hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add localFlowPlusInitializers

Browse Source
This commit is contained in:
Jonathan Leitschuh
2022-03-09 11:06:26 -05:00
parent a21992ade9
commit 2a6c4e9350
1 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
java/ql/lib/semmle/code/java/environment/SystemProperty.qll
View File

@@ -38,7 +38,7 @@ private MethodAccess getSystemPropertyFromSystemGetProperties(string propertyNam
result.getMethod() = getMethod
) and
result.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName and
DataFlow::localExprFlow(any(MethodAccess m |
localExprFlowPlusInitializers(any(MethodAccess m |
m.getMethod().getDeclaringType() instanceof TypeSystem and
m.getMethod().hasName("getProperties")
), result.getQualifier())
@@ -248,3 +248,25 @@ private MethodAccess getSystemPropertyFromSpringProperties(string propertyName)
) and
result.getArgument(0).(CompileTimeConstantExpr).getStringValue() = propertyName
}
/**
* Holds if data can flow from `e1` to `e2` in zero or more
* local (intra-procedural) steps or via local variable intializers
* for final variables.
*/
private predicate localExprFlowPlusInitializers(Expr e1, Expr e2) {
localFlowPlusInitializers(DataFlow::exprNode(e1), DataFlow::exprNode(e2))
}
/**
* Holds if data can flow from `node1` to `node2` in zero or more
* local (intra-procedural) steps or via local variable intializers
* for final variables.
*/
private predicate localFlowPlusInitializers(DataFlow::Node pred, DataFlow::Node succ) {
exists(Variable v | v.isFinal() and pred.asExpr() = v.getInitializer() |
DataFlow::localFlow(DataFlow::exprNode(v.getAnAccess()), succ)
)
or
DataFlow::localFlow(pred, succ)
}