hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Performance tweaks

Browse Source
This commit is contained in:
Ian Lynagh
2022-02-08 14:53:05 +00:00
parent 83bba47fdb
commit 7ce9b160d0
116 changed files with 266 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/examples/snippets/extend_class.ql
View File

@@ -13,5 +13,5 @@
import java
from RefType type
where type.getASupertype+().hasQualifiedName("com.example", "Class")
where type.getAStrictAncestor().hasQualifiedName("com.example", "Class")
select type

2
java/ql/examples/snippets/throw_exception.ql
View File

@@ -9,5 +9,5 @@
import java
from ThrowStmt throw
where throw.getThrownExceptionType().getASupertype*().hasQualifiedName("com.example", "AnException")
where throw.getThrownExceptionType().getAnAncestor().hasQualifiedName("com.example", "AnException")
select throw, "Don't throw com.example.AnException"

4
java/ql/lib/semmle/code/java/ControlFlowGraph.qll
View File

@@ -236,7 +236,7 @@ private module ControlFlowGraphImpl {
*/
private predicate mustCatch(CatchClause c, ThrowableType thrown) {
thrown = thrownInBody(c.getTry()) and
hasSubtype*(c.getACaughtType(), thrown)
hasDescendant(c.getACaughtType(), thrown)
}
/**
@@ -250,7 +250,7 @@ private module ControlFlowGraphImpl {
*/
private predicate mayNotCatch(CatchClause c, ThrowableType thrown) {
thrown = thrownInBody(c.getTry()) and
not hasSubtype*(c.getACaughtType(), thrown)
not hasDescendant(c.getACaughtType(), thrown)
}
/**

2
java/ql/lib/semmle/code/java/Expr.qll
View File

@@ -2093,7 +2093,7 @@ class Argument extends Expr {
p.isVarargs() and
ptyp = p.getType() and
(
hasSubtype*(ptyp, typ)
hasDescendant(ptyp, typ)
or
// If the types don't match then we'll guess based on whether there are type variables involved.
hasInstantiation(ptyp.(Array).getComponentType())

2
java/ql/lib/semmle/code/java/GeneratedFiles.qll
View File

@@ -18,7 +18,7 @@ class AnnotatedGeneratedClass extends GeneratedClass {
/** A Java class generated by an ANTLR scanner or parser class. */
class AntlrGenerated extends GeneratedClass {
AntlrGenerated() {
exists(RefType t | this.getASupertype+() = t |
exists(RefType t | this.getAStrictAncestor() = t |
// ANTLR v3
t.hasQualifiedName("org.antlr.runtime", "Lexer") or
t.hasQualifiedName("org.antlr.runtime", "Parser") or

8
java/ql/lib/semmle/code/java/JDK.qll
View File

@@ -114,7 +114,7 @@ class TypeNumber extends RefType {
/** A (reflexive, transitive) subtype of `java.lang.Number`. */
class NumberType extends RefType {
NumberType() { exists(TypeNumber number | hasSubtype*(number, this)) }
NumberType() { exists(TypeNumber number | hasDescendant(number, this)) }
}
/** A numeric type, including both primitive and boxed types. */
@@ -436,13 +436,13 @@ class ArrayLengthField extends Field {
/** A (reflexive, transitive) subtype of `java.lang.Throwable`. */
class ThrowableType extends RefType {
ThrowableType() { exists(TypeThrowable throwable | hasSubtype*(throwable, this)) }
ThrowableType() { exists(TypeThrowable throwable | hasDescendant(throwable, this)) }
}
/** An unchecked exception. That is, a (reflexive, transitive) subtype of `java.lang.Error` or `java.lang.RuntimeException`. */
class UncheckedThrowableType extends RefType {
UncheckedThrowableType() {
exists(TypeError e | hasSubtype*(e, this)) or
exists(TypeRuntimeException e | hasSubtype*(e, this))
exists(TypeError e | hasDescendant(e, this)) or
exists(TypeRuntimeException e | hasDescendant(e, this))
}
}

2
java/ql/lib/semmle/code/java/NumberFormatException.qll
View File

@@ -63,7 +63,7 @@ predicate catchesNFE(TryStmt t) {
exists(CatchClause cc, LocalVariableDeclExpr v |
t.getACatchClause() = cc and
cc.getVariable() = v and
v.getType().(RefType).getASubtype*() instanceof NumberFormatException
v.getType().(RefType).getADescendant() instanceof NumberFormatException
)
}

2
java/ql/lib/semmle/code/java/Reflection.qll
View File

@@ -295,7 +295,7 @@ class NewInstance extends MethodAccess {
// If we cast the result of this method, then this is either the type specified, or a
// sub-type of that type. Make sure we exclude overly generic types such as `Object`.
not overlyGenericType(cast.getType()) and
hasSubtype*(cast.getType(), result)
hasDescendant(cast.getType(), result)
)
}
}

2
java/ql/lib/semmle/code/java/Serializability.qll
View File

@@ -24,7 +24,7 @@ abstract class DeserializableField extends Field { }
*/
library class StandardSerializableField extends SerializableField, DeserializableField {
StandardSerializableField() {
this.getDeclaringType().getASupertype*() instanceof TypeSerializable and
this.getDeclaringType().getAnAncestor() instanceof TypeSerializable and
not this.isTransient()
}
}

18
java/ql/lib/semmle/code/java/Type.qll
View File

@@ -37,6 +37,16 @@ predicate hasSubtype(RefType t, Type sub) {
typeVarSubtypeBound(t, sub) and t != sub
}
/**
* Holds if reference type `anc` is a direct or indirect supertype of `sub`, including itself.
*/
cached
predicate hasDescendant(RefType anc, Type sub) {
anc = sub
or
exists(RefType mid | hasSubtype(anc, mid) and hasDescendant(mid, sub))
}
private predicate typeVarSubtypeBound(RefType t, TypeVariable tv) {
if tv.hasTypeBound() then t = tv.getATypeBound().getType() else t instanceof TypeObject
}
@@ -394,11 +404,17 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
/** Gets a direct subtype of this type. */
RefType getASubtype() { hasSubtype(this, result) }
/** Gets a direct or indirect descendant of this type, including itself. */
RefType getADescendant() { hasDescendant(this, result) }
/** Gets a direct supertype of this type. */
RefType getASupertype() { hasSubtype(result, this) }
/** Gets a direct or indirect supertype of this type, including itself. */
RefType getAnAncestor() { hasSubtype*(result, this) }
RefType getAnAncestor() { hasDescendant(result, this) }
/** Gets a direct or indirect supertype of this type, not including itself. */
RefType getAStrictAncestor() { result = this.getAnAncestor() and result != this }
/**
* Gets the source declaration of a direct supertype of this type, excluding itself.

2
java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
View File

@@ -103,7 +103,7 @@ private class NumberTaintPreservingCallable extends TaintPreservingCallable {
int argument;
NumberTaintPreservingCallable() {
this.getDeclaringType().getASupertype*().hasQualifiedName("java.lang", "Number") and
this.getDeclaringType().getAnAncestor().hasQualifiedName("java.lang", "Number") and
(
this instanceof Constructor and
argument = 0

6
java/ql/lib/semmle/code/java/dataflow/SSA.qll
View File

@@ -641,7 +641,7 @@ private module SsaImpl {
ssaDefReachesRank(v, def, b, lastRank(v, b))
or
exists(BasicBlock idom |
bbIDominates(idom, b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
bbIDominates(pragma[only_bind_into](idom), b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
ssaDefReachesEndOfBlock(v, def, idom) and
not any(TrackedSsaDef other).definesAt(v, b, _)
)
@@ -768,12 +768,12 @@ private module SsaImpl {
*/
private predicate varBlockReaches(TrackedVar v, BasicBlock b1, BasicBlock b2) {
varOccursInBlock(v, b1) and
b2 = b1.getABBSuccessor() and
pragma[only_bind_into](b2) = b1.getABBSuccessor() and
blockPrecedesVar(v, b2)
or
exists(BasicBlock mid |
varBlockReaches(v, b1, mid) and
b2 = mid.getABBSuccessor() and
pragma[only_bind_into](b2) = mid.getABBSuccessor() and
not varOccursInBlock(v, mid) and
blockPrecedesVar(v, b2)
)

12
java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
View File

@@ -285,7 +285,7 @@ private predicate downcastSuccessorAux(
*/
private predicate downcastSuccessor(VarAccess va, RefType t) {
exists(CastExpr cast, BaseSsaVariable v, RefType t1, RefType t2 |
downcastSuccessorAux(cast, v, t, t1, t2) and
downcastSuccessorAux(pragma[only_bind_into](cast), v, t, t1, t2) and
t1.getASourceSupertype+() = t2 and
va = v.getAUse() and
dominates(cast, va) and
@@ -360,7 +360,7 @@ private predicate typeFlowJoin(int r, TypeFlowNode n, RefType t) {
) and
forall(TypeFlowNode mid | joinStepRank(r, mid, n) |
exists(RefType midtyp | exactType(mid, midtyp) or typeFlow(mid, midtyp) |
midtyp.getASupertype*() = t
pragma[only_bind_out](midtyp).getAnAncestor() = t
)
)
}
@@ -408,14 +408,14 @@ pragma[nomagic]
private predicate irrelevantBound(TypeFlowNode n, RefType t) {
exists(RefType bound |
typeFlow(n, bound) and
t = bound.getASupertype+() and
t = bound.getAStrictAncestor() and
typeBound(t) and
typeFlow(n, t) and
not t.getASupertype*() = bound
not t.getAnAncestor() = bound
or
n.getType() = bound and
n.getType() = pragma[only_bind_into](bound) and
typeFlow(n, t) and
t = bound.getASupertype*()
t = bound.getAnAncestor()
)
}

6
java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -231,7 +231,7 @@ private module SsaImpl {
ssaDefReachesRank(v, def, b, lastRank(v, b))
or
exists(BasicBlock idom |
bbIDominates(idom, b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
bbIDominates(pragma[only_bind_into](idom), b) and // It is sufficient to traverse the dominator graph, cf. discussion above.
ssaDefReachesEndOfBlock(v, def, idom) and
not any(TrackedSsaDef other).definesAt(v, b, _)
)
@@ -333,12 +333,12 @@ private module SsaImpl {
*/
private predicate varBlockReaches(BaseSsaSourceVariable v, BasicBlock b1, BasicBlock b2) {
varOccursInBlock(v, b1) and
b2 = b1.getABBSuccessor() and
pragma[only_bind_into](b2) = b1.getABBSuccessor() and
blockPrecedesVar(v, b2)
or
exists(BasicBlock mid |
varBlockReaches(v, b1, mid) and
b2 = mid.getABBSuccessor() and
pragma[only_bind_into](b2) = mid.getABBSuccessor() and
not varOccursInBlock(v, mid) and
blockPrecedesVar(v, b2)
)

4
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -283,7 +283,7 @@ private predicate taintPreservingQualifierToMethod(Method m) {
m.getName().matches("read%")
or
m instanceof GetterMethod and
m.getDeclaringType().getASubtype*() instanceof SpringUntrustedDataType and
m.getDeclaringType().getADescendant() instanceof SpringUntrustedDataType and
not m.getDeclaringType() instanceof TypeObject
or
m.(TaintPreservingCallable).returnsTaintFrom(-1)
@@ -607,7 +607,7 @@ private SrcRefType entrypointType() {
s instanceof DataFlow::ExplicitParameterNode and
t = pragma[only_bind_out](s).getType() and
not t instanceof TypeObject and
result = t.getASubtype*().getSourceDeclaration()
result = t.getADescendant().getSourceDeclaration()
)
or
result = entrypointType().getAField().getType().(RefType).getSourceDeclaration()

4
java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
View File

@@ -33,7 +33,7 @@ Callable possibleLivenessCause(Callable c, string reason) {
or
c.hasName("<clinit>") and
reason = "class initialization" and
exists(RefType clintedType | c = clintedType.getASupertype*().getACallable() |
exists(RefType clintedType | c = clintedType.getAnAncestor().getACallable() |
result.getDeclaringType() = clintedType or
result.getAnAccessedField().getDeclaringType() = clintedType
)
@@ -155,7 +155,7 @@ library class SourceClassOrInterface extends ClassOrInterface {
*/
class LiveClass extends SourceClassOrInterface {
LiveClass() {
exists(Callable c | c.getDeclaringType().getASupertype*().getSourceDeclaration() = this |
exists(Callable c | c.getDeclaringType().getAnAncestor().getSourceDeclaration() = this |
isLive(c)
)
or

2
java/ql/lib/semmle/code/java/deadcode/DeadField.qll
View File

@@ -93,7 +93,7 @@ class SerialVersionUIDField extends ReflectivelyReadField {
this.isStatic() and
this.isFinal() and
this.getType().hasName("long") and
this.getDeclaringType().getASupertype*() instanceof TypeSerializable
this.getDeclaringType().getAnAncestor() instanceof TypeSerializable
}
}

6
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -142,7 +142,7 @@ class DeserializedClass extends ReflectivelyConstructedClass {
exists(CastExpr cast, ReadObjectMethod readObject |
cast.getExpr().(MethodAccess).getMethod() = readObject
|
hasSubtype*(cast.getType(), this)
hasDescendant(cast.getType(), this)
)
}
}
@@ -315,7 +315,7 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
* Entry point for EJB home interfaces.
*/
class EJBHome extends Interface, EntryPoint {
EJBHome() { this.getASupertype*().hasQualifiedName("javax.ejb", "EJBHome") }
EJBHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
override Callable getALiveCallable() { result = this.getACallable() }
}
@@ -324,7 +324,7 @@ class EJBHome extends Interface, EntryPoint {
* Entry point for EJB object interfaces.
*/
class EJBObject extends Interface, EntryPoint {
EJBObject() { this.getASupertype*().hasQualifiedName("javax.ejb", "EJBObject") }
EJBObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
override Callable getALiveCallable() { result = this.getACallable() }
}

4
java/ql/lib/semmle/code/java/deadcode/StrutsEntryPoints.qll
View File

@@ -10,7 +10,7 @@ import semmle.code.java.frameworks.struts.StrutsActions
*/
class Struts1ActionEntryPoint extends EntryPoint, Class {
Struts1ActionEntryPoint() {
this.getASupertype*().hasQualifiedName("org.apache.struts.action", "Action")
this.getAnAncestor().hasQualifiedName("org.apache.struts.action", "Action")
}
override Callable getALiveCallable() {
@@ -22,7 +22,7 @@ class Struts1ActionEntryPoint extends EntryPoint, Class {
result.(Method).overrides+(methodFromAction)
)
or
this.getASupertype*().hasQualifiedName("org.apache.struts.actions", "DispatchAction") and
this.getAnAncestor().hasQualifiedName("org.apache.struts.actions", "DispatchAction") and
result.(Method).isPublic()
or
result.(Constructor).getNumberOfParameters() = 0

2
java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
View File

@@ -47,7 +47,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass {
*/
class ServletFilterClass extends ReflectivelyConstructedClass {
ServletFilterClass() {
this.getASupertype*().hasQualifiedName("javax.servlet", "Filter") and
this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") and
// If we have seen any `web.xml` files, this filter will be considered to be live only if it is
// referred to as a filter-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all filter classes as live.

3
java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
View File

@@ -335,7 +335,7 @@ import Dispatch
private Expr variableTrackStep(Expr use) {
exists(Variable v |
use = v.getAnAccess() and
pragma[only_bind_out](use) = v.getAnAccess() and
use.getType() instanceof RefType and
not result instanceof NullLiteral and
not v.(LocalVariableDecl).getDeclExpr().hasImplicitInit()
@@ -358,6 +358,7 @@ private Expr variableTrackPath(Expr use) {
/**
* Gets an expression by tracking `use` backwards through variable assignments.
*/
pragma[inline]
Expr variableTrack(Expr use) {
result = variableTrackPath(use)
or

2
java/ql/lib/semmle/code/java/frameworks/HessianBurlap.qll
View File

@@ -20,7 +20,7 @@ class UnsafeHessianInput extends RefType {
*/
class UnsafeHessianInputReadObjectMethod extends Method {
UnsafeHessianInputReadObjectMethod() {
this.getDeclaringType().getASupertype*() instanceof UnsafeHessianInput and
this.getDeclaringType().getAnAncestor() instanceof UnsafeHessianInput and
this.getName() = "readObject"
}
}

2
java/ql/lib/semmle/code/java/frameworks/JAXB.qll
View File

@@ -4,7 +4,7 @@ import semmle.code.java.Type
library class JAXBElement extends Class {
JAXBElement() {
this.getASupertype*().getQualifiedName() = "javax.xml.bind.JAXBElement" or
this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or
this.getAnAnnotation().getType().getName() = "XmlRootElement"
}
}

4
java/ql/lib/semmle/code/java/frameworks/Jabsorb.qll
View File

@@ -12,7 +12,7 @@ class JabsorbSerializer extends RefType {
/** The deserialization method `unmarshall`. */
class JabsorbUnmarshallMethod extends Method {
JabsorbUnmarshallMethod() {
this.getDeclaringType().getASupertype*() instanceof JabsorbSerializer and
this.getDeclaringType().getAnAncestor() instanceof JabsorbSerializer and
this.getName() = "unmarshall"
}
}
@@ -20,7 +20,7 @@ class JabsorbUnmarshallMethod extends Method {
/** The deserialization method `fromJSON`. */
class JabsorbFromJsonMethod extends Method {
JabsorbFromJsonMethod() {
this.getDeclaringType().getASupertype*() instanceof JabsorbSerializer and
this.getDeclaringType().getAnAncestor() instanceof JabsorbSerializer and
this.getName() = "fromJSON"
}
}

4
java/ql/lib/semmle/code/java/frameworks/Jackson.qll
View File

@@ -7,7 +7,7 @@ private import semmle.code.java.dataflow.DataFlow
private class ObjectMapper extends RefType {
ObjectMapper() {
this.getASupertype*().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
this.getAnAncestor().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
}
}
@@ -118,7 +118,7 @@ predicate createJacksonTreeNodeStep(DataFlow::Node fromNode, DataFlow::Node toNo
* that enables polymorphic type handling.
*/
private predicate hasJsonTypeInfoAnnotation(RefType type) {
hasFieldWithJsonTypeAnnotation(type.getASupertype*()) or
hasFieldWithJsonTypeAnnotation(type.getAnAncestor()) or
hasJsonTypeInfoAnnotation(type.getAField().getType())
}

2
java/ql/lib/semmle/code/java/frameworks/Mail.qll
View File

@@ -23,5 +23,5 @@ class MailSessionGetInstanceMethod extends Method {
* A subtype of the class `org.apache.commons.mail.Email`.
*/
class ApacheEmail extends Class {
ApacheEmail() { this.getASupertype*().hasQualifiedName("org.apache.commons.mail", "Email") }
ApacheEmail() { this.getAnAncestor().hasQualifiedName("org.apache.commons.mail", "Email") }
}

2
java/ql/lib/semmle/code/java/frameworks/Networking.qll
View File

@@ -161,7 +161,7 @@ class UrlOpenConnectionMethod extends Method {
class CreateSocketMethod extends Method {
CreateSocketMethod() {
this.hasName("createSocket") and
this.getDeclaringType().getASupertype*() instanceof TypeSocketFactory
this.getDeclaringType().getAnAncestor() instanceof TypeSocketFactory
}
}

2
java/ql/lib/semmle/code/java/frameworks/Protobuf.qll
View File

@@ -15,7 +15,7 @@ class ProtobufParser extends Interface {
* Gets a method named `parseFrom` (or similar) declared on a subtype of `com.google.protobuf.Parser`.
*/
Method getAParseFromMethod() {
result.getDeclaringType().getASupertype*().getSourceDeclaration() = this and
result.getDeclaringType().getAnAncestor().getSourceDeclaration() = this and
result.getName().matches("parse%From")
}
}

2
java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll
View File

@@ -27,7 +27,7 @@ class SafeSnakeYamlConstruction extends ClassInstanceExpr {
* The class `org.yaml.snakeyaml.Yaml`.
*/
class Yaml extends RefType {
Yaml() { this.getASupertype*().hasQualifiedName("org.yaml.snakeyaml", "Yaml") }
Yaml() { this.getAnAncestor().hasQualifiedName("org.yaml.snakeyaml", "Yaml") }
}
private class SafeYamlConstructionFlowConfig extends DataFlow2::Configuration {

2
java/ql/lib/semmle/code/java/frameworks/Thrift.qll
View File

@@ -27,7 +27,7 @@ class ThriftIface extends Interface {
/** Gets an implementation of a method of this interface. */
Method getAnImplementingMethod() {
result.getDeclaringType().(Class).getASupertype+() = this and
result.getDeclaringType().(Class).getAStrictAncestor() = this and
result.overrides+(this.getAMethod()) and
not result.getFile() = this.getFile()
}

12
java/ql/lib/semmle/code/java/frameworks/android/Android.qll
View File

@@ -7,16 +7,10 @@ import semmle.code.java.dataflow.ExternalFlow
import semmle.code.xml.AndroidManifest
/**
* Gets a transitive superType avoiding magic optimisation
*/
pragma[nomagic]
private RefType getASuperTypePlus(RefType t) { result = t.getASupertype+() }
/**
* Gets a reflexive/transitive superType avoiding magic optimisation
* Gets a reflexive/transitive superType
*/
pragma[inline]
private RefType getASuperTypeStar(RefType t) { result = getASuperTypePlus(t) or result = t }
private RefType getASuperTypeStar(RefType t) { hasDescendant(result, t) }
/**
* An Android component. That is, either an activity, a service,
@@ -188,7 +182,7 @@ class TypeParcelable extends Interface {
class CreateFromParcelMethod extends Method {
CreateFromParcelMethod() {
this.hasName("createFromParcel") and
this.getEnclosingCallable().getDeclaringType().getASupertype*() instanceof TypeParcelable
this.getEnclosingCallable().getDeclaringType().getAnAncestor() instanceof TypeParcelable
}
}

2
java/ql/lib/semmle/code/java/frameworks/android/Fragment.qll
View File

@@ -4,7 +4,7 @@ import java
/** The class `android.app.Fragment`. */
class AndroidFragment extends Class {
AndroidFragment() { this.getASupertype*().hasQualifiedName("android.app", "Fragment") }
AndroidFragment() { this.getAnAncestor().hasQualifiedName("android.app", "Fragment") }
}
/** The method `instantiate` of the class `android.app.Fragment`. */

5
java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
View File

@@ -26,6 +26,9 @@ class TypeActivity extends Class {
* The class `android.content.Context`.
*/
class TypeContext extends RefType {
// Not inlining this makes it more likely to be used as a sentinel,
// which is useful when running Android queries on non-Android projects.
pragma[noinline]
TypeContext() { this.hasQualifiedName("android.content", "Context") }
}
@@ -84,7 +87,7 @@ class IntentGetParcelableExtraMethod extends Method {
/** The class `android.os.BaseBundle`, or a class that extends it. */
class AndroidBundle extends Class {
AndroidBundle() { this.getASupertype*().hasQualifiedName("android.os", "BaseBundle") }
AndroidBundle() { this.getAnAncestor().hasQualifiedName("android.os", "BaseBundle") }
}
/**

4
java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll
View File

@@ -51,7 +51,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node {
ma.getMethod().hasName("show") and
ma.getMethod()
.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.hasQualifiedName(["android.app", "android.support.v4.app", "androidx.fragment.app"],
"DialogFragment") and
startingType = ma.getQualifier().getType()
@@ -78,7 +78,7 @@ private class ImplicitStartActivityForResultConf extends DataFlowForOnActivityRe
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess startActivityForResult |
startActivityForResult.getMethod().hasName("startActivityForResult") and
startActivityForResult.getMethod().getDeclaringType().getASupertype*() instanceof
startActivityForResult.getMethod().getDeclaringType().getAnAncestor() instanceof
ActivityOrFragment and
sink.asExpr() = startActivityForResult.getArgument(0)
)

2
java/ql/lib/semmle/code/java/frameworks/android/Slice.qll
View File

@@ -18,7 +18,7 @@ class SliceProvider extends Class {
private class SliceProviderLifecycleStep extends AdditionalValueStep {
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
exists(Method onCreate, Method onBind, RefType declaringClass |
declaringClass.getASupertype*() instanceof SliceProvider and
declaringClass.getAnAncestor() instanceof SliceProvider and
onCreate.getDeclaringType() = declaringClass and
onCreate.hasName("onCreateSliceProvider") and
onBind.getDeclaringType() = declaringClass and

4
java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
View File

@@ -139,7 +139,7 @@ private class FieldReferencedJacksonDeserializableType extends JacksonDeserializ
class JacksonSerializableField extends SerializableField {
JacksonSerializableField() {
exists(JacksonSerializableType superType |
superType = this.getDeclaringType().getASupertype*() and
superType = this.getDeclaringType().getAnAncestor() and
not superType instanceof TypeObject and
superType.fromSource()
) and
@@ -151,7 +151,7 @@ class JacksonSerializableField extends SerializableField {
class JacksonDeserializableField extends DeserializableField {
JacksonDeserializableField() {
exists(JacksonDeserializableType superType |
superType = this.getDeclaringType().getASupertype*() and
superType = this.getDeclaringType().getAnAncestor() and
not superType instanceof TypeObject and
superType.fromSource()
) and

10
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
View File

@@ -587,7 +587,7 @@ class RemoteInterface extends Interface {
Method getARemoteMethodImplementationUnchecked() {
exists(SessionEJB ejb, Method rm |
ejb = this.getAnEJB() and
not ejb.getASupertype*() = this and
not ejb.getAnAncestor() = this and
rm = this.getARemoteMethod() and
result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and
not exists(inheritsMatchingMethodExceptThrows(ejb, rm))
@@ -603,7 +603,7 @@ class RemoteInterface extends Interface {
/** Holds if type `t` is valid for use with RMI, i.e. whether it is serializable. */
predicate isValidRmiType(Type t) {
t instanceof PrimitiveType or
t.(RefType).getASupertype*() instanceof TypeSerializable
t.(RefType).getAnAncestor() instanceof TypeSerializable
}
/** Gets an argument or result type of method `m` that is not compatible for use with RMI. */
@@ -632,8 +632,8 @@ Type getAnRmiIncompatibleType(Method m) {
/** Holds if exception `ex` is an unchecked exception. */
private predicate uncheckedException(Exception ex) {
ex.getType().getASupertype*().hasQualifiedName("java.lang", "Error") or
ex.getType().getASupertype*().hasQualifiedName("java.lang", "RuntimeException")
ex.getType().getAnAncestor().hasQualifiedName("java.lang", "Error") or
ex.getType().getAnAncestor().hasQualifiedName("java.lang", "RuntimeException")
}
/**
@@ -997,7 +997,7 @@ TransactionAttributeAnnotation getInnermostTransactionAttributeAnnotation(Method
*/
class SetRollbackOnlyMethod extends Method {
SetRollbackOnlyMethod() {
this.getDeclaringType().getASupertype*().hasQualifiedName("javax.ejb", "EJBContext") and
this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.ejb", "EJBContext") and
this.getName() = "setRollbackOnly" and
this.hasNoParameters()
}

58
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
View File

@@ -37,7 +37,7 @@ private predicate ejbPolyCallsPlus(Callable origin, Callable target) {
predicate ejbCalls(Callable origin, ForbiddenCallable target, Call call) {
exists(EJB ejb |
// `origin` is a `Callable` within an EJB.
origin = ejb.getASupertype*().getACallable() and
origin = ejb.getAnAncestor().getACallable() and
// There is an EJB call chain from `origin` to the method containing the forbidden call.
origin = call.getCaller() and
// `call` is the direct call site of `target`.
@@ -52,8 +52,8 @@ predicate ejbCalls(Callable origin, ForbiddenCallable target, Call call) {
/** A method or constructor that may not be called by an EJB due to container interference. */
class ForbiddenContainerInterferenceCallable extends ForbiddenCallable {
ForbiddenContainerInterferenceCallable() {
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof ClassLoaderClass or
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof SecurityManagerClass or
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof ClassLoaderClass or
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof SecurityManagerClass or
this instanceof ForbiddenContainerInterferenceMethod
}
}
@@ -61,14 +61,14 @@ class ForbiddenContainerInterferenceCallable extends ForbiddenCallable {
/** A method or constructor involving file input or output that may not be called by an EJB. */
class ForbiddenFileCallable extends ForbiddenCallable {
ForbiddenFileCallable() {
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof FileInputOutputClass
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof FileInputOutputClass
}
}
/** A method or constructor involving graphics operations that may not be called by an EJB. */
class ForbiddenGraphicsCallable extends ForbiddenCallable {
ForbiddenGraphicsCallable() {
this.getDeclaringType().getASupertype*().getPackage() instanceof GraphicsPackage
this.getDeclaringType().getAnAncestor().getPackage() instanceof GraphicsPackage
}
}
@@ -83,14 +83,14 @@ class ForbiddenNativeCallable extends ForbiddenCallable {
/** A method or constructor involving reflection that may not be called by and EJB. */
class ForbiddenReflectionCallable extends ForbiddenCallable {
ForbiddenReflectionCallable() {
this.getDeclaringType().getASupertype*().getPackage() instanceof ReflectionPackage
this.getDeclaringType().getAnAncestor().getPackage() instanceof ReflectionPackage
}
}
/** A method or constructor involving security configuration that may not be called by an EJB. */
class ForbiddenSecurityConfigurationCallable extends ForbiddenCallable {
ForbiddenSecurityConfigurationCallable() {
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof SecurityConfigClass
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof SecurityConfigClass
}
}
@@ -107,7 +107,7 @@ class ForbiddenSetFactoryCallable extends ForbiddenCallable {
/** A method or constructor involving server socket operations that may not be called by an EJB. */
class ForbiddenServerSocketCallable extends ForbiddenCallable {
ForbiddenServerSocketCallable() {
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof ServerSocketsClass
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof ServerSocketsClass
}
}
@@ -142,7 +142,7 @@ FieldAccess forbiddenStaticFieldUse(Callable c) {
/** A method or constructor involving thread operations that may not be called by an EJB. */
class ForbiddenThreadingCallable extends ForbiddenCallable {
ForbiddenThreadingCallable() {
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof ThreadingClass
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof ThreadingClass
}
}
@@ -284,7 +284,7 @@ class SystemExitMethod extends Method {
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(PrimitiveType).hasName("int") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -299,7 +299,7 @@ class RuntimeExitOrHaltMethod extends Method {
(this.hasName("exit") or this.hasName("halt")) and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(PrimitiveType).hasName("int") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeRuntime
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeRuntime
}
}
@@ -312,7 +312,7 @@ class RuntimeAddOrRemoveShutdownHookMethod extends Method {
(this.hasName("addShutdownHook") or this.hasName("removeShutdownHook")) and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(RefType).hasQualifiedName("java.lang", "Thread") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeRuntime
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeRuntime
}
}
@@ -326,7 +326,7 @@ class SystemSetPrintStreamMethod extends Method {
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(RefType).hasQualifiedName("java.io", "PrintStream") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -342,7 +342,7 @@ class SystemSetInputStreamMethod extends Method {
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(RefType).hasQualifiedName("java.io", "InputStream") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -357,7 +357,7 @@ class SystemGetSecurityManagerMethod extends Method {
this.hasName("getSecurityManager") and
this.hasNoParameters() and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -373,7 +373,7 @@ class SystemSetSecurityManagerMethod extends Method {
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(RefType).hasQualifiedName("java.lang", "SecurityManager") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -388,7 +388,7 @@ class SystemInheritedChannelMethod extends Method {
this.hasName("inheritedChannel") and
this.hasNoParameters() and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System")
}
@@ -415,7 +415,7 @@ class EnableReplaceObjectMethod extends Method {
this.hasName("enableReplaceObject") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(PrimitiveType).hasName("boolean") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof
TypeObjectOutputStream
}
}
@@ -429,7 +429,7 @@ class ReplaceObjectMethod extends Method {
this.hasName("replaceObject") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType() instanceof TypeObject and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof
TypeObjectOutputStream
}
}
@@ -443,7 +443,7 @@ class EnableResolveObjectMethod extends Method {
this.hasName("enableResolveObject") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(PrimitiveType).hasName("boolean") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeObjectInputStream
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeObjectInputStream
}
}
@@ -456,7 +456,7 @@ class ResolveObjectMethod extends Method {
this.hasName("resolveObject") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType() instanceof TypeObject and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeObjectInputStream
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeObjectInputStream
}
}
@@ -469,7 +469,7 @@ class ResolveClassMethod extends Method {
this.hasName("resolveClass") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(RefType).hasQualifiedName("java.io", "ObjectStreamClass") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeObjectInputStream
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeObjectInputStream
}
}
@@ -482,7 +482,7 @@ class ResolveProxyClassMethod extends Method {
this.hasName("resolveProxyClass") and
this.getNumberOfParameters() = 1 and
this.getParameter(0).getType().(Array).getComponentType() instanceof TypeString and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeObjectInputStream
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeObjectInputStream
}
}
@@ -509,7 +509,7 @@ class SetSocketFactoryMethod extends Method {
.getSourceDeclaration()
.hasQualifiedName("java.net", "SocketImplFactory") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.net", "ServerSocket")
}
@@ -529,7 +529,7 @@ class SetSocketImplFactoryMethod extends Method {
.getSourceDeclaration()
.hasQualifiedName("java.net", "SocketImplFactory") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.net", "Socket")
}
@@ -549,7 +549,7 @@ class SetUrlStreamHandlerFactoryMethod extends Method {
.getSourceDeclaration()
.hasQualifiedName("java.net", "URLStreamHandlerFactory") and
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.net", "URL")
}
@@ -574,10 +574,10 @@ class SystemOrRuntimeLoadLibraryMethod extends Method {
this.getParameter(0).getType() instanceof TypeString and
(
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.lang", "System") or
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeRuntime
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeRuntime
)
}
}
@@ -589,6 +589,6 @@ class SystemOrRuntimeLoadLibraryMethod extends Method {
class RuntimeExecMethod extends Method {
RuntimeExecMethod() {
this.hasName("exec") and
this.getDeclaringType().getASupertype*().getSourceDeclaration() instanceof TypeRuntime
this.getDeclaringType().getAnAncestor().getSourceDeclaration() instanceof TypeRuntime
}
}

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringExpression.qll
View File

@@ -9,7 +9,7 @@ import java
*/
class ExpressionEvaluationMethod extends Method {
ExpressionEvaluationMethod() {
this.getDeclaringType().getASupertype*() instanceof Expression and
this.getDeclaringType().getAnAncestor() instanceof Expression and
this.hasName(["getValue", "getValueTypeDescriptor", "getValueType", "setValue"])
}
}

2
java/ql/lib/semmle/code/java/frameworks/struts/StrutsActions.qll
View File

@@ -130,7 +130,7 @@ class Struts2PrepareMethod extends Method {
*/
class Struts2ActionSupportClass extends Class {
Struts2ActionSupportClass() {
this.getASupertype+().hasQualifiedName("com.opensymphony.xwork2", "ActionSupport")
this.getAStrictAncestor().hasQualifiedName("com.opensymphony.xwork2", "ActionSupport")
}
/**

4
java/ql/lib/semmle/code/java/metrics/MetricRefType.qll
View File

@@ -234,13 +234,13 @@ class MetricRefType extends RefType, MetricElement {
not this.cyclic() and result = this.getASupertype().(MetricRefType).getADepth(reference) + 1
}
private predicate cyclic() { this.getASupertype+() = this }
private predicate cyclic() { this.getAStrictAncestor() = this }
/** Gets the depth of inheritance metric relative to the specified reference type. */
int getInheritanceDepth(RefType reference) { result = max(this.getADepth(reference)) }
/** Gets the number of (direct or indirect) supertypes. */
int getNumberOfAncestors() { result = count(this.getASupertype+()) }
int getNumberOfAncestors() { result = count(this.getAStrictAncestor()) }
/**
* Gets the response for a type.

4
java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
View File

@@ -73,7 +73,7 @@ private class CloseFileMethod extends Method {
this.hasQualifiedName("java.io", ["RandomAccessFile", "FileOutputStream", "PrintStream"],
"close")
or
this.getDeclaringType().getASupertype*().hasQualifiedName("java.io", "Writer") and
this.getDeclaringType().getAnAncestor().hasQualifiedName("java.io", "Writer") and
this.hasName("close")
or
this.hasQualifiedName("java.nio.file", "Files", ["write", "writeString"])
@@ -93,7 +93,7 @@ private class FilesystemFlowConfig extends DataFlow::Configuration {
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// Add nested Writer constructors as extra data flow steps
exists(ClassInstanceExpr cie |
cie.getConstructedType().getASupertype*().hasQualifiedName("java.io", "Writer") and
cie.getConstructedType().getAnAncestor().hasQualifiedName("java.io", "Writer") and
node1.asExpr() = cie.getArgument(0) and
node2.asExpr() = cie
)

2
java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll
View File

@@ -30,7 +30,7 @@ abstract class ClassStore extends Storable, ClassInstanceExpr {
*/
private class Serializable extends ClassStore {
Serializable() {
this.getConstructor().getDeclaringType().getASupertype*() instanceof TypeSerializable and
this.getConstructor().getDeclaringType().getAnAncestor() instanceof TypeSerializable and
// `Properties` are `Serializable`, but handled elsewhere.
not this instanceof Properties and
// restrict attention to tainted instances

2
java/ql/lib/semmle/code/java/security/CommandArguments.qll
View File

@@ -52,7 +52,7 @@ private predicate isShell(Expr ex) {
private class ListOfStringType extends CollectionType {
ListOfStringType() {
this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "List") and
this.getElementType().getASubtype*() instanceof TypeString
this.getElementType().getADescendant() instanceof TypeString
}
}

20
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -6,7 +6,7 @@ import java
class SSLClass extends RefType {
SSLClass() {
exists(Class c | this.getASupertype*() = c |
exists(Class c | this.getAnAncestor() = c |
c.hasQualifiedName("javax.net.ssl", _) or
c.hasQualifiedName("javax.rmi.ssl", _)
)
@@ -67,7 +67,7 @@ class KeyPairGenerator extends RefType {
class HostnameVerifierVerify extends Method {
HostnameVerifierVerify() {
this.hasName("verify") and
this.getDeclaringType().getASupertype*() instanceof HostnameVerifier and
this.getDeclaringType().getAnAncestor() instanceof HostnameVerifier and
this.getParameterType(0) instanceof TypeString and
this.getParameterType(1) instanceof SSLSession
}
@@ -76,7 +76,7 @@ class HostnameVerifierVerify extends Method {
class TrustManagerCheckMethod extends Method {
TrustManagerCheckMethod() {
(this.hasName("checkClientTrusted") or this.hasName("checkServerTrusted")) and
this.getDeclaringType().getASupertype*() instanceof X509TrustManager
this.getDeclaringType().getAnAncestor() instanceof X509TrustManager
}
}
@@ -105,14 +105,14 @@ class CreateSslEngineMethod extends Method {
class SetConnectionFactoryMethod extends Method {
SetConnectionFactoryMethod() {
this.hasName("setSSLSocketFactory") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
}
}
class SetHostnameVerifierMethod extends Method {
SetHostnameVerifierMethod() {
this.hasName("setHostnameVerifier") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
}
}
@@ -120,7 +120,7 @@ class SetHostnameVerifierMethod extends Method {
class SetDefaultHostnameVerifierMethod extends Method {
SetDefaultHostnameVerifierMethod() {
this.hasName("setDefaultHostnameVerifier") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
}
}
@@ -128,7 +128,7 @@ class SetDefaultHostnameVerifierMethod extends Method {
class BeginHandshakeMethod extends Method {
BeginHandshakeMethod() {
this.hasName("beginHandshake") and
this.getDeclaringType().getASupertype*() instanceof SSLEngine
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
}
}
@@ -136,7 +136,7 @@ class BeginHandshakeMethod extends Method {
class SslWrapMethod extends Method {
SslWrapMethod() {
this.hasName("wrap") and
this.getDeclaringType().getASupertype*() instanceof SSLEngine
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
}
}
@@ -144,7 +144,7 @@ class SslWrapMethod extends Method {
class SslUnwrapMethod extends Method {
SslUnwrapMethod() {
this.hasName("unwrap") and
this.getDeclaringType().getASupertype*() instanceof SSLEngine
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
}
}
@@ -152,7 +152,7 @@ class SslUnwrapMethod extends Method {
class GetSslSessionMethod extends Method {
GetSslSessionMethod() {
this.hasName("getSession") and
this.getDeclaringType().getASupertype*() instanceof SSLSession
this.getDeclaringType().getAnAncestor() instanceof SSLSession
}
}

2
java/ql/lib/semmle/code/java/security/FileWritable.qll
View File

@@ -17,7 +17,7 @@ private EnumConstant getAContainedEnumConstant(Expr enumSetRef) {
enumSetRef
.getType()
.(RefType)
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.util", "Set") and
(

2
java/ql/lib/semmle/code/java/security/FragmentInjection.qll
View File

@@ -11,7 +11,7 @@ private import semmle.code.java.Reflection
class IsValidFragmentMethod extends Method {
IsValidFragmentMethod() {
this.getDeclaringType()
.getASupertype*()
.getAnAncestor()
.hasQualifiedName("android.preference", "PreferenceActivity") and
this.hasName("isValidFragment")
}

2
java/ql/lib/semmle/code/java/security/GroovyInjection.qll
View File

@@ -164,6 +164,6 @@ private class TypeGroovySourceUnit extends RefType {
/** The class `org.codehaus.groovy.control.io.ReaderSource`. */
private class TypeReaderSource extends RefType {
TypeReaderSource() {
this.getASupertype*().hasQualifiedName("org.codehaus.groovy.control.io", "ReaderSource")
this.getAnAncestor().hasQualifiedName("org.codehaus.groovy.control.io", "ReaderSource")
}
}

2
java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
View File

@@ -57,7 +57,7 @@ private class SendPendingIntent extends ImplicitPendingIntentSink {
// implicit intents can't be started as services since API 21
not exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.getDeclaringType().getASupertype*() instanceof TypeContext and
m.getDeclaringType().getAnAncestor() instanceof TypeContext and
m.getName().matches(["start%Service%", "bindService%"]) and
this.asExpr() = ma.getArgument(0)
)

6
java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll
View File

@@ -48,7 +48,7 @@ private predicate isGuardedByInsecureFlag(DataFlow::Node node) {
*/
private class InsecureX509TrustManager extends RefType {
InsecureX509TrustManager() {
this.getASupertype*() instanceof X509TrustManager and
this.getAnAncestor() instanceof X509TrustManager and
exists(Method m |
m.getDeclaringType() = this and
m.hasName("checkServerTrusted") and
@@ -70,7 +70,7 @@ private class CertificateException extends RefType {
*/
private predicate mayThrowCertificateException(Method m) {
exists(ThrowStmt throwStmt |
throwStmt.getThrownExceptionType().getASupertype*() instanceof CertificateException
throwStmt.getThrownExceptionType().getAnAncestor() instanceof CertificateException
|
throwStmt.getEnclosingCallable() = m
)
@@ -79,7 +79,7 @@ private predicate mayThrowCertificateException(Method m) {
mayThrowCertificateException(otherMethod)
or
not otherMethod.fromSource() and
otherMethod.getAnException().getType().getASupertype*() instanceof CertificateException
otherMethod.getAnException().getType().getAnAncestor() instanceof CertificateException
)
}

6
java/ql/lib/semmle/code/java/security/JWT.qll
View File

@@ -7,8 +7,8 @@ private import semmle.code.java.dataflow.DataFlow
class JwtParserWithInsecureParseSource extends DataFlow::Node {
JwtParserWithInsecureParseSource() {
exists(MethodAccess ma, Method m |
m.getDeclaringType().getASupertype*() instanceof TypeJwtParser or
m.getDeclaringType().getASupertype*() instanceof TypeJwtParserBuilder
m.getDeclaringType().getAnAncestor() instanceof TypeJwtParser or
m.getDeclaringType().getAnAncestor() instanceof TypeJwtParserBuilder
|
this.asExpr() = ma and
ma.getMethod() = m and
@@ -31,7 +31,7 @@ class JwtParserWithInsecureParseSink extends DataFlow::Node {
insecureParseMa.getQualifier() = this.asExpr() and
exists(Method m |
insecureParseMa.getMethod() = m and
m.getDeclaringType().getASupertype*() instanceof TypeJwtParser and
m.getDeclaringType().getAnAncestor() instanceof TypeJwtParser and
m.hasName(["parse", "parseClaimsJwt", "parsePlaintextJwt"]) and
(
m.getNumberOfParameters() = 1

4
java/ql/lib/semmle/code/java/security/OgnlInjection.qll
View File

@@ -92,7 +92,7 @@ private predicate parseCompileExpressionStep(DataFlow::Node n1, DataFlow::Node n
private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) {
exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.getDeclaringType().getASupertype*() instanceof TypeNode and
m.getDeclaringType().getAnAncestor() instanceof TypeNode and
m.hasName("getAccessor")
|
n1.asExpr() = ma.getQualifier() and
@@ -108,7 +108,7 @@ private predicate setExpressionStep(DataFlow::Node n1, DataFlow::Node n2) {
exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.hasName("setExpression") and
m.getDeclaringType().getASupertype*() instanceof TypeExpressionAccessor
m.getDeclaringType().getAnAncestor() instanceof TypeExpressionAccessor
|
n1.asExpr() = ma.getArgument(0) and
n2.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier()

4
java/ql/lib/semmle/code/java/security/RandomQuery.qll
View File

@@ -57,7 +57,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) {
ma = e2 and
e1 = ma.getQualifier() and
m = ma.getMethod() and
exists(TypeNumber t | hasSubtype*(t, m.getDeclaringType())) and
exists(TypeNumber t | hasDescendant(t, m.getDeclaringType())) and
(
m.getName().matches("to%String") or
m.getName() = "toByteArray" or
@@ -69,7 +69,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) {
ma = e2 and
e1 = ma.getArgument(0) and
m = ma.getMethod() and
exists(TypeNumber t | hasSubtype*(t, m.getDeclaringType())) and
exists(TypeNumber t | hasDescendant(t, m.getDeclaringType())) and
(
m.getName().matches("parse%") or
m.getName().matches("valueOf%") or

2
java/ql/lib/semmle/code/java/security/SecurityTests.qll
View File

@@ -5,7 +5,7 @@ import java
/** A test class that is not a Semmle class or a Juliet test suite class. */
class NonSecurityTestClass extends TestClass {
NonSecurityTestClass() {
not exists(RefType s | this.getASupertype*().getSourceDeclaration() = s and s.fromSource() |
not exists(RefType s | this.getAnAncestor().getSourceDeclaration() = s and s.fromSource() |
s.getLocation().getFile().getAbsolutePath().matches("%semmle%") or
s.getLocation().getFile().getAbsolutePath().matches("%ql/java/ql/test/%") or
s.getLocation().getFile().getAbsolutePath().matches("%CWE%")

2
java/ql/lib/semmle/code/java/security/SensitiveActions.qll
View File

@@ -83,7 +83,7 @@ class AuthMethod extends SensitiveExecutionMethod {
// exclude "author", but not "authorize" or "authority"
not s.regexpMatch(".*[aA]uthors?([A-Z0-9_].*|$)")
) and
not this.getDeclaringType().getASupertype*() instanceof TypeException
not this.getDeclaringType().getAnAncestor() instanceof TypeException
}
}

2
java/ql/lib/semmle/code/java/security/SpelInjection.qll
View File

@@ -34,7 +34,7 @@ private class DefaultSpelExpressionInjectionAdditionalTaintStep extends SpelExpr
*/
private predicate expressionParsingStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(MethodAccess ma, Method m | ma.getMethod() = m |
m.getDeclaringType().getASupertype*() instanceof ExpressionParser and
m.getDeclaringType().getAnAncestor() instanceof ExpressionParser and
m.hasName(["parseExpression", "parseRaw"]) and
ma.getAnArgument() = node1.asExpr() and
node2.asExpr() = ma

4
java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll
View File

@@ -56,7 +56,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
SslEngineServerMode() {
exists(MethodAccess ma, Method m |
m.hasName("setUseClientMode") and
m.getDeclaringType().getASupertype*() instanceof SSLEngine and
m.getDeclaringType().getAnAncestor() instanceof SSLEngine and
ma.getMethod() = m and
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and
this.asExpr() = ma.getQualifier()
@@ -71,7 +71,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
private predicate isSslSocket(MethodAccess createSocket) {
createSocket = any(CastExpr ce | ce.getType() instanceof SSLSocket).getExpr()
or
createSocket.getQualifier().getType().(RefType).getASupertype*() instanceof SSLSocketFactory
createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SSLSocketFactory
}
/**

2
java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll
View File

@@ -46,7 +46,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma, RefType t | t instanceof SSLSocket or t instanceof SSLEngine |
ma.getMethod().hasName("setSSLParameters") and
ma.getMethod().getDeclaringType().getASupertype*() = t and
ma.getMethod().getDeclaringType().getAnAncestor() = t and
ma.getArgument(0) = sink.asExpr()
)
}

2
java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -240,7 +240,7 @@ class UnsafeDeserializationConfig extends TaintTracking::Configuration {
(
cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader or
cie.getConstructor().getDeclaringType() instanceof YamlBeansReader or
cie.getConstructor().getDeclaringType().getASupertype*() instanceof UnsafeHessianInput or
cie.getConstructor().getDeclaringType().getAnAncestor() instanceof UnsafeHessianInput or
cie.getConstructor().getDeclaringType() instanceof BurlapInput
)
)

2
java/ql/lib/semmle/code/java/security/XSS.qll
View File

@@ -79,7 +79,7 @@ private class XssVulnerableWriterSourceToWritingMethodFlowConfig extends TaintTr
/** A method that can be used to output data to an output stream or writer. */
private class WritingMethod extends Method {
WritingMethod() {
this.getDeclaringType().getASupertype*().hasQualifiedName("java.io", _) and
this.getDeclaringType().getAnAncestor().hasQualifiedName("java.io", _) and
(
this.getName().matches("print%") or
this.getName() = "append" or

4
java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql
View File

@@ -20,10 +20,10 @@ predicate canThrow(Callable callable, RefType exception) {
exists(string uncheckedException |
uncheckedException = "RuntimeException" or uncheckedException = "Error"
|
exception.getASupertype*().hasQualifiedName("java.lang", uncheckedException)
exception.getAnAncestor().hasQualifiedName("java.lang", uncheckedException)
)
or
callable.getAnException().getType().getASubtype*() = exception
callable.getAnException().getType().getADescendant() = exception
}
from ThrowsTag throwsTag, RefType thrownType, Callable docMethod

4
java/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql
View File

@@ -50,8 +50,8 @@ predicate query(Method m, RefType targetType, int selfCount, int depCount) {
not m instanceof InitializerMethod and
// Do not move up/down the class hierarchy
not (
sourceType.getASupertype*().getSourceDeclaration() = targetType or
targetType.getASupertype*().getSourceDeclaration() = sourceType
sourceType.getAnAncestor().getSourceDeclaration() = targetType or
targetType.getAnAncestor().getSourceDeclaration() = sourceType
) and
// Do not move between nested types
not (sourceType.getEnclosingType*() = targetType or targetType.getEnclosingType*() = sourceType) and

2
java/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
View File

@@ -18,7 +18,7 @@ where
ioe.getExpr() instanceof ThisAccess and
t = ioe.getExpr().getType() and
ct = ioe.getCheckedType() and
ct.getASupertype*() = t
ct.getAnAncestor() = t
select ioe,
"Testing whether 'this' is an instance of $@ in $@ introduces a dependency cycle between the two types.",
ct, ct.getName(), t, t.getName()

2
java/ql/src/Language Abuse/UselessTypeTest.ql
View File

@@ -16,7 +16,7 @@ from InstanceOfExpr ioe, RefType t, RefType ct
where
t = ioe.getExpr().getType() and
ct = ioe.getCheckedType() and
ct = t.getASupertype+()
ct = t.getAStrictAncestor()
select ioe,
"There is no need to test whether an instance of $@ is also an instance of $@ - it always is.", t,
t.getName(), ct, ct.getName()

2
java/ql/src/Language Abuse/UselessUpcast.ql
View File

@@ -64,7 +64,7 @@ where
src = cse.getExpr().getType() and
dest = cse.getType()
) and
dest = src.getASupertype+() and
dest = src.getAStrictAncestor() and
not usefulUpcast(e)
select e, "There is no need to upcast from $@ to $@ - the conversion can be done implicitly.", src,
src.getName(), dest, dest.getName()

2
java/ql/src/Language Abuse/WrappedIterator.ql
View File

@@ -27,7 +27,7 @@ predicate iteratorWrapper(Iterable it, Field f, boolean wrap) {
// ... whose type is a sub-type of `java.util.Iterator` and ...
f.getType()
.(RefType)
.getASupertype*()
.getAnAncestor()
.getSourceDeclaration()
.hasQualifiedName("java.util", "Iterator") and
// ... whose value is returned by the `iterator()` method of this class ...

2
java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql
View File

@@ -118,7 +118,7 @@ class MismatchedContainerAccess extends MethodAccess {
containerAccess(package, type, p, this.getCallee().getSignature(), i)
|
t = this.getCallee().getDeclaringType() and
t.getASupertype*().getSourceDeclaration() = g and
t.getAnAncestor().getSourceDeclaration() = g and
g.hasQualifiedName(package, type) and
indirectlyInstantiates(t, g, p, result)
)

2
java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql
View File

@@ -88,7 +88,7 @@ class MismatchedContainerModification extends MethodAccess {
containerModification(package, type, p, this.getCallee().getSignature(), i)
|
t = this.getCallee().getDeclaringType() and
t.getASupertype*().getSourceDeclaration() = g and
t.getAnAncestor().getSourceDeclaration() = g and
g.hasQualifiedName(package, type) and
indirectlyInstantiates(t, g, p, result)
)

4
java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql
View File

@@ -14,7 +14,7 @@ import java
private predicate implementsComparable(RefType t, RefType param) {
exists(ParameterizedType pt |
t.getASupertype*() = pt and
t.getAnAncestor() = pt and
pt.getSourceDeclaration().hasQualifiedName("java.lang", "Comparable") and
param = pt.getATypeArgument() and
not param instanceof Wildcard and
@@ -40,7 +40,7 @@ private predicate compareTo(RefType declaring, Method m, RefType param) {
m.fromSource() and
m.getAParamType() = param and
declaring = m.getDeclaringType() and
declaring.getASupertype*().getSourceDeclaration().hasQualifiedName("java.lang", "Comparable")
declaring.getAnAncestor().getSourceDeclaration().hasQualifiedName("java.lang", "Comparable")
}
from Method m, Class t, Type actual, Type desired

2
java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql
View File

@@ -18,7 +18,7 @@ class RunMethod extends Method {
RunMethod() {
this.hasName("run") and
this.hasNoParameters() and
this.getDeclaringType().getASupertype*().hasQualifiedName("java.lang", "Thread")
this.getDeclaringType().getAnAncestor().hasQualifiedName("java.lang", "Thread")
}
}

2
java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql
View File

@@ -17,7 +17,7 @@ import java
from Method m
where
m.getDeclaringType().getASupertype*() instanceof TypeSerializable and
m.getDeclaringType().getAnAncestor() instanceof TypeSerializable and
m.hasName("writeObject") and
m.getNumberOfParameters() = 1 and
m.getAParamType() instanceof TypeObjectOutputStream and

2
java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql
View File

@@ -17,7 +17,7 @@ from FinalizeMethod m, Class c, FinalizeMethod mSuper, Class cSuper
where
m.getDeclaringType() = c and
mSuper.getDeclaringType() = cSuper and
c.getASupertype+() = cSuper and
c.getAStrictAncestor() = cSuper and
not cSuper instanceof TypeObject and
not exists(m.getBody().getAChild())
select m, "Finalize in " + c.getName() + " nullifies finalize in " + cSuper.getName() + "."

2
java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql
View File

@@ -21,6 +21,6 @@ where
(
not m.isPublic() or
not m.isStatic() or
not m.getReturnType().(RefType).getASupertype*() = junitTest
not m.getReturnType().(RefType).getAnAncestor() = junitTest
)
select m, "Bad declaration for suite method."

6
java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql
View File

@@ -46,13 +46,13 @@ where
ma = unqualifiedCallToNonAbstractMethod(c, m) and
// ... there exists an overriding method in a subtype,
n.overrides+(m) and
n.getDeclaringType().getASupertype+() = c.getDeclaringType() and
n.getDeclaringType().getAStrictAncestor() = c.getDeclaringType() and
// ... the method is in a supertype of c,
m.getDeclaringType() = c.getDeclaringType().getASupertype*() and
m.getDeclaringType() = c.getDeclaringType().getAnAncestor() and
// ... `n` reads a non-final field `f`,
fa = nonFinalFieldRead(n, f) and
// ... which is declared in a subtype of `c`,
f.getDeclaringType().getASupertype+() = c.getDeclaringType() and
f.getDeclaringType().getAStrictAncestor() = c.getDeclaringType() and
// ... `f` is written only in the subtype constructor, and
fw = fieldWriteOnlyIn(d, f) and
// ... the subtype constructor calls (possibly indirectly) the offending super constructor.

2
java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
View File

@@ -38,7 +38,7 @@ predicate contradictoryTypeCheck(Expr e, Variable v, RefType t, RefType sup, Exp
exists(SsaVariable ssa |
ssa.getSourceVariable().getVariable() = v and
requiresInstanceOf(e, ssa.getAUse(), t) and
sup = t.getASupertype*() and
sup = t.getAnAncestor() and
instanceOfCheck(cond, ssa.getAUse(), sup) and
cond.(Guard).controls(e.getBasicBlock(), false)
)

2
java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql
View File

@@ -23,7 +23,7 @@ where
// completely to distinguish grammatical punctuation after which a space is
// needed, and intra-identifier punctuation in, for example, a fully
// qualified java class name.
s.getLiteral()
pragma[only_bind_into](s).getLiteral()
.regexpCapture(".* (([-A-Za-z/'\\.:,]*[a-zA-Z]|[0-9]+)[\\.:,;!?']*)\"[^\"]*\\+[^\"]*\"[a-zA-Z].*",
1) = word and
not word.regexpMatch(".*[,\\.:].*[a-zA-Z].*[^a-zA-Z]")

4
java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
View File

@@ -16,14 +16,14 @@
import CloseType
predicate readerType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() |
exists(RefType sup | sup = t.getAnAncestor() |
sup.hasQualifiedName("java.io", ["Reader", "InputStream"]) or
sup.hasQualifiedName("java.util.zip", "ZipFile")
)
}
predicate safeReaderType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() |
exists(RefType sup | sup = t.getAnAncestor() |
sup.hasQualifiedName("java.io", ["CharArrayReader", "StringReader", "ByteArrayInputStream"])
or
// Note: It is unclear which specific class this is supposed to match

6
java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll
View File

@@ -19,7 +19,7 @@ private predicate flowsInto(Expr e, Variable v) {
* (Prior to Java 7, these types were not subtypes of `Closeable` or `AutoCloseable`.)
*/
predicate sqlType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() and sup.getAMethod().hasName("close") |
exists(RefType sup | sup = t.getAnAncestor() and sup.getAMethod().hasName("close") |
sup.hasQualifiedName("java.sql", "Connection") or
sup.hasQualifiedName("java.sql", "Statement") or
sup.hasQualifiedName("java.sql", "ResultSet")
@@ -31,7 +31,7 @@ predicate sqlType(RefType t) {
* or a closeable type in the `java.sql` package.
*/
private predicate closeableType(RefType t) {
exists(RefType supertype | supertype = t.getASupertype*() |
exists(RefType supertype | supertype = t.getAnAncestor() |
supertype.hasName("Closeable") or
supertype.hasName("AutoCloseable") or
sqlType(supertype)
@@ -301,7 +301,7 @@ predicate noNeedToClose(CloseableInitExpr cie) {
or
exists(CloseableInitExpr sqlStmt, LocalVariableDecl v |
// If a `java.sql.Statement` is closed, an associated `java.sql.ResultSet` is implicitly closed.
sqlStmt.getType().(RefType).getASupertype*() instanceof TypeStatement and
sqlStmt.getType().(RefType).getAnAncestor() instanceof TypeStatement and
flowsInto(sqlStmt, v) and
closedResource(sqlStmt) and
cie.getType() instanceof TypeResultSet and

4
java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
View File

@@ -16,13 +16,13 @@
import CloseType
predicate writerType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() |
exists(RefType sup | sup = t.getAnAncestor() |
sup.hasQualifiedName("java.io", ["Writer", "OutputStream"])
)
}
predicate safeWriterType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() |
exists(RefType sup | sup = t.getAnAncestor() |
sup.hasQualifiedName("java.io", ["CharArrayWriter", "StringWriter", "ByteArrayOutputStream"])
)
}

2
java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql
View File

@@ -21,5 +21,5 @@ where
not f.isStatic() or
not f.getType().hasName("long")
) and
f.getDeclaringType().getASupertype+() instanceof TypeSerializable
f.getDeclaringType().getAStrictAncestor() instanceof TypeSerializable
select f, "serialVersionUID should be final, static, and of type long."

2
java/ql/src/Likely Bugs/Serialization/NonSerializableComparator.ql
View File

@@ -29,7 +29,7 @@ predicate sortedCollectionBaseType(RefType t) {
}
predicate sortedCollectionType(RefType t) {
sortedCollectionBaseType(t.getASupertype*().getSourceDeclaration())
sortedCollectionBaseType(t.getAnAncestor().getSourceDeclaration())
}
string nameFor(Class c) {

6
java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql
View File

@@ -29,7 +29,7 @@ predicate serializableOrExternalizable(Interface interface) {
predicate collectionOrMapType(RefType t) { t instanceof CollectionType or t instanceof MapType }
predicate serializableType(RefType t) {
exists(RefType sup | sup = t.getASupertype*() | serializableOrExternalizable(sup))
exists(RefType sup | sup = t.getAnAncestor() | serializableOrExternalizable(sup))
or
// Collection interfaces are not serializable, but their implementations are
// likely to be.
@@ -77,7 +77,7 @@ predicate exceptions(Class c, Field f) {
f.isStatic()
or
// Classes that implement `Externalizable` completely take over control during serialization.
externalizable(c.getASupertype+())
externalizable(c.getAStrictAncestor())
or
// Stateless session beans are not normally serialized during their usual life-cycle
// but are forced by their expected supertype to be serializable.
@@ -92,7 +92,7 @@ predicate exceptions(Class c, Field f) {
from Class c, Field f, string reason
where
c.fromSource() and
c.getASupertype+() instanceof TypeSerializable and
c.getAStrictAncestor() instanceof TypeSerializable and
f.getDeclaringType() = c and
not exceptions(c, f) and
reason = nonSerialReason(f.getType())

2
java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
View File

@@ -14,7 +14,7 @@
import java
import semmle.code.java.JDKAnnotations
predicate isSerializable(RefType t) { t.getASupertype*() instanceof TypeSerializable }
predicate isSerializable(RefType t) { t.getAnAncestor() instanceof TypeSerializable }
predicate withinStaticContext(NestedClass c) {
c.isStatic() or

4
java/ql/src/Likely Bugs/Statements/Chaining.qll
View File

@@ -19,7 +19,7 @@ private predicate nonChaining(Method m) {
not exists(m.getBody()) and
(
// ... it has the wrong return type, ...
not hasSubtype*(m.getReturnType(), m.getDeclaringType())
not hasDescendant(m.getReturnType(), m.getDeclaringType())
or
// ... it is defined on an immutable type, or ...
m.getDeclaringType() instanceof ImmutableType
@@ -44,7 +44,7 @@ private predicate nonChainingReturn(Method m, ReturnStmt ret) {
or
delegate.isStatic()
or
not hasSubtype*(m.getReturnType(), delegate.getReturnType())
not hasDescendant(m.getReturnType(), delegate.getReturnType())
or
// A method on the wrong object is called.
not delegateCall.isOwnMethodAccess()

8
java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql
View File

@@ -70,8 +70,8 @@ private RefType caughtType(TryStmt try, int index) {
}
private predicate maybeUnchecked(RefType t) {
t.getASupertype*().hasQualifiedName("java.lang", "RuntimeException") or
t.getASupertype*().hasQualifiedName("java.lang", "Error") or
t.getAnAncestor().hasQualifiedName("java.lang", "RuntimeException") or
t.getAnAncestor().hasQualifiedName("java.lang", "Error") or
t.hasQualifiedName("java.lang", "Exception") or
t.hasQualifiedName("java.lang", "Throwable")
}
@@ -80,14 +80,14 @@ predicate overlappingExceptions(RefType e1, RefType e2) {
exists(RefType throwable | throwable.hasQualifiedName("java.lang", "Throwable") |
throwable.hasSubtype*(e1) and
throwable.hasSubtype*(e2) and
e1.getASubtype*() = e2.getASubtype*()
e1.getADescendant() = e2.getADescendant()
)
}
from TryStmt try, int first, int second, RefType masking, RefType masked, string multiCatchMsg
where
masking = caughtType(try, first) and
masking.getASupertype+() = masked and
masking.getAStrictAncestor() = masked and
masked = caughtType(try, second) and
forall(RefType thrownType |
thrownType = getAThrownExceptionType(try) and

8
java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql
View File

@@ -34,12 +34,12 @@ predicate isMockingMethod(Method m) {
}
predicate isReceiverClauseMethod(Method m) {
m.getDeclaringType().getASupertype*().hasQualifiedName("org.jmock.syntax", "ReceiverClause") and
m.getDeclaringType().getAnAncestor().hasQualifiedName("org.jmock.syntax", "ReceiverClause") and
m.hasName("of")
}
predicate isCardinalityClauseMethod(Method m) {
m.getDeclaringType().getASupertype*().hasQualifiedName("org.jmock.syntax", "CardinalityClause") and
m.getDeclaringType().getAnAncestor().hasQualifiedName("org.jmock.syntax", "CardinalityClause") and
(
m.hasName("allowing") or
m.hasName("ignoring") or
@@ -54,7 +54,7 @@ predicate isCardinalityClauseMethod(Method m) {
}
predicate isStubberMethod(Method m) {
m.getDeclaringType().getASupertype*().hasQualifiedName("org.mockito.stubbing", "Stubber") and
m.getDeclaringType().getAnAncestor().hasQualifiedName("org.mockito.stubbing", "Stubber") and
(
m.hasName("when") or
m.hasName("doThrow") or
@@ -69,7 +69,7 @@ predicate isStubberMethod(Method m) {
* Some mocking methods must _always_ be used as a qualifier.
*/
predicate isMustBeQualifierMockingMethod(Method m) {
m.getDeclaringType().getASupertype*().hasQualifiedName("org.mockito", "Mockito") and
m.getDeclaringType().getAnAncestor().hasQualifiedName("org.mockito", "Mockito") and
m.hasName("verify")
}

2
java/ql/src/Performance/InnerClassCouldBeStatic.ql
View File

@@ -21,7 +21,7 @@ pragma[nomagic]
predicate inherits(Class c, Field f) {
f = c.getAField()
or
not f.isPrivate() and c.getASupertype+().getAField() = f
not f.isPrivate() and c.getAStrictAncestor().getAField() = f
}
/**

2
java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
View File

@@ -29,7 +29,7 @@ class ArchiveEntryNameMethod extends Method {
archiveEntry.hasQualifiedName("java.util.zip", "ZipEntry") or
archiveEntry.hasQualifiedName("org.apache.commons.compress.archivers", "ArchiveEntry")
|
this.getDeclaringType().getASupertype*() = archiveEntry and
this.getDeclaringType().getAnAncestor() = archiveEntry and
this.hasName("getName")
)
}

2
java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
View File

@@ -34,7 +34,7 @@ private predicate alwaysReturnsTrue(HostnameVerifierVerify m) {
*/
class TrustAllHostnameVerifier extends RefType {
TrustAllHostnameVerifier() {
this.getASupertype*() instanceof HostnameVerifier and
this.getAnAncestor() instanceof HostnameVerifier and
exists(HostnameVerifierVerify m |
m.getDeclaringType() = this and
alwaysReturnsTrue(m)

2
java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql
View File

@@ -134,7 +134,7 @@ predicate inDifferentBranches(MethodAccess ma1, MethodAccess ma2) {
/** The method access `ma` occurs in method `runnable`, which is an implementation of `Runnable.run()`. */
predicate inRunnable(MethodAccess ma, Method runnable) {
runnable.getName() = "run" and
runnable.getDeclaringType().getASupertype+().hasQualifiedName("java.lang", "Runnable") and
runnable.getDeclaringType().getAStrictAncestor().hasQualifiedName("java.lang", "Runnable") and
ma.getEnclosingCallable() = runnable
}

12
java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql
View File

@@ -14,6 +14,14 @@
import java
import semmle.code.java.Reflection
/**
* Gets a transitive superType avoiding magic optimisation
*/
pragma[nomagic]
cached private RefType getASuperTypePlus(RefType t) {
hasDescendant(result, t) and result != t
}
/**
* A class or interface that is not used anywhere.
*/
@@ -35,7 +43,7 @@ predicate dead(RefType dead) {
// Exclude type variables.
not dead instanceof BoundedType and
// Exclude JUnit tests.
not dead.getASupertype*().hasName("TestCase") and
not dead.getAnAncestor().hasName("TestCase") and
// Exclude enum types.
not dead instanceof EnumType and
// Exclude anonymous classes
@@ -43,7 +51,7 @@ predicate dead(RefType dead) {
// Exclude classes that look like they may be reflectively constructed.
not dead.getAnAnnotation() instanceof ReflectiveAccessAnnotation and
// Insist all source ancestors are dead as well.
forall(RefType t | t.fromSource() and t = dead.getASupertype+() | dead(t))
forall(RefType t | t.fromSource() and t = getASuperTypePlus(dead) | dead(t))
}
from RefType t, string kind

2
java/ql/src/Violations of Best Practice/Dead Code/FinalizerNullsFields.ql
View File

@@ -17,6 +17,6 @@ where
assign.getEnclosingCallable() = m and
null.getParent() = assign and
lhs = assign.getDest() and
lhs.getField().getDeclaringType() = m.getDeclaringType().getASupertype*() and
lhs.getField().getDeclaringType() = m.getDeclaringType().getAnAncestor() and
m.fromSource()
select assign, "Finalizer nulls fields."

2
java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql
View File

@@ -22,7 +22,7 @@ from Method method, Method objMethod, Interface impossible
where
method.getDeclaringType() = impossible and
objMethod = protectedObjectMethod(method.getSignature()) and
not hasSubtype*(objMethod.getReturnType(), method.getReturnType())
not hasDescendant(objMethod.getReturnType(), method.getReturnType())
select method,
"This method's return type conflicts with Object." + method.getName() +
" so $@ can never be implemented.", impossible, impossible.getName()

2
java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql
View File

@@ -52,7 +52,7 @@ where
// Check that all exceptions thrown in the try block are
// either more specific than the caught type or unrelated to it.
not exists(Type et | et = getAThrownExceptionType(t) |
et.(RefType).getASubtype*().hasQualifiedName("java.lang", typeName)
et.(RefType).getADescendant().hasQualifiedName("java.lang", typeName)
)
select cc,
"Do not catch '" + cc.getVariable().getType() + "'" + "; " + message +

4
java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql
View File

@@ -17,13 +17,13 @@ class SpecialMethod extends Method {
predicate isMethod(string pack, string clss, string name, int numparam) {
this.hasName(name) and
this.getNumberOfParameters() = numparam and
this.getDeclaringType().getASupertype*().getSourceDeclaration().hasQualifiedName(pack, clss)
this.getDeclaringType().getAnAncestor().getSourceDeclaration().hasQualifiedName(pack, clss)
}
}
predicate unboundedQueue(RefType t) {
exists(string pack, string clss |
t.getASupertype*().getSourceDeclaration().hasQualifiedName(pack, clss)
t.getAnAncestor().getSourceDeclaration().hasQualifiedName(pack, clss)
|
pack = "java.util" and clss = "ArrayDeque"
or

2
java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
View File

@@ -22,6 +22,6 @@ where
) and
not exists(Callable c |
e.getEnclosingCallable() = c and
c.getAThrownExceptionType().getASubtype*() instanceof NumberFormatException
c.getAThrownExceptionType().getADescendant() instanceof NumberFormatException
)
select e, "Potential uncaught 'java.lang.NumberFormatException'."

6
java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
View File

@@ -18,7 +18,7 @@ import semmle.code.java.dataflow.DefUse
predicate relevantType(RefType t) {
t instanceof Array
or
exists(RefType sup | sup = t.getASupertype*().getSourceDeclaration() |
exists(RefType sup | sup = t.getAnAncestor().getSourceDeclaration() |
sup.hasQualifiedName("java.util", "Map") or
sup.hasQualifiedName("java.util", "Collection")
)
@@ -41,14 +41,14 @@ predicate modifyMethod(Method m) {
}
predicate storesArray(Callable c, int i, Field f) {
f.getDeclaringType() = c.getDeclaringType().getASupertype*().getSourceDeclaration() and
f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and
relevantType(f.getType()) and
exists(Parameter p | p = c.getParameter(i) | f.getAnAssignedValue() = p.getAnAccess()) and
not c.isStatic()
}
predicate returnsArray(Callable c, Field f) {
f.getDeclaringType() = c.getDeclaringType().getASupertype*().getSourceDeclaration() and
f.getDeclaringType() = c.getDeclaringType().getAnAncestor().getSourceDeclaration() and
relevantType(f.getType()) and
exists(ReturnStmt rs | rs.getEnclosingCallable() = c and rs.getResult() = f.getAnAccess()) and
not c.isStatic()

2
java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll
View File

@@ -263,7 +263,7 @@ private predicate almostPrivate(Field f) {
or
exists(Interface i | i = f.getDeclaringType() |
forall(VarAccess va | va.getVariable() = f |
va.getEnclosingCallable().getDeclaringType().getASupertype*() = i
va.getEnclosingCallable().getDeclaringType().getAnAncestor() = i
)
)
}

2
java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql
View File

@@ -52,7 +52,7 @@ predicate trivialContext(Literal e) {
or
// Message in an exception.
exists(ClassInstanceExpr constr |
constr.getType().(RefType).getASupertype+().hasName("Exception") and
constr.getType().(RefType).getAStrictAncestor().hasName("Exception") and
e = constr.getArgument(0)
)
}

4
java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverridesNames.ql
View File

@@ -20,7 +20,7 @@ import java
predicate methodNames(RefType t, Method m, string lowercase, string name) {
exists(RefType t2 |
m.getDeclaringType() = t2 and
hasSubtype*(t2, t)
hasDescendant(t2, t)
) and
name = m.getName() and
lowercase = name.toLowerCase() and
@@ -65,7 +65,7 @@ where
) and
not exists(Method mid |
confusing(m1, mid) and
mid.getDeclaringType().getASupertype+() = m2.getDeclaringType()
mid.getDeclaringType().getAStrictAncestor() = m2.getDeclaringType()
) and
not exists(Method notConfusing |
notConfusing.getDeclaringType() = m1.getDeclaringType() and

Some files were not shown because too many files have changed in this diff Show More