Restrict fluent api models to same type access

2026-05-01 11:45:14 +02:00 · 2021-10-26 16:28:27 +02:00
parent 8564c9001a
commit 747ab122c3
2 changed files with 7 additions and 1 deletions
--- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -22,7 +22,7 @@ string captureFlow(Callable api) {
 string captureQualifierFlow(Callable api) {
  exists(ReturnStmt rtn |
    rtn.getEnclosingCallable() = api and
-    rtn.getResult() instanceof ThisAccess
+    rtn.getResult().(ThisAccess).isOwnInstanceAccess()
  ) and
  result = asValueModel(api, "Argument[-1]", "ReturnValue")
 }
--- a/java/ql/test/utils/model-generator/p/FluentAPI.java
+++ b/java/ql/test/utils/model-generator/p/FluentAPI.java
@@ -6,4 +6,10 @@ public final class FluentAPI {
        return this;
    }

+    public class Inner {
+        public FluentAPI notThis(String input) {
+            return FluentAPI.this;
+        }
+    }
+
 }