hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Kotlin: Add Array.get(_) support to taint tracking

Browse Source
This commit is contained in:
Ian Lynagh
2023-12-05 14:24:22 +00:00
parent 9953794101
commit 821b4c727e
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
View File

@@ -4,6 +4,10 @@ import semmle.code.java.Maps
private import semmle.code.java.dataflow.SSA
private import DataFlowUtil
private class ArrayType extends RefType {
ArrayType() { this.getSourceDeclaration().getASourceSupertype*() instanceof Array }
}
private class EntryType extends RefType {
EntryType() {
this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "Map$Entry")
@@ -470,6 +474,14 @@ predicate arrayReadStep(Node node1, Node node2, Type elemType) {
node2.asExpr() = aa
)
or
exists(Expr arr, Call call |
arr = node1.asExpr() and
call = node2.asExpr() and
arr.getType() instanceof ArrayType and
call.getCallee().getName() = "get" and
call.getQualifier() = arr
)
or
exists(Array arr |
enhancedForStmtStep(node1, node2, arr) and
arr.getComponentType() = elemType