Java: Account for additional constants in ArrayIndexOutOfBounds query.

2026-04-30 11:15:13 +02:00 · 2022-12-16 11:02:28 +01:00
parent a1aeb995e6
commit 2d6d8aaa74
3 changed files with 18 additions and 0 deletions
--- a/java/ql/test/query-tests/RangeAnalysis/A.java
+++ b/java/ql/test/query-tests/RangeAnalysis/A.java
@@ -204,4 +204,11 @@ public class A {
      A.arr1[RandomUtils.nextInt(0, arr1.length + 1)] + // BAD: random int may be out of range
      A.arr1[RandomUtils.nextInt(0, arr1.length)]; // GOOD: random int must be in range
  }
+
+  int m17() {
+    return this.arr2[(new Random()).nextInt(arr2.length + 1)] +  // BAD: random int may be out of range
+      this.arr2[(new Random()).nextInt(arr2.length)] + // GOOD: random int must be in range
+      this.arr2[RandomUtils.nextInt(0, arr2.length + 1)] + // BAD: random int may be out of range
+      this.arr2[RandomUtils.nextInt(0, arr2.length)]; // GOOD: random int must be in range
+  }
 }
--- a/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.expected
+++ b/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.expected
@@ -14,3 +14,5 @@
 | A.java:195:9:195:13 | ...[...] | This array access might be out of bounds, as the index might be equal to the array length. |
 | A.java:202:12:202:58 | ...[...] | This array access might be out of bounds, as the index might be equal to the array length. |
 | A.java:204:7:204:53 | ...[...] | This array access might be out of bounds, as the index might be equal to the array length. |
+| A.java:209:12:209:61 | ...[...] | This array access might be out of bounds, as the index might be equal to the array length. |
+| A.java:211:7:211:56 | ...[...] | This array access might be out of bounds, as the index might be equal to the array length. |