Support bulkdata for boxed types as well

2026-04-29 18:55:14 +02:00 · 2021-10-26 13:26:23 +02:00
parent 83b4070f31
commit 35baa1c3df
3 changed files with 23 additions and 3 deletions
--- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -131,10 +131,20 @@ predicate isRelevantType(Type t) {
  not t.(RefType).hasQualifiedName("java.math", "BigInteger") and
  (
    not t.(Array).getElementType() instanceof PrimitiveType or
-    t.(Array).getElementType().(PrimitiveType).getName().regexpMatch("byte|char")
+    isPrimitiveTypeUsedForBulkData(t.(Array).getElementType())
  ) and
-  not t.(Array).getElementType() instanceof BoxedType and
-  not t.(CollectionType).getElementType() instanceof BoxedType
+  (
+    not t.(Array).getElementType() instanceof BoxedType or
+    isPrimitiveTypeUsedForBulkData(t.(Array).getElementType())
+  ) and
+  (
+    not t.(CollectionType).getElementType() instanceof BoxedType or
+    isPrimitiveTypeUsedForBulkData(t.(CollectionType).getElementType())
+  )
+}
+
+predicate isPrimitiveTypeUsedForBulkData(Type t) {
+  t.getName().regexpMatch("byte|char|Byte|Character")
 }

 from TargetAPI api, string flow
--- a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
+++ b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -32,6 +32,8 @@
 | p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;writeChunked;(byte[],OutputStream);;ArrayElement of Argument[0];Argument[1];taint; |
 | p;Pojo;false;fillIn;(List);;Argument[-1];Element of Argument[0];taint; |
+| p;Pojo;false;getBoxedBytes;();;Argument[-1];ReturnValue;taint; |
+| p;Pojo;false;getBoxedChars;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getByteArray;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getCharArray;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getValue;();;Argument[-1];ReturnValue;taint; |
--- a/java/ql/test/utils/model-generator/p/Pojo.java
+++ b/java/ql/test/utils/model-generator/p/Pojo.java
@@ -67,6 +67,14 @@ public final class Pojo {
        return List.of(Integer.valueOf(intValue));
    }

+    public List<Character> getBoxedChars() {
+        return List.of((char)intValue);
+    }
+
+    public Byte[] getBoxedBytes() {
+        return new Byte[] { Byte.valueOf((byte) intValue) };
+    }
+    
    public BigInteger getBigInt() {
        return BigInteger.valueOf(intValue);
    }