Use EqualityTest for either value or ref comparions, and ReferenceEqualityTest for strictly ref comparison.

2026-04-30 19:26:02 +02:00 · 2022-02-07 16:56:45 +00:00
parent f95effcf82
commit 7dec3f4835
26 changed files with 47 additions and 47 deletions
--- a/java/ql/lib/semmle/code/java/Expr.qll
+++ b/java/ql/lib/semmle/code/java/Expr.qll
@@ -1099,8 +1099,8 @@ class GreaterThanComparison extends ComparisonExpr {
 *
 * This could be a reference- or a value-in/equality test.
 */
-class AnyEqualityTest extends BinaryExpr {
-  AnyEqualityTest() {
+class EqualityTest extends BinaryExpr {
+  EqualityTest() {
    this instanceof EQExpr or
    this instanceof NEExpr or
    this instanceof ValueEQExpr or
@@ -1121,12 +1121,12 @@ class AnyEqualityTest extends BinaryExpr {

 /**
 * An equality test is a binary expression using
- * Java's `==` or `!=` operator.
+ * Java's `==` or `!=` operators or Kotlin's `===` or `!==` operators.
 *
 * If either operand is a reference type, this is a reference-in/equality test.
 */
-class EqualityTest extends AnyEqualityTest {
-  EqualityTest() {
+class ReferenceEqualityTest extends EqualityTest {
+  ReferenceEqualityTest() {
    this instanceof EQExpr or
    this instanceof NEExpr
  }
--- a/java/ql/lib/semmle/code/java/controlflow/Guards.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/Guards.qll
@@ -242,7 +242,7 @@ private predicate guardControls_v3(Guard guard, BasicBlock controlled, boolean b
 }

 private predicate equalityGuard(Guard g, Expr e1, Expr e2, boolean polarity) {
-  exists(AnyEqualityTest eqtest |
+  exists(EqualityTest eqtest |
    eqtest = g and
    polarity = eqtest.polarity() and
    eqtest.hasOperands(e1, e2)
--- a/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll
@@ -35,7 +35,7 @@ predicate implies_v1(Guard g1, boolean b1, Guard g2, boolean b2) {
  b1 = b2.booleanNot() and
  b1 = [true, false]
  or
-  exists(AnyEqualityTest eqtest, boolean polarity, BooleanLiteral boollit |
+  exists(EqualityTest eqtest, boolean polarity, BooleanLiteral boollit |
    eqtest = g1 and
    eqtest.hasOperands(g2, boollit) and
    eqtest.polarity() = polarity and
--- a/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll
@@ -42,7 +42,7 @@ class IntComparableExpr extends Expr {
 */
 pragma[nomagic]
 Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
-  exists(AnyEqualityTest eqtest, boolean polarity |
+  exists(EqualityTest eqtest, boolean polarity |
    eqtest = result and
    eqtest.hasOperands(e, any(ConstantIntegerExpr c | c.getIntValue() = k)) and
    polarity = eqtest.polarity() and
@@ -53,7 +53,7 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
    )
  )
  or
-  exists(AnyEqualityTest eqtest, int val, Expr c, boolean upper |
+  exists(EqualityTest eqtest, int val, Expr c, boolean upper |
    k = e.relevantInt() and
    eqtest = result and
    eqtest.hasOperands(e, c) and
--- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
@@ -17,7 +17,7 @@ Expr alwaysNullExpr() {

 /** Gets an equality test between an expression `e` and an enum constant `c`. */
 Expr enumConstEquality(Expr e, boolean polarity, EnumConstant c) {
-  exists(AnyEqualityTest eqtest |
+  exists(EqualityTest eqtest |
    eqtest = result and
    eqtest.hasOperands(e, c.getAnAccess()) and
    polarity = eqtest.polarity()
@@ -36,7 +36,7 @@ InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) {
 *
 * Note this includes Kotlin's `==` and `!=` operators, which are value-equality tests.
 */
-AnyEqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
+EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
  result.hasOperands(v1.getAUse(), v2.getAUse()) and
  isEqualExpr = result.polarity()
 }
@@ -174,7 +174,7 @@ predicate nullCheckMethod(Method m, boolean branch, boolean isnull) {
 * is true, and non-null if `isnull` is false.
 */
 Expr basicNullGuard(Expr e, boolean branch, boolean isnull) {
-  exists(AnyEqualityTest eqtest, boolean polarity |
+  exists(EqualityTest eqtest, boolean polarity |
    eqtest = result and
    eqtest.hasOperands(e, any(NullLiteral n)) and
    polarity = eqtest.polarity() and
@@ -193,7 +193,7 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) {
    nullCheckMethod(call.getMethod(), branch, isnull)
  )
  or
-  exists(AnyEqualityTest eqtest |
+  exists(EqualityTest eqtest |
    eqtest = result and
    eqtest.hasOperands(e, clearlyNotNullExpr()) and
    isnull = false and
--- a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
@@ -70,13 +70,13 @@ private predicate unboxed(Expr e) {
    or
    exists(AssignOp assign | assign.getSource() = e and assign.getType() instanceof PrimitiveType)
    or
-    exists(AnyEqualityTest eq |
+    exists(EqualityTest eq |
      eq.getAnOperand() = e and eq.getAnOperand().getType() instanceof PrimitiveType
    )
    or
    exists(BinaryExpr bin |
      bin.getAnOperand() = e and
-      not bin instanceof AnyEqualityTest and
+      not bin instanceof EqualityTest and
      bin.getType() instanceof PrimitiveType
    )
    or
@@ -653,7 +653,7 @@ private Expr trackingVarGuard(
    )
  )
  or
-  exists(AnyEqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit |
+  exists(EqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit |
    eqtest = result and
    eqtest.hasOperands(trackingVarGuard(trackssa, trackvar, kind, branch0, isA), boollit) and
    eqtest.polarity() = polarity and
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -387,7 +387,7 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
 /** A comparison or equality test with a constant. */
 private predicate comparisonStep(Expr tracked, Expr sink) {
  exists(Expr other |
-    exists(BinaryExpr e | e instanceof ComparisonExpr or e instanceof AnyEqualityTest |
+    exists(BinaryExpr e | e instanceof ComparisonExpr or e instanceof EqualityTest |
      e = sink and
      e.hasOperands(tracked, other)
    )
--- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll
+++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll
@@ -116,7 +116,7 @@ private predicate intentFlagsOrDataChecked(Guard g, Expr intent, boolean branch)
    bitwiseLocalTaintStep*(DataFlow::exprNode(ma), DataFlow::exprNode(checkedValue))
  |
    bitwiseCheck(g, branch) and
-    checkedValue = g.(AnyEqualityTest).getAnOperand().(AndBitwiseExpr)
+    checkedValue = g.(EqualityTest).getAnOperand().(AndBitwiseExpr)
    or
    g.(MethodAccess).getMethod() instanceof EqualsMethod and
    branch = true and
@@ -129,10 +129,10 @@ private predicate intentFlagsOrDataChecked(Guard g, Expr intent, boolean branch)
 * and `false` otherwise.
 */
 private predicate bitwiseCheck(Guard g, boolean branch) {
-  exists(CompileTimeConstantExpr operand | operand = g.(AnyEqualityTest).getAnOperand() |
+  exists(CompileTimeConstantExpr operand | operand = g.(EqualityTest).getAnOperand() |
    if operand.getIntValue() = 0
-    then g.(AnyEqualityTest).polarity() = branch
-    else g.(AnyEqualityTest).polarity().booleanNot() = branch
+    then g.(EqualityTest).polarity() = branch
+    else g.(EqualityTest).polarity().booleanNot() = branch
  )
 }