Detach MyBatisAbstractSqlMethodsStep from MyBatisAbstractSql

2026-04-27 01:35:13 +02:00 · 2022-04-15 13:08:04 +02:00
parent 8790df7a34
commit 9e1b98e5a4
1 changed files with 31 additions and 34 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
@@ -116,38 +116,6 @@ private class MyBatisProvider extends RefType {
  }
 }

-private class MyBatisAbstractSqlMethod extends Method {
-  string taintedArgs;
-  string signature;
-
-  MyBatisAbstractSqlMethod() {
-    this.getDeclaringType().getSourceDeclaration() instanceof MyBatisAbstractSql and
-    (
-      this.hasName([
-          "UPDATE", "SET", "INSERT_INTO", "SELECT", "OFFSET_ROWS", "LIMIT", "OFFSET",
-          "FETCH_FIRST_ROWS_ONLY", "DELETE_FROM", "INNER_JOIN", "ORDER_BY", "WHERE", "HAVING",
-          "OUTER_JOIN", "LEFT_OUTER_JOIN", "RIGHT_OUTER_JOIN", "GROUP_BY", "FROM", "SELECT_DISTINCT"
-        ]) and
-      taintedArgs = "Argument[0]" and
-      signature = "String"
-      or
-      this.hasName([
-          "SET", "INTO_COLUMNS", "INTO_VALUES", "SELECT_DISTINCT", "FROM", "JOIN", "INNER_JOIN",
-          "LEFT_OUTER_JOIN", "RIGHT_OUTER_JOIN", "OUTER_JOIN", "WHERE", "GROUP_BY", "HAVING",
-          "ORDER_BY"
-        ]) and
-      taintedArgs = "Argument[0].ArrayElement" and
-      signature = "String[]"
-      or
-      this.hasName("VALUES") and taintedArgs = "Argument[0..1]" and signature = "String,String"
-    )
-  }
-
-  string getTaintedArgs() { result = taintedArgs }
-
-  string getCsvSignature() { result = signature }
-}
-
 /**
 * A return statement of a method used in a MyBatis Provider.
 *
@@ -189,12 +157,41 @@ private class MyBatisAbstractSqlToStringStep extends SummaryModelCsv {
  }
 }

+private class MyBatisAbstractSqlMethod extends string {
+  string taintedArgs;
+  string signature;
+
+  MyBatisAbstractSqlMethod() {
+    this in [
+        "UPDATE", "SET", "INSERT_INTO", "SELECT", "OFFSET_ROWS", "LIMIT", "OFFSET",
+        "FETCH_FIRST_ROWS_ONLY", "DELETE_FROM", "INNER_JOIN", "ORDER_BY", "WHERE", "HAVING",
+        "OUTER_JOIN", "LEFT_OUTER_JOIN", "RIGHT_OUTER_JOIN", "GROUP_BY", "FROM", "SELECT_DISTINCT"
+      ] and
+    taintedArgs = "Argument[0]" and
+    signature = "String"
+    or
+    this in [
+        "SET", "INTO_COLUMNS", "INTO_VALUES", "SELECT_DISTINCT", "FROM", "JOIN", "INNER_JOIN",
+        "LEFT_OUTER_JOIN", "RIGHT_OUTER_JOIN", "OUTER_JOIN", "WHERE", "GROUP_BY", "HAVING",
+        "ORDER_BY"
+      ] and
+    taintedArgs = "Argument[0].ArrayElement" and
+    signature = "String[]"
+    or
+    this = "VALUES" and taintedArgs = "Argument[0..1]" and signature = "String,String"
+  }
+
+  string getTaintedArgs() { result = taintedArgs }
+
+  string getCsvSignature() { result = signature }
+}
+
 private class MyBatisAbstractSqlMethodsStep extends SummaryModelCsv {
  override predicate row(string row) {
    exists(MyBatisAbstractSqlMethod m |
      row =
-        "org.apache.ibatis.jdbc;AbstractSQL;true;" + m.getName() + ";(" + m.getCsvSignature() +
-          ");;" + m.getTaintedArgs() + ";Argument[-1];taint"
+        "org.apache.ibatis.jdbc;AbstractSQL;true;" + m + ";(" + m.getCsvSignature() + ");;" +
+          m.getTaintedArgs() + ";Argument[-1];taint"
    )
  }
 }