hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Explicitly tie ReturnNode to TargetApi before calling returnNodeAsOutput.

Browse Source
This commit is contained in:
Michael Nebel
2022-02-25 13:32:12 +01:00
parent 44949b6353
commit 4a0b2b64b3
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/utils/model-generator/CaptureSourceModels.ql
View File

@@ -44,7 +44,8 @@ string captureSource(TargetAPI api) {
config.hasFlow(source, sink) and
sourceNode(source, kind) and
api = source.getEnclosingCallable() and
result = asSourceModel(api, returnNodeAsOutput(api, sink), kind)
api = sink.getEnclosingCallable() and
result = asSourceModel(api, returnNodeAsOutput(sink), kind)
)
}

2
java/ql/src/utils/model-generator/CaptureSummaryModels.ql
View File

@@ -153,7 +153,7 @@ string captureThroughFlow(TargetAPI api) {
config.hasFlow(p, returnNodeExt) and
returnNodeExt.getEnclosingCallable() = api and
input = parameterNodeAsInput(p) and
output = returnNodeAsOutput(api, returnNodeExt) and
output = returnNodeAsOutput(returnNodeExt) and
input != output and
result = asTaintModel(api, input, output)
)

5
java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
View File

@@ -165,13 +165,12 @@ string parameterNodeAsInput(DataFlow::ParameterNode p) {
result = "Argument[-1]" and p instanceof DataFlow::InstanceParameterNode
}
bindingset[api]
string returnNodeAsOutput(TargetAPI api, ReturnNodeExt node) {
string returnNodeAsOutput(ReturnNodeExt node) {
if node.getKind() instanceof ValueReturnKind
then result = "ReturnValue"
else
exists(int pos | pos = node.getKind().(ParamUpdateReturnKind).getPosition() |
result = parameterAccess(api.getParameter(pos))
result = parameterAccess(node.getEnclosingCallable().getParameter(pos))
or
result = "Argument[-1]" and pos = -1
)