From a27ae271016bc3a064c54406379635620df9e2bf Mon Sep 17 00:00:00 2001 From: tiferet Date: Wed, 8 Feb 2023 10:45:40 -0800 Subject: [PATCH] In the MaD data, set the `subtypes` field to false for final classes / methods. --- .../adaptivethreatmodeling/EndpointCharacteristics.qll | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll index 70f829313c8..887a31494fc 100644 --- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll +++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll @@ -102,9 +102,13 @@ predicate hasMetadata(DataFlow::Node n, string metadata) { callee = call.getCallee() and package = callee.getDeclaringType().getPackage().getName() and type = callee.getDeclaringType().getName() and //TODO: Will this work for inner classes? Will it produce X$Y? What about lambdas? What about enums? What about interfaces? What about annotations? - subtypes = true and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069 + ( + if callee.isFinal() or callee.getDeclaringType().isFinal() + then subtypes = false // See https://github.com/github/codeql-java-team/issues/254#issuecomment-1422296423 + else subtypes = true + ) and name = callee.getName() and // TODO: Will this work for constructors? - signature = paramsString(callee) and + signature = paramsString(callee) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? ext = "" and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069 provenance = "manual" and // TODO (if callee.isPublic() then isPublic = true else isPublic = false) and