hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Convert fluent method models to csv and generalise to the three different variants of StrBuilder.

Browse Source
This commit is contained in:
Chris Smowton
2021-03-11 13:45:55 +00:00
parent 851317e34f
commit 3a274424ab
4 changed files with 300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
java/ql/src/semmle/code/java/frameworks/apache/Lang.qll
View File

@@ -427,6 +427,92 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
}
}
private class ApacheStrBuilderFluentMethodsModel extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.lang3.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendln;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendNull;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;delete;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;replace;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;reverse;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;setLength;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;setNullText;;;Argument[-1];ReturnValue;value",
"org.apache.commons.text;TextStringBuilder;false;trim;;;Argument[-1];ReturnValue;value"
]
}
}
/**
* An Apache Commons-Lang StrBuilder method that returns `this`.
*/

62
java/ql/test/library-tests/frameworks/apache-commons-lang3/StrBuilderTest.java
View File

@@ -142,6 +142,68 @@ class StrBuilderTest {
StrBuilder fluentBackflowTest2 = new StrBuilder();
fluentBackflowTest2.append("Harmless").append(taint());
sink(fluentBackflowTest2.toString()); // $hasTaintFlow
// Test all fluent methods are passing taint through to their result:
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
// Test all fluent methods are passing taint back to their qualifier:
StrBuilder fluentAllMethodsTest2 = new StrBuilder();
fluentAllMethodsTest2
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim()
.append(taint());
sink(fluentAllMethodsTest2); // $hasTaintFlow
}
}

76
java/ql/test/library-tests/frameworks/apache-commons-lang3/StrBuilderTextTest.java
View File

@@ -128,6 +128,82 @@ class StrBuilderTextTest {
StrBuilder sb72 = new StrBuilder(); sb72.append(taint()); sink(sb72.toCharArray(0, 0)); // $hasTaintFlow
StrBuilder sb73 = new StrBuilder(); sb73.append(taint()); sink(sb73.toStringBuffer()); // $hasTaintFlow
StrBuilder sb74 = new StrBuilder(); sb74.append(taint()); sink(sb74.toStringBuilder()); // $hasTaintFlow
// Tests for fluent methods (those returning `this`):
StrBuilder fluentTest = new StrBuilder();
sink(fluentTest.append("Harmless").append(taint()).append("Also harmless").toString()); // $hasTaintFlow
StrBuilder fluentBackflowTest = new StrBuilder();
fluentBackflowTest.append("Harmless").append(taint()).append("Also harmless");
sink(fluentBackflowTest.toString()); // $hasTaintFlow
// Test the case where the fluent method contributing taint is at the end of a statement:
StrBuilder fluentBackflowTest2 = new StrBuilder();
fluentBackflowTest2.append("Harmless").append(taint());
sink(fluentBackflowTest2.toString()); // $hasTaintFlow
// Test all fluent methods are passing taint through to their result:
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
// Test all fluent methods are passing taint back to their qualifier:
StrBuilder fluentAllMethodsTest2 = new StrBuilder();
fluentAllMethodsTest2
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim()
.append(taint());
sink(fluentAllMethodsTest2); // $hasTaintFlow
}
}

76
java/ql/test/library-tests/frameworks/apache-commons-lang3/TextStringBuilderTest.java
View File

@@ -129,6 +129,82 @@ class TextStringBuilderTest {
TextStringBuilder sb72 = new TextStringBuilder(); sb72.append(taint()); sink(sb72.toCharArray(0, 0)); // $hasTaintFlow
TextStringBuilder sb73 = new TextStringBuilder(); sb73.append(taint()); sink(sb73.toStringBuffer()); // $hasTaintFlow
TextStringBuilder sb74 = new TextStringBuilder(); sb74.append(taint()); sink(sb74.toStringBuilder()); // $hasTaintFlow
// Tests for fluent methods (those returning `this`):
TextStringBuilder fluentTest = new TextStringBuilder();
sink(fluentTest.append("Harmless").append(taint()).append("Also harmless").toString()); // $hasTaintFlow
TextStringBuilder fluentBackflowTest = new TextStringBuilder();
fluentBackflowTest.append("Harmless").append(taint()).append("Also harmless");
sink(fluentBackflowTest.toString()); // $hasTaintFlow
// Test the case where the fluent method contributing taint is at the end of a statement:
TextStringBuilder fluentBackflowTest2 = new TextStringBuilder();
fluentBackflowTest2.append("Harmless").append(taint());
sink(fluentBackflowTest2.toString()); // $hasTaintFlow
// Test all fluent methods are passing taint through to their result:
TextStringBuilder fluentAllMethodsTest = new TextStringBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
// Test all fluent methods are passing taint back to their qualifier:
TextStringBuilder fluentAllMethodsTest2 = new TextStringBuilder();
fluentAllMethodsTest2
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
.appendFixedWidthPadRight("text", 4, ' ')
.appendln("text")
.appendNewLine()
.appendNull()
.appendPadding(0, ' ')
.appendSeparator(',')
.appendWithSeparators(new String[] { }, ",")
.delete(0, 0)
.deleteAll(' ')
.deleteCharAt(0)
.deleteFirst("delme")
.ensureCapacity(100)
.insert(1, "insertme")
.minimizeCapacity()
.replace(0, 0, "replacement")
.replaceAll("find", "replace")
.replaceFirst("find", "replace")
.reverse()
.setCharAt(0, 'a')
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim()
.append(taint());
sink(fluentAllMethodsTest2); // $hasTaintFlow
}
}