Java: model java.util.Arrays

2026-04-25 08:45:14 +02:00 · 2020-07-02 16:05:09 +02:00
parent c629f6b13a
commit a07af79fff
1 changed files with 13 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -180,6 +180,12 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
    or
    method.hasName(["nCopies", "singletonMap"]) and arg = 1
  )
+  or
+  method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
+  (
+    method.hasName(["copyOf", "copyOfRange", "deepToString", "spliterator", "stream", "toString"]) and
+    arg = 0
+  )
 }

 /**
@@ -195,6 +201,13 @@ private predicate taintPreservingArgToArg(Method method, int input, int output)
    or
    method.hasName("replaceAll") and input = 2 and output = 0
  )
+  or
+  method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
+  (
+    method.hasName(["fill", "parallelPrefix", "parallelSetAll", "setAll"]) and
+    output = 0 and
+    input = method.getNumberOfParameters() - 1
+  )
 }

 private predicate argToQualifierStep(Expr tracked, Expr sink) {