Merge branch 'main' into fix/thread-resource-arithmetic

2026-04-27 09:45:15 +02:00 · 2023-10-10 09:38:16 -07:00
parent 80c8259e34 f1266a3e81
commit 7a4382fb69
392 changed files with 12506 additions and 5953 deletions
--- a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected
+++ b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.expected
@@ -1,14 +1,54 @@
-| Test.java:24:26:24:51 | ...::... | Test$Generic<Number>$Inner<>.Inner<> | Test$Generic$Inner.class:0:0:0:0 | Inner<> |
-| Test.java:38:29:38:42 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test |
-| Test.java:39:29:39:42 | ...::... | java.lang.Object.hashCode | Test.java:1:7:1:10 | Test |
-| Test.java:40:29:40:39 | ...::... | java.lang.Object.clone | Test.java:1:7:1:10 | Test |
-| Test.java:41:40:41:64 | ...::... | java.lang.Object.toString | Test$Generic.class:0:0:0:0 | Generic<String> |
-| Test.java:43:23:43:36 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test |
-| Test.java:44:23:44:36 | ...::... | java.lang.Object.hashCode | Test.java:1:7:1:10 | Test |
-| Test.java:45:23:45:33 | ...::... | java.lang.Object.clone | Test.java:1:7:1:10 | Test |
-| Test.java:48:22:48:35 | ...::... | java.lang.Object.toString | Test.java:1:7:1:10 | Test |
-| Test.java:51:13:51:21 | ...::... | Test.Test | Test.java:1:7:1:10 | Test |
-| Test.java:52:13:52:32 | ...::... | Test$Generic<String>.Generic<String> | Test$Generic.class:0:0:0:0 | Generic<String> |
-| Test.java:56:13:56:22 | ...::... |  | file://:0:0:0:0 | int[] |
-| Test.java:57:13:57:26 | ...::... |  | file://:0:0:0:0 | Generic<>[] |
-| Test.java:61:31:61:47 | ...::... | Test.doSomething | Test.java:1:7:1:10 | Test |
+getReferencedCallable
+| Test.java:26:31:26:52 | ...::... | java.lang.Object.toString |
+| Test.java:27:31:27:53 | ...::... | java.lang.Object.toString |
+| Test.java:32:27:32:52 | ...::... | Test$Generic<Number>$Inner<>.Inner<> |
+| Test.java:33:27:33:41 | ...::... | java.lang.Object.toString |
+| Test.java:49:29:49:42 | ...::... | java.lang.Object.toString |
+| Test.java:50:29:50:42 | ...::... | java.lang.Object.hashCode |
+| Test.java:51:29:51:39 | ...::... | java.lang.Object.clone |
+| Test.java:52:40:52:64 | ...::... | java.lang.Object.toString |
+| Test.java:54:23:54:36 | ...::... | java.lang.Object.toString |
+| Test.java:55:23:55:36 | ...::... | java.lang.Object.hashCode |
+| Test.java:56:23:56:33 | ...::... | java.lang.Object.clone |
+| Test.java:57:23:57:59 | ...::... | java.lang.Object.toString |
+| Test.java:57:35:57:48 | ...::... | java.lang.Object.toString |
+| Test.java:60:23:60:36 | ...::... | java.lang.Object.toString |
+| Test.java:62:23:62:40 | ...::... | Test.staticMethod |
+| Test.java:65:13:65:21 | ...::... | Test.Test |
+| Test.java:66:13:66:32 | ...::... | Test$Generic<String>.Generic<String> |
+| Test.java:75:31:75:47 | ...::... | Test.doSomething |
+getReceiverExpr
+| Test.java:26:31:26:52 | ...::... | Test.java:26:31:26:42 | Generic<>.this |
+| Test.java:27:31:27:53 | ...::... | Test.java:27:31:27:43 | Generic<>.super |
+| Test.java:32:27:32:52 | ...::... | Test.java:32:27:32:47 | Generic<Number>.Inner<> |
+| Test.java:33:27:33:41 | ...::... | Test.java:33:27:33:31 | super |
+| Test.java:54:23:54:36 | ...::... | Test.java:54:23:54:26 | this |
+| Test.java:55:23:55:36 | ...::... | Test.java:55:23:55:26 | this |
+| Test.java:56:23:56:33 | ...::... | Test.java:56:23:56:26 | this |
+| Test.java:57:23:57:59 | ...::... | Test.java:57:24:57:48 | (...)... |
+| Test.java:57:35:57:48 | ...::... | Test.java:57:35:57:38 | this |
+| Test.java:60:23:60:36 | ...::... | Test.java:60:23:60:26 | this |
+| Test.java:62:23:62:40 | ...::... | Test.java:62:23:62:26 | Test |
+| Test.java:65:13:65:21 | ...::... | Test.java:65:13:65:16 | Test |
+| Test.java:66:13:66:32 | ...::... | Test.java:66:13:66:27 | Generic<String> |
+getReceiverType
+| Test.java:26:31:26:52 | ...::... | Test.java:19:18:19:24 | Generic |
+| Test.java:27:31:27:53 | ...::... | Test.java:16:18:16:26 | BaseClass |
+| Test.java:32:27:32:52 | ...::... | Test$Generic$Inner.class:0:0:0:0 | Inner<> |
+| Test.java:33:27:33:41 | ...::... | Test.java:16:18:16:26 | BaseClass |
+| Test.java:49:29:49:42 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:50:29:50:42 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:51:29:51:39 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:52:40:52:64 | ...::... | Test$Generic.class:0:0:0:0 | Generic<String> |
+| Test.java:54:23:54:36 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:55:23:55:36 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:56:23:56:33 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:57:23:57:59 | ...::... | Test.java:10:15:10:22 | Supplier |
+| Test.java:57:35:57:48 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:60:23:60:36 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:62:23:62:40 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:65:13:65:21 | ...::... | Test.java:1:7:1:10 | Test |
+| Test.java:66:13:66:32 | ...::... | Test$Generic.class:0:0:0:0 | Generic<String> |
+| Test.java:70:13:70:22 | ...::... | file://:0:0:0:0 | int[] |
+| Test.java:71:13:71:26 | ...::... | file://:0:0:0:0 | Generic<>[] |
+| Test.java:75:31:75:47 | ...::... | Test.java:1:7:1:10 | Test |
--- a/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql
+++ b/java/ql/test/library-tests/MemberRefExpr/MemberRefExpr.ql
@@ -1,10 +1,10 @@
 import java

-string getReferencedCallable(MemberRefExpr e) {
-  if exists(e.getReferencedCallable())
-  then result = e.getReferencedCallable().getQualifiedName()
-  else result = ""
+query string getReferencedCallable(MemberRefExpr e) {
+  // Use qualified name because some callables don't have a source location (e.g. `Object.toString`)
+  result = e.getReferencedCallable().getQualifiedName()
 }

-from MemberRefExpr e
-select e, getReferencedCallable(e), e.getReceiverType()
+query Expr getReceiverExpr(MemberRefExpr e) { result = e.getReceiverExpr() }
+
+query RefType getReceiverType(MemberRefExpr e) { result = e.getReceiverType() }
--- a/java/ql/test/library-tests/MemberRefExpr/Test.java
+++ b/java/ql/test/library-tests/MemberRefExpr/Test.java
@@ -13,20 +13,31 @@ class Test {

    public Test() { }

-    static class Generic<T> {
+    static class BaseClass {
+    }
+
+    static class Generic<T> extends BaseClass {
        public Generic() { }

        class Inner {
            public Inner() { }
+
+            void test() {
+                Supplier s0 = Generic.this::toString;
+                Supplier s1 = Generic.super::toString;
+            }
        }

        void test() {
-            Supplier s = Generic<Number>.Inner::new;
+            Supplier s0 = Generic<Number>.Inner::new;
+            Supplier s1 = super::toString;
        }
    }

    void doSomething() { }

+    static void staticMethod() { }
+
    static class Sub extends Test {
    }

@@ -43,9 +54,12 @@ class Test {
        Supplier s0 = this::toString;
        Supplier s1 = this::hashCode;
        Supplier s2 = this::clone;
+        Supplier s3 = ((Supplier) this::toString)::toString;

        // Discards result of method call
-        Runnable r = this::toString;
+        Runnable r0 = this::toString;
+
+        Runnable r1 = Test::staticMethod;

        Supplier[] classInstances = {
            Test::new,
--- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql
+++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.ql
@@ -9,7 +9,7 @@ class TestRemoteFlowSource extends RemoteFlowSource {
 }

 module TaintFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node n) {
    exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
--- a/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql
+++ b/java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql
@@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node node) {
    DefaultFlowConfig::isSource(node)
    or
-    node instanceof RemoteFlowSource
+    node instanceof ThreatModelFlowSource
  }

  predicate isSink = DefaultFlowConfig::isSink/1;
--- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
@@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest

 module ProviderTaintFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node n) { n instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) }

--- a/java/ql/test/library-tests/frameworks/android/external-storage/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/external-storage/test.ql
@@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest

 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) {
    sink.asExpr().(Argument).getCall().getCallee().hasName("sink")
--- a/java/ql/test/library-tests/frameworks/android/slice/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/slice/test.ql
@@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources

 module SliceValueFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-    DefaultFlowConfig::isSource(source) or source instanceof RemoteFlowSource
+    DefaultFlowConfig::isSource(source) or source instanceof ThreatModelFlowSource
  }

  predicate isSink = DefaultFlowConfig::isSink/1;
--- a/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql
+++ b/java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql
@@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest

 module SourceValueFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) }

--- a/java/ql/test/library-tests/frameworks/apache-http/flow.ql
+++ b/java/ql/test/library-tests/frameworks/apache-http/flow.ql
@@ -9,7 +9,7 @@ module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node n) {
    n.asExpr().(MethodAccess).getMethod().hasName("taint")
    or
-    n instanceof RemoteFlowSource
+    n instanceof ThreatModelFlowSource
  }

  predicate isSink(DataFlow::Node n) {
--- a/java/ql/test/library-tests/frameworks/guice/flow.ql
+++ b/java/ql/test/library-tests/frameworks/guice/flow.ql
@@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking

 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) {
    exists(MethodAccess ma |
--- a/java/ql/test/library-tests/frameworks/jms/FlowTest.ql
+++ b/java/ql/test/library-tests/frameworks/jms/FlowTest.ql
@@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineExpectationsTest

 module TestConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) {
    exists(MethodAccess call |
--- a/java/ql/test/library-tests/frameworks/netty/manual/test.ql
+++ b/java/ql/test/library-tests/frameworks/netty/manual/test.ql
@@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node node) {
    DefaultFlowConfig::isSource(node)
    or
-    node instanceof RemoteFlowSource
+    node instanceof ThreatModelFlowSource
  }

  predicate isSink = DefaultFlowConfig::isSink/1;
--- a/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql
+++ b/java/ql/test/library-tests/frameworks/rabbitmq/FlowTest.ql
@@ -4,7 +4,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest

 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node node) { node instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node node) {
    exists(MethodAccess ma | ma.getMethod().hasName("sink") | node.asExpr() = ma.getAnArgument())
--- a/java/ql/test/library-tests/frameworks/ratpack/flow.ql
+++ b/java/ql/test/library-tests/frameworks/ratpack/flow.ql
@@ -7,7 +7,7 @@ module Config implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node n) {
    n.asExpr().(MethodAccess).getMethod().hasName("taint")
    or
-    n instanceof RemoteFlowSource
+    n instanceof ThreatModelFlowSource
  }

  predicate isSink(DataFlow::Node n) {
--- a/java/ql/test/library-tests/frameworks/spring/controller/test.ql
+++ b/java/ql/test/library-tests/frameworks/spring/controller/test.ql
@@ -3,7 +3,7 @@ import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest

 module ValueFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) {
    sink.asExpr().(Argument).getCall().getCallee().hasName("sink")