hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Guava test

Browse Source
This commit is contained in:
Ed Minnix
2023-04-13 21:50:25 -04:00
parent 38e65ee36d
commit 8d0e3ac033
1 changed files with 15 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
java/ql/test/library-tests/frameworks/guava/handwritten/flow.ql
View File

@@ -2,32 +2,28 @@ import java
import semmle.code.java.dataflow.TaintTracking
import TestUtilities.InlineExpectationsTest
class TaintFlowConf extends TaintTracking::Configuration {
TaintFlowConf() { this = "qltest:frameworks:guava-taint" }
module TaintFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") }
override predicate isSource(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod().hasName("taint")
}
override predicate isSink(DataFlow::Node n) {
predicate isSink(DataFlow::Node n) {
exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
}
class ValueFlowConf extends DataFlow::Configuration {
ValueFlowConf() { this = "qltest:frameworks:guava-value" }
module TaintFlow = TaintTracking::Global<TaintFlowConfig>;
override predicate isSource(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod().hasName("taint")
}
module ValueFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n.asExpr().(MethodAccess).getMethod().hasName("taint") }
override predicate isSink(DataFlow::Node n) {
predicate isSink(DataFlow::Node n) {
exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
override int fieldFlowBranchLimit() { result = 100 }
int fieldFlowBranchLimit() { result = 100 }
}
module ValueFlow = DataFlow::Global<ValueFlowConfig>;
class HasFlowTest extends InlineExpectationsTest {
HasFlowTest() { this = "HasFlowTest" }
@@ -35,22 +31,20 @@ class HasFlowTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "numTaintFlow" and
exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf tconf, int num |
tconf.hasFlow(src, sink)
|
not any(ValueFlowConf vconf).hasFlow(src, sink) and
exists(DataFlow::Node src, DataFlow::Node sink, int num | TaintFlow::flow(src, sink) |
not ValueFlow::flow(src, sink) and
value = num.toString() and
sink.getLocation() = location and
element = sink.toString() and
num = strictcount(DataFlow::Node src2 | tconf.hasFlow(src2, sink))
num = strictcount(DataFlow::Node src2 | TaintFlow::flow(src2, sink))
)
or
tag = "numValueFlow" and
exists(DataFlow::Node sink, ValueFlowConf vconf, int num | vconf.hasFlowTo(sink) |
exists(DataFlow::Node sink, int num | ValueFlow::flowTo(sink) |
value = num.toString() and
sink.getLocation() = location and
element = sink.toString() and
num = strictcount(DataFlow::Node src2 | vconf.hasFlow(src2, sink))
num = strictcount(DataFlow::Node src2 | ValueFlow::flow(src2, sink))
)
}
}