hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Rename ReturnStmt.getResult to getExpr.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2026-02-04 13:56:50 +01:00
parent 36fa0a22f9
commit 6f40ac15b4
51 changed files with 75 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Language Abuse/IterableClass.qll
View File

@@ -12,7 +12,7 @@ class Iterable extends Class {
exists(Method m |
m.getDeclaringType().getSourceDeclaration() = this and
m.getName() = "iterator" and
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() = result
m.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() = result
)
}
}

2
java/ql/src/Language Abuse/IterableIterator.ql
View File

@@ -30,7 +30,7 @@ class EmptyIterableIterator extends IterableIterator {
.(SingletonBlock)
.getStmt()
.(ReturnStmt)
.getResult()
.getExpr()
.(BooleanLiteral)
.getBooleanValue() = false
)

4
java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
View File

@@ -39,7 +39,7 @@ predicate containsSpecialCollection(Expr e, SpecialCollectionCreation origin) {
or
exists(Call c, ReturnStmt r | e = c |
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
containsSpecialCollection(r.getResult(), origin)
containsSpecialCollection(r.getExpr(), origin)
)
}
@@ -61,7 +61,7 @@ predicate iterOfSpecialCollection(Expr e, SpecialCollectionCreation origin) {
or
exists(Call c, ReturnStmt r | e = c |
r.getEnclosingCallable() = c.getCallee().getSourceDeclaration() and
iterOfSpecialCollection(r.getResult(), origin)
iterOfSpecialCollection(r.getExpr(), origin)
)
}

2
java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
View File

@@ -29,7 +29,7 @@ where
exists(AssignExpr assgn | va = assgn.getDest() | assgn.getSource() instanceof FreshContainer)
or
// ...a return (but only if `v` is a local variable)
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va)
v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getExpr() = va)
or
// ...or a call to a query method on `v`.
exists(MethodCall ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod)

8
java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql
View File

@@ -32,13 +32,13 @@ predicate checksReferenceEquality(EqualsMethod em) {
eq.getAnOperand().(VarAccess).getVariable() = em.getParameter(0) and
(
// `{ return (ojb==this); }`
eq = blk.getStmt().(ReturnStmt).getResult()
eq = blk.getStmt().(ReturnStmt).getExpr()
or
// `{ if (ojb==this) return true; else return false; }`
exists(IfStmt ifStmt | ifStmt = blk.getStmt() |
eq = ifStmt.getCondition() and
ifStmt.getThen().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = true and
ifStmt.getElse().(ReturnStmt).getResult().(BooleanLiteral).getBooleanValue() = false
ifStmt.getThen().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = true and
ifStmt.getElse().(ReturnStmt).getExpr().(BooleanLiteral).getBooleanValue() = false
)
)
)
@@ -47,7 +47,7 @@ predicate checksReferenceEquality(EqualsMethod em) {
// More precisely, we check whether the body of `em` is of the form `return super.equals(o);`,
// where `o` is the (only) parameter of `em`, and the invoked method is a reference equality check.
exists(SuperMethodCall sup |
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getResult() and
sup = em.getBody().(SingletonBlock).getStmt().(ReturnStmt).getExpr() and
sup.getArgument(0) = em.getParameter(0).getAnAccess() and
checksReferenceEquality(sup.getCallee())
)

2
java/ql/src/Likely Bugs/Comparison/Equality.qll
View File

@@ -22,7 +22,7 @@ class RefiningEquals extends EqualsMethod {
// ... on the (only) parameter of this method ...
sup.getArgument(0).(VarAccess).getVariable() = this.getAParameter() and
// ... and its result is implied by the result of `ret`.
exprImplies(ret.getResult(), true, sup, true)
exprImplies(ret.getExpr(), true, sup, true)
)
)
}

2
java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
View File

@@ -52,7 +52,7 @@ class ReferenceEquals extends EqualsMethod {
exists(BlockStmt b, ReturnStmt ret, EQExpr eq |
this.getBody() = b and
b.getStmt(0) = ret and
ret.getResult() = eq and
ret.getExpr() = eq and
eq.getAnOperand() = this.getAParameter().getAnAccess() and
(eq.getAnOperand() instanceof ThisAccess or eq.getAnOperand() instanceof FieldAccess)
)

2
java/ql/src/Likely Bugs/Comparison/StringComparison.ql
View File

@@ -38,7 +38,7 @@ class StringValue extends Expr {
or
// Method accesses whose results are all interned.
forex(ReturnStmt rs | rs.getEnclosingCallable() = this.(MethodCall).getMethod() |
rs.getResult().(StringValue).isInterned()
rs.getExpr().(StringValue).isInterned()
)
}
}

2
java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
View File

@@ -42,7 +42,7 @@ predicate delegatingOverride(Method sub, Method sup) {
delegatingSuperCall(stmt.(ExprStmt).getExpr(), sup)
or
// ...or a `return` statement containing such a call.
delegatingSuperCall(stmt.(ReturnStmt).getResult(), sup)
delegatingSuperCall(stmt.(ReturnStmt).getExpr(), sup)
)
)
}

2
java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
View File

@@ -32,7 +32,7 @@ predicate castTo(ClassInstanceExpr cie, RefType to) {
or
exists(Call call, int n | call.getArgument(n) = cie | to = call.getCallee().getParameterType(n))
or
exists(ReturnStmt ret | ret.getResult() = cie | to = ret.getEnclosingCallable().getReturnType())
exists(ReturnStmt ret | ret.getExpr() = cie | to = ret.getEnclosingCallable().getReturnType())
or
exists(ArrayCreationExpr ace | ace.getInit().getAnInit() = cie |
to = ace.getType().(Array).getComponentType()

12
java/ql/src/Likely Bugs/Statements/Chaining.qll
View File

@@ -31,13 +31,13 @@ private predicate nonChaining(Method m) {
private predicate nonChainingReturn(Method m, ReturnStmt ret) {
// The wrong `this` is returned.
ret.getResult() instanceof ThisAccess and
ret.getResult().getType() != m.getDeclaringType()
ret.getExpr() instanceof ThisAccess and
ret.getExpr().getType() != m.getDeclaringType()
or
// A method call to the wrong method is returned.
ret.getResult() instanceof MethodCall and
ret.getExpr() instanceof MethodCall and
exists(MethodCall delegateCall, Method delegate |
delegateCall = ret.getResult() and
delegateCall = ret.getExpr() and
delegate = delegateCall.getMethod()
|
delegate.getDeclaringType() != m.getDeclaringType()
@@ -54,7 +54,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) {
or
// Something else is returned.
not (
ret.getResult() instanceof ThisAccess or
ret.getResult() instanceof MethodCall
ret.getExpr() instanceof ThisAccess or
ret.getExpr() instanceof MethodCall
)
}

4
java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql
View File

@@ -45,13 +45,13 @@ predicate castFlow(ArrayCast ce, Variable v) {
}
predicate returnedFrom(ArrayCast ce, Method m) {
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getResult() = ce)
exists(ReturnStmt ret | ret.getEnclosingCallable() = m | ret.getExpr() = ce)
or
exists(Variable v | castFlow(ce, v) | returnedVariableFrom(v, m))
}
predicate returnedVariableFrom(Variable v, Method m) {
exists(ReturnStmt ret | ret.getResult() = v.getAnAccess() and ret.getEnclosingCallable() = m)
exists(ReturnStmt ret | ret.getExpr() = v.getAnAccess() and ret.getEnclosingCallable() = m)
}
predicate rawTypeConversion(RawType source, ParameterizedType target) {

2
java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
View File

@@ -41,7 +41,7 @@ private class VulnerableJHipsterRandomUtilMethod extends Method {
this.getReturnType() instanceof TypeString and
exists(ReturnStmt s |
s = this.getBody().(SingletonBlock).getStmt() and
s.getResult() instanceof PredictableApacheRandomStringUtilsMethodCall
s.getExpr() instanceof PredictableApacheRandomStringUtilsMethodCall
)
}
}

2
java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
View File

@@ -96,7 +96,7 @@ predicate probablyNeverEscapes(LocalVariableDecl v) {
// Not assigned directly to another variable.
not exists(Assignment a | a.getSource() = v.getAnAccess()) and
// Not returned.
not exists(ReturnStmt r | r.getResult() = v.getAnAccess()) and
not exists(ReturnStmt r | r.getExpr() = v.getAnAccess()) and
// All assignments are to new instances of a class.
forex(Expr e | e = v.getAnAssignedValue() | e instanceof ClassInstanceExpr)
}

2
java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
View File

@@ -35,7 +35,7 @@ predicate notDeliberatelyBoxed(LocalBoxedVar v) {
)
or
exists(ReturnStmt ret |
ret.getResult() = a and
ret.getExpr() = a and
ret.getEnclosingCallable().getReturnType() instanceof RefType
)
)

4
java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
View File

@@ -51,7 +51,7 @@ predicate storesArray(Callable c, int i, Field f) {
predicate returnsArray(Callable c, Field f) {
f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and
relevantType(f.getType()) and
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getResult() = f.getAnAccess()) and
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getExpr() = f.getAnAccess()) and
not c.isStatic()
}
@@ -71,7 +71,7 @@ predicate mayWriteToArray(Expr modified) {
)
or
// return __array__; ... method()[1] = 0
exists(ReturnStmt rs | modified = rs.getResult() and relevantType(modified.getType()) |
exists(ReturnStmt rs | modified = rs.getExpr() and relevantType(modified.getType()) |
exists(Callable enclosing, MethodCall ma |
enclosing = rs.getEnclosingCallable() and ma.getMethod().getSourceDeclaration() = enclosing
|

2
java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
View File

@@ -126,7 +126,7 @@ private predicate delegate(Method caller, Method callee) {
exists(MethodCall ma | ma.getMethod() = callee |
exists(Stmt stmt | stmt = caller.getBody().(SingletonBlock).getStmt() |
wrappedAccess(stmt.(ExprStmt).getExpr(), ma) or
wrappedAccess(stmt.(ReturnStmt).getResult(), ma)
wrappedAccess(stmt.(ReturnStmt).getExpr(), ma)
) and
forex(Parameter p, int i, Expr arg | p = caller.getParameter(i) and ma.getArgument(i) = arg |
// The parameter is propagated without modification.

2
java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll
View File

@@ -3,7 +3,7 @@ import java
predicate getterFor(Method m, Field f) {
m.getName().matches("get%") and
m.getDeclaringType() = f.getDeclaringType() and
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getResult() = f.getAnAccess())
exists(ReturnStmt ret | ret.getEnclosingCallable() = m and ret.getExpr() = f.getAnAccess())
}
predicate setterFor(Method m, Field f) {

4
java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
View File

@@ -125,10 +125,10 @@ private class StringFormatMethod extends StringCombiningMethod {
class SpringViewManipulationSink extends DataFlow::ExprNode {
SpringViewManipulationSink() {
exists(ReturnStmt r, SpringRequestMappingMethod m |
r.getResult() = this.asExpr() and
r.getExpr() = this.asExpr() and
m.getBody().getAStmt() = r and
not m.isResponseBody() and
r.getResult().getType() instanceof TypeString
r.getExpr().getType() instanceof TypeString
)
or
exists(ConstructorCall c | c.getConstructedType() instanceof ModelAndView |

2
java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
View File

@@ -48,7 +48,7 @@ private class JxBrowserLoadHandler extends RefType {
private predicate isOnCertificateErrorMethodSafe(Method m) {
forex(ReturnStmt rs | rs.getEnclosingCallable() = m |
rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true
rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true
)
}