Add and improve classes for regex-related methods

2026-02-23 18:33:42 +01:00 · 2026-02-10 14:49:53 +00:00
parent e6dbd525c3
commit 44eeee5757
2 changed files with 58 additions and 1 deletions
--- a/java/ql/lib/semmle/code/java/JDK.qll
+++ b/java/ql/lib/semmle/code/java/JDK.qll
@@ -48,13 +48,19 @@ class StringContainsMethod extends Method {
 }

 /** A call to the `java.lang.String.matches` method. */
-class StringMatchesCall extends MethodCall {
+class StringMatchesCall extends MethodCall, RegexExecutionExpr::Range {
  StringMatchesCall() {
    exists(Method m | m = this.getMethod() |
      m.getDeclaringType() instanceof TypeString and
      m.hasName("matches")
    )
  }
+
+  override Expr getRegex() { result = this.getArgument(0) }
+
+  override Expr getString() { result = this.getQualifier() }
+
+  override string getName() { result = "String.matches" }
 }

 /** A call to the `java.lang.String.replaceAll` method. */
--- a/java/ql/lib/semmle/code/java/frameworks/Regex.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Regex.qll
@@ -3,6 +3,7 @@ overlay[local?]
 module;

 import java
+private import semmle.code.java.dataflow.DataFlow

 /** The class `java.util.regex.Matcher`. */
 class TypeRegexMatcher extends Class {
@@ -24,6 +25,16 @@ class TypeRegexPattern extends Class {
  TypeRegexPattern() { this.hasQualifiedName("java.util.regex", "Pattern") }
 }

+/**
+ * The `compile` method of `java.util.regex.Pattern`.
+ */
+class PatternCompileMethod extends Method {
+  PatternCompileMethod() {
+    this.getDeclaringType() instanceof TypeRegexPattern and
+    this.hasName("compile")
+  }
+}
+
 /**
 * The `matches` method of `java.util.regex.Pattern`.
 */
@@ -59,3 +70,43 @@ class PatternLiteralField extends Field {
    this.hasName("LITERAL")
  }
 }
+
+/** A call to the `compile` method of `java.util.regex.Pattern` */
+class PatternCompileCall extends MethodCall {
+  PatternCompileCall() { this.getMethod() instanceof PatternCompileMethod }
+}
+
+/** A call to the `matcher` method of `java.util.regex.Pattern` */
+class PatternMatcherCall extends MethodCall {
+  PatternMatcherCall() { this.getMethod() instanceof PatternMatcherMethod }
+}
+
+/** A call to the `matches` method of `java.util.regex.Pattern` */
+class PatternMatchesCall extends MethodCall, RegexExecutionExpr::Range {
+  PatternMatchesCall() { this.getMethod() instanceof PatternMatchesMethod }
+
+  override Expr getRegex() { result = this.getArgument(0) }
+
+  override Expr getString() { result = this.getArgument(1) }
+
+  override string getName() { result = "Pattern.matches" }
+}
+
+/** A call to the `matches` method of `java.util.regex.Matcher` */
+class MatcherMatchesCall extends MethodCall, RegexExecutionExpr::Range {
+  MatcherMatchesCall() { this.getMethod() instanceof MatcherMatchesMethod }
+
+  PatternMatcherCall getPatternMatcherCall() {
+    DataFlow::localExprFlow(result, this.getQualifier())
+  }
+
+  PatternCompileCall getPatternCompileCall() {
+    DataFlow::localExprFlow(result, this.getPatternMatcherCall())
+  }
+
+  override Expr getRegex() { result = this.getPatternCompileCall().getArgument(0) }
+
+  override Expr getString() { result = this.getPatternMatcherCall().getArgument(0) }
+
+  override string getName() { result = "Matcher.matches" }
+}