diff --git a/java/ql/src/utils/model-generator/CaptureSinkModels.ql b/java/ql/src/utils/model-generator/CaptureSinkModels.ql index 2588249f260..12b8bd61375 100644 --- a/java/ql/src/utils/model-generator/CaptureSinkModels.ql +++ b/java/ql/src/utils/model-generator/CaptureSinkModels.ql @@ -16,7 +16,7 @@ class PropagateToSinkConfiguration extends TaintTracking::Configuration { PropagateToSinkConfiguration() { this = "parameters or flowing into sinks" } override predicate isSource(DataFlow::Node source) { - (source.asExpr() instanceof FieldAccess or source instanceof DataFlow::ParameterNode) and + (source.asExpr().(FieldAccess).isOwnFieldAccess() or source instanceof DataFlow::ParameterNode) and source.getEnclosingCallable().isPublic() and exists(RefType t | t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql index 04ce0bf31a0..6cf126bd164 100644 --- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql +++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql @@ -190,8 +190,7 @@ class ParameterToReturnValueTaintConfig extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof ReturnNodeExt } override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - node2.asExpr().(ConstructorCall).getAnArgument() = node1.asExpr() and - node1.asExpr().(Argument).getCall().getCallee().fromSource() + node2.asExpr().(ConstructorCall).getAnArgument() = node1.asExpr() } } @@ -261,6 +260,7 @@ predicate isRelevantType(Type t) { not t instanceof PrimitiveType and not t instanceof BoxedType and not t.(RefType).getAnAncestor().hasQualifiedName("java.lang", "Number") and + not t.(RefType).getAnAncestor().hasQualifiedName("java.nio.charset", "Charset") and ( not t.(Array).getElementType() instanceof PrimitiveType or isPrimitiveTypeUsedForBulkData(t.(Array).getElementType()) diff --git a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected index f26ff2c9c21..45ceb860f8e 100644 --- a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected +++ b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected @@ -44,3 +44,4 @@ | p;Pojo;false;getValue;();;Argument[-1];ReturnValue;taint | | p;Pojo;false;setValue;(String);;Argument[0];Argument[-1];taint | | p;PrivateFlowViaPublicInterface;true;createAnSPI;(File);;Argument[0];ReturnValue;taint | +| p;PrivateFlowViaPublicInterface;true;createAnSPIWithoutTrackingFile;(File);;Argument[0];ReturnValue;taint | diff --git a/java/ql/test/utils/model-generator/p/PrivateFlowViaPublicInterface.java b/java/ql/test/utils/model-generator/p/PrivateFlowViaPublicInterface.java index eb2ca445001..59247bfe471 100644 --- a/java/ql/test/utils/model-generator/p/PrivateFlowViaPublicInterface.java +++ b/java/ql/test/utils/model-generator/p/PrivateFlowViaPublicInterface.java @@ -7,8 +7,15 @@ import java.io.OutputStream; public class PrivateFlowViaPublicInterface { + static class RandomPojo { + public File someFile = new File("someFile"); + } public static interface SPI { OutputStream openStream() throws IOException; + + default OutputStream openStreamNone() throws IOException { + return null; + }; } private static final class PrivateImplWithSink implements SPI { @@ -25,9 +32,30 @@ public class PrivateFlowViaPublicInterface { } } + + private static final class PrivateImplWithRandomField implements SPI { + + public PrivateImplWithRandomField(File file) { + } + + @Override + public OutputStream openStream() throws IOException { + return null; + } + + @Override + public OutputStream openStreamNone() throws IOException { + return new FileOutputStream(new RandomPojo().someFile); + } + + } public static SPI createAnSPI(File file) { return new PrivateImplWithSink(file); } + + public static SPI createAnSPIWithoutTrackingFile(File file) { + return new PrivateImplWithRandomField(file); + } } \ No newline at end of file