From 4b160b9aaff77041cc2af604dcf87925309239af Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Fri, 16 Oct 2020 10:46:27 +0100
Subject: [PATCH] Java: Merge Guava definitions for string utilities into one
 file

---
 .../code/java/frameworks/guava/Guava.qll      |  6 +-
 .../code/java/frameworks/guava/Splitter.qll   | 43 ----------
 .../guava/{Joiner.qll => StringUtils.qll}     | 79 +++++++++++++++++--
 .../code/java/frameworks/guava/Strings.qll    | 36 ---------
 4 files changed, 74 insertions(+), 90 deletions(-)
 delete mode 100644 java/ql/src/semmle/code/java/frameworks/guava/Splitter.qll
 rename java/ql/src/semmle/code/java/frameworks/guava/{Joiner.qll => StringUtils.qll} (57%)
 delete mode 100644 java/ql/src/semmle/code/java/frameworks/guava/Strings.qll

diff --git a/java/ql/src/semmle/code/java/frameworks/guava/Guava.qll b/java/ql/src/semmle/code/java/frameworks/guava/Guava.qll
index a4fd500cd87..598329b8793 100644
--- a/java/ql/src/semmle/code/java/frameworks/guava/Guava.qll
+++ b/java/ql/src/semmle/code/java/frameworks/guava/Guava.qll
@@ -1,8 +1,6 @@
 /**
- * Definitions for tracking taint steps throught the Guava framework.
+ * Definitions for tracking taint steps through the Guava framework.
  */
 
 import java
-private import Strings
-private import Splitter
-private import Joiner
+private import StringUtils
diff --git a/java/ql/src/semmle/code/java/frameworks/guava/Splitter.qll b/java/ql/src/semmle/code/java/frameworks/guava/Splitter.qll
deleted file mode 100644
index a6d58d35698..00000000000
--- a/java/ql/src/semmle/code/java/frameworks/guava/Splitter.qll
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Definitions for tracking taint steps through the methods of `com.google.common.base.Splitter`.
- */
-
-import java
-import semmle.code.java.dataflow.FlowSteps
-
-/**
- * The class `com.google.common.base.Splitter`.
- */
-class TypeGuavaSplitter extends Class {
-  TypeGuavaSplitter() { this.hasQualifiedName("com.google.common.base", "Splitter") }
-}
-
-/**
- * The nested class `Splitter.MapSplitter`.
- */
-class TypeGuavaMapSplitter extends NestedClass {
-  TypeGuavaMapSplitter() {
-    this.getEnclosingType() instanceof TypeGuavaSplitter and
-    this.hasName("MapSplitter")
-  }
-}
-
-/**
- * A method of `Splitter` or `MapSplitter` that splits its input string.
- */
-private class GuavaSplitMethod extends TaintPreservingCallable {
-  GuavaSplitMethod() {
-    (
-      this.getDeclaringType() instanceof TypeGuavaSplitter
-      or
-      this.getDeclaringType() instanceof TypeGuavaMapSplitter
-    ) and
-    // Iterable<String> split(CharSequence sequence)
-    // List<String> splitToList(CharSequence sequence)
-    // Stream<String> splitToStream(CharSequence sequence)
-    // Map<String,String> split(CharSequence sequence) [on MapSplitter]
-    this.hasName(["split", "splitToList", "splitToStream"])
-  }
-
-  override predicate returnsTaintFrom(int src) { src = 0 }
-}
diff --git a/java/ql/src/semmle/code/java/frameworks/guava/Joiner.qll b/java/ql/src/semmle/code/java/frameworks/guava/StringUtils.qll
similarity index 57%
rename from java/ql/src/semmle/code/java/frameworks/guava/Joiner.qll
rename to java/ql/src/semmle/code/java/frameworks/guava/StringUtils.qll
index cb1ccef2d16..30be5169c0b 100644
--- a/java/ql/src/semmle/code/java/frameworks/guava/Joiner.qll
+++ b/java/ql/src/semmle/code/java/frameworks/guava/StringUtils.qll
@@ -1,10 +1,15 @@
-/**
- * Definitions for tracking taint steps through the methods of `com.google.common.base.Joiner`.
- */
+/** Definitions of flow steps through the various string utility fenctions in the Guava framework. */
 
 import java
 import semmle.code.java.dataflow.FlowSteps
 
+/**
+ * The class `com.google.common.base.Strings`.
+ */
+class TypeGuavaStrings extends Class {
+  TypeGuavaStrings() { this.hasQualifiedName("com.google.common.base", "Strings") }
+}
+
 /**
  * The class `com.google.common.base.Joiner`.
  */
@@ -22,13 +27,53 @@ class TypeGuavaMapJoiner extends NestedClass {
   }
 }
 
+/**
+ * The class `com.google.common.base.Splitter`.
+ */
+class TypeGuavaSplitter extends Class {
+  TypeGuavaSplitter() { this.hasQualifiedName("com.google.common.base", "Splitter") }
+}
+
+/**
+ * The nested class `Splitter.MapSplitter`.
+ */
+class TypeGuavaMapSplitter extends NestedClass {
+  TypeGuavaMapSplitter() {
+    this.getEnclosingType() instanceof TypeGuavaSplitter and
+    this.hasName("MapSplitter")
+  }
+}
+
+/**
+ * A taint preserving method on `com.google.common.base.Strings`.
+ */
+private class GuavaStringsTaintPreservingMethod extends TaintPreservingCallable {
+  GuavaStringsTaintPreservingMethod() {
+    this.getDeclaringType() instanceof TypeGuavaStrings and
+    // static String emptyToNull(String string)
+    // static String emptyToNull(String string)
+    // static String padEnd(String string, int minLength, char padChar)
+    // static String padStart(String string, int minLength, char padChar)
+    // static String repeat(String string, int count)
+    // static String lenientFormat(String template, Object ... args)
+    this.hasName(["emptyToNull", "nullToEmpty", "padStart", "padEnd", "repeat", "lenientFormat"])
+  }
+
+  override predicate returnsTaintFrom(int src) {
+    src = 0
+    or
+    this.hasName("lenientFormat") and
+    src = [0 .. getNumberOfParameters()]
+  }
+}
+
 /**
  * A method of `Joiner` or `MapJoiner`.
  */
 private class GuavaJoinerMethod extends Method {
   GuavaJoinerMethod() {
-    this.getDeclaringType() instanceof TypeGuavaJoiner or
-    this.getDeclaringType() instanceof TypeGuavaMapJoiner
+    this.getDeclaringType().getASourceSupertype*() instanceof TypeGuavaJoiner or
+    this.getDeclaringType().getASourceSupertype*() instanceof TypeGuavaMapJoiner
   }
 }
 
@@ -54,7 +99,7 @@ private class GuavaJoinerBuilderMethod extends GuavaJoinerMethod, TaintPreservin
 }
 
 /**
- * An `appendTo` method on `Joiner` or `MapJoiner`
+ * An `appendTo` method on `Joiner` or `MapJoiner`.
  */
 private class GuavaJoinerAppendToMethod extends GuavaJoinerMethod, TaintPreservingCallable {
   GuavaJoinerAppendToMethod() {
@@ -85,7 +130,7 @@ private class GuavaJoinerAppendToMethod extends GuavaJoinerMethod, TaintPreservi
 }
 
 /**
- * A `join` method on `Joiner` or `MapJoiner`
+ * A `join` method on `Joiner` or `MapJoiner`.
  */
 private class GuavaJoinMethod extends GuavaJoinerMethod, TaintPreservingCallable {
   GuavaJoinMethod() {
@@ -101,3 +146,23 @@ private class GuavaJoinMethod extends GuavaJoinerMethod, TaintPreservingCallable
 
   override predicate returnsTaintFrom(int src) { src = [-1 .. getNumberOfParameters()] }
 }
+
+/**
+ * A method of `Splitter` or `MapSplitter` that splits its input string.
+ */
+private class GuavaSplitMethod extends TaintPreservingCallable {
+  GuavaSplitMethod() {
+    (
+      this.getDeclaringType() instanceof TypeGuavaSplitter
+      or
+      this.getDeclaringType() instanceof TypeGuavaMapSplitter
+    ) and
+    // Iterable<String> split(CharSequence sequence)
+    // List<String> splitToList(CharSequence sequence)
+    // Stream<String> splitToStream(CharSequence sequence)
+    // Map<String,String> split(CharSequence sequence) [on MapSplitter]
+    this.hasName(["split", "splitToList", "splitToStream"])
+  }
+
+  override predicate returnsTaintFrom(int src) { src = 0 }
+}
diff --git a/java/ql/src/semmle/code/java/frameworks/guava/Strings.qll b/java/ql/src/semmle/code/java/frameworks/guava/Strings.qll
deleted file mode 100644
index f2df0984899..00000000000
--- a/java/ql/src/semmle/code/java/frameworks/guava/Strings.qll
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Definitions for tracking taint steps through the methods of `com.google.common.base.Strings`.
- */
-
-import java
-import semmle.code.java.dataflow.FlowSteps
-
-/**
- * The class `com.google.common.base.Strings`.
- */
-class TypeGuavaStrings extends Class {
-  TypeGuavaStrings() { this.hasQualifiedName("com.google.common.base", "Strings") }
-}
-
-/**
- * A Guava string utility method that preserves taint.
- */
-private class GuavaStringsTaintPreservingMethod extends TaintPreservingCallable {
-  GuavaStringsTaintPreservingMethod() {
-    this.getDeclaringType() instanceof TypeGuavaStrings and
-    // static String emptyToNull(String string)
-    // static String emptyToNull(String string)
-    // static String padEnd(String string, int minLength, char padChar)
-    // static String padStart(String string, int minLength, char padChar)
-    // static String repeat(String string, int count)
-    // static String lenientFormat(String template, Object ... args)
-    this.hasName(["emptyToNull", "nullToEmpty", "padStart", "padEnd", "repeat", "lenientFormat"])
-  }
-
-  override predicate returnsTaintFrom(int src) {
-    src = 0
-    or
-    this.hasName("lenientFormat") and
-    src = [0 .. getNumberOfParameters()]
-  }
-}