diff --git a/java/ql/examples/snippets/returnstatement.ql b/java/ql/examples/snippets/returnstatement.ql index 14270dc87c2..f2b6c601fb5 100644 --- a/java/ql/examples/snippets/returnstatement.ql +++ b/java/ql/examples/snippets/returnstatement.ql @@ -10,5 +10,5 @@ import java from ReturnStmt r -where r.getResult() instanceof NullLiteral +where r.getExpr() instanceof NullLiteral select r diff --git a/java/ql/lib/semmle/code/java/ControlFlowGraph.qll b/java/ql/lib/semmle/code/java/ControlFlowGraph.qll index 2987a8ae2b1..bb3690dbbfc 100644 --- a/java/ql/lib/semmle/code/java/ControlFlowGraph.qll +++ b/java/ql/lib/semmle/code/java/ControlFlowGraph.qll @@ -849,7 +849,7 @@ private module ControlFlowGraphImpl { or index = 0 and result = this.(ClassExpr).getExpr() or - index = 0 and result = this.(ReturnStmt).getResult() + index = 0 and result = this.(ReturnStmt).getExpr() or index = 0 and result = this.(ThrowStmt).getExpr() or diff --git a/java/ql/lib/semmle/code/java/Conversions.qll b/java/ql/lib/semmle/code/java/Conversions.qll index 779eb7620be..1855b7af54a 100644 --- a/java/ql/lib/semmle/code/java/Conversions.qll +++ b/java/ql/lib/semmle/code/java/Conversions.qll @@ -69,7 +69,7 @@ class AssignmentConversionContext extends ConversionSite { class ReturnConversionSite extends ConversionSite { ReturnStmt r; - ReturnConversionSite() { this = r.getResult() } + ReturnConversionSite() { this = r.getExpr() } override Type getConversionTarget() { result = r.getEnclosingCallable().getReturnType() } diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 757bef86e3d..d4b43a9dfab 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -1312,7 +1312,7 @@ class LambdaExpr extends FunctionalExpr, @lambdaexpr { /** Gets the body of this lambda expression, if it is an expression. */ Expr getExprBody() { - this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getResult() + this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getExpr() } /** Gets the body of this lambda expression, if it is a statement. */ @@ -1347,7 +1347,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref { exists(Stmt stmt | stmt = this.asMethod().getBody().(SingletonBlock).getStmt() and ( - result = stmt.(ReturnStmt).getResult() + result = stmt.(ReturnStmt).getExpr() or // Note: Currently never an ExprStmt, but might change once https://github.com/github/codeql/issues/3605 is fixed result = stmt.(ExprStmt).getExpr() diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll index 17fe696972f..23e08c4e6b6 100644 --- a/java/ql/lib/semmle/code/java/Member.qll +++ b/java/ql/lib/semmle/code/java/Member.qll @@ -680,13 +680,13 @@ class GetterMethod extends Method { GetterMethod() { this.hasNoParameters() and exists(ReturnStmt s, Field f | s = this.getBody().(SingletonBlock).getStmt() | - s.getResult() = f.getAnAccess() + s.getExpr() = f.getAnAccess() ) } /** Gets the field whose value is returned by this getter method. */ Field getField() { - exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getResult() = result.getAnAccess()) + exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getExpr() = result.getAnAccess()) } } diff --git a/java/ql/lib/semmle/code/java/PrettyPrintAst.qll b/java/ql/lib/semmle/code/java/PrettyPrintAst.qll index 64e44b2cec4..ac707c849dd 100644 --- a/java/ql/lib/semmle/code/java/PrettyPrintAst.qll +++ b/java/ql/lib/semmle/code/java/PrettyPrintAst.qll @@ -854,7 +854,7 @@ private class PpSynchronizedStmt extends PpAst, SynchronizedStmt { private class PpReturnStmt extends PpAst, ReturnStmt { override string getPart(int i) { - if exists(this.getResult()) + if exists(this.getExpr()) then i = 0 and result = "return " or @@ -864,7 +864,7 @@ private class PpReturnStmt extends PpAst, ReturnStmt { ) } - override PpAst getChild(int i) { i = 1 and result = this.getResult() } + override PpAst getChild(int i) { i = 1 and result = this.getExpr() } } private class PpThrowStmt extends PpAst, ThrowStmt { diff --git a/java/ql/lib/semmle/code/java/Statement.qll b/java/ql/lib/semmle/code/java/Statement.qll index 8db9d5e6628..3f138ac0fa2 100644 --- a/java/ql/lib/semmle/code/java/Statement.qll +++ b/java/ql/lib/semmle/code/java/Statement.qll @@ -627,8 +627,15 @@ class SynchronizedStmt extends Stmt, @synchronizedstmt { /** A `return` statement. */ class ReturnStmt extends Stmt, @returnstmt { + /** + * DEPRECATED: Use getExpr() instead. + * + * Gets the expression returned by this `return` statement, if any. + */ + deprecated Expr getResult() { result.getParent() = this } + /** Gets the expression returned by this `return` statement, if any. */ - Expr getResult() { result.getParent() = this } + Expr getExpr() { result.getParent() = this } override string pp() { result = "return ..." } diff --git a/java/ql/lib/semmle/code/java/controlflow/Guards.qll b/java/ql/lib/semmle/code/java/controlflow/Guards.qll index 84536047483..49cd0d18941 100644 --- a/java/ql/lib/semmle/code/java/controlflow/Guards.qll +++ b/java/ql/lib/semmle/code/java/controlflow/Guards.qll @@ -349,7 +349,7 @@ private module GuardsInput implements SharedGuards::InputSig { n2.asSsa().(Base::SsaPhiDefinition).getAnUltimateDefinition() = n1.asSsa() or exists(ReturnStmt ret | - n2.asMethod() = ret.getEnclosingCallable() and ret.getResult() = n1.asExpr() + n2.asMethod() = ret.getEnclosingCallable() and ret.getExpr() = n1.asExpr() ) or viableImpl_v1(n2.asExpr()) = n1.asMethod() diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index 9786286389c..a280e531f91 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -510,7 +510,7 @@ module Private { /** A data flow node that occurs as the result of a `ReturnStmt`. */ class ReturnNode extends Node { ReturnNode() { - exists(ReturnStmt ret | this.asExpr() = ret.getResult()) or + exists(ReturnStmt ret | this.asExpr() = ret.getExpr()) or this.(FlowSummaryNode).isReturn() } diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll index 3a8491b8428..011049eec4b 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll @@ -27,7 +27,7 @@ VarAccess valueAccess(EnumConstant e) { or exists(Assignment a | a.getSource() = valueFlow+(result)) or - exists(ReturnStmt r | r.getResult() = valueFlow+(result)) + exists(ReturnStmt r | r.getExpr() = valueFlow+(result)) or exists(LocalVariableDeclExpr v | v.getInit() = valueFlow+(result)) or diff --git a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll index 2af5df28107..d4425eae2b8 100644 --- a/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll +++ b/java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll @@ -354,7 +354,7 @@ private module TrackLambda { predicate returnStep(Node n1, LocalSourceNode n2) { exists(ReturnStmt ret, Method m | ret.getEnclosingCallable() = m and - ret.getResult() = n1.asExpr() and + ret.getExpr() = n1.asExpr() and m = dispatch(n2.asExpr()) ) } diff --git a/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll b/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll index 239f4dd0fbc..d5a4ee60571 100644 --- a/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll +++ b/java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll @@ -53,7 +53,7 @@ private predicate viableArgParam(ArgumentNode arg, ParameterNode p) { private predicate returnStep(Node n1, Node n2) { exists(ReturnStmt ret, Method m | ret.getEnclosingCallable() = m and - ret.getResult() = n1.asExpr() and + ret.getExpr() = n1.asExpr() and pragma[only_bind_out](m) = dispatchCand(n2.asExpr()) ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index 62289f737c0..8b3ab081ee0 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -424,7 +424,7 @@ private class JaxRSXssSink extends XssSink { exists(JaxRsResourceMethod resourceMethod, ReturnStmt rs | resourceMethod = any(JaxRsResourceClass resourceClass).getAResourceMethod() and rs.getEnclosingCallable() = resourceMethod and - this.asExpr() = rs.getResult() + this.asExpr() = rs.getExpr() | not exists(resourceMethod.getProducesAnnotation()) or diff --git a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll index a8559060d30..2613b0e5c51 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll @@ -386,7 +386,7 @@ class MockitoMockedObject extends Expr { or exists(ReturnStmt ret | this.(MethodCall).getMethod() = ret.getEnclosingCallable() and - ret.getResult() instanceof MockitoMockedObject + ret.getExpr() instanceof MockitoMockedObject ) } } diff --git a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll index e3f89186821..6a354a0a42a 100644 --- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll +++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll @@ -109,7 +109,7 @@ class MyBatisInjectionSink extends DataFlow::Node { a.getType() instanceof MyBatisProvider and m.getDeclaringType() = a.getValue(["type", "value"]).(TypeLiteral).getTypeName().getType() and m.hasName(a.getValue("method").(StringLiteral).getValue()) and - exists(ReturnStmt ret | this.asExpr() = ret.getResult() and ret.getEnclosingCallable() = m) + exists(ReturnStmt ret | this.asExpr() = ret.getExpr() and ret.getEnclosingCallable() = m) ) } } diff --git a/java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll b/java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll index c813c0383eb..5a550ff9501 100644 --- a/java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll +++ b/java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll @@ -15,7 +15,7 @@ private predicate threadLocalInitialValue(ClassInstanceExpr cie, Method initialV exists(RefType t, ReturnStmt ret | cie.getConstructedType().getSourceDeclaration() = t and t.getASourceSupertype+().hasQualifiedName("java.lang", "ThreadLocal") and - ret.getResult() = init and + ret.getExpr() = init and ret.getEnclosingCallable() = initialValue and initialValue.hasName("initialValue") and initialValue.getDeclaringType() = t diff --git a/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll b/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll index 1aba64a4c7e..e7948fcd5f4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll @@ -37,7 +37,7 @@ private class AsyncTaskOnPostExecuteAdditionalValueStep extends AdditionalValueS | onPostExecute.getDeclaringType() = runInBackground.getDeclaringType() | - node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getResult() and + node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getExpr() and node2.asParameter() = onPostExecute.getParameter(0) ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll b/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll index 9123600d4e4..134e93ea4eb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Compose.qll @@ -44,7 +44,7 @@ class LiveLiteralMethod extends Method { private predicate methodReturns(Method m, Expr res) { exists(ReturnStmt r | - r.getResult() = res and + r.getExpr() = res and r.getEnclosingCallable() = m ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll index 2f5a88ba5c8..10b6e7f3df2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll @@ -138,7 +138,7 @@ ThisAccess forbiddenThisUse(Callable c) { result.getEnclosingCallable() = c and ( exists(MethodCall ma | ma.getAnArgument() = result) or - exists(ReturnStmt rs | rs.getResult() = result) + exists(ReturnStmt rs | rs.getExpr() = result) ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll index 5f9271c0149..d110caa1703 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll @@ -52,7 +52,7 @@ private class SpringXssSink extends XSS::XssSink { SpringXssSink() { exists(SpringRequestMappingMethod requestMappingMethod, ReturnStmt rs | requestMappingMethod = rs.getEnclosingCallable() and - this.asExpr() = rs.getResult() and + this.asExpr() = rs.getExpr() and ( not specifiesContentType(requestMappingMethod) or isXssVulnerableContentTypeExpr(requestMappingMethod.getAProducesExpr()) diff --git a/java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll b/java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll index 28ca95b5541..d7563100d97 100644 --- a/java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll +++ b/java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll @@ -58,9 +58,9 @@ private class HttpResponseGetDescriptionStep extends AdditionalValueStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { exists(ReturnStmt s, GenerateResponseMethod m | s.getEnclosingCallable() instanceof HudsonWebMethod and - boundOrStaticType(s.getResult(), m.getDeclaringType().getADescendant()) + boundOrStaticType(s.getExpr(), m.getDeclaringType().getADescendant()) | - n1.asExpr() = s.getResult() and + n1.asExpr() = s.getExpr() and n2.(DataFlow::InstanceParameterNode).getCallable() = m ) } diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll b/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll index 4f4c20a5263..9282e766627 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll @@ -113,7 +113,7 @@ predicate upcastToWiderType(Expr e) { or exists(CastingExpr c | c.getExpr() = e and t2 = c.getType()) or - exists(ReturnStmt ret | ret.getResult() = e and t2 = ret.getEnclosingCallable().getReturnType()) + exists(ReturnStmt ret | ret.getExpr() = e and t2 = ret.getEnclosingCallable().getReturnType()) or exists(Parameter p | p.getAnArgument() = e and t2 = p.getType()) or diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll index d27677b2271..7dc5f68d2d1 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll @@ -25,7 +25,7 @@ class IsValidFragmentMethod extends Method { predicate isUnsafe() { this.getDeclaringType().(AndroidActivity).isExported() and forex(ReturnStmt retStmt | retStmt.getEnclosingCallable() = this | - retStmt.getResult().(BooleanLiteral).getBooleanValue() = true + retStmt.getExpr().(BooleanLiteral).getBooleanValue() = true ) } } diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll index a0377599054..e97a3161499 100644 --- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll @@ -107,7 +107,7 @@ private class StaticInitializationVectorSource extends DataFlow::Node { // Reduce FPs from utility methods that return an empty array in an exceptional case not exists(ReturnStmt ret | array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and - DataFlow::localExprFlow(array, ret.getResult()) + DataFlow::localExprFlow(array, ret.getExpr()) ) ) } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index dc771a46606..4b9f5c61f59 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -95,7 +95,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig { ) { exists(ConstructorCall cc, FunctionalExpr fe | cc.getConstructedType() instanceof KryoPoolBuilder and - fe.asMethod().getBody().getAStmt().(ReturnStmt).getResult() = node1.asExpr() and + fe.asMethod().getBody().getAStmt().(ReturnStmt).getExpr() = node1.asExpr() and node2.asExpr() = cc and cc.getArgument(0) = fe ) diff --git a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll index 60829f426f7..724bccceb1f 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll @@ -13,7 +13,7 @@ private import semmle.code.java.dataflow.ExternalFlow */ private predicate alwaysReturnsTrue(HostnameVerifierVerify m) { forex(ReturnStmt rs | rs.getEnclosingCallable() = m | - rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true + rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true ) } diff --git a/java/ql/src/Language Abuse/IterableClass.qll b/java/ql/src/Language Abuse/IterableClass.qll index a6b4c86cffd..896fc2e1160 100644 --- a/java/ql/src/Language Abuse/IterableClass.qll +++ b/java/ql/src/Language Abuse/IterableClass.qll @@ -12,7 +12,7 @@ class Iterable extends Class { exists(Method m | m.getDeclaringType().getSourceDeclaration() = this and m.getName() = "iterator" and - m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() = result + m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() = result ) } } diff --git a/java/ql/src/Language Abuse/IterableIterator.ql b/java/ql/src/Language Abuse/IterableIterator.ql index 72dfbcd9965..f2ba1a727de 100644 --- a/java/ql/src/Language Abuse/IterableIterator.ql +++ b/java/ql/src/Language Abuse/IterableIterator.ql @@ -30,7 +30,7 @@ class EmptyIterableIterator extends IterableIterator { .(SingletonBlock) .getStmt() .(ReturnStmt) - .getResult() + .getExpr() .(BooleanLiteral) .getBooleanValue() = false ) diff --git a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql index 09d686947e0..92faee89be7 100644 --- a/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +++ b/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql @@ -39,7 +39,7 @@ predicate containsSpecialCollection(Expr e, SpecialCollectionCreation origin) { or exists(Call c, ReturnStmt r | e = c | r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and - containsSpecialCollection(r.getResult(), origin) + containsSpecialCollection(r.getExpr(), origin) ) } @@ -61,7 +61,7 @@ predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) { or exists(Call c, ReturnStmt r | e = c | r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and - iterOfSpecialCollection(r.getResult(), origin) + iterOfSpecialCollection(r.getExpr(), origin) ) } diff --git a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql index 2951f97d65f..6de1e52ed98 100644 --- a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +++ b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql @@ -29,7 +29,7 @@ where exists(AssignExpr assgn | va = assgn.getDest() | assgn.getSource() instanceof FreshContainer) or // ...a return (but only if `v` is a local variable) - v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va) + v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getExpr() = va) or // ...or a call to a query method on `v`. exists(MethodCall ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod) diff --git a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql index 2edeea4ec57..6695d6b677c 100644 --- a/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql +++ b/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql @@ -32,13 +32,13 @@ predicate checksReferenceEquality(EqualsMethod em) { eq.getAnOperand().(VarAccess).getVariable() = em.getParameter(0) and ( // `{ return (ojb==this); }` - eq = blk.getStmt().(ReturnStmt).getResult() + eq = blk.getStmt().(ReturnStmt).getExpr() or // `{ if (ojb==this) return true; else return false; }` exists(IfStmt ifStmt | ifStmt = blk.getStmt() | eq = ifStmt.getCondition() and - ifStmt.getThen().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = true and - ifStmt.getElse().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = false + ifStmt.getThen().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = true and + ifStmt.getElse().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = false ) ) ) @@ -47,7 +47,7 @@ predicate checksReferenceEquality(EqualsMethod em) { // More precisely, we check whether the body of `em` is of the form `return super.equals(o);`, // where `o` is the (only) parameter of `em`, and the invoked method is a reference equality check. exists(SuperMethodCall sup | - sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() and + sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() and sup.getArgument(0) = em.getParameter(0).getAnAccess() and checksReferenceEquality(sup.getCallee()) ) diff --git a/java/ql/src/Likely Bugs/Comparison/Equality.qll b/java/ql/src/Likely Bugs/Comparison/Equality.qll index 9aeb4a46047..babd4115742 100644 --- a/java/ql/src/Likely Bugs/Comparison/Equality.qll +++ b/java/ql/src/Likely Bugs/Comparison/Equality.qll @@ -22,7 +22,7 @@ class RefiningEquals extends EqualsMethod { // ... on the (only) parameter of this method ... sup.getArgument(0).(VarAccess).getVariable() = this.getAParameter() and // ... and its result is implied by the result of `ret`. - exprImplies(ret.getResult(), true, sup, true) + exprImplies(ret.getExpr(), true, sup, true) ) ) } diff --git a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql index 7cd495f9073..2c33143ccf0 100644 --- a/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +++ b/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql @@ -52,7 +52,7 @@ class ReferenceEquals extends EqualsMethod { exists(BlockStmt b, ReturnStmt ret, EQExpr eq | this.getBody() = b and b.getStmt(0) = ret and - ret.getResult() = eq and + ret.getExpr() = eq and eq.getAnOperand() = this.getAParameter().getAnAccess() and (eq.getAnOperand() instanceof ThisAccess or eq.getAnOperand() instanceof FieldAccess) ) diff --git a/java/ql/src/Likely Bugs/Comparison/StringComparison.ql b/java/ql/src/Likely Bugs/Comparison/StringComparison.ql index b6b39673a73..9818f965e05 100644 --- a/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +++ b/java/ql/src/Likely Bugs/Comparison/StringComparison.ql @@ -38,7 +38,7 @@ class StringValue extends Expr { or // Method accesses whose results are all interned. forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodCall).getMethod() | - rs.getResult().(StringValue).isInterned() + rs.getExpr().(StringValue).isInterned() ) } } diff --git a/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql b/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql index 3dcd44a5273..25eaca21aba 100644 --- a/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +++ b/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql @@ -42,7 +42,7 @@ predicate delegatingOverride(Method sub, Method sup) { delegatingSuperCall(stmt.(ExprStmt).getExpr(), sup) or // ...or a `return` statement containing such a call. - delegatingSuperCall(stmt.(ReturnStmt).getResult(), sup) + delegatingSuperCall(stmt.(ReturnStmt).getExpr(), sup) ) ) } diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql index 520dba86c41..316352b9b68 100644 --- a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql @@ -32,7 +32,7 @@ predicate castTo(ClassInstanceExpr cie, RefType to) { or exists(Call call, int n | call.getArgument(n) = cie | to = call.getCallee().getParameterType(n)) or - exists(ReturnStmt ret | ret.getResult() = cie | to = ret.getEnclosingCallable().getReturnType()) + exists(ReturnStmt ret | ret.getExpr() = cie | to = ret.getEnclosingCallable().getReturnType()) or exists(ArrayCreationExpr ace | ace.getInit().getAnInit() = cie | to = ace.getType().(Array).getComponentType() diff --git a/java/ql/src/Likely Bugs/Statements/Chaining.qll b/java/ql/src/Likely Bugs/Statements/Chaining.qll index bb7fba549e7..a02c07fac42 100644 --- a/java/ql/src/Likely Bugs/Statements/Chaining.qll +++ b/java/ql/src/Likely Bugs/Statements/Chaining.qll @@ -31,13 +31,13 @@ private predicate nonChaining(Method m) { private predicate nonChainingReturn(Method m, ReturnStmt ret) { // The wrong `this` is returned. - ret.getResult() instanceof ThisAccess and - ret.getResult().getType() != m.getDeclaringType() + ret.getExpr() instanceof ThisAccess and + ret.getExpr().getType() != m.getDeclaringType() or // A method call to the wrong method is returned. - ret.getResult() instanceof MethodCall and + ret.getExpr() instanceof MethodCall and exists(MethodCall delegateCall, Method delegate | - delegateCall = ret.getResult() and + delegateCall = ret.getExpr() and delegate = delegateCall.getMethod() | delegate.getDeclaringType() != m.getDeclaringType() @@ -54,7 +54,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) { or // Something else is returned. not ( - ret.getResult() instanceof ThisAccess or - ret.getResult() instanceof MethodCall + ret.getExpr() instanceof ThisAccess or + ret.getExpr() instanceof MethodCall ) } diff --git a/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql b/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql index 753c40774f6..1232e775be5 100644 --- a/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql +++ b/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql @@ -45,13 +45,13 @@ predicate castFlow(ArrayCast ce, Variable v) { } predicate returnedFrom(ArrayCast ce, Method m) { - exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getResult() = ce) + exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getExpr() = ce) or exists(Variable v | castFlow(ce, v) | returnedVariableFrom(v, m)) } predicate returnedVariableFrom(Variable v, Method m) { - exists(ReturnStmt ret | ret.getResult() = v.getAnAccess() and ret.getEnclosingCallable() = m) + exists(ReturnStmt ret | ret.getExpr() = v.getAnAccess() and ret.getEnclosingCallable() = m) } predicate rawTypeConversion(RawType source, ParameterizedType target) { diff --git a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql index c51e5d4acc5..d94436f2127 100644 --- a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +++ b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql @@ -41,7 +41,7 @@ private class VulnerableJHipsterRandomUtilMethod extends Method { this.getReturnType() instanceof TypeString and exists(ReturnStmt s | s = this.getBody().(SingletonBlock).getStmt() and - s.getResult() instanceof PredictableApacheRandomStringUtilsMethodCall + s.getExpr() instanceof PredictableApacheRandomStringUtilsMethodCall ) } } diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index 86808552433..521c7a1ca90 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -96,7 +96,7 @@ predicate probablyNeverEscapes(LocalVariableDecl v) { // Not assigned directly to another variable. not exists(Assignment a | a.getSource() = v.getAnAccess()) and // Not returned. - not exists(ReturnStmt r | r.getResult() = v.getAnAccess()) and + not exists(ReturnStmt r | r.getExpr() = v.getAnAccess()) and // All assignments are to new instances of a class. forex(Expr e | e = v.getAnAssignedValue() | e instanceof ClassInstanceExpr) } diff --git a/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql b/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql index fec9a2e8e44..713fdad5726 100644 --- a/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +++ b/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql @@ -35,7 +35,7 @@ predicate notDeliberatelyBoxed(LocalBoxedVar v) { ) or exists(ReturnStmt ret | - ret.getResult() = a and + ret.getExpr() = a and ret.getEnclosingCallable().getReturnType() instanceof RefType ) ) diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql index b5d27655f8d..20502320286 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql @@ -51,7 +51,7 @@ predicate storesArray(Callable c, int i, Field f) { predicate returnsArray(Callable c, Field f) { f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and relevantType(f.getType()) and - exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getResult() = f.getAnAccess()) and + exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getExpr() = f.getAnAccess()) and not c.isStatic() } @@ -71,7 +71,7 @@ predicate mayWriteToArray(Expr modified) { ) or // return __array__; ... method()[1] = 0 - exists(ReturnStmt rs | modified = rs.getResult() and relevantType(modified.getType()) | + exists(ReturnStmt rs | modified = rs.getExpr() and relevantType(modified.getType()) | exists(Callable enclosing, MethodCall ma | enclosing = rs.getEnclosingCallable() and ma.getMethod().getSourceDeclaration() = enclosing | diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql b/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql index 0a1e8785b4e..fa3ea20f05f 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql @@ -126,7 +126,7 @@ private predicate delegate(Method caller, Method callee) { exists(MethodCall ma | ma.getMethod() = callee | exists(Stmt stmt | stmt = caller.getBody().(SingletonBlock).getStmt() | wrappedAccess(stmt.(ExprStmt).getExpr(), ma) or - wrappedAccess(stmt.(ReturnStmt).getResult(), ma) + wrappedAccess(stmt.(ReturnStmt).getExpr(), ma) ) and forex(Parameter p, int i, Expr arg | p = caller.getParameter(i) and ma.getArgument(i) = arg | // The parameter is propagated without modification. diff --git a/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll b/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll index 561c57b7cd9..02f00d4ffb2 100644 --- a/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll +++ b/java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll @@ -3,7 +3,7 @@ import java predicate getterFor(Method m, Field f) { m.getName().matches("get%") and m.getDeclaringType() = f.getDeclaringType() and - exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getResult() = f.getAnAccess()) + exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getExpr() = f.getAnAccess()) } predicate setterFor(Method m, Field f) { diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll index 5d65431b415..c9dc2bda6c7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll @@ -125,10 +125,10 @@ private class StringFormatMethod extends StringCombiningMethod { class SpringViewManipulationSink extends DataFlow::ExprNode { SpringViewManipulationSink() { exists(ReturnStmt r, SpringRequestMappingMethod m | - r.getResult() = this.asExpr() and + r.getExpr() = this.asExpr() and m.getBody().getAStmt() = r and not m.isResponseBody() and - r.getResult().getType() instanceof TypeString + r.getExpr().getType() instanceof TypeString ) or exists(ConstructorCall c | c.getConstructedType() instanceof ModelAndView | diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql index c53c2cacdae..cb340ce0f69 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql @@ -48,7 +48,7 @@ private class JxBrowserLoadHandler extends RefType { private predicate isOnCertificateErrorMethodSafe(Method m) { forex(ReturnStmt rs | rs.getEnclosingCallable() = m | - rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true + rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true ) } diff --git a/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql b/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql index ae4f8ca0da0..578846438be 100644 --- a/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql +++ b/java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql @@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig { source.asExpr().(MethodCall).getMethod().hasName("taint") } - predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() } + predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getExpr() } } module Flow = TaintTracking::Global; diff --git a/java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql b/java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql index 8ace7e72931..fec039f24da 100644 --- a/java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql +++ b/java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql @@ -9,5 +9,5 @@ import java from ReturnStmt r -where r.getResult() instanceof NullLiteral +where r.getExpr() instanceof NullLiteral select r