hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix join-order.

Browse Source 
The TC was being fully materialised but all we need is unary
reachability.
This commit is contained in:
Anders Schack-Mulligen
2024-04-19 15:41:35 +02:00
parent a99849d897
commit c45fd4080d
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/lib/semmle/code/java/os/OSCheck.qll
View File

@@ -37,11 +37,17 @@ abstract class IsUnixGuard extends Guard { }
*/
abstract class IsSpecificUnixVariant extends Guard { }
private DataFlow::Node osNameFlow() {
result.asExpr() = getSystemProperty("os.name")
or
TaintTracking::localTaintStep(osNameFlow(), result)
}
/**
* Holds when `ma` compares the current OS against the string constant `osString`.
*/
private predicate isOsFromSystemProp(MethodCall ma, string osString) {
TaintTracking::localExprTaint(getSystemProperty("os.name"), ma.getQualifier()) and // Call from System.getProperty (or equivalent) to some partial match method
osNameFlow().asExpr() = ma.getQualifier() and // Call from System.getProperty (or equivalent) to some partial match method
exists(StringPartialMatchMethod m, CompileTimeConstantExpr matchedStringConstant |
m = ma.getMethod() and
matchedStringConstant.getStringValue().toLowerCase() = osString