Merge branch 'main' into MybatisSqli

2025-12-24 04:36:35 +01:00 · 2022-12-06 17:19:30 +08:00
parent d2140eb4b1 b5e2e1e469
commit 82d0551215
41 changed files with 269 additions and 395 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
@@ -244,4 +244,20 @@ module Consistency {
    not callable = viableCallable(call) and
    not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
  }
+
+  query predicate uniqueParameterNodeAtPosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
+    msg = "Parameters with overlapping positions."
+  }
+
+  query predicate uniqueParameterNodePosition(
+    DataFlowCallable c, ParameterPosition pos, Node p, string msg
+  ) {
+    isParameterNode(p, c, pos) and
+    not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
+    msg = "Parameter node with multiple positions."
+  }
 }
--- a/java/ql/src/utils/model-generator/GenerateFlowModelExtensions.py
+++ b/java/ql/src/utils/model-generator/GenerateFlowModelExtensions.py
@@ -1,15 +0,0 @@
-#!/usr/bin/python3
-
-import sys
-import os.path
-import subprocess
-
-# Add Model as Data script directory to sys.path.
-gitroot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
-madpath = os.path.join(gitroot, "misc/scripts/models-as-data/")
-sys.path.append(madpath)
-
-import generate_flow_model_extensions as model
-
-language = "java"
-model.Generator.make(language).run()
--- a/java/ql/src/utils/model-generator/RegenerateModels.py
+++ b/java/ql/src/utils/model-generator/RegenerateModels.py
@@ -5,19 +5,17 @@
 from pathlib import Path
 import json
 import os
-import requests
 import shutil
 import subprocess
 import tempfile
 import sys


-defaultModelPath = "java/ql/lib/semmle/code/java/frameworks"
 lgtmSlugToModelFile = {
    # "apache/commons-beanutils": "apache/BeanUtilsGenerated.qll",
    # "apache/commons-codec": "apache/CodecGenerated.qll",
    # "apache/commons-lang": "apache/Lang3Generated.qll",
-    "apache/commons-io": "apache/IOGenerated.qll",
+    "apache/commons-io": "org.apache.commons.io",
 }


@@ -36,13 +34,12 @@ def regenerateModel(lgtmSlug, extractedDb):
        print("ERROR: slug " + lgtmSlug +
              " is not mapped to a model file in script " + sys.argv[0])
        sys.exit(1)
-    modelFile = defaultModelPath + "/" + lgtmSlugToModelFile[lgtmSlug]
+    modelFile = lgtmSlugToModelFile[lgtmSlug]
    codeQlRoot = findGitRoot()
-    targetModel = codeQlRoot + "/" + modelFile
    subprocess.check_call([codeQlRoot + "/java/ql/src/utils/model-generator/GenerateFlowModel.py",
-                           "--with-summaries", "--with-sinks",
-                           extractedDb, targetModel])
-    print("Regenerated " + targetModel)
+                           "--with-summaries", "--with-sinks", "--with-negative-summaries",
+                           extractedDb, modelFile])
+    print("Regenerated " + modelFile)
    shutil.rmtree(tmpDir)