mirror of
https://github.com/github/codeql.git
synced 2026-04-21 15:05:56 +02:00
Add aliases for public, importable renamed classes and predicates.
Also rename and aliases a couple of uses of Access noted along the way.
This commit is contained in:
@@ -1933,6 +1933,9 @@ class MethodCall extends Expr, Call, @methodaccess {
|
||||
*/
|
||||
predicate isOwnMethodCall() { Qualifier::ownMemberAccess(this) }
|
||||
|
||||
/** DEPRECATED: Alias for `isOwnMethodCall`. */
|
||||
deprecated predicate isOwnMethodAccess() { this.isOwnMethodCall() }
|
||||
|
||||
/**
|
||||
* Holds if this is a method access to an instance method of the enclosing
|
||||
* class `t`. That is, the qualifier is either an explicit or implicit
|
||||
@@ -1940,6 +1943,9 @@ class MethodCall extends Expr, Call, @methodaccess {
|
||||
*/
|
||||
predicate isEnclosingMethodCall(RefType t) { Qualifier::enclosingMemberAccess(this, t) }
|
||||
|
||||
/** DEPRECATED: Alias for `isEnclosingMethodCall`. */
|
||||
deprecated predicate isEnclosingMethodAccess() { this.isEnclosingMethodCall() }
|
||||
|
||||
override string getAPrimaryQlClass() { result = "MethodCall" }
|
||||
}
|
||||
|
||||
|
||||
@@ -276,6 +276,9 @@ class MethodCallSystemGetProperty extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `MethodCallSystemGetProperty`. */
|
||||
deprecated class MethodAccessSystemGetProperty = MethodCallSystemGetProperty;
|
||||
|
||||
/**
|
||||
* Any method named `exit` on class `java.lang.Runtime` or `java.lang.System`.
|
||||
*/
|
||||
|
||||
@@ -83,6 +83,9 @@ class ReflectiveClassIdentifierMethodCall extends ReflectiveClassIdentifier, Met
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveClassIdentifierMethodCall`. */
|
||||
deprecated class ReflectiveClassIdentifierMethodAccess = ReflectiveClassIdentifierMethodCall;
|
||||
|
||||
/**
|
||||
* Gets a `ReflectiveClassIdentifier` that we believe may represent the value of `expr`.
|
||||
*/
|
||||
@@ -317,26 +320,35 @@ class ClassMethodCall extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ClassMethodCall`. */
|
||||
deprecated class ClassMethodAccess = ClassMethodCall;
|
||||
|
||||
/**
|
||||
* A call to `Class.getConstructors(..)` or `Class.getDeclaredConstructors(..)`.
|
||||
*/
|
||||
class ReflectiveConstructorsAccess extends ClassMethodCall {
|
||||
ReflectiveConstructorsAccess() {
|
||||
class ReflectiveConstructorsCall extends ClassMethodCall {
|
||||
ReflectiveConstructorsCall() {
|
||||
this.getCallee().hasName("getConstructors") or
|
||||
this.getCallee().hasName("getDeclaredConstructors")
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveConstructorsCall`. */
|
||||
deprecated class ReflectiveConstructorsAccess = ReflectiveConstructorsCall;
|
||||
|
||||
/**
|
||||
* A call to `Class.getMethods(..)` or `Class.getDeclaredMethods(..)`.
|
||||
*/
|
||||
class ReflectiveMethodsAccess extends ClassMethodCall {
|
||||
ReflectiveMethodsAccess() {
|
||||
class ReflectiveMethodsCall extends ClassMethodCall {
|
||||
ReflectiveMethodsCall() {
|
||||
this.getCallee().hasName("getMethods") or
|
||||
this.getCallee().hasName("getDeclaredMethods")
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveMethodsCall`. */
|
||||
deprecated class ReflectiveMethodsAccess = ReflectiveMethodsCall;
|
||||
|
||||
/**
|
||||
* A call to `Class.getMethod(..)` or `Class.getDeclaredMethod(..)`.
|
||||
*/
|
||||
@@ -366,11 +378,14 @@ class ReflectiveMethodCall extends ClassMethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveMethodCall`. */
|
||||
deprecated class ReflectiveMethodAccess = ReflectiveMethodCall;
|
||||
|
||||
/**
|
||||
* A call to `Class.getAnnotation(..)`.
|
||||
*/
|
||||
class ReflectiveAnnotationAccess extends ClassMethodCall {
|
||||
ReflectiveAnnotationAccess() { this.getCallee().hasName("getAnnotation") }
|
||||
class ReflectiveAnnotationCall extends ClassMethodCall {
|
||||
ReflectiveAnnotationCall() { this.getCallee().hasName("getAnnotation") }
|
||||
|
||||
/**
|
||||
* Gets a possible annotation type for this reflective annotation access.
|
||||
@@ -380,11 +395,14 @@ class ReflectiveAnnotationAccess extends ClassMethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveAnnotationCall`. */
|
||||
deprecated class ReflectiveAnnotationAccess = ReflectiveAnnotationCall;
|
||||
|
||||
/**
|
||||
* A call to `Class.getField(..)` that accesses a field.
|
||||
*/
|
||||
class ReflectiveFieldAccess extends ClassMethodCall {
|
||||
ReflectiveFieldAccess() {
|
||||
class ReflectiveFieldCall extends ClassMethodCall {
|
||||
ReflectiveFieldCall() {
|
||||
this.getCallee().hasName("getField") or
|
||||
this.getCallee().hasName("getDeclaredField")
|
||||
}
|
||||
@@ -405,3 +423,6 @@ class ReflectiveFieldAccess extends ClassMethodCall {
|
||||
result.hasName(this.getArgument(0).(StringLiteral).getValue())
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveFieldCall`. */
|
||||
deprecated class ReflectiveFieldAccess = ReflectiveFieldCall;
|
||||
|
||||
@@ -464,6 +464,11 @@ class ObjectOutputStreamVar extends LocalVariableDecl {
|
||||
result.getQualifier() = this.getAnAccess() and
|
||||
result.getMethod().hasName("writeObject")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `getAWriteObjectMethodCall`. */
|
||||
deprecated MethodCall getAWriteObjectMethodAccess() {
|
||||
result = this.getAWriteObjectMethodCall()
|
||||
}
|
||||
}
|
||||
|
||||
/** Flow through string formatting. */
|
||||
|
||||
@@ -267,7 +267,7 @@ private module Impl {
|
||||
|
||||
/** Holds if `f` can have any sign. */
|
||||
predicate fieldWithUnknownSign(Field f) {
|
||||
exists(ReflectiveFieldAccess rfa | rfa.inferAccessedField() = f)
|
||||
exists(ReflectiveFieldCall rfa | rfa.inferAccessedField() = f)
|
||||
}
|
||||
|
||||
/** Holds if `f` is accessed in an increment operation. */
|
||||
|
||||
@@ -173,9 +173,9 @@ class LiveClass extends SourceClassOrInterface {
|
||||
exists(NestedType r | r.getEnclosingType() = this | r instanceof LiveClass)
|
||||
or
|
||||
// An annotation on the class is reflectively accessed.
|
||||
exists(ReflectiveAnnotationAccess reflectiveAnnotationAccess |
|
||||
this = reflectiveAnnotationAccess.getInferredClassType() and
|
||||
isLive(reflectiveAnnotationAccess.getEnclosingCallable())
|
||||
exists(ReflectiveAnnotationCall reflectiveAnnotationCall |
|
||||
this = reflectiveAnnotationCall.getInferredClassType() and
|
||||
isLive(reflectiveAnnotationCall.getEnclosingCallable())
|
||||
)
|
||||
or
|
||||
this instanceof AnonymousClass
|
||||
|
||||
@@ -130,7 +130,7 @@ class JUnitAnnotatedField extends ReflectivelyReadField {
|
||||
*/
|
||||
class ClassReflectivelyReadField extends ReflectivelyReadField {
|
||||
ClassReflectivelyReadField() {
|
||||
exists(ReflectiveFieldAccess fieldAccess | this = fieldAccess.inferAccessedField())
|
||||
exists(ReflectiveFieldCall fieldAccess | this = fieldAccess.inferAccessedField())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -172,6 +172,9 @@ class ReflectiveMethodCallEntryPoint extends EntryPoint, ReflectiveMethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `ReflectiveMethodCallEntryPoint`. */
|
||||
deprecated class ReflectiveMethodAccessEntryPoint = ReflectiveMethodCallEntryPoint;
|
||||
|
||||
/**
|
||||
* Classes that are entry points recognised by annotations.
|
||||
*/
|
||||
|
||||
@@ -25,6 +25,9 @@ class MockitoVerifiedMethodCall extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `MockitoVerifiedMethodCall`. */
|
||||
deprecated class MockitoVerifiedMethodAccess = MockitoVerifiedMethodCall;
|
||||
|
||||
/**
|
||||
* A type that can be mocked by Mockito.
|
||||
*/
|
||||
|
||||
@@ -43,6 +43,9 @@ class LocalDatabaseOpenMethodCall extends Storable, Call {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `LocalDatabaseOpenMethodCall`. */
|
||||
deprecated class LocalDatabaseOpenMethodAccess = LocalDatabaseOpenMethodCall;
|
||||
|
||||
/** A method that is both a database input and a database store. */
|
||||
private class LocalDatabaseInputStoreMethod extends Method {
|
||||
LocalDatabaseInputStoreMethod() {
|
||||
|
||||
@@ -43,6 +43,9 @@ class SharedPreferencesEditorMethodCall extends Storable, MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `SharedPreferencesEditorMethodCall`. */
|
||||
deprecated class SharedPreferencesEditorMethodAccess = SharedPreferencesEditorMethodCall;
|
||||
|
||||
/**
|
||||
* Holds if `input` is the second argument of a setter method
|
||||
* called on `editor`, which is an instance of `SharedPreferences$Editor`.
|
||||
|
||||
@@ -8,15 +8,18 @@ import HardcodedCredentials
|
||||
/**
|
||||
* A call to a method that is or overrides `java.lang.Object.equals`.
|
||||
*/
|
||||
class EqualsAccess extends MethodCall {
|
||||
EqualsAccess() { this.getMethod() instanceof EqualsMethod }
|
||||
class EqualsCall extends MethodCall {
|
||||
EqualsCall() { this.getMethod() instanceof EqualsMethod }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `EqualsCall`. */
|
||||
deprecated class EqualsAccess = EqualsCall;
|
||||
|
||||
/**
|
||||
* Holds if `sink` compares password `p` against a hardcoded expression `source`.
|
||||
*/
|
||||
predicate isHardcodedCredentialsComparison(
|
||||
EqualsAccess sink, HardcodedExpr source, PasswordVariable p
|
||||
EqualsCall sink, HardcodedExpr source, PasswordVariable p
|
||||
) {
|
||||
source = sink.getQualifier() and
|
||||
p.getAnAccess() = sink.getArgument(0)
|
||||
|
||||
@@ -43,6 +43,9 @@ class JwtParserWithInsecureParseSink extends DataFlow::Node {
|
||||
|
||||
/** Gets the method access that does the insecure parsing. */
|
||||
MethodCall getParseMethodCall() { result = insecureParseMa }
|
||||
|
||||
/** DEPRECATED: Alias for `getParseMethodCall`. */
|
||||
deprecated MethodCall getParseMethodAccess() { result = this.getParseMethodCall() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -58,3 +58,6 @@ class PartialPathTraversalMethodCall extends MethodCall {
|
||||
not isSafe(this.getArgument(0))
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `PartialPathTraversalMethodCall`. */
|
||||
deprecated class PartialPathTraversalMethodAccess = PartialPathTraversalMethodCall;
|
||||
@@ -52,6 +52,9 @@ class SensitiveMethodCall extends SensitiveExpr, MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `SensitiveMethodCall`. */
|
||||
deprecated class SensitiveMethodAccess = SensitiveMethodCall;
|
||||
|
||||
/** Access to a variable that might contain sensitive data. */
|
||||
class SensitiveVarAccess extends SensitiveExpr, VarAccess {
|
||||
SensitiveVarAccess() {
|
||||
|
||||
@@ -214,6 +214,9 @@ abstract class MethodCallInsecureFileCreation extends MethodCall {
|
||||
DataFlow::Node getNode() { result.asExpr() = this }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `MethodCallInsecureFileCreation`. */
|
||||
deprecated class MethodAccessInsecureFileCreation = MethodCallInsecureFileCreation;
|
||||
|
||||
/**
|
||||
* An insecure call to `java.io.File.createTempFile`.
|
||||
*/
|
||||
@@ -232,6 +235,9 @@ class MethodCallInsecureFileCreateTempFile extends MethodCallInsecureFileCreatio
|
||||
override string getFileSystemEntityType() { result = "file" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `MethodCallInsecureFileCreateTempFile`. */
|
||||
deprecated class MethodAccessInsecureFileCreateTempFile = MethodCallInsecureFileCreateTempFile;
|
||||
|
||||
/**
|
||||
* The `com.google.common.io.Files.createTempDir` method.
|
||||
*/
|
||||
@@ -252,3 +258,6 @@ class MethodCallInsecureGuavaFilesCreateTempFile extends MethodCallInsecureFileC
|
||||
|
||||
override string getFileSystemEntityType() { result = "directory" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `MethodCallInsecureGuavaFilesCreateTempFile`. */
|
||||
deprecated class MethodAccessInsecureGuavaFilesCreateTempFile = MethodCallInsecureGuavaFilesCreateTempFile;
|
||||
|
||||
@@ -233,6 +233,9 @@ class UnsafeDeserializationSink extends DataFlow::ExprNode {
|
||||
|
||||
/** Gets a call that triggers unsafe deserialization. */
|
||||
MethodCall getMethodCall() { unsafeDeserialization(result, this.getExpr()) }
|
||||
|
||||
/** DEPRECATED: Alias for `getMethodCall`. */
|
||||
deprecated MethodCall getMethodAccess() { result = this.getMethodCall() }
|
||||
}
|
||||
|
||||
/** Holds if `node` is a sanitizer for unsafe deserialization */
|
||||
|
||||
@@ -54,6 +54,9 @@ class SqlResourceOpeningMethodCall extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for `SqlResourceOpeningMethodCall`. */
|
||||
deprecated class SqlResourceOpeningMethodAccess = SqlResourceOpeningMethodCall;
|
||||
|
||||
/**
|
||||
* A candidate for a "closeable init" expression, which may require calling a "close" method.
|
||||
*/
|
||||
|
||||
@@ -13,6 +13,6 @@
|
||||
import java
|
||||
import semmle.code.java.security.HardcodedCredentialsComparison
|
||||
|
||||
from EqualsAccess sink, HardcodedExpr source, PasswordVariable p
|
||||
from EqualsCall sink, HardcodedExpr source, PasswordVariable p
|
||||
where isHardcodedCredentialsComparison(sink, source, p)
|
||||
select source, "Hard-coded value is $@ with password variable $@.", sink, "compared", p, p.getName()
|
||||
|
||||
@@ -45,8 +45,8 @@ module UnsafeReflectionConfig implements DataFlow::ConfigSig {
|
||||
// Qualifier -> return of Class.getDeclaredConstructors/Methods and similar
|
||||
exists(MethodCall ma |
|
||||
(
|
||||
ma instanceof ReflectiveConstructorsAccess or
|
||||
ma instanceof ReflectiveMethodsAccess
|
||||
ma instanceof ReflectiveConstructorsCall or
|
||||
ma instanceof ReflectiveMethodsCall
|
||||
) and
|
||||
ma.getQualifier() = pred.asExpr() and
|
||||
ma = succ.asExpr()
|
||||
|
||||
Reference in New Issue
Block a user