remove inputStream and its subclasses module which has no impact on query now!

2026-02-19 00:13:44 +01:00 · 2023-09-30 04:28:37 +10:00
parent c1b9310ec2
commit 3e9c3e6987
1 changed files with 0 additions and 38 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
@@ -433,44 +433,6 @@ module Zip {
  }
 }

-/**
- * Providing InputStream and it subClasses as Local Decompression sources
- */
-module InputStream {
-  class TypeInputStream extends RefType {
-    TypeInputStream() { this.getASupertype*().hasQualifiedName("java.io", "InputStream") }
-  }
-
-  class Source extends Call {
-    Source() {
-      exists(Call c | c.getCallee().getDeclaringType() instanceof TypeInputStream | this = c)
-    }
-
-    DataFlow::Node getInputArgument() { result.asExpr() = this.(ConstructorCall).getArgument(0) }
-  }
-
-  class Read extends MethodAccess {
-    Read() {
-      this.getReceiverType() instanceof TypeInputStream and
-      this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
-    }
-  }
-
-  predicate additionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(Call call |
-      (
-        call.getCallee().getDeclaringType() instanceof TypeInputStream or
-        call.(MethodAccess).getReceiverType() instanceof TypeInputStream
-      ) and
-      call.getCallee().hasName(["read", "readNBytes", "readAllBytes"]) and
-      call.getQualifier() = n1.asExpr() and
-      (
-        call.getArgument(0) = n2.asExpr() or
-        call = n2.asExpr()
-      )
-    )
-  }
-}

 module DecompressionBombsConfig implements DataFlow::StateConfigSig {
  class FlowState = DataFlow::FlowState;