From a09e47903384b49fde1ea366f120e102ae65b8bc Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 27 Feb 2020 10:14:14 +0100 Subject: [PATCH] Java: Change relevantNode to a class, and add two more checks. --- .../internal/DataFlowImplConsistency.qll | 53 ++++++++++++------- 1 file changed, 35 insertions(+), 18 deletions(-) diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll index 88daa8dd6fe..b72f29164f1 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll @@ -8,26 +8,28 @@ private import DataFlowImplSpecific::Public private import TaintTrackingUtil module Consistency { - private predicate relevantNode(Node n) { - n instanceof ArgumentNode or - n instanceof ParameterNode or - n instanceof ReturnNode or - n = getAnOutNode(_, _) or - simpleLocalFlowStep(n, _) or - simpleLocalFlowStep(_, n) or - jumpStep(n, _) or - jumpStep(_, n) or - storeStep(n, _, _) or - storeStep(_, _, n) or - readStep(n, _, _) or - readStep(_, _, n) or - defaultAdditionalTaintStep(n, _) or - defaultAdditionalTaintStep(_, n) + private class RelevantNode extends Node { + RelevantNode() { + this instanceof ArgumentNode or + this instanceof ParameterNode or + this instanceof ReturnNode or + this = getAnOutNode(_, _) or + simpleLocalFlowStep(this, _) or + simpleLocalFlowStep(_, this) or + jumpStep(this, _) or + jumpStep(_, this) or + storeStep(this, _, _) or + storeStep(_, _, this) or + readStep(this, _, _) or + readStep(_, _, this) or + defaultAdditionalTaintStep(this, _) or + defaultAdditionalTaintStep(_, this) + } } query predicate uniqueEnclosingCallable(Node n, string msg) { exists(int c | - relevantNode(n) and + n instanceof RelevantNode and c = count(n.getEnclosingCallable()) and c != 1 and if c > 1 @@ -38,7 +40,7 @@ module Consistency { query predicate uniqueTypeBound(Node n, string msg) { exists(int c | - relevantNode(n) and + n instanceof RelevantNode and c = count(n.getTypeBound()) and c != 1 and if c > 1 @@ -49,7 +51,7 @@ module Consistency { query predicate uniqueTypeRepr(Node n, string msg) { exists(int c | - relevantNode(n) and + n instanceof RelevantNode and c = count(getErasedRepr(n.getTypeBound())) and c != 1 and if c > 1 @@ -101,6 +103,21 @@ module Consistency { n.getPreUpdateNode() = n and msg = "PostUpdateNode should not equal its pre-update node." } + query predicate postHasUniquePre(PostUpdateNode n, string msg) { + exists(int c | + c = count(n.getPreUpdateNode()) and + c != 1 and + if c > 1 + then msg = "PostUpdateNode does not have unique pre-update node." + else msg = "PostUpdateNode is missing a pre-update node." + ) + } + + query predicate uniquePostUpdate(Node n, string msg) { + 1 < strictcount(PostUpdateNode post | post.getPreUpdateNode() = n) and + msg = "Node has multiple PostUpdateNodes." + } + query predicate postIsInSameCallable(PostUpdateNode n, string msg) { n.getEnclosingCallable() != n.getPreUpdateNode().getEnclosingCallable() and msg = "PostUpdateNode does not share callable with its pre-update node."