hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into LoadClassNoSignatureCheck

Browse Source
This commit is contained in:
masterofnow
2023-11-14 09:22:30 +08:00
committed by GitHub
parent 532f6a5b0c c14d4042e0
commit 7d774f1a51
157 changed files with 14598 additions and 809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.py
View File

@@ -1,10 +1,6 @@
import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

3
java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/skip-on-platform-osx-arm Normal file
View File

@@ -0,0 +1,3 @@
2023-11-08:
There is no Java 8 build available for OSX Arm, therefore this test fails.

1
java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
View File

@@ -6,7 +6,6 @@ import java
import SSA
private import semmle.code.java.controlflow.internal.GuardsLogic
private import semmle.code.java.frameworks.apache.Collections
private import RangeUtils
private import IntegerGuards
/** Gets an expression that is always `null`. */

40
java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
View File

@@ -241,6 +241,10 @@ module Sem implements Semantic {
AddressType() { none() }
}
Type getExprType(Expr e) { result = e.getType() }
Type getSsaType(SsaVariable var) { result = var.getSourceVariable().getType() }
final private class FinalSsaVariable = SSA::SsaVariable;
class SsaVariable extends FinalSsaVariable {
@@ -255,6 +259,8 @@ module Sem implements Semantic {
Expr getDefiningExpr() { result = super.getDefiningExpr() }
}
predicate additionalValueFlowStep = RU::additionalValueFlowStep/3;
predicate conversionCannotOverflow = safeCast/2;
}
@@ -279,7 +285,7 @@ module Modulus implements ModulusAnalysisSig<Sem> {
class ModBound = Bound;
private import codeql.rangeanalysis.ModulusAnalysis as Mod
import Mod::ModulusAnalysis<Location, Sem, IntDelta, Bounds, Utils>
import Mod::ModulusAnalysis<Location, Sem, IntDelta, Bounds>
}
module IntDelta implements DeltaSig {
@@ -330,7 +336,7 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
/**
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(Sem::Expr e2, Sem::Expr e1, int delta, boolean upper) {
predicate additionalBoundFlowStep(Sem::Expr e2, Sem::Expr e1, int delta, boolean upper) {
exists(RandomDataSource rds |
e2 = rds.getOutput() and
(
@@ -360,37 +366,9 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
predicate ignoreExprBound(Sem::Expr e) { none() }
predicate additionalValueFlowStep(Sem::Expr dest, Sem::Expr src, int delta) { none() }
Sem::Type getAlternateType(Sem::Expr e) { none() }
Sem::Type getAlternateTypeForSsaVariable(Sem::SsaVariable var) { none() }
predicate javaCompatibility() { any() }
}
module Utils implements UtilSig<Sem, IntDelta> {
private import RangeUtils as RU
Sem::Guard semEqFlowCond(
Sem::SsaVariable v, Sem::Expr e, int delta, boolean isEq, boolean testIsTrue
) {
result = RU::eqFlowCond(v, e, delta, isEq, testIsTrue)
}
predicate semSsaUpdateStep(Sem::SsaExplicitUpdate v, Sem::Expr e, int delta) {
RU::ssaUpdateStep(v, e, delta)
}
predicate semValueFlowStep = RU::valueFlowStep/3;
Sem::Type getTrackedTypeForSsaVariable(Sem::SsaVariable var) {
result = var.getSourceVariable().getType()
}
Sem::Type getTrackedType(Sem::Expr e) { result = e.getType() }
}
module Bounds implements BoundSig<Location, Sem, IntDelta> {
class SemBound = Bound;
@@ -408,7 +386,7 @@ module Overflow implements OverflowSig<Sem, IntDelta> {
}
module Range =
RangeStage<Location, Sem, IntDelta, Bounds, Overflow, JavaLangImpl, SignInp, Modulus, Utils>;
RangeStage<Location, Sem, IntDelta, Bounds, Overflow, JavaLangImpl, SignInp, Modulus>;
predicate bounded = Range::semBounded/5;

84
java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
View File

@@ -15,10 +15,16 @@ private predicate backEdge = U::backEdge/3;
predicate ssaRead = U::ssaRead/2;
predicate ssaUpdateStep = U::ssaUpdateStep/3;
predicate valueFlowStep = U::valueFlowStep/3;
predicate guardDirectlyControlsSsaRead = U::guardDirectlyControlsSsaRead/3;
predicate guardControlsSsaRead = U::guardControlsSsaRead/3;
predicate eqFlowCond = U::eqFlowCond/5;
/**
* Holds if `v` is an input to `phi` that is not along a back edge, and the
* only other input to `phi` is a `null` value.
@@ -156,89 +162,13 @@ class ConstantStringExpr extends Expr {
string getStringValue() { constantStringExpr(this, result) }
}
/**
* Gets a condition that tests whether `v` equals `e + delta`.
*
* If the condition evaluates to `testIsTrue`:
* - `isEq = true` : `v == e + delta`
* - `isEq = false` : `v != e + delta`
*/
Guard eqFlowCond(SsaVariable v, Expr e, int delta, boolean isEq, boolean testIsTrue) {
exists(boolean eqpolarity |
result.isEquality(ssaRead(v, delta), e, eqpolarity) and
(testIsTrue = true or testIsTrue = false) and
eqpolarity.booleanXor(testIsTrue).booleanNot() = isEq
)
or
exists(boolean testIsTrue0 |
implies_v2(result, testIsTrue, eqFlowCond(v, e, delta, isEq, testIsTrue0), testIsTrue0)
)
}
/**
* Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
*/
predicate ssaUpdateStep(SsaExplicitUpdate v, Expr e, int delta) {
v.getDefiningExpr().(VariableAssign).getSource() = e and delta = 0
or
v.getDefiningExpr().(PostIncExpr).getExpr() = e and delta = 1
or
v.getDefiningExpr().(PreIncExpr).getExpr() = e and delta = 1
or
v.getDefiningExpr().(PostDecExpr).getExpr() = e and delta = -1
or
v.getDefiningExpr().(PreDecExpr).getExpr() = e and delta = -1
or
v.getDefiningExpr().(AssignOp) = e and delta = 0
}
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate valueFlowStep(Expr e2, Expr e1, int delta) {
e2.(AssignExpr).getSource() = e1 and delta = 0
or
e2.(PlusExpr).getExpr() = e1 and delta = 0
or
e2.(PostIncExpr).getExpr() = e1 and delta = 0
or
e2.(PostDecExpr).getExpr() = e1 and delta = 0
or
e2.(PreIncExpr).getExpr() = e1 and delta = 1
or
e2.(PreDecExpr).getExpr() = e1 and delta = -1
or
predicate additionalValueFlowStep(Expr e2, Expr e1, int delta) {
exists(ArrayCreationExpr a |
arrayLengthDef(e2, a) and
a.getDimension(0) = e1 and
delta = 0
)
or
exists(Expr x |
e2.(AddExpr).hasOperands(e1, x)
or
exists(AssignAddExpr add | add = e2 |
add.getDest() = e1 and add.getRhs() = x
or
add.getDest() = x and add.getRhs() = e1
)
|
x.(ConstantIntegerExpr).getIntValue() = delta
)
or
exists(Expr x |
exists(SubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
)
or
exists(AssignSubExpr sub |
e2 = sub and
sub.getDest() = e1 and
sub.getRhs() = x
)
|
x.(ConstantIntegerExpr).getIntValue() = -delta
)
}

8
java/ql/test/library-tests/dataflow/modulus-analysis/ModulusAnalysis.expected
View File

@@ -4,9 +4,11 @@
| ModulusAnalysis.java:4:5:4:22 | ...=... | 0 | 43 | 0 |
| ModulusAnalysis.java:4:5:4:22 | c2 | 0 | 43 | 0 |
| ModulusAnalysis.java:4:20:4:21 | 43 | 0 | 43 | 0 |
| ModulusAnalysis.java:7:13:7:22 | eq | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:7:18:7:18 | i | SSA init(i) | 0 | 0 |
| ModulusAnalysis.java:7:18:7:22 | ... + ... | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:7:22:7:22 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:9:13:9:29 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:9:19:9:20 | eq | SSA def(eq) | 0 | 0 |
| ModulusAnalysis.java:9:19:9:20 | eq | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:9:19:9:25 | ... * ... | 0 | 0 | 42 |
@@ -14,6 +16,7 @@
| ModulusAnalysis.java:9:24:9:25 | c1 | 0 | 42 | 0 |
| ModulusAnalysis.java:9:24:9:25 | c1 | SSA init(this.c1) | 0 | 0 |
| ModulusAnalysis.java:9:29:9:29 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:11:13:11:21 | seven | 0 | 7 | 0 |
| ModulusAnalysis.java:11:21:11:21 | 7 | 0 | 7 | 0 |
| ModulusAnalysis.java:12:13:12:15 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:12:13:12:15 | mul | SSA def(mul) | 0 | 0 |
@@ -24,6 +27,7 @@
| ModulusAnalysis.java:13:32:13:34 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:13:32:13:34 | mul | 0 | 7 | 43 |
| ModulusAnalysis.java:13:32:13:34 | mul | SSA def(mul) | 0 | 0 |
| ModulusAnalysis.java:16:13:18:23 | j | 0 | 3 | 4 |
| ModulusAnalysis.java:16:17:18:23 | ...?...:... | 0 | 3 | 4 |
| ModulusAnalysis.java:17:15:17:15 | i | SSA init(i) | 0 | 0 |
| ModulusAnalysis.java:17:15:17:19 | ... * ... | 0 | 0 | 4 |
@@ -66,6 +70,7 @@
| ModulusAnalysis.java:26:32:26:36 | ... - ... | SSA init(x) | 35 | 42 |
| ModulusAnalysis.java:26:36:26:36 | y | 0 | 7 | 42 |
| ModulusAnalysis.java:26:36:26:36 | y | SSA init(y) | 0 | 0 |
| ModulusAnalysis.java:29:13:29:35 | l | 0 | 1 | 4 |
| ModulusAnalysis.java:29:17:29:26 | arr.length | SSA impl upd[untracked](arr.length) | 0 | 0 |
| ModulusAnalysis.java:29:17:29:30 | ... * ... | 0 | 0 | 4 |
| ModulusAnalysis.java:29:17:29:35 | ... - ... | 0 | 1 | 4 |
@@ -104,12 +109,14 @@
| ModulusAnalysis.java:49:25:49:25 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:50:32:50:32 | x | 0 | 3 | 16 |
| ModulusAnalysis.java:50:32:50:32 | x | SSA init(x) | 0 | 0 |
| ModulusAnalysis.java:56:18:56:22 | i | 0 | 0 | 0 |
| ModulusAnalysis.java:56:22:56:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:56:25:56:25 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:56:29:56:31 | cap | SSA init(cap) | 0 | 0 |
| ModulusAnalysis.java:56:34:56:34 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:56:34:56:36 | ...++ | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:57:32:57:32 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:59:18:59:22 | j | 0 | 0 | 0 |
| ModulusAnalysis.java:59:22:59:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:59:25:59:25 | j | SSA phi(j) | 0 | 0 |
| ModulusAnalysis.java:59:29:59:31 | cap | SSA init(cap) | 0 | 0 |
@@ -117,6 +124,7 @@
| ModulusAnalysis.java:59:34:59:39 | ...+=... | SSA phi(j) | 1 | 0 |
| ModulusAnalysis.java:59:39:59:39 | 1 | 0 | 1 | 0 |
| ModulusAnalysis.java:60:32:60:32 | j | SSA phi(j) | 0 | 0 |
| ModulusAnalysis.java:62:18:62:22 | k | 0 | 0 | 0 |
| ModulusAnalysis.java:62:22:62:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:62:25:62:25 | k | 0 | 0 | 3 |
| ModulusAnalysis.java:62:25:62:25 | k | SSA def(k) | 0 | 3 |

12
java/ql/test/library-tests/dataflow/range-analysis/RangeAnalysis.expected
View File

@@ -59,6 +59,7 @@
| A.java:12:16:12:20 | ... + ... | SSA init(y) | 1 | upper | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | lower | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | upper | NoReason |
| A.java:13:13:13:23 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:13:19:13:19 | x | 0 | 400 | upper | ... > ... |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | lower | NoReason |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | upper | NoReason |
@@ -72,6 +73,17 @@
| A.java:15:13:15:13 | y | SSA init(y) | 0 | upper | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | lower | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | upper | NoReason |
| A.java:16:15:16:25 | sum | 0 | 603 | lower | ... > ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... != ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... > ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:16:21:16:21 | x | 0 | 302 | lower | ... > ... |
| A.java:16:21:16:21 | x | 0 | 400 | upper | ... > ... |
| A.java:16:21:16:21 | x | SSA init(x) | 0 | lower | NoReason |