Prefer types to TargetAPI

2025-12-20 18:56:32 +01:00 · 2021-11-15 12:43:46 +01:00
parent bca6cecd1c
commit b84c03672d
4 changed files with 19 additions and 19 deletions
--- a/java/ql/src/utils/model-generator/CaptureSinkModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSinkModels.ql
@@ -43,7 +43,7 @@ string asInputArgument(DataFlow::Node source) {
  result = "Argument[-1]"
 }

-string captureSink(Callable api) {
+string captureSink(TargetAPI api) {
  exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
    config.hasFlow(src, sink) and
    sinkNode(sink, kind) and
--- a/java/ql/src/utils/model-generator/CaptureSourceModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSourceModels.ql
@@ -21,7 +21,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }

  override predicate isSink(DataFlow::Node sink) {
-    exists(Callable c |
+    exists(TargetAPI c |
      sink instanceof ReturnNode and
      sink.getEnclosingCallable() = c and
      c.isPublic() and
@@ -34,7 +34,7 @@ class FromSourceConfiguration extends TaintTracking::Configuration {
  }
 }

-string captureSource(Callable api) {
+string captureSource(TargetAPI api) {
  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
    config.hasFlow(source, sink) and
    sourceNode(source, kind) and
--- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
+++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -12,7 +12,7 @@ import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.InstanceAccess
 import ModelGeneratorUtils

-string captureFlow(Callable api) {
+string captureFlow(TargetAPI api) {
  result = captureQualifierFlow(api) or
  result = captureParameterFlowToReturnValue(api) or
  result = captureFieldFlowIn(api) or
@@ -32,7 +32,7 @@ string captureFlow(Callable api) {
 * }
 * ```
 */
-string captureQualifierFlow(Callable api) {
+string captureQualifierFlow(TargetAPI api) {
  exists(ReturnStmt rtn |
    rtn.getEnclosingCallable() = api and
    rtn.getResult().(ThisAccess).isOwnInstanceAccess()
@@ -92,7 +92,7 @@ class FieldToReturnConfig extends TaintTracking::Configuration {
 * p;Foo;true;putsTaintIntoParameter;(List);Argument[-1];Argument[0];taint
 * ```
 */
-string captureFieldFlow(Callable api) {
+string captureFieldFlow(TargetAPI api) {
  exists(FieldToReturnConfig config, ReturnNodeExt returnNodeExt |
    config.hasFlow(_, returnNodeExt) and
    returnNodeExt.getEnclosingCallable() = api and
@@ -107,7 +107,7 @@ string captureFieldFlow(Callable api) {
  )
 }

-string asOutput(Callable api, ReturnNodeExt node) {
+string asOutput(TargetAPI api, ReturnNodeExt node) {
  if node.getKind() instanceof ValueReturnKind
  then result = "ReturnValue"
  else
@@ -164,7 +164,7 @@ private predicate thisAccess(DataFlow::Node n) {
 * Captured Model:
 * `p;Foo;true;doSomething;(String);Argument[0];Argument[-1];taint`
 */
-string captureFieldFlowIn(Callable api) {
+string captureFieldFlowIn(TargetAPI api) {
  exists(DataFlow::Node source, ParameterToFieldConfig config |
    not api.isStatic() and
    config.hasFlow(source, _) and
@@ -179,7 +179,7 @@ class ParameterToReturnValueTaintConfig extends TaintTracking::Configuration {
  ParameterToReturnValueTaintConfig() { this = "ParameterToReturnValueTaintConfig" }

  override predicate isSource(DataFlow::Node source) {
-    exists(Callable api |
+    exists(TargetAPI api |
      source instanceof DataFlow::ParameterNode and
      api = source.asParameter().getCallable() and
      isRelevantType(api.getReturnType()) and
@@ -221,7 +221,7 @@ predicate paramFlowToReturnValueExists(Parameter p) {
 * p;Foo;true;returnData;;Argument[0];ReturnValue;taint
 * ```
 */
-string captureParameterFlowToReturnValue(Callable api) {
+string captureParameterFlowToReturnValue(TargetAPI api) {
  exists(Parameter p |
    p = api.getAParameter() and
    paramFlowToReturnValueExists(p)
@@ -246,7 +246,7 @@ string captureParameterFlowToReturnValue(Callable api) {
 * p;Foo;true;addToList;;Argument[0];Argument[1];taint
 * ```
 */
-string captureParameterToParameterFlow(Callable api) {
+string captureParameterToParameterFlow(TargetAPI api) {
  exists(DataFlow::ParameterNode source, DataFlow::PostUpdateNode sink |
    source.getEnclosingCallable() = api and
    sink.getPreUpdateNode().asExpr() = api.getAParameter().getAnAccess() and
--- a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
+++ b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -55,17 +55,17 @@ private predicate isJdkInternal(CompilationUnit cu) {
 }

 bindingset[input, output]
-string asTaintModel(Callable api, string input, string output) {
+string asTaintModel(TargetAPI api, string input, string output) {
  result = asSummaryModel(api, input, output, "taint")
 }

 bindingset[input, output]
-string asValueModel(Callable api, string input, string output) {
+string asValueModel(TargetAPI api, string input, string output) {
  result = asSummaryModel(api, input, output, "value")
 }

 bindingset[input, output, kind]
-string asSummaryModel(Callable api, string input, string output, string kind) {
+string asSummaryModel(TargetAPI api, string input, string output, string kind) {
  result =
    asPartialModel(api) + input + ";" //
      + output + ";" //
@@ -73,19 +73,19 @@ string asSummaryModel(Callable api, string input, string output, string kind) {
 }

 bindingset[input, kind]
-string asSinkModel(Callable api, string input, string kind) {
+string asSinkModel(TargetAPI api, string input, string kind) {
  result = asPartialModel(api) + input + ";" + kind
 }

 bindingset[output, kind]
-string asSourceModel(Callable api, string output, string kind) {
+string asSourceModel(TargetAPI api, string output, string kind) {
  result = asPartialModel(api) + output + ";" + kind
 }

 /**
 * Computes the first 6 columns for CSV rows.
 */
-private string asPartialModel(Callable api) {
+private string asPartialModel(TargetAPI api) {
  result =
    typeAsSummaryModel(api) + ";" //
      + isExtensible(bestTypeForModel(api)) + ";" //
@@ -98,9 +98,9 @@ private string asPartialModel(Callable api) {
 * Returns the appropriate type name for the model. Either the type
 * declaring the method or the supertype introducing the method.
 */
-private string typeAsSummaryModel(Callable api) { result = typeAsModel(bestTypeForModel(api)) }
+private string typeAsSummaryModel(TargetAPI api) { result = typeAsModel(bestTypeForModel(api)) }

-private RefType bestTypeForModel(Callable api) {
+private RefType bestTypeForModel(TargetAPI api) {
  if exists(superImpl(api))
  then superImpl(api).fromSource() and result = superImpl(api).getDeclaringType()
  else result = api.getDeclaringType()