hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java/C++/C#: Bugfix for field flow through reverse read.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2019-11-29 09:37:13 +01:00
parent d59ea3d53c
commit 333d0a69d2
6 changed files with 40 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -360,7 +360,7 @@ private module ImplCommon {
*/ */
cached cached
predicate read(Node node1, Content f, Node node2) { predicate read(Node node1, Content f, Node node2) {
readStep(node1, f, node2) and storeStep(_, f, _) readStep(node1, f, node2)
or or
exists(DataFlowCall call, ReturnKind kind | exists(DataFlowCall call, ReturnKind kind |
read0(call, kind, node1, f) and read0(call, kind, node1, f) and

2
cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -360,7 +360,7 @@ private module ImplCommon {
*/ */
cached cached
predicate read(Node node1, Content f, Node node2) { predicate read(Node node1, Content f, Node node2) {
readStep(node1, f, node2) and storeStep(_, f, _) readStep(node1, f, node2)
or or
exists(DataFlowCall call, ReturnKind kind | exists(DataFlowCall call, ReturnKind kind |
read0(call, kind, node1, f) and read0(call, kind, node1, f) and

2
csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -360,7 +360,7 @@ private module ImplCommon {
*/ */
cached cached
predicate read(Node node1, Content f, Node node2) { predicate read(Node node1, Content f, Node node2) {
readStep(node1, f, node2) and storeStep(_, f, _) readStep(node1, f, node2)
or or
exists(DataFlowCall call, ReturnKind kind | exists(DataFlowCall call, ReturnKind kind |
read0(call, kind, node1, f) and read0(call, kind, node1, f) and

2
java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -360,7 +360,7 @@ private module ImplCommon {
*/ */
cached cached
predicate read(Node node1, Content f, Node node2) { predicate read(Node node1, Content f, Node node2) {
readStep(node1, f, node2) and storeStep(_, f, _) readStep(node1, f, node2)
or or
exists(DataFlowCall call, ReturnKind kind | exists(DataFlowCall call, ReturnKind kind |
read0(call, kind, node1, f) and read0(call, kind, node1, f) and

32
java/ql/test/library-tests/dataflow/fields/E.java Normal file
View File

@@ -0,0 +1,32 @@
public class E {
static Object src() { return new Object(); }
static void sink(Object obj) {}
static class Buffer { Object content; }
static class BufHolder { Buffer buf; }
static class Packet { BufHolder data; }
static void recv(Buffer buf) {
buf.content = src();
}
static void foo(Buffer raw, BufHolder bh, Packet p) {
recv(raw);
recv(bh.buf);
recv(p.data.buf);
sink(raw.content);
BufHolder bh2 = bh;
sink(bh2.buf.content);
Packet p2 = p;
sink(p2.data.buf.content);
handlepacket(p);
}
static void handlepacket(Packet p) {
sink(p.data.buf.content);
}
}

4
java/ql/test/library-tests/dataflow/fields/flow.expected
View File

@@ -22,3 +22,7 @@
| D.java:19:14:19:23 | new Elem(...) | D.java:33:10:33:31 | getElem(...) | | D.java:19:14:19:23 | new Elem(...) | D.java:33:10:33:31 | getElem(...) |
| D.java:26:14:26:23 | new Elem(...) | D.java:33:10:33:31 | getElem(...) | | D.java:26:14:26:23 | new Elem(...) | D.java:33:10:33:31 | getElem(...) |
| D.java:37:14:37:23 | new Elem(...) | D.java:44:10:44:26 | boxfield.box.elem | | D.java:37:14:37:23 | new Elem(...) | D.java:44:10:44:26 | boxfield.box.elem |
| E.java:2:32:2:43 | new Object(...) | E.java:18:10:18:20 | raw.content |
| E.java:2:32:2:43 | new Object(...) | E.java:21:10:21:24 | bh2.buf.content |
| E.java:2:32:2:43 | new Object(...) | E.java:24:10:24:28 | p2.data.buf.content |
| E.java:2:32:2:43 | new Object(...) | E.java:30:10:30:27 | p.data.buf.content |