hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property

Browse Source
This commit is contained in:
Stephan Brandauer
2023-08-16 09:25:03 +02:00
parent bc55afcee7
commit 808dc3e8d3
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Telemetry/AutomodelApplicationModeExtractCandidates.ql
View File

@@ -68,10 +68,10 @@ where
// overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been
// modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it.
(
not CharacteristicsImpl::isSink(endpoint, _, _) and alreadyAiModeled = "false"
not CharacteristicsImpl::isSink(endpoint, _, _) and alreadyAiModeled = ""
or
CharacteristicsImpl::isSink(endpoint, _, any(string s | s.matches("%ai-%"))) and
alreadyAiModeled = "true"
alreadyAiModeled.matches("%ai-%") and
CharacteristicsImpl::isSink(endpoint, _, alreadyAiModeled)
) and
meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, isVarargsArray) and
includeAutomodelCandidate(package, type, name, signature) and