From 5c8ef15d6fa5f9db12f52ee438d687d0c0594df2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 2 Dec 2022 11:35:38 +0100 Subject: [PATCH] Java: Add bi-directional imports of some abstract class extensions. --- java/ql/lib/semmle/code/java/dataflow/FlowSources.qll | 8 ++++++++ java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll | 2 ++ java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll | 8 ++++++++ .../java/dataflow/internal/FlowSummaryImplSpecific.qll | 7 +++++++ 4 files changed, 25 insertions(+) diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index fcb4ac3b970..501f5f16ee7 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -36,6 +36,14 @@ abstract class RemoteFlowSource extends DataFlow::Node { abstract string getSourceType(); } +/** + * A module for importing frameworks that define remote flow sources. + */ +private module RemoteFlowSources { + private import semmle.code.java.frameworks.android.Widget + private import semmle.code.java.security.TemplateInjection +} + private class ExternalRemoteFlowSource extends RemoteFlowSource { ExternalRemoteFlowSource() { sourceNode(this, "remote") } diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll index 4f350ec9ccb..24b49000c5a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll @@ -21,6 +21,8 @@ private module Frameworks { private import semmle.code.java.frameworks.guava.Guava private import semmle.code.java.frameworks.apache.Lang private import semmle.code.java.frameworks.ApacheHttp + private import semmle.code.java.frameworks.ratpack.RatpackExec + private import semmle.code.java.frameworks.android.Slice } /** diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 00abffe5f7b..09a5f05914f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -97,6 +97,14 @@ abstract class SyntheticCallable extends string { Type getReturnType() { none() } } +/** + * A module for importing frameworks that define synthetic callables. + */ +private module SyntheticCallables { + private import semmle.code.java.frameworks.android.Intent + private import semmle.code.java.frameworks.Stream +} + private newtype TSummarizedCallableBase = TSimpleCallable(Callable c) { c.isSourceDeclaration() } or TSyntheticCallable(SyntheticCallable c) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index 007105d3e95..c3366436d27 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -14,6 +14,13 @@ private import semmle.code.java.dataflow.internal.AccessPathSyntax as AccessPath class SummarizedCallableBase = FlowSummary::SummarizedCallableBase; +/** + * A module for importing frameworks that define synthetic globals. + */ +private module SyntheticGlobals { + private import semmle.code.java.frameworks.android.Intent +} + DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() = c } /** Gets the parameter position of the instance parameter. */