
|
||||
|
||||
MaybeElement op(UnaryExpr e) {
|
||||
if exists(e.getExpr()) then result = TElement(e.getExpr()) else result = TNoElement()
|
||||
if exists(e.getOperand()) then result = TElement(e.getOperand()) else result = TNoElement()
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -29,7 +29,7 @@ class NoMaybeElement extends MaybeElement {
|
||||
}
|
||||
|
||||
MaybeElement op(UnaryExpr e) {
|
||||
if exists(e.getExpr()) then result = TElement(e.getExpr()) else result = TNoElement()
|
||||
if exists(e.getOperand()) then result = TElement(e.getOperand()) else result = TNoElement()
|
||||
}
|
||||
|
||||
from Expr e
|
||||
|
||||
@@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig {
|
||||
source.asExpr().(MethodCall).getMethod().hasName("taint")
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() }
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getExpr() }
|
||||
}
|
||||
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import default
|
||||
|
||||
from MinusExpr me, Literal l
|
||||
where l = me.getExpr()
|
||||
where l = me.getOperand()
|
||||
select me, l
|
||||
|
||||
@@ -9,5 +9,5 @@
|
||||
import java
|
||||
|
||||
from ReturnStmt r
|
||||
where r.getResult() instanceof NullLiteral
|
||||
where r.getExpr() instanceof NullLiteral
|
||||
select r
|
||||
|
||||
Reference in New Issue
Block a user