hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into next.

Browse Source 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
This commit is contained in:
Aditya Sharad
2018-11-09 18:49:35 +00:00
parent 992a015467 0e9c7fc085
commit 761e5efd60
1273 changed files with 138514 additions and 2413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.xml
View File

@@ -1,5 +1,5 @@
<beans>
<!--Compose configuration files by using the 'import' element.-->
<!--Compose configuration files by using the 'import' element.-->
<import resource="services.xml"/>
<import resource="resources/messageSource.xml"/>

14
java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.xml
View File

@@ -1,13 +1,13 @@
<!--AVOID: Using autowiring makes it difficult to see the dependencies of the bean-->
<bean id="autoWiredOrderService"
class="documentation.examples.spring.OrderService"
autowire="byName"/>
class="documentation.examples.spring.OrderService"
autowire="byName"/>
<!--GOOD: Explicitly specifying the properties of the bean documents its dependencies
and makes the bean configuration easier to maintain-->
<bean id="orderService"
class="documentation.examples.spring.OrderService">
<property name="DAO">
<idref bean="dao"/>
</property>
</bean>
class="documentation.examples.spring.OrderService">
<property name="DAO">
<idref bean="dao"/>
</property>
</bean>

10
java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.xml
View File

@@ -1,13 +1,13 @@
<!--AVOID: Using explicit constructor indices makes the bean configuration
vulnerable to changes to the constructor-->
<bean id="billingService1" class="documentation.examples.spring.BillingService">
<constructor-arg index="0" value="John Doe"/>
<constructor-arg index="1" ref="dao"/>
<constructor-arg index="0" value="John Doe"/>
<constructor-arg index="1" ref="dao"/>
</bean>
<!--GOOD: Using type matching makes the bean configuration more robust to changes in
the constructor-->
<bean id="billingService2" class="documentation.examples.spring.BillingService">
<constructor-arg ref="dao"/>
<constructor-arg type="java.lang.String" value="Jane Doe"/>
</bean>
<constructor-arg ref="dao"/>
<constructor-arg type="java.lang.String" value="Jane Doe"/>
</bean>

14
java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.java
View File

@@ -1,13 +1,13 @@
public static void main(String args[]) {
Random r = new Random();
Random r = new Random();
// BAD: 'mayBeNegativeInt' is negative if
// 'nextInt()' returns 'Integer.MIN_VALUE'.
int mayBeNegativeInt = Math.abs(r.nextInt());
// BAD: 'mayBeNegativeInt' is negative if
// 'nextInt()' returns 'Integer.MIN_VALUE'.
int mayBeNegativeInt = Math.abs(r.nextInt());
// GOOD: 'nonNegativeInt' is always a value between 0 (inclusive)
// and Integer.MAX_VALUE (exclusive).
int nonNegativeInt = r.nextInt(Integer.MAX_VALUE);
// GOOD: 'nonNegativeInt' is always a value between 0 (inclusive)
// and Integer.MAX_VALUE (exclusive).
int nonNegativeInt = r.nextInt(Integer.MAX_VALUE);
// GOOD: When 'nextInt' returns a negative number increment the returned value.
int nextInt = r.nextInt();

38
java/ql/src/Likely Bugs/Comparison/CovariantEquals.java
View File

@@ -1,16 +1,16 @@
class BadPoint {
int x;
int y;
int x;
int y;
BadPoint(int x, int y) {
this.x = x;
this.y = y;
}
BadPoint(int x, int y) {
this.x = x;
this.y = y;
}
// overloaded equals method -- should be avoided
public boolean equals(BadPoint q) {
return x == q.x && y == q.y;
}
// overloaded equals method -- should be avoided
public boolean equals(BadPoint q) {
return x == q.x && y == q.y;
}
}
BadPoint p = new BadPoint(1, 2);
@@ -18,22 +18,22 @@ Object q = new BadPoint(1, 2);
boolean badEquals = p.equals(q); // evaluates to false
class GoodPoint {
int x;
int y;
int x;
int y;
GoodPoint(int x, int y) {
this.x = x;
this.y = y;
}
GoodPoint(int x, int y) {
this.x = x;
this.y = y;
}
// correctly overrides Object.equals(Object)
public boolean equals(Object obj) {
// correctly overrides Object.equals(Object)
public boolean equals(Object obj) {
if (obj != null && getClass() == obj.getClass()) {
GoodPoint q = (GoodPoint)obj;
return x == q.x && y == q.y;
}
return false;
}
}
}
GoodPoint r = new GoodPoint(1, 2);

44
java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.java
View File

@@ -1,30 +1,30 @@
public class DefineEqualsWhenAddingFields {
static class Square {
protected int width = 0;
public Square(int width) {
this.width = width;
}
static class Square {
protected int width = 0;
public Square(int width) {
this.width = width;
}
@Override
public boolean equals(Object thatO) { // This method works only for squares.
if(thatO != null && getClass() == thatO.getClass() ) {
public boolean equals(Object thatO) { // This method works only for squares.
if(thatO != null && getClass() == thatO.getClass() ) {
Square that = (Square)thatO;
return width == that.width;
}
}
return false;
}
}
}
}
static class Rectangle extends Square {
private int height = 0;
public Rectangle(int width, int height) {
super(width);
this.height = height;
}
}
static class Rectangle extends Square {
private int height = 0;
public Rectangle(int width, int height) {
super(width);
this.height = height;
}
}
public static void main(String[] args) {
Rectangle r1 = new Rectangle(4, 3);
Rectangle r2 = new Rectangle(4, 5);
System.out.println(r1.equals(r2)); // Outputs 'true'
}
public static void main(String[] args) {
Rectangle r1 = new Rectangle(4, 3);
Rectangle r2 = new Rectangle(4, 5);
System.out.println(r1.equals(r2)); // Outputs 'true'
}
}

80
java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.java
View File

@@ -1,69 +1,69 @@
class BadPoint {
int x;
int y;
int x;
int y;
BadPoint(int x, int y) {
this.x = x;
this.y = y;
}
BadPoint(int x, int y) {
this.x = x;
this.y = y;
}
public boolean equals(Object o) {
if(!(o instanceof BadPoint))
return false;
BadPoint q = (BadPoint)o;
return x == q.x && y == q.y;
}
public boolean equals(Object o) {
if(!(o instanceof BadPoint))
return false;
BadPoint q = (BadPoint)o;
return x == q.x && y == q.y;
}
}
class BadPointExt extends BadPoint {
String s;
String s;
BadPointExt(int x, int y, String s) {
super(x, y);
this.s = s;
}
BadPointExt(int x, int y, String s) {
super(x, y);
this.s = s;
}
// violates symmetry of equals contract
public boolean equals(Object o) {
if(!(o instanceof BadPointExt)) return false;
BadPointExt q = (BadPointExt)o;
return super.equals(o) && (q.s==null ? s==null : q.s.equals(s));
}
// violates symmetry of equals contract
public boolean equals(Object o) {
if(!(o instanceof BadPointExt)) return false;
BadPointExt q = (BadPointExt)o;
return super.equals(o) && (q.s==null ? s==null : q.s.equals(s));
}
}
class GoodPoint {
int x;
int y;
int x;
int y;
GoodPoint(int x, int y) {
this.x = x;
this.y = y;
}
GoodPoint(int x, int y) {
this.x = x;
this.y = y;
}
public boolean equals(Object o) {
public boolean equals(Object o) {
if (o != null && getClass() == o.getClass()) {
GoodPoint q = (GoodPoint)o;
return x == q.x && y == q.y;
}
return false;
}
}
}
class GoodPointExt extends GoodPoint {
String s;
String s;
GoodPointExt(int x, int y, String s) {
super(x, y);
this.s = s;
}
GoodPointExt(int x, int y, String s) {
super(x, y);
this.s = s;
}
public boolean equals(Object o) {
public boolean equals(Object o) {
if (o != null && getClass() == o.getClass()) {
GoodPointExt q = (GoodPointExt)o;
return super.equals(o) && (q.s==null ? s==null : q.s.equals(s));
}
return false;
}
}
return false;
}
}
BadPoint p = new BadPoint(1, 2);

20
java/ql/src/Likely Bugs/Comparison/HashedButNoHash.java
View File

@@ -8,17 +8,17 @@ class Point {
}
public boolean equals(Object o) {
if (!(o instanceof Point)) return false;
Point q = (Point)o;
return x == q.x && y == q.y;
if (!(o instanceof Point)) return false;
Point q = (Point)o;
return x == q.x && y == q.y;
}
// Implement hashCode so that equivalent points (with the same values of x and y) have the
// same hash code
// Implement hashCode so that equivalent points (with the same values of x and y) have the
// same hash code
public int hashCode() {
int hash = 7;
hash = 31*hash + x;
hash = 31*hash + y;
return hash;
int hash = 7;
hash = 31*hash + x;
hash = 31*hash + y;
return hash;
}
}
}

44
java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.java
View File

@@ -1,30 +1,30 @@
class LocalCache {
private Collection<NativeResource> localResources;
//...
protected void finalize() throws Throwable {
for (NativeResource r : localResources) {
r.dispose();
}
};
private Collection<NativeResource> localResources;
//...
protected void finalize() throws Throwable {
for (NativeResource r : localResources) {
r.dispose();
}
};
}
class WrongCache extends LocalCache {
//...
@Override
protected void finalize() throws Throwable {
// BAD: Empty 'finalize', which does not call 'super.finalize'.
// Native resources in LocalCache are not disposed of.
}
//...
@Override
protected void finalize() throws Throwable {
// BAD: Empty 'finalize', which does not call 'super.finalize'.
// Native resources in LocalCache are not disposed of.
}
}
class RightCache extends LocalCache {
//...
@Override
protected void finalize() throws Throwable {
// GOOD: 'finalize' calls 'super.finalize'.
//...
@Override
protected void finalize() throws Throwable {
// GOOD: 'finalize' calls 'super.finalize'.
// Native resources in LocalCache are disposed of.
super.finalize();
}
}
super.finalize();
}
}

8
java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.java
View File

@@ -3,9 +3,9 @@ import java.io.File;
class ContainerSizeCmpZero
{
private static File MakeFile(String filename) {
if(filename != null && filename.length() >= 0) {
return new File(filename);
}
return new File("default.name");
if(filename != null && filename.length() >= 0) {
return new File(filename);
}
return new File("default.name");
}
}

8
java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZeroGood.java
View File

@@ -3,9 +3,9 @@ import java.io.File;
class ContainerSizeCmpZero
{
private static File MakeFile(String filename) {
if(filename != null && !filename.isEmpty()) {
return new File(filename);
}
return new File("default.name");
if(filename != null && !filename.isEmpty()) {
return new File(filename);
}
return new File("default.name");
}
}

60
java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.java
View File

@@ -1,37 +1,37 @@
class WrongMemo implements Externalizable {
private String memo;
private String memo;
// BAD: No public no-argument constructor is defined. Deserializing this object
// causes an 'InvalidClassException'.
public WrongMemo(String memo) {
this.memo = memo;
}
public void writeExternal(ObjectOutput arg0) throws IOException {
//...
}
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
//...
}
// BAD: No public no-argument constructor is defined. Deserializing this object
// causes an 'InvalidClassException'.
public WrongMemo(String memo) {
this.memo = memo;
}
public void writeExternal(ObjectOutput arg0) throws IOException {
//...
}
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
//...
}
}
class Memo implements Externalizable {
private String memo;
private String memo;
// GOOD: Declare a public no-argument constructor, which is used by the
// serialization framework when the object is deserialized.
public Memo() {
}
public Memo(String memo) {
this.memo = memo;
}
// GOOD: Declare a public no-argument constructor, which is used by the
// serialization framework when the object is deserialized.
public Memo() {
}
public void writeExternal(ObjectOutput out) throws IOException {
//...
}
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
//...
}
}
public Memo(String memo) {
this.memo = memo;
}
public void writeExternal(ObjectOutput out) throws IOException {
//...
}
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
//...
}
}

28
java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.java
View File

@@ -1,25 +1,25 @@
public static void main(String[] args) {
{
try {
{
try {
TestImpl obj = new TestImpl();
// BAD: default socket factory is used
Test stub = (Test) UnicastRemoteObject.exportObject(obj, 0);
} catch (Exception e) {
// fail
}
}
{
try {
TestImpl obj = new TestImpl();
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
}
}
{
try {
TestImpl obj = new TestImpl();
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
// GOOD: SSL factories are used
Test stub = (Test) UnicastRemoteObject.exportObject(obj, 0, csf, ssf);
} catch (Exception e) {
// fail
}
}
}
}
}
}

28
java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArrayGood.java
View File

@@ -1,8 +1,8 @@
// Solution 1: Extract to individual constants
public class Display {
public static final String RED = "FF0000";
public static final String GREEN = "00FF00";
public static final String BLUE = "0000FF";
public static final String RED = "FF0000";
public static final String GREEN = "00FF00";
public static final String BLUE = "0000FF";
}
// Solution 2: Define constants using in an enum type
@@ -21,22 +21,22 @@ public enum Display
// Solution 3: Use an unmodifiable collection
public class Display {
public static final List<String> RGB =
Collections.unmodifiableList(
Arrays.asList("FF0000",
"00FF00",
"0000FF"));
public static final List<String> RGB =
Collections.unmodifiableList(
Arrays.asList("FF0000",
"00FF00",
"0000FF"));
}
// Solution 4: Use a utility method
public class Utils {
public static <T> List<T> constList(T... values) {
return Collections.unmodifiableList(
Arrays.asList(values));
}
public static <T> List<T> constList(T... values) {
return Collections.unmodifiableList(
Arrays.asList(values));
}
}
public class Display {
public static final List<String> RGB =
Utils.constList("FF0000", "00FF00", "0000FF");
public static final List<String> RGB =
Utils.constList("FF0000", "00FF00", "0000FF");
}

14
java/ql/src/external/DuplicateAnonymous.java vendored
View File

@@ -3,7 +3,7 @@ button1.addActionListener(new ActionListener() {
public void actionPerfored(ActionEvent e)
{
for (ActionListener listener: listeners)
listeners.actionPerformed(e);
listeners.actionPerformed(e);
}
});
@@ -11,7 +11,7 @@ button2.addActionListener(new ActionListener() {
public void actionPerfored(ActionEvent e)
{
for (ActionListener listener: listeners)
listeners.actionPerformed(e);
listeners.actionPerformed(e);
}
});
@@ -19,12 +19,12 @@ button2.addActionListener(new ActionListener() {
// GOOD: Better solution:
class MultiplexingListener implements ActionListener {
public void actionPerformed(ActionEvent e) {
for (ActionListener listener : listeners)
listener.actionPerformed(e);
}
public void actionPerformed(ActionEvent e) {
for (ActionListener listener : listeners)
listener.actionPerformed(e);
}
}
button1.addActionListener(new MultiplexingListener());
button2.addActionListener(new MultiplexingListener());
// ... and so on.
// ... and so on.

6
java/ql/src/semmle/code/java/dataflow/SSA.qll
View File

@@ -225,7 +225,8 @@ private module SsaImpl {
cached
predicate certainVariableUpdate(TrackedVar v, ControlFlowNode n, BasicBlock b, int i) {
exists(VariableUpdate a | a = n | getDestVar(a) = v) and
b.getNode(i) = n
b.getNode(i) = n and
hasDominanceInformation(b)
or
certainVariableUpdate(v.getQualifier(), n, b, i)
}
@@ -559,7 +560,8 @@ private module SsaImpl {
cached
predicate uncertainVariableUpdate(TrackedVar v, ControlFlowNode n, BasicBlock b, int i) {
exists(Call c | c = n | updatesNamedField(c, v, _)) and
b.getNode(i) = n
b.getNode(i) = n and
hasDominanceInformation(b)
or
uncertainVariableUpdate(v.getQualifier(), n, b, i)
}

3
java/ql/src/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -72,7 +72,8 @@ private module SsaImpl {
cached
predicate variableUpdate(BaseSsaSourceVariable v, ControlFlowNode n, BasicBlock b, int i) {
exists(VariableUpdate a | a = n | getDestVar(a) = v) and
b.getNode(i) = n
b.getNode(i) = n and
hasDominanceInformation(b)
}
/** Gets the definition point of a nested class in the parent scope. */