mirror of
https://github.com/github/codeql.git
synced 2026-05-01 03:35:13 +02:00
Model constructors for (Imm|M)utable(Pair|Triple)
This commit is contained in:
Chris Smowton
@@ -803,12 +803,16 @@ private class ApachePairModel extends SummaryModelCsv {
|
||||
"org.apache.commons.lang3.tuple;Pair;false;getValue;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;left;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;right;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;MutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutablePair;false;setLeft;;;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];value",
|
||||
@@ -830,12 +834,18 @@ private class ApacheTripleModel extends SummaryModelCsv {
|
||||
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.left of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.right of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];ReturnValue;value",
|
||||
"org.apache.commons.lang3.tuple;MutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];ReturnValue;value",
|
||||
|
||||
@@ -21,6 +21,8 @@ class PairTest {
|
||||
ImmutablePair<String, String> taintedRight2 = (ImmutablePair)taintedRight2_;
|
||||
Pair<String, String> taintedLeft3 = Pair.of(taint(), "clean-right");
|
||||
Pair<String, String> taintedRight3 = Pair.of("clean-left", taint());
|
||||
ImmutablePair<String, String> taintedLeft4 = new ImmutablePair(taint(), "clean-right");
|
||||
ImmutablePair<String, String> taintedRight4 = new ImmutablePair("clean-left", taint());
|
||||
|
||||
// Check flow through ImmutablePairs:
|
||||
sink(taintedLeft.getLeft()); // $hasValueFlow
|
||||
@@ -55,6 +57,18 @@ class PairTest {
|
||||
sink(taintedRight3.getRight()); // $hasValueFlow
|
||||
sink(taintedRight3.getKey());
|
||||
sink(taintedRight3.getValue()); // $hasValueFlow
|
||||
sink(taintedLeft4.getLeft()); // $hasValueFlow
|
||||
sink(taintedLeft4.getRight());
|
||||
sink(taintedLeft4.getKey()); // $hasValueFlow
|
||||
sink(taintedLeft4.getValue());
|
||||
sink(taintedLeft4.left); // $hasValueFlow
|
||||
sink(taintedLeft4.right);
|
||||
sink(taintedRight4.getLeft());
|
||||
sink(taintedRight4.getRight()); // $hasValueFlow
|
||||
sink(taintedRight4.getKey());
|
||||
sink(taintedRight4.getValue()); // $hasValueFlow
|
||||
sink(taintedRight4.left);
|
||||
sink(taintedRight4.right); // $hasValueFlow
|
||||
|
||||
// Check flow also works via an alias of type Pair:
|
||||
sink(taintedLeft2_.getLeft()); // $hasValueFlow
|
||||
@@ -75,6 +89,8 @@ class PairTest {
|
||||
setTaintRight.setRight(taint());
|
||||
MutablePair<String, String> setTaintValue = MutablePair.of("clean-left", "clean-right");
|
||||
setTaintValue.setValue(taint());
|
||||
MutablePair<String, String> taintedLeftMutableConstructed = new MutablePair(taint(), "clean-right");
|
||||
MutablePair<String, String> taintedRightMutableConstructed = new MutablePair("clean-left", taint());
|
||||
|
||||
sink(taintedLeftMutable.getLeft()); // $hasValueFlow
|
||||
sink(taintedLeftMutable.getRight());
|
||||
@@ -106,6 +122,18 @@ class PairTest {
|
||||
sink(setTaintValue.getValue()); // $hasValueFlow
|
||||
sink(setTaintValue.left);
|
||||
sink(setTaintValue.right); // $hasValueFlow
|
||||
sink(taintedLeftMutableConstructed.getLeft()); // $hasValueFlow
|
||||
sink(taintedLeftMutableConstructed.getRight());
|
||||
sink(taintedLeftMutableConstructed.getKey()); // $hasValueFlow
|
||||
sink(taintedLeftMutableConstructed.getValue());
|
||||
sink(taintedLeftMutableConstructed.left); // $hasValueFlow
|
||||
sink(taintedLeftMutableConstructed.right);
|
||||
sink(taintedRightMutableConstructed.getLeft());
|
||||
sink(taintedRightMutableConstructed.getRight()); // $hasValueFlow
|
||||
sink(taintedRightMutableConstructed.getKey());
|
||||
sink(taintedRightMutableConstructed.getValue()); // $hasValueFlow
|
||||
sink(taintedRightMutableConstructed.left);
|
||||
sink(taintedRightMutableConstructed.right); // $hasValueFlow
|
||||
|
||||
// Check flow also works via an alias of type Pair:
|
||||
Pair<String, String> taintedLeftMutableAlias = taintedLeftMutable;
|
||||
|
||||
@@ -67,6 +67,21 @@ class TripleTest {
|
||||
sink(taintedRight3.getMiddle());
|
||||
sink(taintedRight3.getRight()); // $hasValueFlow
|
||||
|
||||
// Check flow via constructor:
|
||||
ImmutableTriple<String, String, String> taintedLeft4 = new ImmutableTriple(taint(), "clean-middle", "clean-right");
|
||||
ImmutableTriple<String, String, String> taintedMiddle4 = new ImmutableTriple("clean-left", taint(), "clean-right");
|
||||
ImmutableTriple<String, String, String> taintedRight4 = new ImmutableTriple("clean-left", "clean-middle", taint());
|
||||
|
||||
sink(taintedLeft4.getLeft()); // $hasValueFlow
|
||||
sink(taintedLeft4.getMiddle());
|
||||
sink(taintedLeft4.getRight());
|
||||
sink(taintedMiddle4.getLeft());
|
||||
sink(taintedMiddle4.getMiddle()); // $hasValueFlow
|
||||
sink(taintedMiddle4.getRight());
|
||||
sink(taintedRight4.getLeft());
|
||||
sink(taintedRight4.getMiddle());
|
||||
sink(taintedRight4.getRight()); // $hasValueFlow
|
||||
|
||||
MutableTriple<String, String, String> mutableTaintedLeft = MutableTriple.of(taint(), "clean-middle", "clean-right");
|
||||
MutableTriple<String, String, String> mutableTaintedMiddle = MutableTriple.of("clean-left", taint(), "clean-right");
|
||||
MutableTriple<String, String, String> mutableTaintedRight = MutableTriple.of("clean-left", "clean-middle", taint());
|
||||
@@ -76,6 +91,9 @@ class TripleTest {
|
||||
setTaintedMiddle.setMiddle(taint());
|
||||
MutableTriple<String, String, String> setTaintedRight = MutableTriple.of("clean-left", "clean-middle", "clean-right");
|
||||
setTaintedRight.setRight(taint());
|
||||
MutableTriple<String, String, String> mutableTaintedLeftConstructed = new MutableTriple(taint(), "clean-middle", "clean-right");
|
||||
MutableTriple<String, String, String> mutableTaintedMiddleConstructed = new MutableTriple("clean-left", taint(), "clean-right");
|
||||
MutableTriple<String, String, String> mutableTaintedRightConstructed = new MutableTriple("clean-left", "clean-middle", taint());
|
||||
|
||||
// Check flow through MutableTriples:
|
||||
sink(mutableTaintedLeft.getLeft()); // $hasValueFlow
|
||||
@@ -114,6 +132,24 @@ class TripleTest {
|
||||
sink(setTaintedRight.left);
|
||||
sink(setTaintedRight.middle);
|
||||
sink(setTaintedRight.right); // $hasValueFlow
|
||||
sink(mutableTaintedLeftConstructed.getLeft()); // $hasValueFlow
|
||||
sink(mutableTaintedLeftConstructed.getMiddle());
|
||||
sink(mutableTaintedLeftConstructed.getRight());
|
||||
sink(mutableTaintedLeftConstructed.left); // $hasValueFlow
|
||||
sink(mutableTaintedLeftConstructed.middle);
|
||||
sink(mutableTaintedLeftConstructed.right);
|
||||
sink(mutableTaintedMiddleConstructed.getLeft());
|
||||
sink(mutableTaintedMiddleConstructed.getMiddle()); // $hasValueFlow
|
||||
sink(mutableTaintedMiddleConstructed.getRight());
|
||||
sink(mutableTaintedMiddleConstructed.left);
|
||||
sink(mutableTaintedMiddleConstructed.middle); // $hasValueFlow
|
||||
sink(mutableTaintedMiddleConstructed.right);
|
||||
sink(mutableTaintedRightConstructed.getLeft());
|
||||
sink(mutableTaintedRightConstructed.getMiddle());
|
||||
sink(mutableTaintedRightConstructed.getRight()); // $hasValueFlow
|
||||
sink(mutableTaintedRightConstructed.left);
|
||||
sink(mutableTaintedRightConstructed.middle);
|
||||
sink(mutableTaintedRightConstructed.right); // $hasValueFlow
|
||||
|
||||
Triple<String, String, String> mutableTaintedLeft2 = mutableTaintedLeft;
|
||||
Triple<String, String, String> mutableTaintedMiddle2 = mutableTaintedMiddle;
|
||||
|
||||
Reference in New Issue
Block a user