Merge pull request #17219 from michaelnebel/shared/neutralsourcesink

C#/Java: Fix source- and sink callable provenance overlap.
2025-12-17 01:03:14 +01:00 · 2024-08-15 11:02:18 +02:00
parent b16dc20bbd eaf4f5eeab
commit 4b3cc5bd0e
7 changed files with 53 additions and 71 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -636,32 +636,6 @@ private class SummarizedCallableAdapter extends SummarizedCallable {
  override predicate hasExactModel() { summaryElement(this, _, _, _, _, _, true) }
 }

-/**
- * A callable where there exists a MaD sink model that applies to it.
- */
-private class SinkModelCallableAdapter extends SinkModelCallable {
-  private Provenance provenance;
-
-  SinkModelCallableAdapter() {
-    SourceSinkInterpretationInput::sinkElement(this, _, _, provenance, _)
-  }
-
-  override predicate hasProvenance(Provenance p) { provenance = p }
-}
-
 final class SinkCallable = SinkModelCallable;

-/**
- * A callable where there exists a MaD source model that applies to it.
- */
-private class SourceModelCallableAdapter extends SourceModelCallable {
-  private Provenance provenance;
-
-  SourceModelCallableAdapter() {
-    SourceSinkInterpretationInput::sourceElement(this, _, _, provenance, _)
-  }
-
-  override predicate hasProvenance(Provenance p) { provenance = p }
-}
-
 final class SourceCallable = SourceModelCallable;
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
@@ -7,6 +7,13 @@ extensions:
      - [ "p", "Sinks", False, "sink", "(Object)", "", "Argument[0]", "test-sink", "manual" ]
      - [ "p", "Sinks", False, "sink2", "(Object)", "", "Argument[0]", "test-sink2", "manual" ]
      - [ "p", "Sinks", False, "manualSinkAlreadyDefined", "(Object)", "", "Argument[0]", "test-sink", "manual" ]
+      - [ "p", "Sinks", False, "saveAndGet", "(Object)", "", "Argument[0]", "test-sink", "df-generated"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - [ "p", "Sinks", False, "saveAndGet", "(Object)", "", "ReturnValue", "test-source", "manual"]

  - addsTo:
      pack: codeql/java-all
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
@@ -25,6 +25,14 @@ public class Sinks {
  // neutral=p;Sinks;nosink;(Object);summary;df-generated
  public void nosink(Object o) {}

+  // Sink and Source defined in the extensible file next to the sink test.
+  // sink=p;Sinks;true;saveAndGet;(Object);;Argument[0];test-sink;df-generated
+  // neutral=p;Sinks;saveAndGet;(Object);summary;df-generated
+  public Object saveAndGet(Object o) {
+    sink(o);
+    return null;
+  }
+
  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated
  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated
  // neutral=p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated