Java: Slight precision improvement for getter/setter detection.

2026-04-27 17:55:19 +02:00 · 2019-09-25 10:14:49 +02:00
parent f8f3a4b25f
commit 7c1594df13
1 changed files with 22 additions and 12 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -30,19 +30,19 @@ private module ImplCommon {
   * Holds if `p` can flow to `node` in the same callable using only
   * value-preserving steps, not taking call contexts into account.
   */
-  private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
+  private predicate parameterValueFlowCand(ParameterNode p, Node node) {
    p = node
    or
    exists(Node mid |
-      parameterValueFlowNoCtx(p, mid) and
+      parameterValueFlowCand(p, mid) and
      simpleLocalFlowStep(mid, node) and
      compatibleTypes(p.getType(), node.getType())
    )
    or
    // flow through a callable
    exists(Node arg |
-      parameterValueFlowNoCtx(p, arg) and
-      argumentValueFlowsThroughNoCtx(arg, node) and
+      parameterValueFlowCand(p, arg) and
+      argumentValueFlowsThroughCand(arg, node) and
      compatibleTypes(p.getType(), node.getType())
    )
  }
@@ -52,16 +52,16 @@ private module ImplCommon {
   * callable using only value-preserving steps, not taking call contexts
   * into account.
   */
-  private predicate parameterValueFlowsThroughNoCtx(ParameterNode p, ReturnKind kind) {
-    parameterValueFlowNoCtx(p, getAReturnNodeOfKind(kind))
+  private predicate parameterValueFlowsThroughCand(ParameterNode p, ReturnKind kind) {
+    parameterValueFlowCand(p, getAReturnNodeOfKind(kind))
  }

  pragma[nomagic]
-  private predicate argumentValueFlowsThroughNoCtx0(
+  private predicate argumentValueFlowsThroughCand0(
    DataFlowCall call, ArgumentNode arg, ReturnKind kind
  ) {
    exists(ParameterNode param | viableParamArg(call, param, arg) |
-      parameterValueFlowsThroughNoCtx(param, kind)
+      parameterValueFlowsThroughCand(param, kind)
    )
  }

@@ -69,8 +69,8 @@ private module ImplCommon {
   * Holds if `arg` flows to `out` through a call using only value-preserving steps,
   * not taking call contexts into account.
   */
-  private predicate argumentValueFlowsThroughNoCtx(ArgumentNode arg, OutNode out) {
-    exists(DataFlowCall call, ReturnKind kind | argumentValueFlowsThroughNoCtx0(call, arg, kind) |
+  private predicate argumentValueFlowsThroughCand(ArgumentNode arg, OutNode out) {
+    exists(DataFlowCall call, ReturnKind kind | argumentValueFlowsThroughCand0(call, arg, kind) |
      out = getAnOutNode(call, kind) and
      compatibleTypes(arg.getType(), out.getType())
    )
@@ -85,7 +85,7 @@ private module ImplCommon {
    DataFlowCall call, int i, ArgumentNode arg, DataFlowCallable enclosing
  ) {
    arg.argumentOf(call, i) and
-    argumentValueFlowsThroughNoCtx(arg, _) and
+    argumentValueFlowsThroughCand(arg, _) and
    enclosing = arg.getEnclosingCallable()
  }

@@ -147,7 +147,7 @@ private module ImplCommon {
   */
  private predicate parameterValueFlow(ParameterNode p, Node node, CallContextCall cc) {
    p = node and
-    parameterValueFlowsThroughNoCtx(p, _) and
+    parameterValueFlowsThroughCand(p, _) and
    cc = getAValidCallContextForParameter(p)
    or
    exists(Node mid |
@@ -213,6 +213,16 @@ private module ImplCommon {
    argumentValueFlowsThrough(node1, node2, _)
  }

+  private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
+    p = node
+    or
+    exists(Node mid |
+      parameterValueFlowNoCtx(p, mid) and
+      localValueStep(mid, node) and
+      compatibleTypes(p.getType(), node.getType())
+    )
+  }
+
  /*
   * Calculation of `predicate store(Node node1, Content f, Node node2)`:
   * There are four cases: