hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6353 from sauyon/sauyon/java/model-constructors

Browse Source 
Java: Add models for collection constructors
This commit is contained in:
Chris Smowton
2021-07-22 16:27:59 +01:00
committed by GitHub
parent f71c99af22 fd02dcdf2e
commit 5c917b4a23
3 changed files with 326 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/change-notes/2021-07-22-model-collection-constructors.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling constructors for collections in `java.util`.

39
java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
View File

@@ -368,7 +368,44 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
"java.util;Collections;false;copy;(List,List);;Element of Argument[1];Element of Argument[0];value", "java.util;Collections;false;copy;(List,List);;Element of Argument[1];Element of Argument[0];value",
"java.util;Collections;false;fill;(List,Object);;Argument[1];Element of Argument[0];value", "java.util;Collections;false;fill;(List,Object);;Argument[1];Element of Argument[0];value",
"java.util;Arrays;false;asList;;;ArrayElement of Argument[0];Element of ReturnValue;value", "java.util;Arrays;false;asList;;;ArrayElement of Argument[0];Element of ReturnValue;value",
"java.util;Collections;false;addAll;(Collection,Object[]);;ArrayElement of Argument[1];Element of Argument[0];value" "java.util;Collections;false;addAll;(Collection,Object[]);;ArrayElement of Argument[1];Element of Argument[0];value",
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;ArrayDeque;false;ArrayDeque;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;ArrayList;false;ArrayList;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;EnumMap;false;EnumMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;EnumMap;false;EnumMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;EnumMap;false;EnumMap;(EnumMap);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;EnumMap;false;EnumMap;(EnumMap);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;HashMap;false;HashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;HashMap;false;HashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;HashSet;false;HashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;Hashtable;false;Hashtable;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;Hashtable;false;Hashtable;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;LinkedList;false;LinkedList;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;PriorityQueue;false;PriorityQueue;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Element of Argument[0];Element of Argument[-1];value",
"java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Element of Argument[0];Element of Argument[-1];value",
"java.util;TreeMap;false;TreeMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;TreeMap;false;TreeMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;TreeMap;false;TreeMap;(SortedMap);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;TreeMap;false;TreeMap;(SortedMap);;MapValue of Argument[0];MapValue of Argument[-1];value",
"java.util;TreeSet;false;TreeSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;TreeSet;false;TreeSet;(SortedSet);;Element of Argument[0];Element of Argument[-1];value",
"java.util;Vector;false;Vector;(Collection);;Element of Argument[0];Element of Argument[-1];value",
"java.util;WeakHashMap;false;WeakHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
"java.util;WeakHashMap;false;WeakHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
] ]
} }
} }

286
java/ql/test/library-tests/dataflow/collections/Constructors.java Normal file
View File

@@ -0,0 +1,286 @@
package generatedtest;
import java.util.AbstractMap;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.IdentityHashMap;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.PriorityQueue;
import java.util.SortedMap;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.Vector;
import java.util.WeakHashMap;
// Test case generated by GenerateFlowTestCase.ql
public class Constructors {
Object getElement(Collection container) { return container.iterator().next(); }
Object getMapKey(Map container) { return container.keySet().iterator().next(); }
Object getMapValue(Map container) { return container.get(null); }
Object getMapKey(Map.Entry container) { return container.getKey(); }
Object getMapValue(Map.Entry container) { return container.getValue(); }
Object source() { return null; }
void sink(Object o) { }
public void test() {
{
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value"
AbstractMap.SimpleEntry out = null;
Map.Entry in = new AbstractMap.SimpleEntry(source(), null);
out = new AbstractMap.SimpleEntry(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value"
AbstractMap.SimpleEntry out = null;
Map.Entry in = new AbstractMap.SimpleEntry(null, source());;
out = new AbstractMap.SimpleEntry(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value"
AbstractMap.SimpleEntry out = null;
Object in = source();
out = new AbstractMap.SimpleEntry(in, null);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value"
AbstractMap.SimpleEntry out = null;
Object in = source();
out = new AbstractMap.SimpleEntry(null, in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value"
AbstractMap.SimpleImmutableEntry out = null;
Map.Entry in = new AbstractMap.SimpleEntry(source(), null);
out = new AbstractMap.SimpleImmutableEntry(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value"
AbstractMap.SimpleImmutableEntry out = null;
Map.Entry in = new AbstractMap.SimpleEntry(null, source());
out = new AbstractMap.SimpleImmutableEntry(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;ArrayDeque;false;ArrayDeque;(Collection);;Element of Argument[0];Element of Argument[-1];value"
ArrayDeque out = null;
Collection in = List.of(source());
out = new ArrayDeque(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;ArrayList;false;ArrayList;(Collection);;Element of Argument[0];Element of Argument[-1];value"
ArrayList out = null;
Collection in = List.of(source());
out = new ArrayList(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;EnumMap;false;EnumMap;(EnumMap);;MapKey of Argument[0];MapKey of Argument[-1];value"
EnumMap out = null;
EnumMap in = new EnumMap(Map.of(source(), null));
out = new EnumMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;EnumMap;false;EnumMap;(EnumMap);;MapValue of Argument[0];MapValue of Argument[-1];value"
EnumMap out = null;
EnumMap in = new EnumMap(Map.of(null, source()));
out = new EnumMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;EnumMap;false;EnumMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
EnumMap out = null;
Map in = Map.of(source(), null);
out = new EnumMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;EnumMap;false;EnumMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
EnumMap out = null;
Map in = Map.of(null, source());
out = new EnumMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;HashMap;false;HashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
HashMap out = null;
Map in = Map.of(source(), null);
out = new HashMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;HashMap;false;HashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
HashMap out = null;
Map in = Map.of(null, source());
out = new HashMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;HashSet;false;HashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
HashSet out = null;
Collection in = List.of(source());
out = new HashSet(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;Hashtable;false;Hashtable;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
Hashtable out = null;
Map in = Map.of(source(), null);
out = new Hashtable(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;Hashtable;false;Hashtable;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
Hashtable out = null;
Map in = Map.of(null, source());
out = new Hashtable(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
IdentityHashMap out = null;
Map in = Map.of(source(), null);
out = new IdentityHashMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
IdentityHashMap out = null;
Map in = Map.of(null, source());
out = new IdentityHashMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
LinkedHashMap out = null;
Map in = Map.of(source(), null);
out = new LinkedHashMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
LinkedHashMap out = null;
Map in = Map.of(null, source());
out = new LinkedHashMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
LinkedHashSet out = null;
Collection in = List.of(source());
out = new LinkedHashSet(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;LinkedList;false;LinkedList;(Collection);;Element of Argument[0];Element of Argument[-1];value"
LinkedList out = null;
Collection in = List.of(source());
out = new LinkedList(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;PriorityQueue;false;PriorityQueue;(Collection);;Element of Argument[0];Element of Argument[-1];value"
PriorityQueue out = null;
Collection in = List.of(source());
out = new PriorityQueue(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Element of Argument[0];Element of Argument[-1];value"
PriorityQueue out = null;
PriorityQueue in = new PriorityQueue(List.of(source()));
out = new PriorityQueue(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Element of Argument[0];Element of Argument[-1];value"
PriorityQueue out = null;
SortedSet in = new TreeSet(List.of(source()));
out = new PriorityQueue(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;TreeMap;false;TreeMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
TreeMap out = null;
Map in = Map.of(source(), null);
out = new TreeMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;TreeMap;false;TreeMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
TreeMap out = null;
Map in = Map.of(null, source());
out = new TreeMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;TreeMap;false;TreeMap;(SortedMap);;MapKey of Argument[0];MapKey of Argument[-1];value"
TreeMap out = null;
SortedMap in = new TreeMap(Map.of(source(), null));
out = new TreeMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;TreeMap;false;TreeMap;(SortedMap);;MapValue of Argument[0];MapValue of Argument[-1];value"
TreeMap out = null;
SortedMap in = new TreeMap(Map.of(null, source()));
out = new TreeMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "java.util;TreeSet;false;TreeSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
TreeSet out = null;
Collection in = List.of(source());
out = new TreeSet(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;TreeSet;false;TreeSet;(SortedSet);;Element of Argument[0];Element of Argument[-1];value"
TreeSet out = null;
SortedSet in = new TreeSet(List.of(source()));
out = new TreeSet(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;Vector;false;Vector;(Collection);;Element of Argument[0];Element of Argument[-1];value"
Vector out = null;
Collection in = List.of(source());
out = new Vector(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "java.util;WeakHashMap;false;WeakHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
WeakHashMap out = null;
Map in = Map.of(source(), null);
out = new WeakHashMap(in);
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "java.util;WeakHashMap;false;WeakHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
WeakHashMap out = null;
Map in = Map.of(null, source());
out = new WeakHashMap(in);
sink(getMapValue(out)); // $ hasValueFlow
}
}
}