Java: Ensure that it is the callable for the model origin that carries the comment containing the model.

2026-05-01 03:35:13 +02:00 · 2024-05-06 16:32:28 +02:00
parent a8549d2e23
commit b53fa0f7f3
9 changed files with 31 additions and 25 deletions
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureSummaryFlowQuery
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel() { result = captureNoFlow(_) }
+  string getCapturedModel(Callable c) { result = captureNoFlow(c) }

  string getKind() { result = "neutral" }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql
@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel() { result = captureSink(_) }
+  string getCapturedModel(Callable c) { result = captureSink(c) }

  string getKind() { result = "sink" }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql
@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureModels
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel() { result = captureSource(_) }
+  string getCapturedModel(Callable c) { result = captureSource(c) }

  string getKind() { result = "source" }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
@@ -3,7 +3,7 @@ import utils.modelgenerator.internal.CaptureSummaryFlowQuery
 import TestUtilities.InlineMadTest

 module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel() { result = captureFlow(_) }
+  string getCapturedModel(Callable c) { result = captureFlow(c) }

  string getKind() { result = "summary" }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpl2.java
@@ -6,7 +6,6 @@ class MultipleImpl2 {
  // This is used to test that we only generate a summary model and
  // not neutral summary model for `IInterface.m`.
  public interface IInterface {
-    // summary=p;MultipleImpl2$IInterface;true;m;(Object);;Argument[0];ReturnValue;taint;df-generated
    Object m(Object value);
  }

@@ -17,6 +16,7 @@ class MultipleImpl2 {
  }

  public class Impl2 implements IInterface {
+    // summary=p;MultipleImpl2$IInterface;true;m;(Object);;Argument[0];ReturnValue;taint;df-generated
    public Object m(Object value) {
      return value;
    }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/MultipleImpls.java
@@ -5,12 +5,11 @@ import java.util.concurrent.Callable;
 public class MultipleImpls {

  public static interface Strategy {
-    // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[this];taint;df-generated
-    // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint;df-generated
    String doSomething(String value);
  }

  public static class Strat1 implements Strategy {
+    // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint;df-generated
    public String doSomething(String value) {
      return value;
    }
@@ -28,6 +27,7 @@ public class MultipleImpls {
  public static class Strat2 implements Strategy {
    private String foo;

+    // summary=p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[this];taint;df-generated
    public String doSomething(String value) {
      this.foo = value;
      return "none";
--- a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
@@ -12,15 +12,12 @@ public class PrivateFlowViaPublicInterface {
  }

  public static interface SPI {
-    // summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated
-    // sink=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated
    OutputStream openStream() throws IOException;

    // neutral=p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated
    default OutputStream openStreamNone() throws IOException {
      return null;
    }
-    ;
  }

  private static final class PrivateImplWithSink implements SPI {
@@ -31,6 +28,8 @@ public class PrivateFlowViaPublicInterface {
      this.file = file;
    }

+    // summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated
+    // sink=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated
    @Override
    public OutputStream openStream() throws IOException {
      return new FileOutputStream(file);
@@ -46,6 +45,7 @@ public class PrivateFlowViaPublicInterface {
      return null;
    }

+    // neutral=p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated
    @Override
    public OutputStream openStreamNone() throws IOException {
      return new FileOutputStream(new RandomPojo().someFile);