hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 01:10:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Replace ratpack test fix with general heuristic summary.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-07-26 15:19:50 +02:00
parent c5990311ca
commit 37455ec29e
3 changed files with 44 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
View File

@@ -101,6 +101,7 @@ abstract class SyntheticCallable extends string {
* A module for importing frameworks that define synthetic callables.
*/
private module SyntheticCallables {
private import semmle.code.java.dispatch.WrappedInvocation
private import semmle.code.java.frameworks.android.Intent
private import semmle.code.java.frameworks.Stream
}
@@ -170,6 +171,8 @@ class SummarizedCallableBase extends TSummarizedCallableBase {
}
}
class Provenance = Impl::Public::Provenance;
class SummarizedCallable = Impl::Public::SummarizedCallable;
class NeutralCallable = Impl::Public::NeutralCallable;

41
java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll
View File

@@ -58,3 +58,44 @@ Method getRunnerTarget(MethodAccess ma) {
result.overridesOrInstantiates*(runmethod)
)
}
import semmle.code.java.dataflow.FlowSummary
import semmle.code.java.dataflow.internal.FlowSummaryImplSpecific as ImplSpecific
private predicate hasExternalSummary(Callable c) {
exists(SummarizedCallableBase scb | scb.asCallable() = c |
ImplSpecific::summaryElement(scb, _, _, _, _)
)
}
private predicate mayInvokeCallback(SrcMethod m, int n) {
m.getParameterType(n).(RefType).getSourceDeclaration() instanceof FunctionalInterface and
(not m.fromSource() or m.isNative() or m.getFile().getAbsolutePath().matches("%/test/stubs/%")) and
not hasExternalSummary(m)
}
private class SummarizedCallableWithCallback extends SummarizedCallable {
private int pos;
SummarizedCallableWithCallback() { mayInvokeCallback(this.asCallable(), pos) }
override predicate propagatesFlow(
SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
) {
input = SummaryComponentStack::argument(pos) and
output = SummaryComponentStack::push(SummaryComponent::parameter(-1), input) and
preservesValue = true
}
override predicate hasProvenance(Provenance provenance) { provenance = "hq-generated" }
}
private class RequiredComponentStackForCallback extends RequiredSummaryComponentStack {
override predicate required(SummaryComponent head, SummaryComponentStack tail) {
exists(int pos |
mayInvokeCallback(_, pos) and
head = SummaryComponent::parameter(-1) and
tail = SummaryComponentStack::argument(pos)
)
}
}