mirror of
https://github.com/github/codeql.git
synced 2026-02-11 20:51:06 +01:00
Java: Rename ReturnStmt.getResult to getExpr.
This commit is contained in:
Anders Schack-Mulligen
@@ -10,5 +10,5 @@
|
||||
import java
|
||||
|
||||
from ReturnStmt r
|
||||
where r.getResult() instanceof NullLiteral
|
||||
where r.getExpr() instanceof NullLiteral
|
||||
select r
|
||||
|
||||
@@ -849,7 +849,7 @@ private module ControlFlowGraphImpl {
|
||||
or
|
||||
index = 0 and result = this.(ClassExpr).getExpr()
|
||||
or
|
||||
index = 0 and result = this.(ReturnStmt).getResult()
|
||||
index = 0 and result = this.(ReturnStmt).getExpr()
|
||||
or
|
||||
index = 0 and result = this.(ThrowStmt).getExpr()
|
||||
or
|
||||
|
||||
@@ -69,7 +69,7 @@ class AssignmentConversionContext extends ConversionSite {
|
||||
class ReturnConversionSite extends ConversionSite {
|
||||
ReturnStmt r;
|
||||
|
||||
ReturnConversionSite() { this = r.getResult() }
|
||||
ReturnConversionSite() { this = r.getExpr() }
|
||||
|
||||
override Type getConversionTarget() { result = r.getEnclosingCallable().getReturnType() }
|
||||
|
||||
|
||||
@@ -1312,7 +1312,7 @@ class LambdaExpr extends FunctionalExpr, @lambdaexpr {
|
||||
|
||||
/** Gets the body of this lambda expression, if it is an expression. */
|
||||
Expr getExprBody() {
|
||||
this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getResult()
|
||||
this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getExpr()
|
||||
}
|
||||
|
||||
/** Gets the body of this lambda expression, if it is a statement. */
|
||||
@@ -1347,7 +1347,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref {
|
||||
exists(Stmt stmt |
|
||||
stmt = this.asMethod().getBody().(SingletonBlock).getStmt() and
|
||||
(
|
||||
result = stmt.(ReturnStmt).getResult()
|
||||
result = stmt.(ReturnStmt).getExpr()
|
||||
or
|
||||
// Note: Currently never an ExprStmt, but might change once https://github.com/github/codeql/issues/3605 is fixed
|
||||
result = stmt.(ExprStmt).getExpr()
|
||||
|
||||
@@ -680,13 +680,13 @@ class GetterMethod extends Method {
|
||||
GetterMethod() {
|
||||
this.hasNoParameters() and
|
||||
exists(ReturnStmt s, Field f | s = this.getBody().(SingletonBlock).getStmt() |
|
||||
s.getResult() = f.getAnAccess()
|
||||
s.getExpr() = f.getAnAccess()
|
||||
)
|
||||
}
|
||||
|
||||
/** Gets the field whose value is returned by this getter method. */
|
||||
Field getField() {
|
||||
exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getResult() = result.getAnAccess())
|
||||
exists(ReturnStmt r | r.getEnclosingCallable() = this | r.getExpr() = result.getAnAccess())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -854,7 +854,7 @@ private class PpSynchronizedStmt extends PpAst, SynchronizedStmt {
|
||||
|
||||
private class PpReturnStmt extends PpAst, ReturnStmt {
|
||||
override string getPart(int i) {
|
||||
if exists(this.getResult())
|
||||
if exists(this.getExpr())
|
||||
then
|
||||
i = 0 and result = "return "
|
||||
or
|
||||
@@ -864,7 +864,7 @@ private class PpReturnStmt extends PpAst, ReturnStmt {
|
||||
)
|
||||
}
|
||||
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getResult() }
|
||||
override PpAst getChild(int i) { i = 1 and result = this.getExpr() }
|
||||
}
|
||||
|
||||
private class PpThrowStmt extends PpAst, ThrowStmt {
|
||||
|
||||
@@ -627,8 +627,15 @@ class SynchronizedStmt extends Stmt, @synchronizedstmt {
|
||||
|
||||
/** A `return` statement. */
|
||||
class ReturnStmt extends Stmt, @returnstmt {
|
||||
/**
|
||||
* DEPRECATED: Use getExpr() instead.
|
||||
*
|
||||
* Gets the expression returned by this `return` statement, if any.
|
||||
*/
|
||||
deprecated Expr getResult() { result.getParent() = this }
|
||||
|
||||
/** Gets the expression returned by this `return` statement, if any. */
|
||||
Expr getResult() { result.getParent() = this }
|
||||
Expr getExpr() { result.getParent() = this }
|
||||
|
||||
override string pp() { result = "return ..." }
|
||||
|
||||
|
||||
@@ -349,7 +349,7 @@ private module GuardsInput implements SharedGuards::InputSig<Location, ControlFl
|
||||
GuardsInput::Expr getAReturnExpr() {
|
||||
exists(ReturnStmt ret |
|
||||
this = ret.getEnclosingCallable() and
|
||||
ret.getResult() = result
|
||||
ret.getExpr() = result
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -49,9 +49,7 @@ class ConstantMethod extends Method {
|
||||
// Just one return statement
|
||||
count(ReturnStmt rs | rs.getEnclosingCallable() = this) = 1 and
|
||||
// Which returns a constant expr
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = this |
|
||||
rs.getResult() instanceof ConstantExpr
|
||||
) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = this | rs.getExpr() instanceof ConstantExpr) and
|
||||
// And this method is not overridden
|
||||
not exists(Method m | m.overrides(this))
|
||||
}
|
||||
@@ -61,7 +59,7 @@ class ConstantMethod extends Method {
|
||||
*/
|
||||
ConstantExpr getConstantValue() {
|
||||
exists(ReturnStmt returnStmt | returnStmt.getEnclosingCallable() = this |
|
||||
result = returnStmt.getResult()
|
||||
result = returnStmt.getExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -73,7 +73,7 @@ private predicate unboxed(Expr e) {
|
||||
exists(Parameter p | p.getType() instanceof PrimitiveType and p.getAnArgument() = e)
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
ret.getEnclosingCallable().getReturnType() instanceof PrimitiveType and ret.getResult() = e
|
||||
ret.getEnclosingCallable().getReturnType() instanceof PrimitiveType and ret.getExpr() = e
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ module FlowStepsInput implements UniversalFlow::UniversalFlowInput<Location> {
|
||||
n2.asSsa().(Base::SsaPhiDefinition).getAnUltimateDefinition() = n1.asSsa()
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
n2.asMethod() = ret.getEnclosingCallable() and ret.getResult() = n1.asExpr()
|
||||
n2.asMethod() = ret.getEnclosingCallable() and ret.getExpr() = n1.asExpr()
|
||||
)
|
||||
or
|
||||
viableImpl_v1(n2.asExpr()) = n1.asMethod()
|
||||
|
||||
@@ -510,7 +510,7 @@ module Private {
|
||||
/** A data flow node that occurs as the result of a `ReturnStmt`. */
|
||||
class ReturnNode extends Node {
|
||||
ReturnNode() {
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getResult()) or
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getExpr()) or
|
||||
this.(FlowSummaryNode).isReturn()
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ VarAccess valueAccess(EnumConstant e) {
|
||||
or
|
||||
exists(Assignment a | a.getSource() = valueFlow+(result))
|
||||
or
|
||||
exists(ReturnStmt r | r.getResult() = valueFlow+(result))
|
||||
exists(ReturnStmt r | r.getExpr() = valueFlow+(result))
|
||||
or
|
||||
exists(LocalVariableDeclExpr v | v.getInit() = valueFlow+(result))
|
||||
or
|
||||
|
||||
@@ -354,7 +354,7 @@ private module TrackLambda<methodDispatchSig/1 lambdaDispatch0> {
|
||||
predicate returnStep(Node n1, LocalSourceNode n2) {
|
||||
exists(ReturnStmt ret, Method m |
|
||||
ret.getEnclosingCallable() = m and
|
||||
ret.getResult() = n1.asExpr() and
|
||||
ret.getExpr() = n1.asExpr() and
|
||||
m = dispatch(n2.asExpr())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -53,7 +53,7 @@ private predicate viableArgParam(ArgumentNode arg, ParameterNode p) {
|
||||
private predicate returnStep(Node n1, Node n2) {
|
||||
exists(ReturnStmt ret, Method m |
|
||||
ret.getEnclosingCallable() = m and
|
||||
ret.getResult() = n1.asExpr() and
|
||||
ret.getExpr() = n1.asExpr() and
|
||||
pragma[only_bind_out](m) = dispatchCand(n2.asExpr())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -424,7 +424,7 @@ private class JaxRSXssSink extends XssSink {
|
||||
exists(JaxRsResourceMethod resourceMethod, ReturnStmt rs |
|
||||
resourceMethod = any(JaxRsResourceClass resourceClass).getAResourceMethod() and
|
||||
rs.getEnclosingCallable() = resourceMethod and
|
||||
this.asExpr() = rs.getResult()
|
||||
this.asExpr() = rs.getExpr()
|
||||
|
|
||||
not exists(resourceMethod.getProducesAnnotation())
|
||||
or
|
||||
|
||||
@@ -386,7 +386,7 @@ class MockitoMockedObject extends Expr {
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
this.(MethodCall).getMethod() = ret.getEnclosingCallable() and
|
||||
ret.getResult() instanceof MockitoMockedObject
|
||||
ret.getExpr() instanceof MockitoMockedObject
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ class MyBatisInjectionSink extends DataFlow::Node {
|
||||
a.getType() instanceof MyBatisProvider and
|
||||
m.getDeclaringType() = a.getValue(["type", "value"]).(TypeLiteral).getTypeName().getType() and
|
||||
m.hasName(a.getValue("method").(StringLiteral).getValue()) and
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getResult() and ret.getEnclosingCallable() = m)
|
||||
exists(ReturnStmt ret | this.asExpr() = ret.getExpr() and ret.getEnclosingCallable() = m)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ private predicate threadLocalInitialValue(ClassInstanceExpr cie, Method initialV
|
||||
exists(RefType t, ReturnStmt ret |
|
||||
cie.getConstructedType().getSourceDeclaration() = t and
|
||||
t.getASourceSupertype+().hasQualifiedName("java.lang", "ThreadLocal") and
|
||||
ret.getResult() = init and
|
||||
ret.getExpr() = init and
|
||||
ret.getEnclosingCallable() = initialValue and
|
||||
initialValue.hasName("initialValue") and
|
||||
initialValue.getDeclaringType() = t
|
||||
|
||||
@@ -37,7 +37,7 @@ private class AsyncTaskOnPostExecuteAdditionalValueStep extends AdditionalValueS
|
||||
|
|
||||
onPostExecute.getDeclaringType() = runInBackground.getDeclaringType()
|
||||
|
|
||||
node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getResult() and
|
||||
node1.asExpr() = any(ReturnStmt r | r.getEnclosingCallable() = runInBackground).getExpr() and
|
||||
node2.asParameter() = onPostExecute.getParameter(0)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ class LiveLiteralMethod extends Method {
|
||||
|
||||
private predicate methodReturns(Method m, Expr res) {
|
||||
exists(ReturnStmt r |
|
||||
r.getResult() = res and
|
||||
r.getExpr() = res and
|
||||
r.getEnclosingCallable() = m
|
||||
)
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@ ThisAccess forbiddenThisUse(Callable c) {
|
||||
result.getEnclosingCallable() = c and
|
||||
(
|
||||
exists(MethodCall ma | ma.getAnArgument() = result) or
|
||||
exists(ReturnStmt rs | rs.getResult() = result)
|
||||
exists(ReturnStmt rs | rs.getExpr() = result)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ private class SpringXssSink extends XSS::XssSink {
|
||||
SpringXssSink() {
|
||||
exists(SpringRequestMappingMethod requestMappingMethod, ReturnStmt rs |
|
||||
requestMappingMethod = rs.getEnclosingCallable() and
|
||||
this.asExpr() = rs.getResult() and
|
||||
this.asExpr() = rs.getExpr() and
|
||||
(
|
||||
not specifiesContentType(requestMappingMethod) or
|
||||
isXssVulnerableContentTypeExpr(requestMappingMethod.getAProducesExpr())
|
||||
|
||||
@@ -58,9 +58,9 @@ private class HttpResponseGetDescriptionStep extends AdditionalValueStep {
|
||||
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
|
||||
exists(ReturnStmt s, GenerateResponseMethod m |
|
||||
s.getEnclosingCallable() instanceof HudsonWebMethod and
|
||||
boundOrStaticType(s.getResult(), m.getDeclaringType().getADescendant())
|
||||
boundOrStaticType(s.getExpr(), m.getDeclaringType().getADescendant())
|
||||
|
|
||||
n1.asExpr() = s.getResult() and
|
||||
n1.asExpr() = s.getExpr() and
|
||||
n2.(DataFlow::InstanceParameterNode).getCallable() = m
|
||||
)
|
||||
}
|
||||
|
||||
@@ -113,7 +113,7 @@ predicate upcastToWiderType(Expr e) {
|
||||
or
|
||||
exists(CastingExpr c | c.getExpr() = e and t2 = c.getType())
|
||||
or
|
||||
exists(ReturnStmt ret | ret.getResult() = e and t2 = ret.getEnclosingCallable().getReturnType())
|
||||
exists(ReturnStmt ret | ret.getExpr() = e and t2 = ret.getEnclosingCallable().getReturnType())
|
||||
or
|
||||
exists(Parameter p | p.getAnArgument() = e and t2 = p.getType())
|
||||
or
|
||||
|
||||
@@ -25,7 +25,7 @@ class IsValidFragmentMethod extends Method {
|
||||
predicate isUnsafe() {
|
||||
this.getDeclaringType().(AndroidActivity).isExported() and
|
||||
forex(ReturnStmt retStmt | retStmt.getEnclosingCallable() = this |
|
||||
retStmt.getResult().(BooleanLiteral).getBooleanValue() = true
|
||||
retStmt.getExpr().(BooleanLiteral).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -107,7 +107,7 @@ private class StaticInitializationVectorSource extends DataFlow::Node {
|
||||
// Reduce FPs from utility methods that return an empty array in an exceptional case
|
||||
not exists(ReturnStmt ret |
|
||||
array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and
|
||||
DataFlow::localExprFlow(array, ret.getResult())
|
||||
DataFlow::localExprFlow(array, ret.getExpr())
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ private module SafeKryoConfig implements DataFlow::ConfigSig {
|
||||
) {
|
||||
exists(ConstructorCall cc, FunctionalExpr fe |
|
||||
cc.getConstructedType() instanceof KryoPoolBuilder and
|
||||
fe.asMethod().getBody().getAStmt().(ReturnStmt).getResult() = node1.asExpr() and
|
||||
fe.asMethod().getBody().getAStmt().(ReturnStmt).getExpr() = node1.asExpr() and
|
||||
node2.asExpr() = cc and
|
||||
cc.getArgument(0) = fe
|
||||
)
|
||||
|
||||
@@ -13,7 +13,7 @@ private import semmle.code.java.dataflow.ExternalFlow
|
||||
*/
|
||||
private predicate alwaysReturnsTrue(HostnameVerifierVerify m) {
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = m |
|
||||
rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ class Iterable extends Class {
|
||||
exists(Method m |
|
||||
m.getDeclaringType().getSourceDeclaration() = this and
|
||||
m.getName() = "iterator" and
|
||||
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() = result
|
||||
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() = result
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ class EmptyIterableIterator extends IterableIterator {
|
||||
.(SingletonBlock)
|
||||
.getStmt()
|
||||
.(ReturnStmt)
|
||||
.getResult()
|
||||
.getExpr()
|
||||
.(BooleanLiteral)
|
||||
.getBooleanValue() = false
|
||||
)
|
||||
|
||||
@@ -39,7 +39,7 @@ predicate containsSpecialCollection(Expr e, SpecialCollectionCreation origin) {
|
||||
or
|
||||
exists(Call c, ReturnStmt r | e = c |
|
||||
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
|
||||
containsSpecialCollection(r.getResult(), origin)
|
||||
containsSpecialCollection(r.getExpr(), origin)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) {
|
||||
or
|
||||
exists(Call c, ReturnStmt r | e = c |
|
||||
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
|
||||
iterOfSpecialCollection(r.getResult(), origin)
|
||||
iterOfSpecialCollection(r.getExpr(), origin)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ where
|
||||
exists(AssignExpr assgn | va = assgn.getDest() | assgn.getSource() instanceof FreshContainer)
|
||||
or
|
||||
// ...a return (but only if `v` is a local variable)
|
||||
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va)
|
||||
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getExpr() = va)
|
||||
or
|
||||
// ...or a call to a query method on `v`.
|
||||
exists(MethodCall ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod)
|
||||
|
||||
@@ -32,13 +32,13 @@ predicate checksReferenceEquality(EqualsMethod em) {
|
||||
eq.getAnOperand().(VarAccess).getVariable() = em.getParameter(0) and
|
||||
(
|
||||
// `{ return (ojb==this); }`
|
||||
eq = blk.getStmt().(ReturnStmt).getResult()
|
||||
eq = blk.getStmt().(ReturnStmt).getExpr()
|
||||
or
|
||||
// `{ if (ojb==this) return true; else return false; }`
|
||||
exists(IfStmt ifStmt | ifStmt = blk.getStmt() |
|
||||
eq = ifStmt.getCondition() and
|
||||
ifStmt.getThen().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = true and
|
||||
ifStmt.getElse().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = false
|
||||
ifStmt.getThen().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = true and
|
||||
ifStmt.getElse().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = false
|
||||
)
|
||||
)
|
||||
)
|
||||
@@ -47,7 +47,7 @@ predicate checksReferenceEquality(EqualsMethod em) {
|
||||
// More precisely, we check whether the body of `em` is of the form `return super.equals(o);`,
|
||||
// where `o` is the (only) parameter of `em`, and the invoked method is a reference equality check.
|
||||
exists(SuperMethodCall sup |
|
||||
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() and
|
||||
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() and
|
||||
sup.getArgument(0) = em.getParameter(0).getAnAccess() and
|
||||
checksReferenceEquality(sup.getCallee())
|
||||
)
|
||||
|
||||
@@ -22,7 +22,7 @@ class RefiningEquals extends EqualsMethod {
|
||||
// ... on the (only) parameter of this method ...
|
||||
sup.getArgument(0).(VarAccess).getVariable() = this.getAParameter() and
|
||||
// ... and its result is implied by the result of `ret`.
|
||||
exprImplies(ret.getResult(), true, sup, true)
|
||||
exprImplies(ret.getExpr(), true, sup, true)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ class ReferenceEquals extends EqualsMethod {
|
||||
exists(BlockStmt b, ReturnStmt ret, EQExpr eq |
|
||||
this.getBody() = b and
|
||||
b.getStmt(0) = ret and
|
||||
ret.getResult() = eq and
|
||||
ret.getExpr() = eq and
|
||||
eq.getAnOperand() = this.getAParameter().getAnAccess() and
|
||||
(eq.getAnOperand() instanceof ThisAccess or eq.getAnOperand() instanceof FieldAccess)
|
||||
)
|
||||
|
||||
@@ -38,7 +38,7 @@ class StringValue extends Expr {
|
||||
or
|
||||
// Method accesses whose results are all interned.
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodCall).getMethod() |
|
||||
rs.getResult().(StringValue).isInterned()
|
||||
rs.getExpr().(StringValue).isInterned()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,7 +42,7 @@ predicate delegatingOverride(Method sub, Method sup) {
|
||||
delegatingSuperCall(stmt.(ExprStmt).getExpr(), sup)
|
||||
or
|
||||
// ...or a `return` statement containing such a call.
|
||||
delegatingSuperCall(stmt.(ReturnStmt).getResult(), sup)
|
||||
delegatingSuperCall(stmt.(ReturnStmt).getExpr(), sup)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ predicate castTo(ClassInstanceExpr cie, RefType to) {
|
||||
or
|
||||
exists(Call call, int n | call.getArgument(n) = cie | to = call.getCallee().getParameterType(n))
|
||||
or
|
||||
exists(ReturnStmt ret | ret.getResult() = cie | to = ret.getEnclosingCallable().getReturnType())
|
||||
exists(ReturnStmt ret | ret.getExpr() = cie | to = ret.getEnclosingCallable().getReturnType())
|
||||
or
|
||||
exists(ArrayCreationExpr ace | ace.getInit().getAnInit() = cie |
|
||||
to = ace.getType().(Array).getComponentType()
|
||||
|
||||
@@ -31,13 +31,13 @@ private predicate nonChaining(Method m) {
|
||||
|
||||
private predicate nonChainingReturn(Method m, ReturnStmt ret) {
|
||||
// The wrong `this` is returned.
|
||||
ret.getResult() instanceof ThisAccess and
|
||||
ret.getResult().getType() != m.getDeclaringType()
|
||||
ret.getExpr() instanceof ThisAccess and
|
||||
ret.getExpr().getType() != m.getDeclaringType()
|
||||
or
|
||||
// A method call to the wrong method is returned.
|
||||
ret.getResult() instanceof MethodCall and
|
||||
ret.getExpr() instanceof MethodCall and
|
||||
exists(MethodCall delegateCall, Method delegate |
|
||||
delegateCall = ret.getResult() and
|
||||
delegateCall = ret.getExpr() and
|
||||
delegate = delegateCall.getMethod()
|
||||
|
|
||||
delegate.getDeclaringType() != m.getDeclaringType()
|
||||
@@ -54,7 +54,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) {
|
||||
or
|
||||
// Something else is returned.
|
||||
not (
|
||||
ret.getResult() instanceof ThisAccess or
|
||||
ret.getResult() instanceof MethodCall
|
||||
ret.getExpr() instanceof ThisAccess or
|
||||
ret.getExpr() instanceof MethodCall
|
||||
)
|
||||
}
|
||||
|
||||
@@ -45,13 +45,13 @@ predicate castFlow(ArrayCast ce, Variable v) {
|
||||
}
|
||||
|
||||
predicate returnedFrom(ArrayCast ce, Method m) {
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getResult() = ce)
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getExpr() = ce)
|
||||
or
|
||||
exists(Variable v | castFlow(ce, v) | returnedVariableFrom(v, m))
|
||||
}
|
||||
|
||||
predicate returnedVariableFrom(Variable v, Method m) {
|
||||
exists(ReturnStmt ret | ret.getResult() = v.getAnAccess() and ret.getEnclosingCallable() = m)
|
||||
exists(ReturnStmt ret | ret.getExpr() = v.getAnAccess() and ret.getEnclosingCallable() = m)
|
||||
}
|
||||
|
||||
predicate rawTypeConversion(RawType source, ParameterizedType target) {
|
||||
|
||||
@@ -41,7 +41,7 @@ private class VulnerableJHipsterRandomUtilMethod extends Method {
|
||||
this.getReturnType() instanceof TypeString and
|
||||
exists(ReturnStmt s |
|
||||
s = this.getBody().(SingletonBlock).getStmt() and
|
||||
s.getResult() instanceof PredictableApacheRandomStringUtilsMethodCall
|
||||
s.getExpr() instanceof PredictableApacheRandomStringUtilsMethodCall
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -96,7 +96,7 @@ predicate probablyNeverEscapes(LocalVariableDecl v) {
|
||||
// Not assigned directly to another variable.
|
||||
not exists(Assignment a | a.getSource() = v.getAnAccess()) and
|
||||
// Not returned.
|
||||
not exists(ReturnStmt r | r.getResult() = v.getAnAccess()) and
|
||||
not exists(ReturnStmt r | r.getExpr() = v.getAnAccess()) and
|
||||
// All assignments are to new instances of a class.
|
||||
forex(Expr e | e = v.getAnAssignedValue() | e instanceof ClassInstanceExpr)
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ predicate notDeliberatelyBoxed(LocalBoxedVar v) {
|
||||
)
|
||||
or
|
||||
exists(ReturnStmt ret |
|
||||
ret.getResult() = a and
|
||||
ret.getExpr() = a and
|
||||
ret.getEnclosingCallable().getReturnType() instanceof RefType
|
||||
)
|
||||
)
|
||||
|
||||
@@ -51,7 +51,7 @@ predicate storesArray(Callable c, int i, Field f) {
|
||||
predicate returnsArray(Callable c, Field f) {
|
||||
f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and
|
||||
relevantType(f.getType()) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getResult() = f.getAnAccess()) and
|
||||
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getExpr() = f.getAnAccess()) and
|
||||
not c.isStatic()
|
||||
}
|
||||
|
||||
@@ -71,7 +71,7 @@ predicate mayWriteToArray(Expr modified) {
|
||||
)
|
||||
or
|
||||
// return __array__; ... method()[1] = 0
|
||||
exists(ReturnStmt rs | modified = rs.getResult() and relevantType(modified.getType()) |
|
||||
exists(ReturnStmt rs | modified = rs.getExpr() and relevantType(modified.getType()) |
|
||||
exists(Callable enclosing, MethodCall ma |
|
||||
enclosing = rs.getEnclosingCallable() and ma.getMethod().getSourceDeclaration() = enclosing
|
||||
|
|
||||
|
||||
@@ -126,7 +126,7 @@ private predicate delegate(Method caller, Method callee) {
|
||||
exists(MethodCall ma | ma.getMethod() = callee |
|
||||
exists(Stmt stmt | stmt = caller.getBody().(SingletonBlock).getStmt() |
|
||||
wrappedAccess(stmt.(ExprStmt).getExpr(), ma) or
|
||||
wrappedAccess(stmt.(ReturnStmt).getResult(), ma)
|
||||
wrappedAccess(stmt.(ReturnStmt).getExpr(), ma)
|
||||
) and
|
||||
forex(Parameter p, int i, Expr arg | p = caller.getParameter(i) and ma.getArgument(i) = arg |
|
||||
// The parameter is propagated without modification.
|
||||
|
||||
@@ -3,7 +3,7 @@ import java
|
||||
predicate getterFor(Method m, Field f) {
|
||||
m.getName().matches("get%") and
|
||||
m.getDeclaringType() = f.getDeclaringType() and
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getResult() = f.getAnAccess())
|
||||
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getExpr() = f.getAnAccess())
|
||||
}
|
||||
|
||||
predicate setterFor(Method m, Field f) {
|
||||
|
||||
@@ -125,10 +125,10 @@ private class StringFormatMethod extends StringCombiningMethod {
|
||||
class SpringViewManipulationSink extends DataFlow::ExprNode {
|
||||
SpringViewManipulationSink() {
|
||||
exists(ReturnStmt r, SpringRequestMappingMethod m |
|
||||
r.getResult() = this.asExpr() and
|
||||
r.getExpr() = this.asExpr() and
|
||||
m.getBody().getAStmt() = r and
|
||||
not m.isResponseBody() and
|
||||
r.getResult().getType() instanceof TypeString
|
||||
r.getExpr().getType() instanceof TypeString
|
||||
)
|
||||
or
|
||||
exists(ConstructorCall c | c.getConstructedType() instanceof ModelAndView |
|
||||
|
||||
@@ -48,7 +48,7 @@ private class JxBrowserLoadHandler extends RefType {
|
||||
|
||||
private predicate isOnCertificateErrorMethodSafe(Method m) {
|
||||
forex(ReturnStmt rs | rs.getEnclosingCallable() = m |
|
||||
rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig {
|
||||
source.asExpr().(MethodCall).getMethod().hasName("taint")
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() }
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getExpr() }
|
||||
}
|
||||
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
@@ -9,5 +9,5 @@
|
||||
import java
|
||||
|
||||
from ReturnStmt r
|
||||
where r.getResult() instanceof NullLiteral
|
||||
where r.getExpr() instanceof NullLiteral
|
||||
select r
|
||||
|
||||
Reference in New Issue
Block a user