C#/Java: Add isRelevantSinkKind predicate with language specific implementation.

2025-12-20 18:56:32 +01:00 · 2022-03-24 11:15:14 +01:00
parent 0009d781d7
commit 8a65efbae4
4 changed files with 14 additions and 2 deletions
--- a/java/ql/src/utils/model-generator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/model-generator/internal/CaptureModels.qll
@@ -163,7 +163,7 @@ string captureSink(TargetApi api) {
    config.hasFlow(src, sink) and
    ExternalFlow::sinkNode(sink, kind) and
    api = src.getEnclosingCallable() and
-    not kind = "logging" and
+    isRelevantSinkKind(kind) and
    result = asSinkModel(api, asInputArgument(src), kind)
  )
 }
--- a/java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
+++ b/java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
@@ -61,6 +61,12 @@ string asInputArgument(DataFlow::Node source) {
  result = qualifierString()
 }

+/**
+ * Holds if `kind` is a relevant sink kind for creating sink models.
+ */
+bindingset[kind]
+predicate isRelevantSinkKind(string kind) { not kind = "logging" }
+
 module DataFlowImplCommon {
  predicate store = Dfic::store/4;