From 97b2bdaa9f09067b31715e71ac6c6c223838e0fa Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 26 May 2023 14:58:39 +0200 Subject: [PATCH] Java: Fix types of summary parameter nodes. --- .../semmle/code/java/dataflow/internal/DataFlowNodes.qll | 6 ------ .../code/java/dataflow/internal/FlowSummaryImpl.qll | 8 ++++++++ .../java/dataflow/internal/FlowSummaryImplSpecific.qll | 5 +++++ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index 8758d0e7c24..8c44e7df5b0 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -127,8 +127,6 @@ module Public { or result = this.(ImplicitPostUpdateNode).getPreUpdateNode().getType() or - result = this.(SummaryParameterNode).getTypeImpl() - or result = this.(FieldValueNode).getField().getType() } @@ -492,10 +490,6 @@ module Private { override predicate isParameterOf(DataFlowCallable c, int pos) { c.asSummarizedCallable() = this.getSummarizedCallable() and pos = this.getPosition() } - - Type getTypeImpl() { - result = this.getSummarizedCallable().getParameterType(this.getPosition()) - } } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index fa803e6cc92..f98c2669a8b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -505,6 +505,9 @@ module Private { or // Add the post-update node corresponding to the requested argument node outputState(c, s) and isCallbackParameter(s) + or + // Add the parameter node for parameter side-effects + outputState(c, s) and s = SummaryComponentStack::argument(_) } private newtype TSummaryNodeState = @@ -713,6 +716,11 @@ module Private { head = TSyntheticGlobalSummaryComponent(sg) and result = getSyntheticGlobalType(sg) ) + or + exists(ParameterPosition pos | + head = TArgumentSummaryComponent(pos) and + result = getParameterType(c, pos) + ) ) or n = summaryNodeOutputState(c, s) and diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index 0d948b7dada..77780aa3a46 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -32,6 +32,11 @@ SummaryCall summaryDataFlowCall(SummaryNode receiver) { result.getReceiver() = r /** Gets the type of content `c`. */ DataFlowType getContentType(Content c) { result = c.getType() } +/** Gets the type of the parameter at the given position. */ +DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { + result = getErasedRepr(c.getParameterType(pos)) +} + /** Gets the return type of kind `rk` for callable `c`. */ DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { result = getErasedRepr(c.getReturnType()) and