hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6691 from bmuskalla/moreStringMethods

Browse Source 
Java: Support String#getChars and #translateEscapes
This commit is contained in:
Anders Schack-Mulligen
2021-09-15 10:14:54 +02:00
committed by GitHub
parent 220f2ded85 199e015a06
commit 8485b6f0b3
3 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/frameworks/Strings.qll
View File

@@ -18,6 +18,7 @@ private class StringSummaryCsv extends SummaryModelCsv {
"java.lang;String;false;format;(String,Object[]);;ArrayElement of Argument[1];ReturnValue;taint",
"java.lang;String;false;formatted;(Object[]);;Argument[-1];ReturnValue;taint",
"java.lang;String;false;formatted;(Object[]);;ArrayElement of Argument[0];ReturnValue;taint",
"java.lang;String;false;getChars;;;Argument[-1];Argument[2];taint",
"java.lang;String;false;getBytes;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;indent;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;intern;;;Argument[-1];ReturnValue;taint",
@@ -34,6 +35,7 @@ private class StringSummaryCsv extends SummaryModelCsv {
"java.lang;String;false;toLowerCase;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;toString;;;Argument[-1];ReturnValue;value",
"java.lang;String;false;toUpperCase;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;translateEscapes;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;trim;;;Argument[-1];ReturnValue;taint",
"java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint",
"java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint",

5
java/ql/test/library-tests/dataflow/taint/B.java
View File

@@ -103,6 +103,11 @@ public class B {
sink(replAll);
String replFirst = "some constant".replaceFirst(" ", s);
sink(replFirst);
char[] chars = new char[10];
s.getChars(0, 1, chars, 0);
sink(chars);
String translated = s.translateEscapes();
sink(translated);
ByteArrayOutputStream baos = null;
ObjectOutput oos = null;

18
java/ql/test/library-tests/dataflow/taint/test.expected
View File

@@ -30,14 +30,16 @@
| B.java:15:21:15:27 | taint(...) | B.java:101:10:101:13 | repl |
| B.java:15:21:15:27 | taint(...) | B.java:103:10:103:16 | replAll |
| B.java:15:21:15:27 | taint(...) | B.java:105:10:105:18 | replFirst |
| B.java:15:21:15:27 | taint(...) | B.java:118:12:118:25 | serializedData |
| B.java:15:21:15:27 | taint(...) | B.java:130:12:130:27 | deserializedData |
| B.java:15:21:15:27 | taint(...) | B.java:139:10:139:21 | taintedArray |
| B.java:15:21:15:27 | taint(...) | B.java:141:10:141:22 | taintedArray2 |
| B.java:15:21:15:27 | taint(...) | B.java:143:10:143:22 | taintedArray3 |
| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:44 | toURL(...) |
| B.java:15:21:15:27 | taint(...) | B.java:149:10:149:37 | toPath(...) |
| B.java:15:21:15:27 | taint(...) | B.java:152:10:152:46 | toFile(...) |
| B.java:15:21:15:27 | taint(...) | B.java:108:10:108:14 | chars |
| B.java:15:21:15:27 | taint(...) | B.java:110:10:110:19 | translated |
| B.java:15:21:15:27 | taint(...) | B.java:123:12:123:25 | serializedData |
| B.java:15:21:15:27 | taint(...) | B.java:135:12:135:27 | deserializedData |
| B.java:15:21:15:27 | taint(...) | B.java:144:10:144:21 | taintedArray |
| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:22 | taintedArray2 |
| B.java:15:21:15:27 | taint(...) | B.java:148:10:148:22 | taintedArray3 |
| B.java:15:21:15:27 | taint(...) | B.java:151:10:151:44 | toURL(...) |
| B.java:15:21:15:27 | taint(...) | B.java:154:10:154:37 | toPath(...) |
| B.java:15:21:15:27 | taint(...) | B.java:157:10:157:46 | toFile(...) |
| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:8:12:8:14 | seq |
| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:11:12:11:21 | seqFromSeq |
| MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |