hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

add explicit this qualifier on all of java

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-10-15 15:27:37 +02:00
parent b2e4276bc8
commit caeeebf572
104 changed files with 1269 additions and 1172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
java/ql/lib/external/ExternalArtifact.qll vendored
View File

@@ -3,24 +3,25 @@ import java
class ExternalData extends @externalDataElement {
string getDataPath() { externalData(this, result, _, _) }
string getQueryPath() { result = getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
string getQueryPath() { result = this.getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
int getNumFields() { result = 1 + max(int i | externalData(this, _, i, _) | i) }
string getField(int index) { externalData(this, _, index, result) }
int getFieldAsInt(int index) { result = getField(index).toInt() }
int getFieldAsInt(int index) { result = this.getField(index).toInt() }
float getFieldAsFloat(int index) { result = getField(index).toFloat() }
float getFieldAsFloat(int index) { result = this.getField(index).toFloat() }
date getFieldAsDate(int index) { result = getField(index).toDate() }
date getFieldAsDate(int index) { result = this.getField(index).toDate() }
string toString() { result = getQueryPath() + ": " + buildTupleString(0) }
string toString() { result = this.getQueryPath() + ": " + this.buildTupleString(0) }
private string buildTupleString(int start) {
start = getNumFields() - 1 and result = getField(start)
start = this.getNumFields() - 1 and result = this.getField(start)
or
start < getNumFields() - 1 and result = getField(start) + "," + buildTupleString(start + 1)
start < this.getNumFields() - 1 and
result = this.getField(start) + "," + this.buildTupleString(start + 1)
}
}
@@ -33,7 +34,7 @@ class DefectExternalData extends ExternalData {
this.getNumFields() = 2
}
string getURL() { result = getField(0) }
string getURL() { result = this.getField(0) }
string getMessage() { result = getField(1) }
string getMessage() { result = this.getField(1) }
}

34
java/ql/lib/semmle/code/FileSystem.qll
View File

@@ -47,7 +47,7 @@ class Container extends @container, Top {
*/
string getRelativePath() {
exists(string absPath, string pref |
absPath = getAbsolutePath() and sourceLocationPrefix(pref)
absPath = this.getAbsolutePath() and sourceLocationPrefix(pref)
|
absPath = pref and result = ""
or
@@ -74,7 +74,7 @@ class Container extends @container, Top {
* </table>
*/
string getBaseName() {
result = getAbsolutePath().regexpCapture(".*/(([^/]*?)(?:\\.([^.]*))?)", 1)
result = this.getAbsolutePath().regexpCapture(".*/(([^/]*?)(?:\\.([^.]*))?)", 1)
}
/**
@@ -100,7 +100,9 @@ class Container extends @container, Top {
* <tr><td>"/tmp/x.tar.gz"</td><td>"gz"</td></tr>
* </table>
*/
string getExtension() { result = getAbsolutePath().regexpCapture(".*/([^/]*?)(\\.([^.]*))?", 3) }
string getExtension() {
result = this.getAbsolutePath().regexpCapture(".*/([^/]*?)(\\.([^.]*))?", 3)
}
/**
* Gets the stem of this container, that is, the prefix of its base name up to
@@ -119,7 +121,9 @@ class Container extends @container, Top {
* <tr><td>"/tmp/x.tar.gz"</td><td>"x.tar"</td></tr>
* </table>
*/
string getStem() { result = getAbsolutePath().regexpCapture(".*/([^/]*?)(?:\\.([^.]*))?", 1) }
string getStem() {
result = this.getAbsolutePath().regexpCapture(".*/([^/]*?)(?:\\.([^.]*))?", 1)
}
/** Gets the parent container of this file or folder, if any. */
Container getParentContainer() { containerparent(result, this) }
@@ -128,20 +132,20 @@ class Container extends @container, Top {
Container getAChildContainer() { this = result.getParentContainer() }
/** Gets a file in this container. */
File getAFile() { result = getAChildContainer() }
File getAFile() { result = this.getAChildContainer() }
/** Gets the file in this container that has the given `baseName`, if any. */
File getFile(string baseName) {
result = getAFile() and
result = this.getAFile() and
result.getBaseName() = baseName
}
/** Gets a sub-folder in this container. */
Folder getAFolder() { result = getAChildContainer() }
Folder getAFolder() { result = this.getAChildContainer() }
/** Gets the sub-folder in this container that has the given `baseName`, if any. */
Folder getFolder(string baseName) {
result = getAFolder() and
result = this.getAFolder() and
result.getBaseName() = baseName
}
@@ -152,7 +156,7 @@ class Container extends @container, Top {
* to provide a different result. To get the absolute path of any `Container`, call
* `Container.getAbsolutePath()` directly.
*/
override string toString() { result = getAbsolutePath() }
override string toString() { result = this.getAbsolutePath() }
}
/** A folder. */
@@ -160,7 +164,7 @@ class Folder extends Container, @folder {
override string getAbsolutePath() { folders(this, result) }
/** Gets the URL of this folder. */
override string getURL() { result = "folder://" + getAbsolutePath() }
override string getURL() { result = "folder://" + this.getAbsolutePath() }
override string getAPrimaryQlClass() { result = "Folder" }
}
@@ -183,7 +187,7 @@ class File extends Container, @file {
* A Java archive file with a ".jar" extension.
*/
class JarFile extends File {
JarFile() { getExtension() = "jar" }
JarFile() { this.getExtension() = "jar" }
/**
* Gets the main attribute with the specified `key`
@@ -195,13 +199,17 @@ class JarFile extends File {
* Gets the "Specification-Version" main attribute
* from this JAR file's manifest.
*/
string getSpecificationVersion() { result = getManifestMainAttribute("Specification-Version") }
string getSpecificationVersion() {
result = this.getManifestMainAttribute("Specification-Version")
}
/**
* Gets the "Implementation-Version" main attribute
* from this JAR file's manifest.
*/
string getImplementationVersion() { result = getManifestMainAttribute("Implementation-Version") }
string getImplementationVersion() {
result = this.getManifestMainAttribute("Implementation-Version")
}
/**
* Gets the per-entry attribute for the specified `entry` and `key`

6
java/ql/lib/semmle/code/Location.qll
View File

@@ -63,10 +63,10 @@ class Top extends @top {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
hasLocationInfoAux(filepath, startline, startcolumn, endline, endcolumn)
this.hasLocationInfoAux(filepath, startline, startcolumn, endline, endcolumn)
or
exists(string outFilepath, int outStartline, int outEndline |
hasLocationInfoAux(outFilepath, outStartline, _, outEndline, _) and
this.hasLocationInfoAux(outFilepath, outStartline, _, outEndline, _) and
hasSmapLocationInfo(filepath, startline, startcolumn, endline, endcolumn, outFilepath,
outStartline, outEndline)
)
@@ -103,7 +103,7 @@ class Top extends @top {
/**
* Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.
*/
final string getPrimaryQlClasses() { result = concat(getAPrimaryQlClass(), ",") }
final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") }
/**
* Gets the name of a primary CodeQL class to which this element belongs.

10
java/ql/lib/semmle/code/java/Annotation.qll
View File

@@ -51,7 +51,7 @@ class Annotation extends @annotation, Expr {
Expr getValue(string name) { filteredAnnotValue(this, this.getAnnotationElement(name), result) }
/** Gets the element being annotated. */
Element getTarget() { result = getAnnotatedElement() }
Element getTarget() { result = this.getAnnotatedElement() }
override string toString() { result = this.getType().getName() }
@@ -67,8 +67,8 @@ class Annotation extends @annotation, Expr {
* expression defined for the value.
*/
Expr getAValue(string name) {
getType().getAnnotationElement(name).getType() instanceof Array and
exists(Expr value | value = getValue(name) |
this.getType().getAnnotationElement(name).getType() instanceof Array and
exists(Expr value | value = this.getValue(name) |
if value instanceof ArrayInit then result = value.(ArrayInit).getAnInit() else result = value
)
}
@@ -104,7 +104,7 @@ class Annotatable extends Element {
/** Holds if this element has the specified annotation. */
predicate hasAnnotation(string package, string name) {
exists(AnnotationType at | at = getAnAnnotation().getType() |
exists(AnnotationType at | at = this.getAnAnnotation().getType() |
at.nestedName() = name and at.getPackage().getName() = package
)
}
@@ -118,7 +118,7 @@ class Annotatable extends Element {
* annotation attached to it for the specified `category`.
*/
predicate suppressesWarningsAbout(string category) {
category = getAnAnnotation().(SuppressWarningsAnnotation).getASuppressedWarning()
category = this.getAnAnnotation().(SuppressWarningsAnnotation).getASuppressedWarning()
or
this.(Member).getDeclaringType().suppressesWarningsAbout(category)
or

10
java/ql/lib/semmle/code/java/ControlFlowGraph.qll
View File

@@ -528,13 +528,13 @@ private module ControlFlowGraphImpl {
/** Gets the first child node, if any. */
ControlFlowNode firstChild() {
result = getChildNode(-1)
result = this.getChildNode(-1)
or
result = getChildNode(0) and not exists(getChildNode(-1))
result = this.getChildNode(0) and not exists(this.getChildNode(-1))
}
/** Holds if this CFG node has any child nodes. */
predicate isLeafNode() { not exists(getChildNode(_)) }
predicate isLeafNode() { not exists(this.getChildNode(_)) }
/** Holds if this node can finish with a `normalCompletion`. */
predicate mayCompleteNormally() {
@@ -1222,10 +1222,10 @@ class ConditionNode extends ControlFlowNode {
ControlFlowNode getABranchSuccessor(boolean branch) { result = branchSuccessor(this, branch) }
/** Gets a true-successor of the `ConditionNode`. */
ControlFlowNode getATrueSuccessor() { result = getABranchSuccessor(true) }
ControlFlowNode getATrueSuccessor() { result = this.getABranchSuccessor(true) }
/** Gets a false-successor of the `ConditionNode`. */
ControlFlowNode getAFalseSuccessor() { result = getABranchSuccessor(false) }
ControlFlowNode getAFalseSuccessor() { result = this.getABranchSuccessor(false) }
/** Gets the condition of this `ConditionNode`. This is equal to the node itself. */
Expr getCondition() { result = this }

2
java/ql/lib/semmle/code/java/Conversions.qll
View File

@@ -27,7 +27,7 @@ abstract class ConversionSite extends Expr {
/**
* Whether this conversion site actually induces a conversion.
*/
predicate isTrivial() { getConversionTarget() = getConversionSource() }
predicate isTrivial() { this.getConversionTarget() = this.getConversionSource() }
/**
* Whether this conversion is implicit.

4
java/ql/lib/semmle/code/java/Element.qll
View File

@@ -34,10 +34,10 @@ class Element extends @element, Top {
* Elements pertaining to source files may include generated elements
* not visible in source code, such as implicit default constructors.
*/
predicate fromSource() { getCompilationUnit().getExtension() = "java" }
predicate fromSource() { this.getCompilationUnit().getExtension() = "java" }
/** Gets the compilation unit that this element belongs to. */
CompilationUnit getCompilationUnit() { result = getFile() }
CompilationUnit getCompilationUnit() { result = this.getFile() }
/** Cast this element to a `Documentable`. */
Documentable getDoc() { result = this }

90
java/ql/lib/semmle/code/java/Expr.qll
View File

@@ -86,13 +86,15 @@ class Expr extends ExprParent, @expr {
* explicit constructor invocation statement.
*/
getEnclosingCallable().isStatic()
this.getEnclosingCallable().isStatic()
or
getParent+() instanceof ThisConstructorInvocationStmt
this.getParent+() instanceof ThisConstructorInvocationStmt
or
getParent+() instanceof SuperConstructorInvocationStmt
this.getParent+() instanceof SuperConstructorInvocationStmt
or
exists(LambdaExpr lam | lam.asMethod() = getEnclosingCallable() and lam.isInStaticContext())
exists(LambdaExpr lam |
lam.asMethod() = this.getEnclosingCallable() and lam.isInStaticContext()
)
}
/** Holds if this expression is parenthesized. */
@@ -116,7 +118,7 @@ private predicate primitiveOrString(Type t) {
*/
class CompileTimeConstantExpr extends Expr {
CompileTimeConstantExpr() {
primitiveOrString(getType()) and
primitiveOrString(this.getType()) and
(
// Literals of primitive type and literals of type `String`.
this instanceof Literal
@@ -425,9 +427,9 @@ class ArrayCreationExpr extends Expr, @arraycreationexpr {
* Gets the size of the first dimension, if it can be statically determined.
*/
int getFirstDimensionSize() {
if exists(getInit())
then result = getInit().getSize()
else result = getDimension(0).(CompileTimeConstantExpr).getIntValue()
if exists(this.getInit())
then result = this.getInit().getSize()
else result = this.getDimension(0).(CompileTimeConstantExpr).getIntValue()
}
/** Gets a printable representation of this expression. */
@@ -463,7 +465,7 @@ class ArrayInit extends Expr, @arrayinit {
* Gets the number of expressions in this initializer, that is, the size the
* created array will have.
*/
int getSize() { result = count(getAnInit()) }
int getSize() { result = count(this.getAnInit()) }
/** Gets a printable representation of this expression. */
override string toString() { result = "{...}" }
@@ -632,9 +634,9 @@ class Literal extends Expr, @literal {
class BooleanLiteral extends Literal, @booleanliteral {
/** Gets the boolean representation of this literal. */
boolean getBooleanValue() {
result = true and getValue() = "true"
result = true and this.getValue() = "true"
or
result = false and getValue() = "false"
result = false and this.getValue() = "false"
}
override string getAPrimaryQlClass() { result = "BooleanLiteral" }
@@ -657,7 +659,7 @@ class BooleanLiteral extends Literal, @booleanliteral {
*/
class IntegerLiteral extends Literal, @integerliteral {
/** Gets the int representation of this literal. */
int getIntValue() { result = getValue().toInt() }
int getIntValue() { result = this.getValue().toInt() }
override string getAPrimaryQlClass() { result = "IntegerLiteral" }
}
@@ -693,7 +695,7 @@ class FloatingPointLiteral extends Literal, @floatingpointliteral {
* Gets the value of this literal as CodeQL 64-bit `float`. The value will
* be parsed as Java 32-bit `float` and then converted to a CodeQL `float`.
*/
float getFloatValue() { result = getValue().toFloat() }
float getFloatValue() { result = this.getValue().toFloat() }
override string getAPrimaryQlClass() { result = "FloatingPointLiteral" }
}
@@ -709,7 +711,7 @@ class DoubleLiteral extends Literal, @doubleliteral {
* Gets the value of this literal as CodeQL 64-bit `float`. The result will
* have the same effective value as the Java `double` literal.
*/
float getDoubleValue() { result = getValue().toFloat() }
float getDoubleValue() { result = this.getValue().toFloat() }
override string getAPrimaryQlClass() { result = "DoubleLiteral" }
}
@@ -732,10 +734,10 @@ class StringLiteral extends Literal, @stringliteral {
/**
* Gets the literal string without the quotes.
*/
string getRepresentedString() { result = getValue() }
string getRepresentedString() { result = this.getValue() }
/** Holds if this string literal is a text block (`""" ... """`). */
predicate isTextBlock() { getLiteral().matches("\"\"\"%") }
predicate isTextBlock() { this.getLiteral().matches("\"\"\"%") }
override string getAPrimaryQlClass() { result = "StringLiteral" }
}
@@ -1184,7 +1186,7 @@ class LambdaExpr extends FunctionalExpr, @lambdaexpr {
* Gets the implicit method corresponding to this lambda expression.
* The parameters of the lambda expression are the parameters of this method.
*/
override Method asMethod() { result = getAnonymousClass().getAMethod() }
override Method asMethod() { result = this.getAnonymousClass().getAMethod() }
/** Holds if the body of this lambda is an expression. */
predicate hasExprBody() { lambdaKind(this, 0) }
@@ -1194,11 +1196,11 @@ class LambdaExpr extends FunctionalExpr, @lambdaexpr {
/** Gets the body of this lambda expression, if it is an expression. */
Expr getExprBody() {
hasExprBody() and result = asMethod().getBody().getAChild().(ReturnStmt).getResult()
this.hasExprBody() and result = this.asMethod().getBody().getAChild().(ReturnStmt).getResult()
}
/** Gets the body of this lambda expression, if it is a statement. */
BlockStmt getStmtBody() { hasStmtBody() and result = asMethod().getBody() }
BlockStmt getStmtBody() { this.hasStmtBody() and result = this.asMethod().getBody() }
/** Gets a printable representation of this expression. */
override string toString() { result = "...->..." }
@@ -1223,7 +1225,7 @@ class MemberRefExpr extends FunctionalExpr, @memberref {
* (if the reference is to a constructor) or an array creation expression (if the reference
* is to an array constructor).
*/
override Method asMethod() { result = getAnonymousClass().getAMethod() }
override Method asMethod() { result = this.getAnonymousClass().getAMethod() }
/**
* Gets the method or constructor referenced by this member reference expression.
@@ -1274,16 +1276,16 @@ class ConditionalExpr extends Expr, @conditionalexpr {
* it is `getFalseExpr()`.
*/
Expr getBranchExpr(boolean branch) {
branch = true and result = getTrueExpr()
branch = true and result = this.getTrueExpr()
or
branch = false and result = getFalseExpr()
branch = false and result = this.getFalseExpr()
}
/**
* Gets the expressions that is evaluated by one of the branches (`true`
* or `false` branch) of this conditional expression.
*/
Expr getABranchExpr() { result = getBranchExpr(_) }
Expr getABranchExpr() { result = this.getBranchExpr(_) }
/** Gets a printable representation of this expression. */
override string toString() { result = "...?...:..." }
@@ -1308,7 +1310,7 @@ class SwitchExpr extends Expr, StmtParent, @switchexpr {
* Gets a case of this `switch` expression,
* which may be either a normal `case` or a `default`.
*/
SwitchCase getACase() { result = getAConstCase() or result = getDefaultCase() }
SwitchCase getACase() { result = this.getAConstCase() or result = this.getDefaultCase() }
/** Gets a (non-default) `case` of this `switch` expression. */
ConstCase getAConstCase() { result.getParent() = this }
@@ -1321,7 +1323,7 @@ class SwitchExpr extends Expr, StmtParent, @switchexpr {
/** Gets a result expression of this `switch` expression. */
Expr getAResult() {
result = getACase().getRuleExpression()
result = this.getACase().getRuleExpression()
or
exists(YieldStmt yield | yield.(JumpStmt).getTarget() = this and result = yield.getValue())
}
@@ -1336,8 +1338,8 @@ class SwitchExpr extends Expr, StmtParent, @switchexpr {
class InstanceOfExpr extends Expr, @instanceofexpr {
/** Gets the expression on the left-hand side of the `instanceof` operator. */
Expr getExpr() {
if isPattern()
then result = getLocalVariableDeclExpr().getInit()
if this.isPattern()
then result = this.getLocalVariableDeclExpr().getInit()
else result.isNthChildOf(this, 0)
}
@@ -1346,7 +1348,7 @@ class InstanceOfExpr extends Expr, @instanceofexpr {
*
* Holds if this `instanceof` expression uses pattern matching.
*/
predicate isPattern() { exists(getLocalVariableDeclExpr()) }
predicate isPattern() { exists(this.getLocalVariableDeclExpr()) }
/**
* PREVIEW FEATURE in Java 14. Subject to removal in a future release.
@@ -1359,7 +1361,7 @@ class InstanceOfExpr extends Expr, @instanceofexpr {
Expr getTypeName() { result.isNthChildOf(this, 1) }
/** Gets the type this `instanceof` expression checks for. */
RefType getCheckedType() { result = getTypeName().getType() }
RefType getCheckedType() { result = this.getTypeName().getType() }
/** Gets a printable representation of this expression. */
override string toString() { result = "...instanceof..." }
@@ -1457,7 +1459,7 @@ class TypeLiteral extends Expr, @typeliteral {
* Gets the type this type literal refers to. For example for `String.class` the
* result is the type representing `String`.
*/
Type getReferencedType() { result = getTypeName().getType() }
Type getReferencedType() { result = this.getTypeName().getType() }
/** Gets a printable representation of this expression. */
override string toString() { result = this.getTypeName().toString() + ".class" }
@@ -1482,15 +1484,15 @@ abstract class InstanceAccess extends Expr {
* This never holds for accesses in lambda expressions as they cannot access
* their own instance directly.
*/
predicate isOwnInstanceAccess() { not isEnclosingInstanceAccess(_) }
predicate isOwnInstanceAccess() { not this.isEnclosingInstanceAccess(_) }
/** Holds if this instance access is to an enclosing instance of type `t`. */
predicate isEnclosingInstanceAccess(RefType t) {
t = getQualifier().getType().(RefType).getSourceDeclaration() and
t != getEnclosingCallable().getDeclaringType()
t = this.getQualifier().getType().(RefType).getSourceDeclaration() and
t != this.getEnclosingCallable().getDeclaringType()
or
not exists(getQualifier()) and
exists(LambdaExpr lam | lam.asMethod() = getEnclosingCallable() |
not exists(this.getQualifier()) and
exists(LambdaExpr lam | lam.asMethod() = this.getEnclosingCallable() |
t = lam.getAnonymousClass().getEnclosingType()
)
}
@@ -1538,7 +1540,7 @@ class VarAccess extends Expr, @varaccess {
Expr getQualifier() { result.getParent() = this }
/** Holds if this variable access has a qualifier. */
predicate hasQualifier() { exists(getQualifier()) }
predicate hasQualifier() { exists(this.getQualifier()) }
/** Gets the variable accessed by this variable access. */
Variable getVariable() { variableBinding(this, result) }
@@ -1580,11 +1582,11 @@ class VarAccess extends Expr, @varaccess {
*/
predicate isLocal() {
// The access has no qualifier, or...
not hasQualifier()
not this.hasQualifier()
or
// the qualifier is either `this` or `A.this`, where `A` is the enclosing type, or
// the qualifier is either `super` or `A.super`, where `A` is the enclosing type.
getQualifier().(InstanceAccess).isOwnInstanceAccess()
this.getQualifier().(InstanceAccess).isOwnInstanceAccess()
}
override string getAPrimaryQlClass() { result = "VarAccess" }
@@ -1626,7 +1628,7 @@ class MethodAccess extends Expr, Call, @methodaccess {
override Expr getQualifier() { result.isNthChildOf(this, -1) }
/** Holds if this method access has a qualifier. */
predicate hasQualifier() { exists(getQualifier()) }
predicate hasQualifier() { exists(this.getQualifier()) }
/** Gets an argument supplied to the method that is invoked using this method access. */
override Expr getAnArgument() { result.getIndex() >= 0 and result.getParent() = this }
@@ -1663,9 +1665,9 @@ class MethodAccess extends Expr, Call, @methodaccess {
* the enclosing type if there is no qualifier.
*/
RefType getReceiverType() {
result = getQualifier().getType()
result = this.getQualifier().getType()
or
not hasQualifier() and result = getEnclosingCallable().getDeclaringType()
not this.hasQualifier() and result = this.getEnclosingCallable().getDeclaringType()
}
/**
@@ -1841,7 +1843,7 @@ class Call extends ExprParent, @caller {
Callable getCallee() { callableBinding(this, result) }
/** Gets the callable invoking this call. */
Callable getCaller() { result = getEnclosingCallable() }
Callable getCaller() { result = this.getEnclosingCallable() }
}
/** A polymorphic call to an instance method. */
@@ -2042,14 +2044,14 @@ class Argument extends Expr {
}
/** Holds if this argument is part of an implicit varargs array. */
predicate isVararg() { isNthVararg(_) }
predicate isVararg() { this.isNthVararg(_) }
/**
* Holds if this argument is part of an implicit varargs array at the
* given array index.
*/
predicate isNthVararg(int arrayindex) {
not isExplicitVarargsArray() and
not this.isExplicitVarargsArray() and
exists(Callable tgt |
call.getCallee() = tgt and
tgt.isVarargs() and

30
java/ql/lib/semmle/code/java/Generics.qll
View File

@@ -69,12 +69,12 @@ class GenericType extends RefType {
/**
* Gets a type parameter of this generic type.
*/
TypeVariable getATypeParameter() { result = getTypeParameter(_) }
TypeVariable getATypeParameter() { result = this.getTypeParameter(_) }
/**
* Gets the number of type parameters of this generic type.
*/
int getNumberOfTypeParameters() { result = strictcount(getATypeParameter()) }
int getNumberOfTypeParameters() { result = strictcount(this.getATypeParameter()) }
override string getAPrimaryQlClass() { result = "GenericType" }
}
@@ -107,7 +107,7 @@ abstract class BoundedType extends RefType, @boundedtype {
TypeBound getATypeBound() { result.getBoundedType() = this }
/** Gets the first type bound for this type, if any. */
TypeBound getFirstTypeBound() { result = getATypeBound() and result.getPosition() = 0 }
TypeBound getFirstTypeBound() { result = this.getATypeBound() and result.getPosition() = 0 }
/**
* Gets an upper type bound of this type, or `Object`
@@ -123,9 +123,9 @@ abstract class BoundedType extends RefType, @boundedtype {
/** Gets a transitive upper bound for this type that is not itself a bounded type. */
RefType getAnUltimateUpperBoundType() {
result = getUpperBoundType() and not result instanceof BoundedType
result = this.getUpperBoundType() and not result instanceof BoundedType
or
result = getUpperBoundType().(BoundedType).getAnUltimateUpperBoundType()
result = this.getUpperBoundType().(BoundedType).getAnUltimateUpperBoundType()
}
override string getAPrimaryQlClass() { result = "BoundedType" }
@@ -168,8 +168,8 @@ class TypeVariable extends BoundedType, @typevariable {
/** Gets the lexically enclosing package of this type parameter, if any. */
override Package getPackage() {
result = getGenericType().getPackage() or
result = getGenericCallable().getDeclaringType().getPackage()
result = this.getGenericType().getPackage() or
result = this.getGenericCallable().getDeclaringType().getPackage()
}
/** Finds a type that was supplied for this parameter. */
@@ -190,9 +190,9 @@ class TypeVariable extends BoundedType, @typevariable {
/** Finds a non-typevariable type that was transitively supplied for this parameter. */
RefType getAnUltimatelySuppliedType() {
result = getASuppliedType() and not result instanceof TypeVariable
result = this.getASuppliedType() and not result instanceof TypeVariable
or
result = getASuppliedType().(TypeVariable).getAnUltimatelySuppliedType()
result = this.getASuppliedType().(TypeVariable).getAnUltimatelySuppliedType()
}
override string getAPrimaryQlClass() { result = "TypeVariable" }
@@ -261,7 +261,7 @@ class Wildcard extends BoundedType, @wildcard {
* Holds if this is the unconstrained wildcard `?`.
*/
predicate isUnconstrained() {
not hasLowerBound() and
not this.hasLowerBound() and
wildcards(this, "?", _)
}
@@ -451,12 +451,12 @@ class GenericCallable extends Callable {
/**
* Gets a type parameter of this generic callable.
*/
TypeVariable getATypeParameter() { result = getTypeParameter(_) }
TypeVariable getATypeParameter() { result = this.getTypeParameter(_) }
/**
* Gets the number of type parameters of this generic callable.
*/
int getNumberOfTypeParameters() { result = strictcount(getATypeParameter()) }
int getNumberOfTypeParameters() { result = strictcount(this.getATypeParameter()) }
}
/**
@@ -484,10 +484,10 @@ class GenericCall extends Call {
/** Gets a type argument of the call for the given `TypeVariable`. */
RefType getATypeArgument(TypeVariable v) {
result = getAnExplicitTypeArgument(v)
result = this.getAnExplicitTypeArgument(v)
or
not exists(getAnExplicitTypeArgument(v)) and
result = getAnInferredTypeArgument(v)
not exists(this.getAnExplicitTypeArgument(v)) and
result = this.getAnInferredTypeArgument(v)
}
}

63
java/ql/lib/semmle/code/java/JDK.qll
View File

@@ -19,12 +19,12 @@ class TypeCloneable extends Interface {
/** The class `java.lang.ProcessBuilder`. */
class TypeProcessBuilder extends Class {
TypeProcessBuilder() { hasQualifiedName("java.lang", "ProcessBuilder") }
TypeProcessBuilder() { this.hasQualifiedName("java.lang", "ProcessBuilder") }
}
/** The class `java.lang.Runtime`. */
class TypeRuntime extends Class {
TypeRuntime() { hasQualifiedName("java.lang", "Runtime") }
TypeRuntime() { this.hasQualifiedName("java.lang", "Runtime") }
}
/** The class `java.lang.String`. */
@@ -143,22 +143,22 @@ class ImmutableType extends Type {
// --- Java IO ---
/** The interface `java.io.Serializable`. */
class TypeSerializable extends Interface {
TypeSerializable() { hasQualifiedName("java.io", "Serializable") }
TypeSerializable() { this.hasQualifiedName("java.io", "Serializable") }
}
/** The interface `java.io.ObjectOutput`. */
class TypeObjectOutput extends Interface {
TypeObjectOutput() { hasQualifiedName("java.io", "ObjectOutput") }
TypeObjectOutput() { this.hasQualifiedName("java.io", "ObjectOutput") }
}
/** The type `java.io.ObjectOutputStream`. */
class TypeObjectOutputStream extends RefType {
TypeObjectOutputStream() { hasQualifiedName("java.io", "ObjectOutputStream") }
TypeObjectOutputStream() { this.hasQualifiedName("java.io", "ObjectOutputStream") }
}
/** The type `java.io.ObjectInputStream`. */
class TypeObjectInputStream extends RefType {
TypeObjectInputStream() { hasQualifiedName("java.io", "ObjectInputStream") }
TypeObjectInputStream() { this.hasQualifiedName("java.io", "ObjectInputStream") }
}
/** The class `java.nio.file.Paths`. */
@@ -196,8 +196,8 @@ class ProcessBuilderConstructor extends Constructor, ExecCallable {
*/
class MethodProcessBuilderCommand extends Method, ExecCallable {
MethodProcessBuilderCommand() {
hasName("command") and
getDeclaringType() instanceof TypeProcessBuilder
this.hasName("command") and
this.getDeclaringType() instanceof TypeProcessBuilder
}
override int getAnExecutedArgument() { result = 0 }
@@ -208,8 +208,8 @@ class MethodProcessBuilderCommand extends Method, ExecCallable {
*/
class MethodRuntimeExec extends Method, ExecCallable {
MethodRuntimeExec() {
hasName("exec") and
getDeclaringType() instanceof TypeRuntime
this.hasName("exec") and
this.getDeclaringType() instanceof TypeRuntime
}
override int getAnExecutedArgument() { result = 0 }
@@ -220,8 +220,8 @@ class MethodRuntimeExec extends Method, ExecCallable {
*/
class MethodSystemGetenv extends Method {
MethodSystemGetenv() {
hasName("getenv") and
getDeclaringType() instanceof TypeSystem
this.hasName("getenv") and
this.getDeclaringType() instanceof TypeSystem
}
}
@@ -230,8 +230,8 @@ class MethodSystemGetenv extends Method {
*/
class MethodSystemGetProperty extends Method {
MethodSystemGetProperty() {
hasName("getProperty") and
getDeclaringType() instanceof TypeSystem
this.hasName("getProperty") and
this.getDeclaringType() instanceof TypeSystem
}
}
@@ -239,7 +239,7 @@ class MethodSystemGetProperty extends Method {
* An access to a method named `getProperty` on class `java.lang.System`.
*/
class MethodAccessSystemGetProperty extends MethodAccess {
MethodAccessSystemGetProperty() { getMethod() instanceof MethodSystemGetProperty }
MethodAccessSystemGetProperty() { this.getMethod() instanceof MethodSystemGetProperty }
/**
* Holds if this call has a compile-time constant first argument with the value `propertyName`.
@@ -255,8 +255,11 @@ class MethodAccessSystemGetProperty extends MethodAccess {
*/
class MethodExit extends Method {
MethodExit() {
hasName("exit") and
(getDeclaringType() instanceof TypeRuntime or getDeclaringType() instanceof TypeSystem)
this.hasName("exit") and
(
this.getDeclaringType() instanceof TypeRuntime or
this.getDeclaringType() instanceof TypeSystem
)
}
}
@@ -266,10 +269,10 @@ class MethodExit extends Method {
*/
class WriteObjectMethod extends Method {
WriteObjectMethod() {
hasName("writeObject") and
this.hasName("writeObject") and
(
getDeclaringType() instanceof TypeObjectOutputStream or
getDeclaringType() instanceof TypeObjectOutput
this.getDeclaringType() instanceof TypeObjectOutputStream or
this.getDeclaringType() instanceof TypeObjectOutput
)
}
}
@@ -293,16 +296,16 @@ class ReadObjectMethod extends Method {
/** The method `Class.getName()`. */
class ClassNameMethod extends Method {
ClassNameMethod() {
hasName("getName") and
getDeclaringType() instanceof TypeClass
this.hasName("getName") and
this.getDeclaringType() instanceof TypeClass
}
}
/** The method `Class.getSimpleName()`. */
class ClassSimpleNameMethod extends Method {
ClassSimpleNameMethod() {
hasName("getSimpleName") and
getDeclaringType() instanceof TypeClass
this.hasName("getSimpleName") and
this.getDeclaringType() instanceof TypeClass
}
}
@@ -334,24 +337,24 @@ class MethodMathMax extends Method {
/** The field `System.in`. */
class SystemIn extends Field {
SystemIn() {
hasName("in") and
getDeclaringType() instanceof TypeSystem
this.hasName("in") and
this.getDeclaringType() instanceof TypeSystem
}
}
/** The field `System.out`. */
class SystemOut extends Field {
SystemOut() {
hasName("out") and
getDeclaringType() instanceof TypeSystem
this.hasName("out") and
this.getDeclaringType() instanceof TypeSystem
}
}
/** The field `System.err`. */
class SystemErr extends Field {
SystemErr() {
hasName("err") and
getDeclaringType() instanceof TypeSystem
this.hasName("err") and
this.getDeclaringType() instanceof TypeSystem
}
}

4
java/ql/lib/semmle/code/java/JDKAnnotations.qll
View File

@@ -25,7 +25,9 @@ class SuppressWarningsAnnotation extends Annotation {
}
/** Gets the name of a warning suppressed by this annotation. */
string getASuppressedWarning() { result = getASuppressedWarningLiteral().getRepresentedString() }
string getASuppressedWarning() {
result = this.getASuppressedWarningLiteral().getRepresentedString()
}
}
/** A `@Target` annotation. */

20
java/ql/lib/semmle/code/java/JMX.qll
View File

@@ -26,27 +26,27 @@ class MXBean extends ManagedBean {
*/
class RegisteredManagedBeanImpl extends Class {
RegisteredManagedBeanImpl() {
getAnAncestor() instanceof ManagedBean and
this.getAnAncestor() instanceof ManagedBean and
exists(JMXRegistrationCall registerCall | registerCall.getObjectArgument().getType() = this)
}
/**
* Gets a managed bean that this registered bean class implements.
*/
ManagedBean getAnImplementedManagedBean() { result = getAnAncestor() }
ManagedBean getAnImplementedManagedBean() { result = this.getAnAncestor() }
}
/**
* A call that registers an object with the `MBeanServer`, directly or indirectly.
*/
class JMXRegistrationCall extends MethodAccess {
JMXRegistrationCall() { getCallee() instanceof JMXRegistrationMethod }
JMXRegistrationCall() { this.getCallee() instanceof JMXRegistrationMethod }
/**
* Gets the argument that represents the object in the registration call.
*/
Expr getObjectArgument() {
result = getArgument(getCallee().(JMXRegistrationMethod).getObjectPosition())
result = this.getArgument(this.getCallee().(JMXRegistrationMethod).getObjectPosition())
}
}
@@ -59,15 +59,15 @@ class JMXRegistrationCall extends MethodAccess {
class JMXRegistrationMethod extends Method {
JMXRegistrationMethod() {
// A direct registration with the `MBeanServer`.
getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
getName() = "registerMBean"
this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
this.getName() = "registerMBean"
or
// The `MBeanServer` is often wrapped by an application specific management class, so identify
// methods that wrap a call to another `JMXRegistrationMethod`.
exists(JMXRegistrationCall c |
// This must be a call to another JMX registration method, where the object argument is an access
// of one of the parameters of this method.
c.getObjectArgument().(VarAccess).getVariable() = getAParameter()
c.getObjectArgument().(VarAccess).getVariable() = this.getAParameter()
)
}
@@ -76,13 +76,13 @@ class JMXRegistrationMethod extends Method {
*/
int getObjectPosition() {
// Passed as the first argument to `registerMBean`.
getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
getName() = "registerMBean" and
this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
this.getName() = "registerMBean" and
result = 0
or
// Identify the position in this method where the object parameter should be passed.
exists(JMXRegistrationCall c |
c.getObjectArgument().(VarAccess).getVariable() = getParameter(result)
c.getObjectArgument().(VarAccess).getVariable() = this.getParameter(result)
)
}
}

12
java/ql/lib/semmle/code/java/Javadoc.qll
View File

@@ -14,7 +14,7 @@ class JavadocParent extends @javadocParent, Top {
JavadocElement getChild(int index) { result = this.getAChild() and result.getIndex() = index }
/** Gets the number of documentation elements attached to this parent. */
int getNumChild() { result = count(getAChild()) }
int getNumChild() { result = count(this.getAChild()) }
/** Gets a documentation element with the specified Javadoc tag name. */
JavadocTag getATag(string name) { result = this.getAChild() and result.getTagName() = name }
@@ -33,7 +33,9 @@ class Javadoc extends JavadocParent, @javadoc {
/** Gets the value of the `@author` tag, if any. */
string getAuthor() { result = this.getATag("@author").getChild(0).toString() }
override string toString() { result = toStringPrefix() + getChild(0) + toStringPostfix() }
override string toString() {
result = this.toStringPrefix() + this.getChild(0) + this.toStringPostfix()
}
private string toStringPrefix() {
if isEolComment(this)
@@ -47,7 +49,7 @@ class Javadoc extends JavadocParent, @javadoc {
if isEolComment(this)
then result = ""
else (
if strictcount(getAChild()) = 1 then result = " */" else result = " ... */"
if strictcount(this.getAChild()) = 1 then result = " */" else result = " ... */"
)
}
@@ -119,10 +121,10 @@ class ThrowsTag extends JavadocTag {
/** A Javadoc `@see` tag. */
class SeeTag extends JavadocTag {
SeeTag() { getTagName() = "@see" }
SeeTag() { this.getTagName() = "@see" }
/** Gets the name of the entity referred to. */
string getReference() { result = getChild(0).toString() }
string getReference() { result = this.getChild(0).toString() }
}
/** A Javadoc `@author` tag. */

6
java/ql/lib/semmle/code/java/Maps.qll
View File

@@ -76,11 +76,11 @@ class FreshMap extends ClassInstanceExpr {
* A call to `Map.put(key, value)`.
*/
class MapPutCall extends MethodAccess {
MapPutCall() { getCallee().(MapMethod).hasName("put") }
MapPutCall() { this.getCallee().(MapMethod).hasName("put") }
/** Gets the key argument of this call. */
Expr getKey() { result = getArgument(0) }
Expr getKey() { result = this.getArgument(0) }
/** Gets the value argument of this call. */
Expr getValue() { result = getArgument(1) }
Expr getValue() { result = this.getArgument(1) }
}

54
java/ql/lib/semmle/code/java/Member.qll
View File

@@ -21,7 +21,7 @@ class Member extends Element, Annotatable, Modifiable, @member {
RefType getDeclaringType() { declaresMember(result, this) }
/** Gets the qualified name of this member. */
string getQualifiedName() { result = getDeclaringType().getName() + "." + getName() }
string getQualifiedName() { result = this.getDeclaringType().getName() + "." + this.getName() }
/**
* Holds if this member has the specified name and is declared in the
@@ -33,9 +33,9 @@ class Member extends Element, Annotatable, Modifiable, @member {
/** Holds if this member is package protected, that is, neither public nor private nor protected. */
predicate isPackageProtected() {
not isPrivate() and
not isProtected() and
not isPublic()
not this.isPrivate() and
not this.isProtected() and
not this.isPublic()
}
/**
@@ -78,7 +78,7 @@ class Callable extends StmtParent, Member, @callable {
*/
string getMethodDescriptor() {
exists(string return | return = this.getReturnType().getTypeDescriptor() |
result = "(" + descriptorUpTo(this.getNumberOfParameters()) + ")" + return
result = "(" + this.descriptorUpTo(this.getNumberOfParameters()) + ")" + return
)
}
@@ -86,19 +86,19 @@ class Callable extends StmtParent, Member, @callable {
n = 0 and result = ""
or
exists(Parameter p | p = this.getParameter(n - 1) |
result = descriptorUpTo(n - 1) + p.getType().getTypeDescriptor()
result = this.descriptorUpTo(n - 1) + p.getType().getTypeDescriptor()
)
}
/** Holds if this callable calls `target`. */
predicate calls(Callable target) { exists(getACallSite(target)) }
predicate calls(Callable target) { exists(this.getACallSite(target)) }
/**
* Holds if this callable calls `target`
* using a `super(...)` constructor call.
*/
predicate callsSuperConstructor(Constructor target) {
getACallSite(target) instanceof SuperConstructorInvocationStmt
this.getACallSite(target) instanceof SuperConstructorInvocationStmt
}
/**
@@ -106,14 +106,14 @@ class Callable extends StmtParent, Member, @callable {
* using a `this(...)` constructor call.
*/
predicate callsThis(Constructor target) {
getACallSite(target) instanceof ThisConstructorInvocationStmt
this.getACallSite(target) instanceof ThisConstructorInvocationStmt
}
/**
* Holds if this callable calls `target`
* using a `super` method call.
*/
predicate callsSuper(Method target) { getACallSite(target) instanceof SuperMethodAccess }
predicate callsSuper(Method target) { this.getACallSite(target) instanceof SuperMethodAccess }
/**
* Holds if this callable calls `c` using
@@ -165,13 +165,13 @@ class Callable extends StmtParent, Member, @callable {
Field getAnAccessedField() { this.accesses(result) }
/** Gets the type of a formal parameter of this callable. */
Type getAParamType() { result = getParameterType(_) }
Type getAParamType() { result = this.getParameterType(_) }
/** Holds if this callable does not have any formal parameters. */
predicate hasNoParameters() { not exists(getAParameter()) }
predicate hasNoParameters() { not exists(this.getAParameter()) }
/** Gets the number of formal parameters of this callable. */
int getNumberOfParameters() { result = count(getAParameter()) }
int getNumberOfParameters() { result = count(this.getAParameter()) }
/** Gets a formal parameter of this callable. */
Parameter getAParameter() { result.getCallable() = this }
@@ -205,7 +205,7 @@ class Callable extends StmtParent, Member, @callable {
*/
pragma[nomagic]
string paramsString() {
exists(int n | n = getNumberOfParameters() |
exists(int n | n = this.getNumberOfParameters() |
n = 0 and result = "()"
or
n > 0 and result = "(" + this.paramUpTo(n - 1) + ")"
@@ -217,9 +217,9 @@ class Callable extends StmtParent, Member, @callable {
* from left to right, up to (and including) the `n`-th parameter.
*/
private string paramUpTo(int n) {
n = 0 and result = getParameterType(0).toString()
n = 0 and result = this.getParameterType(0).toString()
or
n > 0 and result = paramUpTo(n - 1) + ", " + getParameterType(n)
n > 0 and result = this.paramUpTo(n - 1) + ", " + this.getParameterType(n)
}
/**
@@ -234,7 +234,7 @@ class Callable extends StmtParent, Member, @callable {
Exception getAnException() { exceptions(result, _, this) }
/** Gets an exception type that occurs in the `throws` clause of this callable. */
RefType getAThrownExceptionType() { result = getAnException().getType() }
RefType getAThrownExceptionType() { result = this.getAnException().getType() }
/** Gets a call site that references this callable. */
Call getAReference() { result.getCallee() = this }
@@ -392,7 +392,7 @@ class Method extends Callable, @method {
or
// JLS 9.4: Every method declaration in the body of an interface without an
// access modifier is implicitly public.
getDeclaringType() instanceof Interface and
this.getDeclaringType() instanceof Interface and
not this.isPrivate()
or
exists(FunctionalExpr func | func.asMethod() = this)
@@ -413,7 +413,7 @@ class Method extends Callable, @method {
Callable.super.isStrictfp()
or
// JLS 8.1.1.3, JLS 9.1.1.2
getDeclaringType().isStrictfp()
this.getDeclaringType().isStrictfp()
}
/**
@@ -421,8 +421,8 @@ class Method extends Callable, @method {
* nor an initializer method, and hence could be inherited.
*/
predicate isInheritable() {
not isPrivate() and
not (isStatic() and getDeclaringType() instanceof Interface) and
not this.isPrivate() and
not (this.isStatic() and this.getDeclaringType() instanceof Interface) and
not this instanceof InitializerMethod
}
@@ -430,13 +430,13 @@ class Method extends Callable, @method {
* Holds if this method is neither private nor static, and hence
* uses dynamic dispatch.
*/
predicate isVirtual() { not isPrivate() and not isStatic() }
predicate isVirtual() { not this.isPrivate() and not this.isStatic() }
/** Holds if this method can be overridden. */
predicate isOverridable() {
isVirtual() and
not isFinal() and
not getDeclaringType().isFinal()
this.isVirtual() and
not this.isFinal() and
not this.getDeclaringType().isFinal()
}
override string getAPrimaryQlClass() { result = "Method" }
@@ -549,7 +549,7 @@ abstract class InitializerMethod extends Method { }
* field initializations and static initializer blocks.
*/
class StaticInitializer extends InitializerMethod {
StaticInitializer() { hasName("<clinit>") }
StaticInitializer() { this.hasName("<clinit>") }
}
/**
@@ -629,7 +629,7 @@ class Field extends Member, ExprParent, @field, Variable {
or
// JLS 9.3: Every field declaration in the body of an interface is
// implicitly public, static, and final
getDeclaringType() instanceof Interface
this.getDeclaringType() instanceof Interface
}
override predicate isStatic() {

20
java/ql/lib/semmle/code/java/Modifier.qll
View File

@@ -25,7 +25,7 @@ abstract class Modifiable extends Element {
* abstract, so `isAbstract()` will hold for them even if `hasModifier("abstract")`
* does not.
*/
predicate hasModifier(string m) { modifiers(getAModifier(), m) }
predicate hasModifier(string m) { modifiers(this.getAModifier(), m) }
/** Holds if this element has no modifier. */
predicate hasNoModifier() { not hasModifier(this, _) }
@@ -34,31 +34,31 @@ abstract class Modifiable extends Element {
Modifier getAModifier() { this = result.getElement() }
/** Holds if this element has an `abstract` modifier or is implicitly abstract. */
predicate isAbstract() { hasModifier("abstract") }
predicate isAbstract() { this.hasModifier("abstract") }
/** Holds if this element has a `static` modifier or is implicitly static. */
predicate isStatic() { hasModifier("static") }
predicate isStatic() { this.hasModifier("static") }
/** Holds if this element has a `final` modifier or is implicitly final. */
predicate isFinal() { hasModifier("final") }
predicate isFinal() { this.hasModifier("final") }
/** Holds if this element has a `public` modifier or is implicitly public. */
predicate isPublic() { hasModifier("public") }
predicate isPublic() { this.hasModifier("public") }
/** Holds if this element has a `protected` modifier. */
predicate isProtected() { hasModifier("protected") }
predicate isProtected() { this.hasModifier("protected") }
/** Holds if this element has a `private` modifier or is implicitly private. */
predicate isPrivate() { hasModifier("private") }
predicate isPrivate() { this.hasModifier("private") }
/** Holds if this element has a `volatile` modifier. */
predicate isVolatile() { hasModifier("volatile") }
predicate isVolatile() { this.hasModifier("volatile") }
/** Holds if this element has a `synchronized` modifier. */
predicate isSynchronized() { hasModifier("synchronized") }
predicate isSynchronized() { this.hasModifier("synchronized") }
/** Holds if this element has a `native` modifier. */
predicate isNative() { hasModifier("native") }
predicate isNative() { this.hasModifier("native") }
/** Holds if this element has a `default` modifier. */
predicate isDefault() { this.hasModifier("default") }

58
java/ql/lib/semmle/code/java/PrettyPrintAst.qll
View File

@@ -169,27 +169,27 @@ private class PpArrayCreationExpr extends PpAst, ArrayCreationExpr {
override string getPart(int i) {
i = 0 and result = "new "
or
i = 1 and result = baseType()
i = 1 and result = this.baseType()
or
i = 2 + 3 * dimensionIndex() and result = "["
i = 2 + 3 * this.dimensionIndex() and result = "["
or
i = 4 + 3 * dimensionIndex() and result = "]"
i = 4 + 3 * this.dimensionIndex() and result = "]"
or
i = 4 + 3 * exprDims() + [1 .. nonExprDims()] and result = "[]"
i = 4 + 3 * this.exprDims() + [1 .. this.nonExprDims()] and result = "[]"
}
private string baseType() { result = this.getType().(Array).getElementType().toString() }
private int dimensionIndex() { exists(this.getDimension(result)) }
private int exprDims() { result = max(int j | j = 0 or j = 1 + dimensionIndex()) }
private int exprDims() { result = max(int j | j = 0 or j = 1 + this.dimensionIndex()) }
private int nonExprDims() { result = this.getType().(Array).getDimension() - exprDims() }
private int nonExprDims() { result = this.getType().(Array).getDimension() - this.exprDims() }
override PpAst getChild(int i) {
exists(int j | result = this.getDimension(j) and i = 3 + 3 * j)
or
i = 5 + 3 * exprDims() + nonExprDims() and result = this.getInit()
i = 5 + 3 * this.exprDims() + this.nonExprDims() and result = this.getInit()
}
}
@@ -539,27 +539,27 @@ private class PpForStmt extends PpAst, ForStmt {
or
exists(int j | j > 0 and exists(this.getInit(j)) and i = 2 + 2 * j and result = ", ")
or
i = 1 + lastInitIndex() and result = "; "
i = 1 + this.lastInitIndex() and result = "; "
or
i = 3 + lastInitIndex() and result = "; "
i = 3 + this.lastInitIndex() and result = "; "
or
exists(int j |
j > 0 and exists(this.getUpdate(j)) and i = 3 + lastInitIndex() + 2 * j and result = ", "
j > 0 and exists(this.getUpdate(j)) and i = 3 + this.lastInitIndex() + 2 * j and result = ", "
)
or
i = 1 + lastUpdateIndex() and result = ")"
i = 1 + this.lastUpdateIndex() and result = ")"
or
i = 2 + lastUpdateIndex() and result = " " and this.getStmt() instanceof BlockStmt
i = 2 + this.lastUpdateIndex() and result = " " and this.getStmt() instanceof BlockStmt
}
private int lastInitIndex() { result = 3 + 2 * max(int j | exists(this.getInit(j))) }
private int lastUpdateIndex() {
result = 4 + lastInitIndex() + 2 * max(int j | exists(this.getUpdate(j)))
result = 4 + this.lastInitIndex() + 2 * max(int j | exists(this.getUpdate(j)))
}
override predicate newline(int i) {
i = 2 + lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
i = 2 + this.lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
}
override PpAst getChild(int i) {
@@ -567,15 +567,15 @@ private class PpForStmt extends PpAst, ForStmt {
or
exists(int j | result = this.getInit(j) and i = 3 + 2 * j)
or
i = 2 + lastInitIndex() and result = this.getCondition()
i = 2 + this.lastInitIndex() and result = this.getCondition()
or
exists(int j | result = this.getUpdate(j) and i = 4 + lastInitIndex() + 2 * j)
exists(int j | result = this.getUpdate(j) and i = 4 + this.lastInitIndex() + 2 * j)
or
i = 3 + lastUpdateIndex() and result = this.getStmt()
i = 3 + this.lastUpdateIndex() and result = this.getStmt()
}
override predicate indents(int i) {
i = 3 + lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
i = 3 + this.lastUpdateIndex() and not this.getStmt() instanceof BlockStmt
}
}
@@ -654,9 +654,9 @@ private class PpTryStmt extends PpAst, TryStmt {
or
exists(int j | exists(this.getResourceExpr(j)) and i = 3 + 2 * j and result = ";")
or
i = 2 + lastResourceIndex() and result = ") " and exists(this.getAResource())
i = 2 + this.lastResourceIndex() and result = ") " and exists(this.getAResource())
or
i = 1 + lastCatchIndex() and result = " finally " and exists(this.getFinally())
i = 1 + this.lastCatchIndex() and result = " finally " and exists(this.getFinally())
}
private int lastResourceIndex() {
@@ -664,17 +664,17 @@ private class PpTryStmt extends PpAst, TryStmt {
}
private int lastCatchIndex() {
result = 4 + lastResourceIndex() + max(int j | exists(this.getCatchClause(j)) or j = 0)
result = 4 + this.lastResourceIndex() + max(int j | exists(this.getCatchClause(j)) or j = 0)
}
override PpAst getChild(int i) {
exists(int j | i = 2 + 2 * j and result = this.getResource(j))
or
i = 3 + lastResourceIndex() and result = this.getBlock()
i = 3 + this.lastResourceIndex() and result = this.getBlock()
or
exists(int j | i = 4 + lastResourceIndex() + j and result = this.getCatchClause(j))
exists(int j | i = 4 + this.lastResourceIndex() + j and result = this.getCatchClause(j))
or
i = 2 + lastCatchIndex() and result = this.getFinally()
i = 2 + this.lastCatchIndex() and result = this.getFinally()
}
}
@@ -728,11 +728,11 @@ private class PpSwitchCase extends PpAst, SwitchCase {
or
exists(int j | i = 2 * j and j != 0 and result = ", " and exists(this.(ConstCase).getValue(j)))
or
i = 1 + lastConstCaseValueIndex() and result = ":" and not this.isRule()
i = 1 + this.lastConstCaseValueIndex() and result = ":" and not this.isRule()
or
i = 1 + lastConstCaseValueIndex() and result = " -> " and this.isRule()
i = 1 + this.lastConstCaseValueIndex() and result = " -> " and this.isRule()
or
i = 3 + lastConstCaseValueIndex() and result = ";" and exists(this.getRuleExpression())
i = 3 + this.lastConstCaseValueIndex() and result = ";" and exists(this.getRuleExpression())
}
private int lastConstCaseValueIndex() {
@@ -742,9 +742,9 @@ private class PpSwitchCase extends PpAst, SwitchCase {
override PpAst getChild(int i) {
exists(int j | i = 1 + 2 * j and result = this.(ConstCase).getValue(j))
or
i = 2 + lastConstCaseValueIndex() and result = this.getRuleExpression()
i = 2 + this.lastConstCaseValueIndex() and result = this.getRuleExpression()
or
i = 2 + lastConstCaseValueIndex() and result = this.getRuleStatement()
i = 2 + this.lastConstCaseValueIndex() and result = this.getRuleStatement()
}
}

14
java/ql/lib/semmle/code/java/PrintAst.qll
View File

@@ -151,7 +151,7 @@ class PrintAstNode extends TPrintAstNode {
/**
* Gets a child of this node.
*/
final PrintAstNode getAChild() { result = getChild(_) }
final PrintAstNode getAChild() { result = this.getChild(_) }
/**
* Gets the parent of this node, if any.
@@ -169,7 +169,7 @@ class PrintAstNode extends TPrintAstNode {
*/
string getProperty(string key) {
key = "semmle.label" and
result = toString()
result = this.toString()
}
/**
@@ -178,7 +178,7 @@ class PrintAstNode extends TPrintAstNode {
* this.
*/
string getChildEdgeLabel(int childIndex) {
exists(getChild(childIndex)) and
exists(this.getChild(childIndex)) and
result = childIndex.toString()
}
}
@@ -259,7 +259,7 @@ final class AnnotationPartNode extends ExprStmtNode {
override ElementNode getChild(int childIndex) {
result.getElement() =
rank[childIndex](Element ch, string file, int line, int column |
ch = getAnAnnotationChild() and locationSortKeys(ch, file, line, column)
ch = this.getAnAnnotationChild() and locationSortKeys(ch, file, line, column)
|
ch order by file, line, column
)
@@ -352,7 +352,7 @@ private class SingleLocalVarDeclParent extends ExprOrStmt {
LocalVariableDeclExpr getVariable() { result.getParent() = this }
/** Gets the type access of the variable */
Expr getTypeAccess() { result = getVariable().getTypeAccess() }
Expr getTypeAccess() { result = this.getVariable().getTypeAccess() }
}
/**
@@ -460,7 +460,7 @@ final class ClassInterfaceNode extends ElementNode {
childIndex >= 0 and
result.(ElementNode).getElement() =
rank[childIndex](Element e, string file, int line, int column |
e = getADeclaration() and locationSortKeys(e, file, line, column)
e = this.getADeclaration() and locationSortKeys(e, file, line, column)
|
e order by file, line, column
)
@@ -507,7 +507,7 @@ final class CompilationUnitNode extends ElementNode {
childIndex >= 0 and
result.(ElementNode).getElement() =
rank[childIndex](Element e, string file, int line, int column |
e = getADeclaration() and locationSortKeys(e, file, line, column)
e = this.getADeclaration() and locationSortKeys(e, file, line, column)
|
e order by file, line, column
)

56
java/ql/lib/semmle/code/java/Reflection.qll
View File

@@ -55,7 +55,7 @@ abstract private class ReflectiveClassIdentifier extends Expr {
private class ReflectiveClassIdentifierLiteral extends ReflectiveClassIdentifier, TypeLiteral {
override RefType getReflectivelyIdentifiedClass() {
result = getReferencedType().(RefType).getSourceDeclaration()
result = this.getReferencedType().(RefType).getSourceDeclaration()
}
}
@@ -65,21 +65,21 @@ private class ReflectiveClassIdentifierLiteral extends ReflectiveClassIdentifier
class ReflectiveClassIdentifierMethodAccess extends ReflectiveClassIdentifier, MethodAccess {
ReflectiveClassIdentifierMethodAccess() {
// A call to `Class.forName(...)`, from which we can infer `T` in the returned type `Class<T>`.
getCallee().getDeclaringType() instanceof TypeClass and getCallee().hasName("forName")
this.getCallee().getDeclaringType() instanceof TypeClass and this.getCallee().hasName("forName")
or
// A call to `ClassLoader.loadClass(...)`, from which we can infer `T` in the returned type `Class<T>`.
getCallee().getDeclaringType().hasQualifiedName("java.lang", "ClassLoader") and
getCallee().hasName("loadClass")
this.getCallee().getDeclaringType().hasQualifiedName("java.lang", "ClassLoader") and
this.getCallee().hasName("loadClass")
}
/**
* If the argument to this call is a `StringLiteral`, then return that string.
*/
string getTypeName() { result = getArgument(0).(StringLiteral).getRepresentedString() }
string getTypeName() { result = this.getArgument(0).(StringLiteral).getRepresentedString() }
override RefType getReflectivelyIdentifiedClass() {
// We only handle cases where the class is specified as a string literal to this call.
result.getQualifiedName() = getTypeName()
result.getQualifiedName() = this.getTypeName()
}
}
@@ -214,10 +214,10 @@ private predicate expectsEnclosingInstance(RefType r) {
class NewInstance extends MethodAccess {
NewInstance() {
(
getCallee().getDeclaringType() instanceof TypeClass or
getCallee().getDeclaringType() instanceof TypeConstructor
this.getCallee().getDeclaringType() instanceof TypeClass or
this.getCallee().getDeclaringType() instanceof TypeConstructor
) and
getCallee().hasName("newInstance")
this.getCallee().hasName("newInstance")
}
/**
@@ -225,26 +225,26 @@ class NewInstance extends MethodAccess {
* called.
*/
Constructor getInferredConstructor() {
result = getInferredConstructedType().getAConstructor() and
if getCallee().getDeclaringType() instanceof TypeClass
result = this.getInferredConstructedType().getAConstructor() and
if this.getCallee().getDeclaringType() instanceof TypeClass
then result.getNumberOfParameters() = 0
else
if getNumArgument() = 1 and getArgument(0).getType() instanceof Array
if this.getNumArgument() = 1 and this.getArgument(0).getType() instanceof Array
then
// This is a var-args array argument. If array argument is initialized inline, then identify
// the number of arguments specified in the array.
if exists(getArgument(0).(ArrayCreationExpr).getInit())
if exists(this.getArgument(0).(ArrayCreationExpr).getInit())
then
// Count the number of elements in the initializer, and find the matching constructors.
matchConstructorArguments(result,
count(getArgument(0).(ArrayCreationExpr).getInit().getAnInit()))
this.matchConstructorArguments(result,
count(this.getArgument(0).(ArrayCreationExpr).getInit().getAnInit()))
else
// Could be any of the constructors on this class.
any()
else
// No var-args in play, just use the number of arguments to the `newInstance(..)` to determine
// which constructors may be called.
matchConstructorArguments(result, getNumArgument())
this.matchConstructorArguments(result, this.getNumArgument())
}
/**
@@ -273,13 +273,13 @@ class NewInstance extends MethodAccess {
not result instanceof TypeVariable and
(
// If this is called on a `Class<T>` instance, return the inferred type `T`.
result = inferClassParameterType(getQualifier())
result = inferClassParameterType(this.getQualifier())
or
// If this is called on a `Constructor<T>` instance, return the inferred type `T`.
result = inferConstructorParameterType(getQualifier())
result = inferConstructorParameterType(this.getQualifier())
or
// If the result of this is cast to a particular type, then use that type.
result = getCastInferredConstructedTypes()
result = this.getCastInferredConstructedTypes()
)
}
@@ -313,7 +313,7 @@ class ClassMethodAccess extends MethodAccess {
// `TypeVariable`s do not have methods themselves.
not result instanceof TypeVariable and
// If this is called on a `Class<T>` instance, return the inferred type `T`.
result = inferClassParameterType(getQualifier())
result = inferClassParameterType(this.getQualifier())
}
}
@@ -354,13 +354,13 @@ class ReflectiveMethodAccess extends ClassMethodAccess {
if this.getCallee().hasName("getDeclaredMethod")
then
// The method must be declared on the type itself.
result.getDeclaringType() = getInferredClassType()
result.getDeclaringType() = this.getInferredClassType()
else
// The method may be declared on an inferred type or a super-type.
getInferredClassType().inherits(result)
this.getInferredClassType().inherits(result)
) and
// Only consider instances where the method name is provided as a `StringLiteral`.
result.hasName(getArgument(0).(StringLiteral).getRepresentedString())
result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
}
}
@@ -373,7 +373,9 @@ class ReflectiveAnnotationAccess extends ClassMethodAccess {
/**
* Gets a possible annotation type for this reflective annotation access.
*/
AnnotationType getAPossibleAnnotationType() { result = inferClassParameterType(getArgument(0)) }
AnnotationType getAPossibleAnnotationType() {
result = inferClassParameterType(this.getArgument(0))
}
}
/**
@@ -391,13 +393,13 @@ class ReflectiveFieldAccess extends ClassMethodAccess {
if this.getCallee().hasName("getDeclaredField")
then
// Declared fields must be on the type itself.
result.getDeclaringType() = getInferredClassType()
result.getDeclaringType() = this.getInferredClassType()
else (
// This field must be public, and be inherited by one of the inferred class types.
result.isPublic() and
getInferredClassType().inherits(result)
this.getInferredClassType().inherits(result)
)
) and
result.hasName(getArgument(0).(StringLiteral).getRepresentedString())
result.hasName(this.getArgument(0).(StringLiteral).getRepresentedString())
}
}

62
java/ql/lib/semmle/code/java/Statement.qll
View File

@@ -71,7 +71,7 @@ class BlockStmt extends Stmt, @block {
int getNumStmt() { result = count(this.getAStmt()) }
/** Gets the last statement in this block. */
Stmt getLastStmt() { result = getStmt(getNumStmt() - 1) }
Stmt getLastStmt() { result = this.getStmt(this.getNumStmt() - 1) }
override string pp() { result = "{ ... }" }
@@ -93,7 +93,7 @@ class SingletonBlock extends BlockStmt {
SingletonBlock() { this.getNumStmt() = 1 }
/** Gets the single statement in this block. */
Stmt getStmt() { result = getStmt(0) }
Stmt getStmt() { result = this.getStmt(0) }
}
/**
@@ -125,7 +125,7 @@ class IfStmt extends ConditionalStmt, @ifstmt {
* Gets the statement that is executed whenever the condition
* of this branch statement evaluates to `true`.
*/
deprecated override Stmt getTrueSuccessor() { result = getThen() }
deprecated override Stmt getTrueSuccessor() { result = this.getThen() }
/** Gets the `else` branch of this `if` statement. */
Stmt getElse() { result.isNthChildOf(this, 2) }
@@ -155,7 +155,7 @@ class ForStmt extends ConditionalStmt, @forstmt {
/** Gets the initializer expression of the loop at the specified (zero-based) position. */
Expr getInit(int index) {
result = getAnInit() and
result = this.getAnInit() and
index = -1 - result.getIndex()
}
@@ -167,7 +167,7 @@ class ForStmt extends ConditionalStmt, @forstmt {
/** Gets the update expression of this loop at the specified (zero-based) position. */
Expr getUpdate(int index) {
result = getAnUpdate() and
result = this.getAnUpdate() and
index = result.getIndex() - 3
}
@@ -178,7 +178,7 @@ class ForStmt extends ConditionalStmt, @forstmt {
* Gets the statement that is executed whenever the condition
* of this branch statement evaluates to true.
*/
deprecated override Stmt getTrueSuccessor() { result = getStmt() }
deprecated override Stmt getTrueSuccessor() { result = this.getStmt() }
/**
* Gets a variable that is used as an iteration variable: it is defined,
@@ -193,12 +193,12 @@ class ForStmt extends ConditionalStmt, @forstmt {
*/
Variable getAnIterationVariable() {
// Check that the variable is assigned to, incremented or decremented in the update expression, and...
exists(Expr update | update = getAnUpdate().getAChildExpr*() |
exists(Expr update | update = this.getAnUpdate().getAChildExpr*() |
update.(UnaryAssignExpr).getExpr() = result.getAnAccess() or
update = result.getAnAssignedValue()
) and
// ...that it is checked or used in the condition.
getCondition().getAChildExpr*() = result.getAnAccess()
this.getCondition().getAChildExpr*() = result.getAnAccess()
}
override string pp() { result = "for (...;...;...) " + this.getStmt().pp() }
@@ -242,7 +242,7 @@ class WhileStmt extends ConditionalStmt, @whilestmt {
* Gets the statement that is executed whenever the condition
* of this branch statement evaluates to true.
*/
deprecated override Stmt getTrueSuccessor() { result = getStmt() }
deprecated override Stmt getTrueSuccessor() { result = this.getStmt() }
override string pp() { result = "while (...) " + this.getStmt().pp() }
@@ -265,7 +265,7 @@ class DoStmt extends ConditionalStmt, @dostmt {
* Gets the statement that is executed whenever the condition
* of this branch statement evaluates to `true`.
*/
deprecated override Stmt getTrueSuccessor() { result = getStmt() }
deprecated override Stmt getTrueSuccessor() { result = this.getStmt() }
override string pp() { result = "do " + this.getStmt().pp() + " while (...)" }
@@ -343,17 +343,17 @@ class TryStmt extends Stmt, @trystmt {
}
/** Gets a resource in this `try` statement, if any. */
ExprParent getAResource() { result = getAResourceDecl() or result = getAResourceExpr() }
ExprParent getAResource() { result = this.getAResourceDecl() or result = this.getAResourceExpr() }
/** Gets the resource at the specified position in this `try` statement. */
ExprParent getResource(int index) {
result = getResourceDecl(index) or result = getResourceExpr(index)
result = this.getResourceDecl(index) or result = this.getResourceExpr(index)
}
/** Gets a resource variable, if any, either from a resource variable declaration or resource expression. */
Variable getAResourceVariable() {
result = getAResourceDecl().getAVariable().getVariable() or
result = getAResourceExpr().getVariable()
result = this.getAResourceDecl().getAVariable().getVariable() or
result = this.getAResourceExpr().getVariable()
}
override string pp() { result = "try " + this.getBlock().pp() + " catch (...)" }
@@ -381,7 +381,7 @@ class CatchClause extends Stmt, @catchclause {
/** Gets a type caught by this `catch` clause. */
RefType getACaughtType() {
exists(Expr ta | ta = getVariable().getTypeAccess() |
exists(Expr ta | ta = this.getVariable().getTypeAccess() |
result = ta.(TypeAccess).getType() or
result = ta.(UnionTypeAccess).getAnAlternative().getType()
)
@@ -411,7 +411,7 @@ class SwitchStmt extends Stmt, @switchstmt {
* Gets a case of this `switch` statement,
* which may be either a normal `case` or a `default`.
*/
SwitchCase getACase() { result = getAConstCase() or result = getDefaultCase() }
SwitchCase getACase() { result = this.getAConstCase() or result = this.getDefaultCase() }
/** Gets a (non-default) `case` of this `switch` statement. */
ConstCase getAConstCase() { result.getParent() = this }
@@ -550,7 +550,7 @@ class ThrowStmt extends Stmt, @throwstmt {
override string getHalsteadID() { result = "ThrowStmt" }
/** Gets the type of the expression thrown by this `throw` statement. */
RefType getThrownExceptionType() { result = getExpr().getType() }
RefType getThrownExceptionType() { result = this.getExpr().getType() }
/**
* Gets the `catch` clause that catches the exception
@@ -559,14 +559,14 @@ class ThrowStmt extends Stmt, @throwstmt {
* provided such a `catch` exists.
*/
CatchClause getLexicalCatchIfAny() {
exists(TryStmt try | try = findEnclosing() and result = catchClauseForThis(try))
exists(TryStmt try | try = this.findEnclosing() and result = this.catchClauseForThis(try))
}
private Stmt findEnclosing() {
result = getEnclosingStmt()
result = this.getEnclosingStmt()
or
exists(Stmt mid |
mid = findEnclosing() and
mid = this.findEnclosing() and
not exists(this.catchClauseForThis(mid.(TryStmt))) and
result = mid.getEnclosingStmt()
)
@@ -575,7 +575,7 @@ class ThrowStmt extends Stmt, @throwstmt {
private CatchClause catchClauseForThis(TryStmt try) {
result = try.getACatchClause() and
result.getEnclosingCallable() = this.getEnclosingCallable() and
getExpr().getType().(RefType).hasSupertype*(result.getVariable().getType().(RefType)) and
this.getExpr().getType().(RefType).hasSupertype*(result.getVariable().getType().(RefType)) and
not this.getEnclosingStmt+() = result
}
@@ -599,7 +599,7 @@ class JumpStmt extends Stmt {
namestrings(result.getLabel(), _, this)
}
private Stmt getLabelTarget() { result = getTargetLabel().getStmt() }
private Stmt getLabelTarget() { result = this.getTargetLabel().getStmt() }
private Stmt getAPotentialTarget() {
this.getEnclosingStmt+() = result and
@@ -613,20 +613,20 @@ class JumpStmt extends Stmt {
private SwitchExpr getSwitchExprTarget() { result = this.(YieldStmt).getParent+() }
private StmtParent getEnclosingTarget() {
result = getSwitchExprTarget()
result = this.getSwitchExprTarget()
or
not exists(getSwitchExprTarget()) and
result = getAPotentialTarget() and
not exists(Stmt other | other = getAPotentialTarget() | other.getEnclosingStmt+() = result)
not exists(this.getSwitchExprTarget()) and
result = this.getAPotentialTarget() and
not exists(Stmt other | other = this.getAPotentialTarget() | other.getEnclosingStmt+() = result)
}
/**
* Gets the statement or `switch` expression that this `break`, `yield` or `continue` jumps to.
*/
StmtParent getTarget() {
result = getLabelTarget()
result = this.getLabelTarget()
or
not exists(getLabelTarget()) and result = getEnclosingTarget()
not exists(this.getLabelTarget()) and result = this.getEnclosingTarget()
}
}
@@ -714,9 +714,9 @@ class ExprStmt extends Stmt, @exprstmt {
/** Holds if this statement represents a field declaration with an initializer. */
predicate isFieldDecl() {
getEnclosingCallable() instanceof InitializerMethod and
this.getEnclosingCallable() instanceof InitializerMethod and
exists(FieldDeclaration fd, Location fdl, Location sl |
fdl = fd.getLocation() and sl = getLocation()
fdl = fd.getLocation() and sl = this.getLocation()
|
fdl.getFile() = sl.getFile() and
fdl.getStartLine() = sl.getStartLine() and
@@ -775,7 +775,7 @@ class LocalVariableDeclStmt extends Stmt, @localvariabledeclstmt {
}
/** Gets an index of a variable declared in this local variable declaration statement. */
int getAVariableIndex() { exists(getVariable(result)) }
int getAVariableIndex() { exists(this.getVariable(result)) }
override string pp() { result = "var ...;" }

36
java/ql/lib/semmle/code/java/StringFormat.qll
View File

@@ -152,15 +152,15 @@ class FormattingCall extends Call {
private Expr getLastArg() {
exists(Expr last | last = this.getArgument(this.getNumArgument() - 1) |
if this.hasExplicitVarargsArray()
then result = last.(ArrayCreationExpr).getInit().getInit(getVarargsCount() - 1)
then result = last.(ArrayCreationExpr).getInit().getInit(this.getVarargsCount() - 1)
else result = last
)
}
/** Holds if this uses the "logger ({})" format syntax and the last argument is a `Throwable`. */
predicate hasTrailingThrowableArgument() {
getSyntax() = TFmtLogger() and
getLastArg().getType().(RefType).getASourceSupertype*() instanceof TypeThrowable
this.getSyntax() = TFmtLogger() and
this.getLastArg().getType().(RefType).getASourceSupertype*() instanceof TypeThrowable
}
/** Gets the argument to this call in the position of the format string */
@@ -171,7 +171,7 @@ class FormattingCall extends Call {
exists(int i |
result = this.getArgument(i) and
i > this.getFormatStringIndex() and
not hasExplicitVarargsArray()
not this.hasExplicitVarargsArray()
)
}
@@ -433,15 +433,15 @@ private class PrintfFormatString extends FormatString {
override int getMaxFmtSpecIndex() {
result =
max(int ix |
ix = fmtSpecRefersToSpecificIndex(_) or
ix = count(int i | fmtSpecRefersToSequentialIndex(i))
ix = this.fmtSpecRefersToSpecificIndex(_) or
ix = count(int i | this.fmtSpecRefersToSequentialIndex(i))
)
}
override int getASkippedFmtSpecIndex() {
result in [1 .. getMaxFmtSpecIndex()] and
result > count(int i | fmtSpecRefersToSequentialIndex(i)) and
not result = fmtSpecRefersToSpecificIndex(_)
result in [1 .. this.getMaxFmtSpecIndex()] and
result > count(int i | this.fmtSpecRefersToSequentialIndex(i)) and
not result = this.fmtSpecRefersToSpecificIndex(_)
}
private int getFmtSpecRank(int specOffset) {
@@ -449,14 +449,14 @@ private class PrintfFormatString extends FormatString {
}
override int getAnArgUsageOffset(int argNo) {
argNo = fmtSpecRefersToSpecificIndex(result)
argNo = this.fmtSpecRefersToSpecificIndex(result)
or
result = rank[argNo](int i | fmtSpecRefersToSequentialIndex(i))
result = rank[argNo](int i | this.fmtSpecRefersToSequentialIndex(i))
or
fmtSpecRefersToPrevious(result) and
this.fmtSpecRefersToPrevious(result) and
exists(int previousOffset |
getFmtSpecRank(previousOffset) = getFmtSpecRank(result) - 1 and
previousOffset = getAnArgUsageOffset(argNo)
this.getFmtSpecRank(previousOffset) = this.getFmtSpecRank(result) - 1 and
previousOffset = this.getAnArgUsageOffset(argNo)
)
}
}
@@ -479,10 +479,12 @@ private class LoggerFormatString extends FormatString {
private predicate fmtPlaceholder(int i) {
this.charAt(i) = "{" and
this.charAt(i + 1) = "}" and
not true = isUnescapedBackslash(i - 1)
not true = this.isUnescapedBackslash(i - 1)
}
override int getMaxFmtSpecIndex() { result = count(int i | fmtPlaceholder(i)) }
override int getMaxFmtSpecIndex() { result = count(int i | this.fmtPlaceholder(i)) }
override int getAnArgUsageOffset(int argNo) { result = rank[argNo](int i | fmtPlaceholder(i)) }
override int getAnArgUsageOffset(int argNo) {
result = rank[argNo](int i | this.fmtPlaceholder(i))
}
}

33
java/ql/lib/semmle/code/java/Type.qll
View File

@@ -379,7 +379,7 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
}
/** Holds if this type declares any members. */
predicate hasMember() { exists(getAMember()) }
predicate hasMember() { exists(this.getAMember()) }
/** Gets a member declared in this type. */
Member getAMember() { this = result.getDeclaringType() }
@@ -545,8 +545,10 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
* `java.lang.Thread$State`.
*/
string getQualifiedName() {
exists(string pkgName | pkgName = getPackage().getName() |
if pkgName = "" then result = nestedName() else result = pkgName + "." + nestedName()
exists(string pkgName | pkgName = this.getPackage().getName() |
if pkgName = ""
then result = this.nestedName()
else result = pkgName + "." + this.nestedName()
)
}
@@ -656,7 +658,7 @@ class IntersectionType extends RefType, @class {
/** Gets a textual representation of this type that includes all the intersected types. */
string getLongName() {
result = superType().toString() + concat(" & " + superInterface().toString())
result = this.superType().toString() + concat(" & " + this.superInterface().toString())
}
/** Gets the first bound of this intersection type. */
@@ -690,7 +692,8 @@ class AnonymousClass extends NestedClass {
override string getTypeDescriptor() {
exists(RefType parent | parent = this.getEnclosingType() |
exists(int num |
num = 1 + count(AnonymousClass other | other.rankInParent(parent) < rankInParent(parent))
num =
1 + count(AnonymousClass other | other.rankInParent(parent) < this.rankInParent(parent))
|
exists(string parentWithSemi | parentWithSemi = parent.getTypeDescriptor() |
result = parentWithSemi.prefix(parentWithSemi.length() - 1) + "$" + num + ";"
@@ -760,8 +763,8 @@ class NestedType extends RefType {
/** Gets the nesting depth of this nested type. Top-level types have nesting depth 0. */
int getNestingDepth() {
if getEnclosingType() instanceof NestedType
then result = getEnclosingType().(NestedType).getNestingDepth() + 1
if this.getEnclosingType() instanceof NestedType
then result = this.getEnclosingType().(NestedType).getNestingDepth() + 1
else result = 1
}
@@ -776,7 +779,7 @@ class NestedType extends RefType {
super.isStrictfp()
or
// JLS 8.1.1.3, JLS 9.1.1.2
getEnclosingType().isStrictfp()
this.getEnclosingType().isStrictfp()
}
override predicate isStatic() {
@@ -860,9 +863,9 @@ class ClassOrInterface extends RefType, @classorinterface {
/** Holds if this class or interface is package protected, that is, neither public nor private nor protected. */
predicate isPackageProtected() {
not isPrivate() and
not isProtected() and
not isPublic()
not this.isPrivate() and
not this.isProtected() and
not this.isPublic()
}
}
@@ -948,12 +951,12 @@ class PrimitiveType extends Type, @primitive {
* require an explicit cast.
*/
Literal getADefaultValue() {
getName() = "boolean" and result.getLiteral() = "false"
this.getName() = "boolean" and result.getLiteral() = "false"
or
getName() = "char" and
this.getName() = "char" and
(result.getLiteral() = "'\\0'" or result.getLiteral() = "'\\u0000'")
or
getName().regexpMatch("(float|double|int|short|byte|long)") and
this.getName().regexpMatch("(float|double|int|short|byte|long)") and
result.getLiteral().regexpMatch("0(\\.0)?+[lLfFdD]?+")
}
@@ -1047,7 +1050,7 @@ class EnumType extends Class {
override predicate isFinal() {
// JLS 8.9: An enum declaration is implicitly `final` unless it contains
// at least one enum constant that has a class body.
not getAnEnumConstant().getAnAssignedValue().getType() instanceof AnonymousClass
not this.getAnEnumConstant().getAnAssignedValue().getType() instanceof AnonymousClass
}
}

40
java/ql/lib/semmle/code/java/UnitTests.qll
View File

@@ -115,7 +115,7 @@ class JUnitJupiterTestMethod extends Method {
* A JUnit `@Ignore` annotation.
*/
class JUnitIgnoreAnnotation extends Annotation {
JUnitIgnoreAnnotation() { getType().hasQualifiedName("org.junit", "Ignore") }
JUnitIgnoreAnnotation() { this.getType().hasQualifiedName("org.junit", "Ignore") }
}
/**
@@ -124,7 +124,7 @@ class JUnitIgnoreAnnotation extends Annotation {
*/
class JUnitIgnoredMethod extends Method {
JUnitIgnoredMethod() {
getAnAnnotation() instanceof JUnitIgnoreAnnotation
this.getAnAnnotation() instanceof JUnitIgnoreAnnotation
or
exists(Class c | c = this.getDeclaringType() |
c.getAnAnnotation() instanceof JUnitIgnoreAnnotation
@@ -136,14 +136,14 @@ class JUnitIgnoredMethod extends Method {
* An annotation in TestNG.
*/
class TestNGAnnotation extends Annotation {
TestNGAnnotation() { getType().getPackage().hasName("org.testng.annotations") }
TestNGAnnotation() { this.getType().getPackage().hasName("org.testng.annotations") }
}
/**
* An annotation of type `org.test.ng.annotations.Test`.
*/
class TestNGTestAnnotation extends TestNGAnnotation {
TestNGTestAnnotation() { getType().hasName("Test") }
TestNGTestAnnotation() { this.getType().hasName("Test") }
}
/**
@@ -158,13 +158,13 @@ class TestNGTestMethod extends Method {
*/
TestNGDataProviderMethod getADataProvider() {
exists(TestNGTestAnnotation testAnnotation |
testAnnotation = getAnAnnotation() and
testAnnotation = this.getAnAnnotation() and
// The data provider must have the same name as the referenced data provider
result.getDataProviderName() =
testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()
|
// Either the data provider should be on the current class, or a supertype
getDeclaringType().getAnAncestor() = result.getDeclaringType()
this.getDeclaringType().getAnAncestor() = result.getDeclaringType()
or
// Or the data provider class should be declared
result.getDeclaringType() =
@@ -190,14 +190,14 @@ class TestMethod extends Method {
* A TestNG annotation used to mark a method that runs "before".
*/
class TestNGBeforeAnnotation extends TestNGAnnotation {
TestNGBeforeAnnotation() { getType().getName().matches("Before%") }
TestNGBeforeAnnotation() { this.getType().getName().matches("Before%") }
}
/**
* A TestNG annotation used to mark a method that runs "after".
*/
class TestNGAfterAnnotation extends TestNGAnnotation {
TestNGAfterAnnotation() { getType().getName().matches("After%") }
TestNGAfterAnnotation() { this.getType().getName().matches("After%") }
}
/**
@@ -205,7 +205,7 @@ class TestNGAfterAnnotation extends TestNGAnnotation {
* them as data provider methods for TestNG.
*/
class TestNGDataProviderAnnotation extends TestNGAnnotation {
TestNGDataProviderAnnotation() { getType().hasName("DataProvider") }
TestNGDataProviderAnnotation() { this.getType().hasName("DataProvider") }
}
/**
@@ -213,7 +213,7 @@ class TestNGDataProviderAnnotation extends TestNGAnnotation {
* them as factory methods for TestNG.
*/
class TestNGFactoryAnnotation extends TestNGAnnotation {
TestNGFactoryAnnotation() { getType().hasName("Factory") }
TestNGFactoryAnnotation() { this.getType().hasName("Factory") }
}
/**
@@ -221,13 +221,13 @@ class TestNGFactoryAnnotation extends TestNGAnnotation {
* which listeners apply to them.
*/
class TestNGListenersAnnotation extends TestNGAnnotation {
TestNGListenersAnnotation() { getType().hasName("Listeners") }
TestNGListenersAnnotation() { this.getType().hasName("Listeners") }
/**
* Gets a listener defined in this annotation.
*/
TestNGListenerImpl getAListener() {
result = getAValue("value").(TypeLiteral).getReferencedType()
result = this.getAValue("value").(TypeLiteral).getReferencedType()
}
}
@@ -235,7 +235,7 @@ class TestNGListenersAnnotation extends TestNGAnnotation {
* A concrete implementation class of one or more of the TestNG listener interfaces.
*/
class TestNGListenerImpl extends Class {
TestNGListenerImpl() { getAnAncestor().hasQualifiedName("org.testng", "ITestNGListener") }
TestNGListenerImpl() { this.getAnAncestor().hasQualifiedName("org.testng", "ITestNGListener") }
}
/**
@@ -246,14 +246,14 @@ class TestNGListenerImpl extends Class {
* an instance of a particular value when running a test method.
*/
class TestNGDataProviderMethod extends Method {
TestNGDataProviderMethod() { getAnAnnotation() instanceof TestNGDataProviderAnnotation }
TestNGDataProviderMethod() { this.getAnAnnotation() instanceof TestNGDataProviderAnnotation }
/**
* Gets the name associated with this data provider.
*/
string getDataProviderName() {
result =
getAnAnnotation()
this.getAnAnnotation()
.(TestNGDataProviderAnnotation)
.getValue("name")
.(StringLiteral)
@@ -268,7 +268,7 @@ class TestNGDataProviderMethod extends Method {
* This factory callable is used to generate instances of parameterized test classes.
*/
class TestNGFactoryCallable extends Callable {
TestNGFactoryCallable() { getAnAnnotation() instanceof TestNGFactoryAnnotation }
TestNGFactoryCallable() { this.getAnAnnotation() instanceof TestNGFactoryAnnotation }
}
/**
@@ -276,7 +276,7 @@ class TestNGFactoryCallable extends Callable {
*/
class ParameterizedJUnitTest extends Class {
ParameterizedJUnitTest() {
getAnAnnotation()
this.getAnAnnotation()
.(RunWithAnnotation)
.getRunner()
.(Class)
@@ -289,7 +289,7 @@ class ParameterizedJUnitTest extends Class {
*/
class JUnitCategoryAnnotation extends Annotation {
JUnitCategoryAnnotation() {
getType().hasQualifiedName("org.junit.experimental.categories", "Category")
this.getType().hasQualifiedName("org.junit.experimental.categories", "Category")
}
/**
@@ -297,7 +297,7 @@ class JUnitCategoryAnnotation extends Annotation {
*/
Type getACategory() {
exists(TypeLiteral literal, Expr value |
value = getValue("value") and
value = this.getValue("value") and
(
literal = value or
literal = value.(ArrayCreationExpr).getInit().getAnInit()
@@ -313,7 +313,7 @@ class JUnitCategoryAnnotation extends Annotation {
*/
class JUnitTheoryTest extends Class {
JUnitTheoryTest() {
getAnAnnotation()
this.getAnAnnotation()
.(RunWithAnnotation)
.getRunner()
.(Class)

10
java/ql/lib/semmle/code/java/Variable.qll
View File

@@ -47,12 +47,12 @@ class LocalVariableDecl extends @localvar, LocalScopeVariable {
override Callable getCallable() { result = this.getParent().getEnclosingCallable() }
/** Gets the callable in which this declaration occurs. */
Callable getEnclosingCallable() { result = getCallable() }
Callable getEnclosingCallable() { result = this.getCallable() }
override string toString() { result = this.getType().getName() + " " + this.getName() }
/** Gets the initializer expression of this local variable declaration. */
override Expr getInitializer() { result = getDeclExpr().getInit() }
override Expr getInitializer() { result = this.getDeclExpr().getInit() }
override string getAPrimaryQlClass() { result = "LocalVariableDecl" }
}
@@ -63,7 +63,7 @@ class Parameter extends Element, @param, LocalScopeVariable {
override Type getType() { params(this, result, _, _, _) }
/** Holds if the parameter is never assigned a value in the body of the callable. */
predicate isEffectivelyFinal() { not exists(getAnAssignedValue()) }
predicate isEffectivelyFinal() { not exists(this.getAnAssignedValue()) }
/** Gets the (zero-based) index of this formal parameter. */
int getPosition() { params(this, _, result, _, _) }
@@ -87,8 +87,8 @@ class Parameter extends Element, @param, LocalScopeVariable {
* Varargs parameters will have no results for this method.
*/
Expr getAnArgument() {
not isVarargs() and
result = getACallArgument(getPosition())
not this.isVarargs() and
result = this.getACallArgument(this.getPosition())
}
pragma[noinline]

4
java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
View File

@@ -2,9 +2,9 @@ import java
/** A subclass of `PrimitiveType` with width-based ordering methods. */
class OrdPrimitiveType extends PrimitiveType {
predicate widerThan(OrdPrimitiveType that) { getWidthRank() > that.getWidthRank() }
predicate widerThan(OrdPrimitiveType that) { this.getWidthRank() > that.getWidthRank() }
predicate widerThanOrEqualTo(OrdPrimitiveType that) { getWidthRank() >= that.getWidthRank() }
predicate widerThanOrEqualTo(OrdPrimitiveType that) { this.getWidthRank() >= that.getWidthRank() }
OrdPrimitiveType maxType(OrdPrimitiveType that) {
this.widerThan(that) and result = this

10
java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll
View File

@@ -25,13 +25,13 @@ class BasicBlock extends ControlFlowNode {
/** Gets an immediate successor of this basic block. */
cached
BasicBlock getABBSuccessor() { result = getLastNode().getASuccessor() }
BasicBlock getABBSuccessor() { result = this.getLastNode().getASuccessor() }
/** Gets an immediate predecessor of this basic block. */
BasicBlock getABBPredecessor() { result.getABBSuccessor() = this }
/** Gets a control-flow node contained in this basic block. */
ControlFlowNode getANode() { result = getNode(_) }
ControlFlowNode getANode() { result = this.getNode(_) }
/** Gets the control-flow node at a specific (zero-indexed) position in this basic block. */
cached
@@ -39,7 +39,7 @@ class BasicBlock extends ControlFlowNode {
result = this and pos = 0
or
exists(ControlFlowNode mid, int mid_pos | pos = mid_pos + 1 |
getNode(mid_pos) = mid and
this.getNode(mid_pos) = mid and
mid.getASuccessor() = result and
not result instanceof BasicBlock
)
@@ -49,11 +49,11 @@ class BasicBlock extends ControlFlowNode {
ControlFlowNode getFirstNode() { result = this }
/** Gets the last control-flow node in this basic block. */
ControlFlowNode getLastNode() { result = getNode(length() - 1) }
ControlFlowNode getLastNode() { result = this.getNode(this.length() - 1) }
/** Gets the number of control-flow nodes contained in this basic block. */
cached
int length() { result = strictcount(getANode()) }
int length() { result = strictcount(this.getANode()) }
/** Holds if this basic block strictly dominates `node`. */
predicate bbStrictlyDominates(BasicBlock node) { bbStrictlyDominates(this, node) }

34
java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
View File

@@ -12,13 +12,13 @@ import semmle.code.java.controlflow.Guards
*/
class ConstantField extends Field {
ConstantField() {
getType() instanceof ImmutableType and
this.getType() instanceof ImmutableType and
// Assigned once
count(getAnAssignedValue()) = 1 and
count(this.getAnAssignedValue()) = 1 and
// And that assignment is either in the appropriate initializer, or, for instance fields on
// classes with one constructor, in the constructor.
forall(FieldWrite fa | fa = getAnAccess() |
if isStatic()
forall(FieldWrite fa | fa = this.getAnAccess() |
if this.isStatic()
then fa.getEnclosingCallable() instanceof StaticInitializer
else (
// Defined in the instance initializer.
@@ -26,7 +26,7 @@ class ConstantField extends Field {
or
// It can be defined in the constructor if there is only one constructor.
fa.getEnclosingCallable() instanceof Constructor and
count(getDeclaringType().getAConstructor()) = 1
count(this.getDeclaringType().getAConstructor()) = 1
)
)
}
@@ -36,7 +36,7 @@ class ConstantField extends Field {
*
* Note: although this value is constant, we may not be able to statically determine the value.
*/
ConstantExpr getConstantValue() { result = getAnAssignedValue() }
ConstantExpr getConstantValue() { result = this.getAnAssignedValue() }
}
/**
@@ -162,18 +162,18 @@ class ConstSwitchStmt extends SwitchStmt {
/** Gets the `ConstCase` that matches, if any. */
ConstCase getMatchingConstCase() {
result = getAConstCase() and
result = this.getAConstCase() and
// Only handle the int case for now
result.getValue().(ConstantExpr).getIntValue() = getExpr().(ConstantExpr).getIntValue()
result.getValue().(ConstantExpr).getIntValue() = this.getExpr().(ConstantExpr).getIntValue()
}
/** Gets the matching case, if it can be deduced. */
SwitchCase getMatchingCase() {
// Must be a value we can deduce
exists(getExpr().(ConstantExpr).getIntValue()) and
if exists(getMatchingConstCase())
then result = getMatchingConstCase()
else result = getDefaultCase()
exists(this.getExpr().(ConstantExpr).getIntValue()) and
if exists(this.getMatchingConstCase())
then result = this.getMatchingConstCase()
else result = this.getDefaultCase()
}
/**
@@ -184,8 +184,8 @@ class ConstSwitchStmt extends SwitchStmt {
SwitchCase getAFailingCase() {
exists(SwitchCase matchingCase |
// We must have found the matching case, otherwise we can't deduce which cases are not matched
matchingCase = getMatchingCase() and
result = getACase() and
matchingCase = this.getMatchingCase() and
result = this.getACase() and
result != matchingCase
)
}
@@ -208,7 +208,7 @@ class UnreachableBasicBlock extends BasicBlock {
or
// This block is not reachable in the CFG, and is not a callable, a body of a callable, an
// expression in an annotation, an expression in an assert statement, or a catch clause.
forall(BasicBlock bb | bb = getABBPredecessor() | bb instanceof UnreachableBasicBlock) and
forall(BasicBlock bb | bb = this.getABBPredecessor() | bb instanceof UnreachableBasicBlock) and
not exists(Callable c | c.getBody() = this) and
not this instanceof Callable and
not exists(Annotation a | a.getAChildExpr*() = this) and
@@ -231,12 +231,12 @@ class UnreachableBasicBlock extends BasicBlock {
* An unreachable expression is an expression contained in an `UnreachableBasicBlock`.
*/
class UnreachableExpr extends Expr {
UnreachableExpr() { getBasicBlock() instanceof UnreachableBasicBlock }
UnreachableExpr() { this.getBasicBlock() instanceof UnreachableBasicBlock }
}
/**
* An unreachable statement is a statement contained in an `UnreachableBasicBlock`.
*/
class UnreachableStmt extends Stmt {
UnreachableStmt() { getBasicBlock() instanceof UnreachableBasicBlock }
UnreachableStmt() { this.getBasicBlock() instanceof UnreachableBasicBlock }
}

4
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -45,8 +45,8 @@ private class RmiMethodParameterSource extends RemoteFlowSource {
exists(RemoteCallableMethod method |
method.getAParameter() = this.asParameter() and
(
getType() instanceof PrimitiveType or
getType() instanceof TypeString
this.getType() instanceof PrimitiveType or
this.getType() instanceof TypeString
)
)
}

53
java/ql/lib/semmle/code/java/dataflow/SSA.qll
View File

@@ -97,7 +97,7 @@ class SsaSourceVariable extends TSsaSourceVariable {
else result = c.getName() + "(..)." + v.getName()
)
or
result = this.(SsaSourceField).ppQualifier() + "." + getVariable().toString()
result = this.(SsaSourceField).ppQualifier() + "." + this.getVariable().toString()
}
/**
@@ -117,7 +117,7 @@ class SsaSourceVariable extends TSsaSourceVariable {
Location getLocation() {
exists(LocalScopeVariable v | this = TLocalVar(_, v) and result = v.getLocation())
or
this instanceof SsaSourceField and result = getFirstAccess().getLocation()
this instanceof SsaSourceField and result = this.getFirstAccess().getLocation()
}
/** Gets the type of this variable. */
@@ -140,7 +140,7 @@ class SsaSourceField extends SsaSourceVariable {
}
/** Gets the field corresponding to this named field. */
Field getField() { result = getVariable() }
Field getField() { result = this.getVariable() }
/** Gets a string representation of the qualifier. */
string ppQualifier() {
@@ -155,8 +155,8 @@ class SsaSourceField extends SsaSourceVariable {
/** Holds if the field itself or any of the fields part of the qualifier are volatile. */
predicate isVolatile() {
getField().isVolatile() or
getQualifier().(SsaSourceField).isVolatile()
this.getField().isVolatile() or
this.getQualifier().(SsaSourceField).isVolatile()
}
}
@@ -932,10 +932,10 @@ class SsaVariable extends TSsaVariable {
string toString() { none() }
/** Gets the source location for this element. */
Location getLocation() { result = getCFGNode().getLocation() }
Location getLocation() { result = this.getCFGNode().getLocation() }
/** Gets the `BasicBlock` in which this SSA variable is defined. */
BasicBlock getBasicBlock() { result = getCFGNode().getBasicBlock() }
BasicBlock getBasicBlock() { result = this.getCFGNode().getBasicBlock() }
/** Gets an access of this SSA variable. */
RValue getAUse() {
@@ -989,14 +989,16 @@ class SsaUpdate extends SsaVariable {
/** An SSA variable that is defined by a `VariableUpdate`. */
class SsaExplicitUpdate extends SsaUpdate, TSsaCertainUpdate {
SsaExplicitUpdate() {
exists(VariableUpdate upd | upd = this.getCFGNode() and getDestVar(upd) = getSourceVariable())
exists(VariableUpdate upd |
upd = this.getCFGNode() and getDestVar(upd) = this.getSourceVariable()
)
}
override string toString() { result = "SSA def(" + getSourceVariable() + ")" }
override string toString() { result = "SSA def(" + this.getSourceVariable() + ")" }
/** Gets the `VariableUpdate` defining the SSA variable. */
VariableUpdate getDefiningExpr() {
result = this.getCFGNode() and getDestVar(result) = getSourceVariable()
result = this.getCFGNode() and getDestVar(result) = this.getSourceVariable()
}
}
@@ -1010,22 +1012,22 @@ class SsaImplicitUpdate extends SsaUpdate {
SsaImplicitUpdate() { not this instanceof SsaExplicitUpdate }
override string toString() {
result = "SSA impl upd[" + getKind() + "](" + getSourceVariable() + ")"
result = "SSA impl upd[" + this.getKind() + "](" + this.getSourceVariable() + ")"
}
private string getKind() {
this = TSsaUntracked(_, _) and result = "untracked"
or
certainVariableUpdate(getSourceVariable().getQualifier(), getCFGNode(), _, _) and
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _) and
result = "explicit qualifier"
or
if uncertainVariableUpdate(getSourceVariable().getQualifier(), getCFGNode(), _, _)
if uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _)
then
if exists(getANonLocalUpdate())
if exists(this.getANonLocalUpdate())
then result = "nonlocal + nonlocal qualifier"
else result = "nonlocal qualifier"
else (
exists(getANonLocalUpdate()) and result = "nonlocal"
exists(this.getANonLocalUpdate()) and result = "nonlocal"
)
}
@@ -1034,9 +1036,9 @@ class SsaImplicitUpdate extends SsaUpdate {
*/
FieldWrite getANonLocalUpdate() {
exists(SsaSourceField f, Callable setter |
f = getSourceVariable() and
f = this.getSourceVariable() and
relevantFieldUpdate(setter, f.getField(), result) and
updatesNamedField(getCFGNode(), f, setter)
updatesNamedField(this.getCFGNode(), f, setter)
)
}
@@ -1049,8 +1051,8 @@ class SsaImplicitUpdate extends SsaUpdate {
*/
predicate assignsUnknownValue() {
this = TSsaUntracked(_, _) or
certainVariableUpdate(getSourceVariable().getQualifier(), getCFGNode(), _, _) or
uncertainVariableUpdate(getSourceVariable().getQualifier(), getCFGNode(), _, _)
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _) or
uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _)
}
}
@@ -1072,30 +1074,31 @@ class SsaUncertainImplicitUpdate extends SsaImplicitUpdate, TSsaUncertainUpdate
* includes initial values of parameters, fields, and closure variables.
*/
class SsaImplicitInit extends SsaVariable, TSsaEntryDef {
override string toString() { result = "SSA init(" + getSourceVariable() + ")" }
override string toString() { result = "SSA init(" + this.getSourceVariable() + ")" }
/** Holds if this is a closure variable that captures the value of `capturedvar`. */
predicate captures(SsaVariable capturedvar) {
ssaDefReachesCapture(_, capturedvar, getSourceVariable())
ssaDefReachesCapture(_, capturedvar, this.getSourceVariable())
}
/**
* Holds if the SSA variable is a parameter defined by its initial value in the callable.
*/
predicate isParameterDefinition(Parameter p) {
getSourceVariable() = TLocalVar(p.getCallable(), p) and p.getCallable().getBody() = getCFGNode()
this.getSourceVariable() = TLocalVar(p.getCallable(), p) and
p.getCallable().getBody() = this.getCFGNode()
}
}
/** An SSA phi node. */
class SsaPhiNode extends SsaVariable, TSsaPhiNode {
override string toString() { result = "SSA phi(" + getSourceVariable() + ")" }
override string toString() { result = "SSA phi(" + this.getSourceVariable() + ")" }
/** Gets an input to the phi node defining the SSA variable. */
SsaVariable getAPhiInput() {
exists(BasicBlock phiPred, TrackedVar v |
v = getSourceVariable() and
getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
v = this.getSourceVariable() and
this.getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
ssaDefReachesEndOfBlock(v, result, phiPred)
)
}

25
java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -484,10 +484,10 @@ class BaseSsaVariable extends TBaseSsaVariable {
string toString() { none() }
Location getLocation() { result = getCFGNode().getLocation() }
Location getLocation() { result = this.getCFGNode().getLocation() }
/** Gets the `BasicBlock` in which this SSA variable is defined. */
BasicBlock getBasicBlock() { result = getCFGNode().getBasicBlock() }
BasicBlock getBasicBlock() { result = this.getCFGNode().getBasicBlock() }
/** Gets an access of this SSA variable. */
RValue getAUse() { ssaDefReachesUse(_, this, result) }
@@ -532,14 +532,16 @@ class BaseSsaVariable extends TBaseSsaVariable {
/** An SSA variable that is defined by a `VariableUpdate`. */
class BaseSsaUpdate extends BaseSsaVariable, TSsaUpdate {
BaseSsaUpdate() {
exists(VariableUpdate upd | upd = this.getCFGNode() and getDestVar(upd) = getSourceVariable())
exists(VariableUpdate upd |
upd = this.getCFGNode() and getDestVar(upd) = this.getSourceVariable()
)
}
override string toString() { result = "SSA def(" + getSourceVariable() + ")" }
override string toString() { result = "SSA def(" + this.getSourceVariable() + ")" }
/** Gets the `VariableUpdate` defining the SSA variable. */
VariableUpdate getDefiningExpr() {
result = this.getCFGNode() and getDestVar(result) = getSourceVariable()
result = this.getCFGNode() and getDestVar(result) = this.getSourceVariable()
}
}
@@ -548,30 +550,31 @@ class BaseSsaUpdate extends BaseSsaVariable, TSsaUpdate {
* includes initial values of parameters, fields, and closure variables.
*/
class BaseSsaImplicitInit extends BaseSsaVariable, TSsaEntryDef {
override string toString() { result = "SSA init(" + getSourceVariable() + ")" }
override string toString() { result = "SSA init(" + this.getSourceVariable() + ")" }
/** Holds if this is a closure variable that captures the value of `capturedvar`. */
predicate captures(BaseSsaVariable capturedvar) {
ssaDefReachesCapture(_, capturedvar, getSourceVariable())
ssaDefReachesCapture(_, capturedvar, this.getSourceVariable())
}
/**
* Holds if the SSA variable is a parameter defined by its initial value in the callable.
*/
predicate isParameterDefinition(Parameter p) {
getSourceVariable() = TLocalVar(p.getCallable(), p) and p.getCallable().getBody() = getCFGNode()
this.getSourceVariable() = TLocalVar(p.getCallable(), p) and
p.getCallable().getBody() = this.getCFGNode()
}
}
/** An SSA phi node. */
class BaseSsaPhiNode extends BaseSsaVariable, TSsaPhiNode {
override string toString() { result = "SSA phi(" + getSourceVariable() + ")" }
override string toString() { result = "SSA phi(" + this.getSourceVariable() + ")" }
/** Gets an input to the phi node defining the SSA variable. */
BaseSsaVariable getAPhiInput() {
exists(BasicBlock phiPred, BaseSsaSourceVariable v |
v = getSourceVariable() and
getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
v = this.getSourceVariable() and
this.getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
ssaDefReachesEndOfBlock(v, result, phiPred)
)
}

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

16
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll
View File

@@ -110,12 +110,12 @@ abstract class Configuration extends string {
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowTo(Node sink) { hasFlow(_, sink) }
predicate hasFlowTo(Node sink) { this.hasFlow(_, sink) }
/**
* Holds if data may flow from some source to `sink` for this configuration.
*/
predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
@@ -3170,7 +3170,7 @@ private class AccessPathCons extends AccessPath, TAccessPathCons {
}
override string toString() {
result = "[" + this.toStringImpl(true) + length().toString() + ")]"
result = "[" + this.toStringImpl(true) + this.length().toString() + ")]"
or
result = "[" + this.toStringImpl(false)
}
@@ -3309,9 +3309,11 @@ abstract private class PathNodeImpl extends PathNode {
result = " <" + this.(PathNodeMid).getCallContext().toString() + ">"
}
override string toString() { result = this.getNodeEx().toString() + ppAp() }
override string toString() { result = this.getNodeEx().toString() + this.ppAp() }
override string toStringWithContext() { result = this.getNodeEx().toString() + ppAp() + ppCtx() }
override string toStringWithContext() {
result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -3379,11 +3381,11 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
override PathNodeImpl getASuccessorImpl() {
// an intermediate step to another intermediate node
result = getSuccMid()
result = this.getSuccMid()
or
// a final step to a sink via zero steps means we merge the last two steps to prevent trivial-looking edges
exists(PathNodeMid mid, PathNodeSink sink |
mid = getSuccMid() and
mid = this.getSuccMid() and
mid.getNodeEx() = sink.getNodeEx() and
mid.getAp() instanceof AccessPathNil and
sink.getConfiguration() = unbindConf(mid.getConfiguration()) and

10
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
View File

@@ -117,9 +117,9 @@ module Public {
* Gets an upper bound on the type of this node.
*/
Type getTypeBound() {
result = getImprovedTypeBound()
result = this.getImprovedTypeBound()
or
result = getType() and not exists(getImprovedTypeBound())
result = this.getType() and not exists(this.getImprovedTypeBound())
}
/**
@@ -132,7 +132,7 @@ module Public {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
@@ -288,9 +288,9 @@ private class NewExpr extends PostUpdateNode, TExprNode {
* A `PostUpdateNode` that is not a `ClassInstanceExpr`.
*/
abstract private class ImplicitPostUpdateNode extends PostUpdateNode {
override Location getLocation() { result = getPreUpdateNode().getLocation() }
override Location getLocation() { result = this.getPreUpdateNode().getLocation() }
override string toString() { result = getPreUpdateNode().toString() + " [post update]" }
override string toString() { result = this.getPreUpdateNode().toString() + " [post update]" }
}
private class ExplicitExprPostUpdate extends ImplicitPostUpdateNode, TExplicitExprPostUpdate {

32
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -285,11 +285,11 @@ private predicate taintPreservingQualifierToMethod(Method m) {
private class StringReplaceMethod extends TaintPreservingCallable {
StringReplaceMethod() {
getDeclaringType() instanceof TypeString and
this.getDeclaringType() instanceof TypeString and
(
hasName("replace") or
hasName("replaceAll") or
hasName("replaceFirst")
this.hasName("replace") or
this.hasName("replaceAll") or
this.hasName("replaceFirst")
)
}
@@ -443,7 +443,7 @@ class ObjectOutputStreamVar extends LocalVariableDecl {
}
MethodAccess getAWriteObjectMethodAccess() {
result.getQualifier() = getAnAccess() and
result.getQualifier() = this.getAnAccess() and
result.getMethod().hasName("writeObject")
}
}
@@ -488,7 +488,7 @@ private class FormatterVar extends LocalVariableDecl {
}
MethodAccess getAFormatMethodAccess() {
result.getQualifier() = getAnAccess() and
result.getQualifier() = this.getAnAccess() and
result.getMethod().hasName("format")
}
}
@@ -513,13 +513,13 @@ private class FormatterCallable extends TaintPreservingCallable {
}
override predicate returnsTaintFrom(int arg) {
if this instanceof Constructor then arg = 0 else arg = [-1 .. getNumberOfParameters()]
if this instanceof Constructor then arg = 0 else arg = [-1 .. this.getNumberOfParameters()]
}
override predicate transfersTaint(int src, int sink) {
this.hasName("format") and
sink = -1 and
src = [0 .. getNumberOfParameters()]
src = [0 .. this.getNumberOfParameters()]
}
}
@@ -532,13 +532,13 @@ module StringBuilderVarModule {
* build up a query using string concatenation.
*/
class StringBuilderVar extends LocalVariableDecl {
StringBuilderVar() { getType() instanceof StringBuildingType }
StringBuilderVar() { this.getType() instanceof StringBuildingType }
/**
* Gets a call that adds something to this string builder, from the argument at the given index.
*/
MethodAccess getAnInput(int arg) {
result.getQualifier() = getAChainedReference() and
result.getQualifier() = this.getAChainedReference() and
(
result.getMethod().getName() = "append" and arg = 0
or
@@ -552,20 +552,20 @@ module StringBuilderVarModule {
* Gets a call that appends something to this string builder.
*/
MethodAccess getAnAppend() {
result.getQualifier() = getAChainedReference() and
result.getQualifier() = this.getAChainedReference() and
result.getMethod().getName() = "append"
}
MethodAccess getNextAppend(MethodAccess append) {
result = getAnAppend() and
append = getAnAppend() and
result = this.getAnAppend() and
append = this.getAnAppend() and
(
result.getQualifier() = append
or
not exists(MethodAccess chainAccess | chainAccess.getQualifier() = append) and
exists(RValue sbva1, RValue sbva2 |
adjacentUseUse(sbva1, sbva2) and
append.getQualifier() = getAChainedReference(sbva1) and
append.getQualifier() = this.getAChainedReference(sbva1) and
result.getQualifier() = sbva2
)
)
@@ -575,7 +575,7 @@ module StringBuilderVarModule {
* Gets a call that converts this string builder to a string.
*/
MethodAccess getToStringCall() {
result.getQualifier() = getAChainedReference() and
result.getQualifier() = this.getAChainedReference() and
result.getMethod().getName() = "toString"
}
@@ -590,7 +590,7 @@ module StringBuilderVarModule {
/**
* Gets an expression that refers to this `StringBuilder`, possibly after some chained calls.
*/
Expr getAChainedReference() { result = getAChainedReference(_) }
Expr getAChainedReference() { result = this.getAChainedReference(_) }
}
}

30
java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
View File

@@ -82,19 +82,19 @@ class SuppressedConstructor extends Constructor {
SuppressedConstructor() {
// Must be private or protected to suppress it.
(
isPrivate()
this.isPrivate()
or
// A protected, suppressed constructor only makes sense in a non-abstract class.
isProtected() and not getDeclaringType().isAbstract()
this.isProtected() and not this.getDeclaringType().isAbstract()
) and
// Must be no-arg in order to replace the compiler generated default constructor.
getNumberOfParameters() = 0 and
this.getNumberOfParameters() = 0 and
// Not the compiler-generated constructor itself.
not isDefaultConstructor() and
not this.isDefaultConstructor() and
// Verify that there is only one statement, which is the `super()` call. This exists
// even for empty constructors.
getBody().(BlockStmt).getNumStmt() = 1 and
getBody().(BlockStmt).getAStmt().(SuperConstructorInvocationStmt).getNumArgument() = 0 and
this.getBody().(BlockStmt).getNumStmt() = 1 and
this.getBody().(BlockStmt).getAStmt().(SuperConstructorInvocationStmt).getNumArgument() = 0 and
// A constructor that is called is not acting to suppress the default constructor. We permit
// calls from suppressed and default constructors - in both cases, they can only come from
// sub-class constructors.
@@ -105,7 +105,9 @@ class SuppressedConstructor extends Constructor {
) and
// If other constructors are declared, then no compiler-generated constructor is added, so
// this constructor is not acting to suppress the default compiler-generated constructor.
not exists(Constructor other | other = getDeclaringType().getAConstructor() and other != this)
not exists(Constructor other |
other = this.getDeclaringType().getAConstructor() and other != this
)
}
}
@@ -114,7 +116,7 @@ class SuppressedConstructor extends Constructor {
*/
class NamespaceClass extends RefType {
NamespaceClass() {
fromSource() and
this.fromSource() and
// All members, apart from the default constructor and, if present, a "suppressed" constructor
// must be static. There must be at least one member apart from the permitted constructors.
forex(Member m |
@@ -125,7 +127,9 @@ class NamespaceClass extends RefType {
m.isStatic()
) and
// Must only extend other namespace classes, or `Object`.
forall(RefType r | r = getASupertype() | r instanceof TypeObject or r instanceof NamespaceClass)
forall(RefType r | r = this.getASupertype() |
r instanceof TypeObject or r instanceof NamespaceClass
)
}
}
@@ -197,7 +201,7 @@ class DeadClass extends SourceClassOrInterface {
/**
* Identify all the "dead" roots of this dead class.
*/
DeadRoot getADeadRoot() { result = getADeadRoot(getACallable()) }
DeadRoot getADeadRoot() { result = getADeadRoot(this.getACallable()) }
/**
* Holds if this dead class is only used within the class itself.
@@ -206,8 +210,8 @@ class DeadClass extends SourceClassOrInterface {
// Accessed externally if any callable in the class has a possible liveness cause outside the
// class. Only one step is required.
not exists(Callable c |
c = possibleLivenessCause(getACallable()) and
not c = getACallable()
c = possibleLivenessCause(this.getACallable()) and
not c = this.getACallable()
)
}
}
@@ -229,7 +233,7 @@ abstract class WhitelistedLiveClass extends RefType { }
*/
class DeadMethod extends Callable {
DeadMethod() {
fromSource() and
this.fromSource() and
not isLive(this) and
not this.(Constructor).isDefaultConstructor() and
// Ignore `SuppressedConstructor`s in `NamespaceClass`es. There is no reason to use a suppressed

32
java/ql/lib/semmle/code/java/deadcode/DeadField.qll
View File

@@ -10,7 +10,7 @@ import semmle.code.java.frameworks.jackson.JacksonSerializability
* This defines the set of fields for which we will determine liveness.
*/
library class SourceField extends Field {
SourceField() { fromSource() }
SourceField() { this.fromSource() }
}
/**
@@ -26,7 +26,7 @@ class DeadField extends SourceField {
*/
predicate isInDeadScope() {
// `EnumConstant`s, and fields in dead classes, are reported in other queries.
getDeclaringType() instanceof DeadClass or
this.getDeclaringType() instanceof DeadClass or
this instanceof EnumConstant
}
}
@@ -37,7 +37,7 @@ class DeadField extends SourceField {
*/
class LiveField extends SourceField {
LiveField() {
exists(FieldRead access | access = getAnAccess() |
exists(FieldRead access | access = this.getAnAccess() |
isLive(access.getEnclosingCallable())
or
exists(Annotation a |
@@ -89,11 +89,11 @@ abstract class WhitelistedLiveField extends Field { }
*/
class SerialVersionUIDField extends ReflectivelyReadField {
SerialVersionUIDField() {
hasName("serialVersionUID") and
isStatic() and
isFinal() and
getType().hasName("long") and
getDeclaringType().getASupertype*() instanceof TypeSerializable
this.hasName("serialVersionUID") and
this.isStatic() and
this.isFinal() and
this.getType().hasName("long") and
this.getDeclaringType().getASupertype*() instanceof TypeSerializable
}
}
@@ -104,7 +104,7 @@ class SerialVersionUIDField extends ReflectivelyReadField {
class LiveJaxbBoundField extends ReflectivelyReadField, JaxbBoundField {
LiveJaxbBoundField() {
// If the class is considered live, it must have at least one live constructor.
exists(Constructor c | c = getDeclaringType().getAConstructor() | isLive(c))
exists(Constructor c | c = this.getDeclaringType().getAConstructor() | isLive(c))
}
}
@@ -114,11 +114,11 @@ class LiveJaxbBoundField extends ReflectivelyReadField, JaxbBoundField {
*/
class JUnitAnnotatedField extends ReflectivelyReadField {
JUnitAnnotatedField() {
hasAnnotation("org.junit.experimental.theories", "DataPoint") or
hasAnnotation("org.junit.experimental.theories", "DataPoints") or
hasAnnotation("org.junit.runners", "Parameterized$Parameter") or
hasAnnotation("org.junit", "Rule") or
hasAnnotation("org.junit", "ClassRule")
this.hasAnnotation("org.junit.experimental.theories", "DataPoint") or
this.hasAnnotation("org.junit.experimental.theories", "DataPoints") or
this.hasAnnotation("org.junit.runners", "Parameterized$Parameter") or
this.hasAnnotation("org.junit", "Rule") or
this.hasAnnotation("org.junit", "ClassRule")
}
}
@@ -164,8 +164,8 @@ class JPAReadField extends ReflectivelyReadField {
)
|
not this.hasAnnotation("javax.persistence", "Transient") and
not isStatic() and
not isFinal()
not this.isStatic() and
not this.isFinal()
)
}
}

34
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -102,7 +102,7 @@ library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructe
override Callable getALiveCallable() {
// Constructors may be called by Jackson, if they are a no-arg, they have a suitable annotation,
// or inherit a suitable annotation through a mixin.
result = getAConstructor() and
result = this.getAConstructor() and
(
result.getNumberOfParameters() = 0 or
result.getAnAnnotation() instanceof JacksonAnnotation or
@@ -153,7 +153,7 @@ class DeserializedClass extends ReflectivelyConstructedClass {
*/
class NewInstanceCall extends EntryPoint, NewInstance {
override Constructor getALiveCallable() {
result = getInferredConstructor() and
result = this.getInferredConstructor() and
// The `newInstance(...)` call must be used in a live context.
isLive(this.getEnclosingCallable())
}
@@ -164,7 +164,7 @@ class NewInstanceCall extends EntryPoint, NewInstance {
*/
class ReflectiveMethodAccessEntryPoint extends EntryPoint, ReflectiveMethodAccess {
override Method getALiveCallable() {
result = inferAccessedMethod() and
result = this.inferAccessedMethod() and
// The `getMethod(...)` call must be used in a live context.
isLive(this.getEnclosingCallable())
}
@@ -210,8 +210,8 @@ class JaxbXmlEnum extends AnnotationEntryPoint {
class JaxbXmlType extends AnnotationEntryPoint, JaxbType {
override Callable getALiveCallable() {
// Must have a live no-arg constructor for JAXB to perform marshal/unmarshal.
exists(Constructor c | c = getAConstructor() and c.getNumberOfParameters() = 0 | isLive(c)) and
result = getACallable() and
exists(Constructor c | c = this.getAConstructor() and c.getNumberOfParameters() = 0 | isLive(c)) and
result = this.getACallable() and
(
// A bound getter or setter.
result instanceof JaxbBoundGetterSetter
@@ -262,7 +262,7 @@ class ManagedBeanImplEntryPoint extends EntryPoint, RegisteredManagedBeanImpl {
// Find the method that will be called for each method on each managed bean that this class
// implements.
this.inherits(result) and
result.(Method).overrides(getAnImplementedManagedBean().getAMethod())
result.(Method).overrides(this.getAnImplementedManagedBean().getAMethod())
}
}
@@ -377,7 +377,7 @@ class JavaxResourceAnnotatedMethod extends CallableEntryPointOnConstructedClass
*/
class JavaxManagedBeanReflectivelyConstructed extends ReflectivelyConstructedClass {
JavaxManagedBeanReflectivelyConstructed() {
getAnAnnotation() instanceof JavaxManagedBeanAnnotation
this.getAnAnnotation() instanceof JavaxManagedBeanAnnotation
}
}
@@ -413,13 +413,13 @@ class PersistencePropertyMethod extends CallableEntryPoint {
*/
class PersistenceCallbackMethod extends CallableEntryPoint {
PersistenceCallbackMethod() {
getAnAnnotation() instanceof PrePersistAnnotation or
getAnAnnotation() instanceof PreRemoveAnnotation or
getAnAnnotation() instanceof PreUpdateAnnotation or
getAnAnnotation() instanceof PostPersistAnnotation or
getAnAnnotation() instanceof PostRemoveAnnotation or
getAnAnnotation() instanceof PostUpdateAnnotation or
getAnAnnotation() instanceof PostLoadAnnotation
this.getAnAnnotation() instanceof PrePersistAnnotation or
this.getAnAnnotation() instanceof PreRemoveAnnotation or
this.getAnAnnotation() instanceof PreUpdateAnnotation or
this.getAnAnnotation() instanceof PostPersistAnnotation or
this.getAnAnnotation() instanceof PostRemoveAnnotation or
this.getAnAnnotation() instanceof PostUpdateAnnotation or
this.getAnAnnotation() instanceof PostLoadAnnotation
}
}
@@ -429,20 +429,20 @@ class PersistenceCallbackMethod extends CallableEntryPoint {
*/
class ArbitraryXMLEntryPoint extends ReflectivelyConstructedClass {
ArbitraryXMLEntryPoint() {
fromSource() and
this.fromSource() and
exists(XMLAttribute attribute |
attribute.getName() = "className" or
attribute.getName().matches("%ClassName") or
attribute.getName() = "class" or
attribute.getName().matches("%Class")
|
attribute.getValue() = getQualifiedName()
attribute.getValue() = this.getQualifiedName()
)
}
override Callable getALiveCallable() {
// Any constructor on these classes, as we don't know which may be called.
result = getAConstructor()
result = this.getAConstructor()
}
}

20
java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll
View File

@@ -18,7 +18,7 @@ class TestMethodEntry extends CallableEntryPoint {
or
exists(AnnotationType a | a = this.getAnAnnotation().getType() |
a.hasQualifiedName("org.junit.runners", "Parameterized$Parameters") and
getDeclaringType() instanceof ParameterizedJUnitTest
this.getDeclaringType() instanceof ParameterizedJUnitTest
)
}
}
@@ -28,12 +28,12 @@ class TestMethodEntry extends CallableEntryPoint {
*/
class BeforeOrAfterEntry extends CallableEntryPoint {
BeforeOrAfterEntry() {
getAnAnnotation() instanceof TestNGBeforeAnnotation or
getAnAnnotation() instanceof TestNGAfterAnnotation or
getAnAnnotation() instanceof BeforeAnnotation or
getAnAnnotation() instanceof BeforeClassAnnotation or
getAnAnnotation() instanceof AfterAnnotation or
getAnAnnotation() instanceof AfterClassAnnotation
this.getAnAnnotation() instanceof TestNGBeforeAnnotation or
this.getAnAnnotation() instanceof TestNGAfterAnnotation or
this.getAnAnnotation() instanceof BeforeAnnotation or
this.getAnAnnotation() instanceof BeforeClassAnnotation or
this.getAnAnnotation() instanceof AfterAnnotation or
this.getAnAnnotation() instanceof AfterClassAnnotation
}
}
@@ -44,7 +44,7 @@ class JUnitTheories extends CallableEntryPoint {
JUnitTheories() {
exists(AnnotationType a |
a = this.getAnAnnotation().getType() and
getDeclaringType() instanceof JUnitTheoryTest
this.getDeclaringType() instanceof JUnitTheoryTest
|
a.hasQualifiedName("org.junit.experimental.theories", "Theory") or
a.hasQualifiedName("org.junit.experimental.theories", "DataPoint") or
@@ -63,7 +63,7 @@ class JUnitDataPointField extends ReflectivelyReadField {
a.hasQualifiedName("org.junit.experimental.theories", "DataPoint") or
a.hasQualifiedName("org.junit.experimental.theories", "DataPoints")
) and
getDeclaringType() instanceof JUnitTheoryTest
this.getDeclaringType() instanceof JUnitTheoryTest
)
}
}
@@ -152,7 +152,7 @@ class CucumberConstructedClass extends ReflectivelyConstructedClass {
// Consider any constructor to be live - Cucumber calls a runtime-specified dependency
// injection framework (possibly an in-built one) to construct these instances, so any
// constructor could be called.
result = getAConstructor()
result = this.getAConstructor()
}
}

4
java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
View File

@@ -29,7 +29,7 @@ class ServletConstructedClass extends ReflectivelyConstructedClass {
*/
class ServletListenerClass extends ReflectivelyConstructedClass {
ServletListenerClass() {
getAnAncestor() instanceof ServletWebXMLListenerType and
this.getAnAncestor() instanceof ServletWebXMLListenerType and
// If we have seen any `web.xml` files, this listener will be considered to be live only if it is
// referred to as a listener-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all listener classes as live.
@@ -47,7 +47,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass {
*/
class ServletFilterClass extends ReflectivelyConstructedClass {
ServletFilterClass() {
getASupertype*().hasQualifiedName("javax.servlet", "Filter") and
this.getASupertype*().hasQualifiedName("javax.servlet", "Filter") and
// If we have seen any `web.xml` files, this filter will be considered to be live only if it is
// referred to as a filter-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all filter classes as live.

2
java/ql/lib/semmle/code/java/frameworks/Camel.qll
View File

@@ -48,7 +48,7 @@ class CamelToBeanURI extends CamelToURI {
/**
* Gets the bean referenced by this URI.
*/
SpringBean getRefBean() { result.getBeanIdentifier() = getBeanIdentifier() }
SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() }
}
/**

2
java/ql/lib/semmle/code/java/frameworks/Guice.qll
View File

@@ -31,7 +31,7 @@ class GuiceProvider extends Interface {
* A method that overrides the `get` method on the interface `com.google.inject.Provider`.
*/
Method getAnOverridingGetMethod() {
exists(Method m | m.getSourceDeclaration() = getGetMethod() | result.overrides*(m))
exists(Method m | m.getSourceDeclaration() = this.getGetMethod() | result.overrides*(m))
}
}

40
java/ql/lib/semmle/code/java/frameworks/JAXB.qll
View File

@@ -17,11 +17,11 @@ library class JAXBMarshalMethod extends Method {
}
class JaxbAnnotationType extends AnnotationType {
JaxbAnnotationType() { getPackage().getName() = "javax.xml.bind.annotation" }
JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" }
}
class JaxbAnnotated extends Annotatable {
JaxbAnnotated() { getAnAnnotation().getType() instanceof JaxbAnnotationType }
JaxbAnnotated() { this.getAnAnnotation().getType() instanceof JaxbAnnotationType }
predicate hasJaxbAnnotation(string name) { hasJaxbAnnotation(this, name) }
}
@@ -62,8 +62,8 @@ class JaxbType extends Class {
* Gets the `XmlAccessType` associated with this class.
*/
XmlAccessType getXmlAccessType() {
if exists(getDeclaredAccessType())
then result = getDeclaredAccessType()
if exists(this.getDeclaredAccessType())
then result = this.getDeclaredAccessType()
else
// Default access type, if not specified.
result.isPublicMember()
@@ -81,22 +81,22 @@ class XmlAccessType extends EnumConstant {
/**
* All public getter/setter pairs and public fields will be bound.
*/
predicate isPublicMember() { getName() = "PUBLIC_MEMBER" }
predicate isPublicMember() { this.getName() = "PUBLIC_MEMBER" }
/**
* All non-static, non-transient fields will be bound.
*/
predicate isField() { getName() = "FIELD" }
predicate isField() { this.getName() = "FIELD" }
/**
* All getter/setter pairs will be bound.
*/
predicate isProperty() { getName() = "PROPERTY" }
predicate isProperty() { this.getName() = "PROPERTY" }
/**
* Nothing will be bound automatically.
*/
predicate isNone() { getName() = "NONE" }
predicate isNone() { this.getName() = "NONE" }
}
/**
@@ -105,10 +105,10 @@ class XmlAccessType extends EnumConstant {
*/
class JaxbMemberAnnotation extends JaxbAnnotationType {
JaxbMemberAnnotation() {
hasName("XmlElement") or
hasName("XmlAttribute") or
hasName("XmlElementRefs") or
hasName("XmlElements")
this.hasName("XmlElement") or
this.hasName("XmlAttribute") or
this.hasName("XmlElementRefs") or
this.hasName("XmlElements")
}
}
@@ -121,14 +121,14 @@ private predicate isTransient(Member m) { hasJaxbAnnotation(m, "XmlTransient") }
class JaxbBoundField extends Field {
JaxbBoundField() {
// Fields cannot be static, because JAXB creates instances.
not isStatic() and
not this.isStatic() and
// Fields cannot be final, because JAXB instantiates the object, then sets the properties.
not isFinal() and
not this.isFinal() and
// No transient fields are ever bound.
not isTransient(this) and
(
// Explicitly annotated to be bound.
exists(getAnAnnotation().getType().(JaxbMemberAnnotation))
exists(this.getAnAnnotation().getType().(JaxbMemberAnnotation))
or
// Within a JAXB type which has an `XmlAcessType` that binds this field.
exists(JaxbType type | this.getDeclaringType() = type |
@@ -136,7 +136,7 @@ class JaxbBoundField extends Field {
type.getXmlAccessType().isField()
or
// Only public fields are automatically bound in this access type.
type.getXmlAccessType().isPublicMember() and isPublic()
type.getXmlAccessType().isPublicMember() and this.isPublic()
)
)
}
@@ -157,7 +157,7 @@ library class GetterOrSetterMethod extends Method {
* Holds if this method has a "pair"ed method, e.g. whether there is an equivalent getter if this
* is a setter, and vice versa.
*/
predicate isProperty() { exists(getPair()) }
predicate isProperty() { exists(this.getPair()) }
/**
* Gets the "pair" method, if one exists; that is, the getter if this is a setter, and vice versa.
@@ -183,16 +183,16 @@ class JaxbBoundGetterSetter extends GetterOrSetterMethod {
this.getField() instanceof JaxbBoundField
or
// An annotation on this method or the pair that indicate that it is a valid setter/getter.
getThisOrPair().getAnAnnotation().getType() instanceof JaxbMemberAnnotation
this.getThisOrPair().getAnAnnotation().getType() instanceof JaxbMemberAnnotation
or
// Within a JAXB type which has an `XmlAcessType` that binds this method.
exists(JaxbType c | this.getDeclaringType() = c |
// If this is a "property" - both a setter and getter present for the XML element or attribute
// - the `XmlAccessType` of the declaring type may cause this property to be bound.
isProperty() and
this.isProperty() and
(
// In the `PUBLIC_MEMBER` case all public properties are considered bound.
c.getXmlAccessType().isPublicMember() and isPublic()
c.getXmlAccessType().isPublicMember() and this.isPublic()
or
// In "property" all properties are considered bound.
c.getXmlAccessType().isProperty()

2
java/ql/lib/semmle/code/java/frameworks/JUnitAnnotations.qll
View File

@@ -64,5 +64,5 @@ class RunWithAnnotation extends Annotation {
/**
* Gets the runner that will be used.
*/
Type getRunner() { result = getValue("value").(TypeLiteral).getReferencedType() }
Type getRunner() { result = this.getValue("value").(TypeLiteral).getReferencedType() }
}

12
java/ql/lib/semmle/code/java/frameworks/Jackson.qll
View File

@@ -7,31 +7,31 @@ private import semmle.code.java.dataflow.DataFlow
private class ObjectMapper extends RefType {
ObjectMapper() {
getASupertype*().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
this.getASupertype*().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
}
}
/** A builder for building Jackson's `JsonMapper`. */
class MapperBuilder extends RefType {
MapperBuilder() {
hasQualifiedName("com.fasterxml.jackson.databind.cfg", "MapperBuilder<JsonMapper,Builder>")
this.hasQualifiedName("com.fasterxml.jackson.databind.cfg", "MapperBuilder<JsonMapper,Builder>")
}
}
private class JsonFactory extends RefType {
JsonFactory() { hasQualifiedName("com.fasterxml.jackson.core", "JsonFactory") }
JsonFactory() { this.hasQualifiedName("com.fasterxml.jackson.core", "JsonFactory") }
}
private class JsonParser extends RefType {
JsonParser() { hasQualifiedName("com.fasterxml.jackson.core", "JsonParser") }
JsonParser() { this.hasQualifiedName("com.fasterxml.jackson.core", "JsonParser") }
}
/** A type descriptor in Jackson libraries. For example, `java.lang.Class`. */
class JacksonTypeDescriptorType extends RefType {
JacksonTypeDescriptorType() {
this instanceof TypeClass or
hasQualifiedName("com.fasterxml.jackson.databind", "JavaType") or
hasQualifiedName("com.fasterxml.jackson.core.type", "TypeReference")
this.hasQualifiedName("com.fasterxml.jackson.databind", "JavaType") or
this.hasQualifiedName("com.fasterxml.jackson.core.type", "TypeReference")
}
}

20
java/ql/lib/semmle/code/java/frameworks/Jndi.qll
View File

@@ -41,39 +41,39 @@ class TypeLdapName extends Class {
/** A method with the name `addAll` declared in `javax.naming.ldap.LdapName`. */
class MethodLdapNameAddAll extends Method {
MethodLdapNameAddAll() {
getDeclaringType() instanceof TypeLdapName and
hasName("addAll")
this.getDeclaringType() instanceof TypeLdapName and
this.hasName("addAll")
}
}
/** A method with the name `clone` declared in `javax.naming.ldap.LdapName`. */
class MethodLdapNameClone extends Method {
MethodLdapNameClone() {
getDeclaringType() instanceof TypeLdapName and
hasName("clone")
this.getDeclaringType() instanceof TypeLdapName and
this.hasName("clone")
}
}
/** A method with the name `getAll` declared in `javax.naming.ldap.LdapName`. */
class MethodLdapNameGetAll extends Method {
MethodLdapNameGetAll() {
getDeclaringType() instanceof TypeLdapName and
hasName("getAll")
this.getDeclaringType() instanceof TypeLdapName and
this.hasName("getAll")
}
}
/** A method with the name `getRdns` declared in `javax.naming.ldap.LdapName`. */
class MethodLdapNameGetRdns extends Method {
MethodLdapNameGetRdns() {
getDeclaringType() instanceof TypeLdapName and
hasName("getRdns")
this.getDeclaringType() instanceof TypeLdapName and
this.hasName("getRdns")
}
}
/** A method with the name `toString` declared in `javax.naming.ldap.LdapName`. */
class MethodLdapNameToString extends Method {
MethodLdapNameToString() {
getDeclaringType() instanceof TypeLdapName and
hasName("toString")
this.getDeclaringType() instanceof TypeLdapName and
this.hasName("toString")
}
}

26
java/ql/lib/semmle/code/java/frameworks/Kryo.qll
View File

@@ -11,8 +11,8 @@ private import semmle.code.java.dataflow.FlowSteps
*/
class Kryo extends RefType {
Kryo() {
hasQualifiedName("com.esotericsoftware.kryo", "Kryo") or
hasQualifiedName("com.esotericsoftware.kryo5", "Kryo")
this.hasQualifiedName("com.esotericsoftware.kryo", "Kryo") or
this.hasQualifiedName("com.esotericsoftware.kryo5", "Kryo")
}
}
@@ -21,8 +21,8 @@ class Kryo extends RefType {
*/
class KryoInput extends RefType {
KryoInput() {
hasQualifiedName("com.esotericsoftware.kryo.io", "Input") or
hasQualifiedName("com.esotericsoftware.kryo5.io", "Input")
this.hasQualifiedName("com.esotericsoftware.kryo.io", "Input") or
this.hasQualifiedName("com.esotericsoftware.kryo5.io", "Input")
}
}
@@ -31,8 +31,8 @@ class KryoInput extends RefType {
*/
class KryoPool extends RefType {
KryoPool() {
hasQualifiedName("com.esotericsoftware.kryo.pool", "KryoPool") or
hasQualifiedName("com.esotericsoftware.kryo5.pool", "KryoPool")
this.hasQualifiedName("com.esotericsoftware.kryo.pool", "KryoPool") or
this.hasQualifiedName("com.esotericsoftware.kryo5.pool", "KryoPool")
}
}
@@ -41,8 +41,8 @@ class KryoPool extends RefType {
*/
class KryoPoolBuilder extends RefType {
KryoPoolBuilder() {
hasQualifiedName("com.esotericsoftware.kryo.pool", "KryoPool$Builder") or
hasQualifiedName("com.esotericsoftware.kryo5.pool", "KryoPool$Builder")
this.hasQualifiedName("com.esotericsoftware.kryo.pool", "KryoPool$Builder") or
this.hasQualifiedName("com.esotericsoftware.kryo5.pool", "KryoPool$Builder")
}
}
@@ -51,10 +51,10 @@ class KryoPoolBuilder extends RefType {
*/
class KryoPoolBuilderMethod extends Method {
KryoPoolBuilderMethod() {
getDeclaringType() instanceof KryoPoolBuilder and
this.getDeclaringType() instanceof KryoPoolBuilder and
(
getReturnType() instanceof KryoPoolBuilder or
getReturnType() instanceof KryoPool
this.getReturnType() instanceof KryoPoolBuilder or
this.getReturnType() instanceof KryoPool
)
}
}
@@ -92,7 +92,7 @@ class KryoEnableWhiteListing extends MethodAccess {
*/
class KryoPoolRunMethod extends Method {
KryoPoolRunMethod() {
getDeclaringType() instanceof KryoPool and
hasName("run")
this.getDeclaringType() instanceof KryoPool and
this.hasName("run")
}
}

100
java/ql/lib/semmle/code/java/frameworks/Mockito.qll
View File

@@ -11,8 +11,8 @@ import java
*/
class MockitoVerifyMethod extends Method {
MockitoVerifyMethod() {
getDeclaringType().getPackage().getName().matches("org.mockito%") and
hasName("verify")
this.getDeclaringType().getPackage().getName().matches("org.mockito%") and
this.hasName("verify")
}
}
@@ -21,7 +21,7 @@ class MockitoVerifyMethod extends Method {
*/
class MockitoVerifiedMethodAccess extends MethodAccess {
MockitoVerifiedMethodAccess() {
getQualifier().(MethodAccess).getMethod() instanceof MockitoVerifyMethod
this.getQualifier().(MethodAccess).getMethod() instanceof MockitoVerifyMethod
}
}
@@ -41,8 +41,8 @@ class MockitoMockableType extends ClassOrInterface {
*/
class MockitoInitMocks extends Method {
MockitoInitMocks() {
getDeclaringType().hasQualifiedName("org.mockito", "MockitoAnnotations") and
hasName("initMocks")
this.getDeclaringType().hasQualifiedName("org.mockito", "MockitoAnnotations") and
this.hasName("initMocks")
}
}
@@ -61,10 +61,10 @@ class MockitoInitedTest extends Class {
or
// Call to `MockitoAnnotations.initMocks()`, either by the constructor or by a `@Before` method.
exists(MockitoInitMocks initMocks |
getAConstructor().calls*(initMocks)
this.getAConstructor().calls*(initMocks)
or
exists(Method m |
m = getAnAncestor().getAMethod() and
m = this.getAnAncestor().getAMethod() and
(
m.hasAnnotation("org.junit", "Before") or
m.hasAnnotation("org.testng.annotations", "BeforeMethod")
@@ -85,8 +85,8 @@ class MockitoInitedTest extends Class {
*/
class MockitoAnnotation extends Annotation {
MockitoAnnotation() {
getType().getPackage().getName().matches("org.mockito") or
getType().getPackage().getName().matches("org.mockito.%")
this.getType().getPackage().getName().matches("org.mockito") or
this.getType().getPackage().getName().matches("org.mockito.%")
}
}
@@ -95,11 +95,11 @@ class MockitoAnnotation extends Annotation {
*/
class MockitoExclusiveAnnotation extends MockitoAnnotation {
MockitoExclusiveAnnotation() {
getType().hasQualifiedName("org.mockito", "Mock") or
getType().hasQualifiedName("org.mockito", "MockitoAnnotations$Mock") or
getType().hasQualifiedName("org.mockito", "InjectMocks") or
getType().hasQualifiedName("org.mockito", "Spy") or
getType().hasQualifiedName("org.mockito", "Captor")
this.getType().hasQualifiedName("org.mockito", "Mock") or
this.getType().hasQualifiedName("org.mockito", "MockitoAnnotations$Mock") or
this.getType().hasQualifiedName("org.mockito", "InjectMocks") or
this.getType().hasQualifiedName("org.mockito", "Spy") or
this.getType().hasQualifiedName("org.mockito", "Captor")
}
}
@@ -107,16 +107,16 @@ class MockitoExclusiveAnnotation extends MockitoAnnotation {
* A field which has a Mockito annotation.
*/
class MockitoAnnotatedField extends Field {
MockitoAnnotatedField() { getAnAnnotation() instanceof MockitoAnnotation }
MockitoAnnotatedField() { this.getAnAnnotation() instanceof MockitoAnnotation }
/**
* Holds if this field will be processed by Mockito.
*/
predicate isValid() {
// Mockito annotations are never parsed if the test isn't properly initialized.
getDeclaringType() instanceof MockitoInitedTest and
this.getDeclaringType() instanceof MockitoInitedTest and
// There should only be one "exclusive" mockito annotation per field.
count(getAnAnnotation().(MockitoExclusiveAnnotation)) = 1
count(this.getAnAnnotation().(MockitoExclusiveAnnotation)) = 1
}
}
@@ -125,16 +125,16 @@ class MockitoAnnotatedField extends Field {
*/
class MockitoMockedField extends MockitoAnnotatedField {
MockitoMockedField() {
hasAnnotation("org.mockito", "Mock")
this.hasAnnotation("org.mockito", "Mock")
or
// Deprecated style.
hasAnnotation("org.mockito", "MockitoAnnotations$Mock")
this.hasAnnotation("org.mockito", "MockitoAnnotations$Mock")
}
override predicate isValid() {
super.isValid() and
// The type must also be mockable, otherwise it will not be initialized.
getType() instanceof MockitoMockableType
this.getType() instanceof MockitoMockableType
}
/**
@@ -142,12 +142,13 @@ class MockitoMockedField extends MockitoAnnotatedField {
*/
predicate isReferencedByInjection() {
exists(MockitoInjectedField injectedField |
injectedField.getDeclaringType() = getDeclaringType()
injectedField.getDeclaringType() = this.getDeclaringType()
|
// A `@Mock` is injected if it is used in one of the invoked callables (constructor or
// setter), or injected directly onto a field.
getType().(RefType).getAnAncestor() = injectedField.getAnInvokedCallable().getAParamType() or
getType().(RefType).getAnAncestor() = injectedField.getASetField().getType()
this.getType().(RefType).getAnAncestor() =
injectedField.getAnInvokedCallable().getAParamType() or
this.getType().(RefType).getAnAncestor() = injectedField.getASetField().getType()
)
}
}
@@ -156,25 +157,25 @@ class MockitoMockedField extends MockitoAnnotatedField {
* A field annotated with `@InjectMocks`.
*/
class MockitoInjectedField extends MockitoAnnotatedField {
MockitoInjectedField() { hasAnnotation("org.mockito", "InjectMocks") }
MockitoInjectedField() { this.hasAnnotation("org.mockito", "InjectMocks") }
override predicate isValid() {
super.isValid() and
(
// If we need to initialize the field, it is only valid if the type is a `Class` that is not
// local, is static if it is a nested class, and is not abstract.
exists(getInitializer())
exists(this.getInitializer())
or
exists(Class c | c = getType() |
exists(Class c | c = this.getType() |
not c.isLocal() and
(getType() instanceof NestedClass implies c.(NestedClass).isStatic()) and
(this.getType() instanceof NestedClass implies c.(NestedClass).isStatic()) and
not c.isAbstract()
)
) and
(
// If neither of these is true, then mockito will fail to initialize this field.
usingConstructorInjection() or
usingPropertyInjection()
this.usingConstructorInjection() or
this.usingPropertyInjection()
)
}
@@ -184,7 +185,8 @@ class MockitoInjectedField extends MockitoAnnotatedField {
* Note: this does not include the no-arg constructor.
*/
predicate usingConstructorInjection() {
not exists(getInitializer()) and exists(getMockInjectedClass().getAMostMockableConstructor())
not exists(this.getInitializer()) and
exists(this.getMockInjectedClass().getAMostMockableConstructor())
}
/**
@@ -194,10 +196,10 @@ class MockitoInjectedField extends MockitoAnnotatedField {
* constructor, in addition to any property.
*/
predicate usingPropertyInjection() {
not usingConstructorInjection() and
not this.usingConstructorInjection() and
(
exists(getInitializer()) or
exists(getMockInjectedClass().getNoArgsConstructor())
exists(this.getInitializer()) or
exists(this.getMockInjectedClass().getNoArgsConstructor())
)
}
@@ -212,18 +214,18 @@ class MockitoInjectedField extends MockitoAnnotatedField {
Callable getAnInvokedCallable() {
exists(MockitoMockInjectedClass mockInjectedClass |
// This is the type we are constructing/injecting.
mockInjectedClass = getType()
mockInjectedClass = this.getType()
|
if usingConstructorInjection()
if this.usingConstructorInjection()
then
// If there is no initializer for this field, and there is a most mockable constructor,
// then we are doing a parameterized injection of mocks into a most mockable constructor.
result = mockInjectedClass.getAMostMockableConstructor()
else
if usingPropertyInjection()
if this.usingPropertyInjection()
then
// We will call the no-arg constructor if the field wasn't initialized.
not exists(getInitializer()) and
not exists(this.getInitializer()) and
result = mockInjectedClass.getNoArgsConstructor()
or
// Perform property injection into setter fields, but only where there exists a mock
@@ -249,9 +251,9 @@ class MockitoInjectedField extends MockitoAnnotatedField {
* Field injection only occurs if property injection and not constructor injection is used.
*/
Field getASetField() {
if usingPropertyInjection()
if this.usingPropertyInjection()
then
result = getMockInjectedClass().getASetField() and
result = this.getMockInjectedClass().getASetField() and
exists(MockitoMockedField mockedField |
mockedField.getDeclaringType() = this.getDeclaringType() and
mockedField.isValid()
@@ -268,15 +270,15 @@ class MockitoInjectedField extends MockitoAnnotatedField {
* A field annotated with the Mockito `@Spy` annotation.
*/
class MockitoSpiedField extends MockitoAnnotatedField {
MockitoSpiedField() { hasAnnotation("org.mockito", "Spy") }
MockitoSpiedField() { this.hasAnnotation("org.mockito", "Spy") }
override predicate isValid() {
super.isValid() and
(
exists(getInitializer())
exists(this.getInitializer())
or
exists(Constructor c |
c = getType().(RefType).getAConstructor() and c.getNumberOfParameters() = 0
c = this.getType().(RefType).getAConstructor() and c.getNumberOfParameters() = 0
)
)
}
@@ -284,7 +286,7 @@ class MockitoSpiedField extends MockitoAnnotatedField {
/**
* Holds if construction ever occurs.
*/
predicate isConstructed() { not exists(getInitializer()) }
predicate isConstructed() { not exists(this.getInitializer()) }
}
private int mockableParameterCount(Constructor constructor) {
@@ -312,8 +314,8 @@ library class MockitoMockInjectedClass extends Class {
* Mockito will call only one of them, but which one is dependent on the JVM...
*/
Constructor getAMostMockableConstructor() {
result = getAConstructor() and
mockableParameterCount(result) = max(mockableParameterCount(getAConstructor())) and
result = this.getAConstructor() and
mockableParameterCount(result) = max(mockableParameterCount(this.getAConstructor())) and
result.getNumberOfParameters() > 0
}
@@ -331,7 +333,7 @@ library class MockitoMockInjectedClass extends Class {
* it sets.
*/
Method getASetterMethod() {
result = getAMethod() and
result = this.getAMethod() and
exists(MockitoSettableField settableField | result = settableField.getSetterMethod())
}
@@ -342,7 +344,7 @@ library class MockitoMockInjectedClass extends Class {
* setter method.
*/
MockitoSettableField getASetField() {
result = getAField() and
result = this.getAField() and
not exists(result.getSetterMethod())
}
}
@@ -353,8 +355,8 @@ library class MockitoMockInjectedClass extends Class {
*/
class MockitoSettableField extends Field {
MockitoSettableField() {
not isFinal() and
not isStatic() and
not this.isFinal() and
not this.isStatic() and
exists(MockitoMockInjectedClass injectedClass | injectedClass = this.getDeclaringType())
}

20
java/ql/lib/semmle/code/java/frameworks/Networking.qll
View File

@@ -6,39 +6,39 @@ import semmle.code.java.Type
/** The type `java.net.URLConnection`. */
class TypeUrlConnection extends RefType {
TypeUrlConnection() { hasQualifiedName("java.net", "URLConnection") }
TypeUrlConnection() { this.hasQualifiedName("java.net", "URLConnection") }
}
/** The type `java.net.Socket`. */
class TypeSocket extends RefType {
TypeSocket() { hasQualifiedName("java.net", "Socket") }
TypeSocket() { this.hasQualifiedName("java.net", "Socket") }
}
/** The type `java.net.URL`. */
class TypeUrl extends RefType {
TypeUrl() { hasQualifiedName("java.net", "URL") }
TypeUrl() { this.hasQualifiedName("java.net", "URL") }
}
/** The type `java.net.URI`. */
class TypeUri extends RefType {
TypeUri() { hasQualifiedName("java.net", "URI") }
TypeUri() { this.hasQualifiedName("java.net", "URI") }
}
/** The method `java.net.URLConnection::getInputStream`. */
class URLConnectionGetInputStreamMethod extends Method {
URLConnectionGetInputStreamMethod() {
getDeclaringType() instanceof TypeUrlConnection and
hasName("getInputStream") and
hasNoParameters()
this.getDeclaringType() instanceof TypeUrlConnection and
this.hasName("getInputStream") and
this.hasNoParameters()
}
}
/** The method `java.net.Socket::getInputStream`. */
class SocketGetInputStreamMethod extends Method {
SocketGetInputStreamMethod() {
getDeclaringType() instanceof TypeSocket and
hasName("getInputStream") and
hasNoParameters()
this.getDeclaringType() instanceof TypeSocket and
this.hasName("getInputStream") and
this.hasNoParameters()
}
}

2
java/ql/lib/semmle/code/java/frameworks/Protobuf.qll
View File

@@ -30,7 +30,7 @@ class ProtobufMessageLite extends Interface {
* Gets a static method named `parseFrom` (or similar) declared on a subtype of the `MessageLite` interface.
*/
Method getAParseFromMethod() {
result = getASubtype+().getAMethod() and
result = this.getASubtype+().getAMethod() and
result.getName().matches("parse%From") and
result.isStatic()
}

8
java/ql/lib/semmle/code/java/frameworks/SnakeYaml.qll
View File

@@ -37,14 +37,14 @@ private class SafeYamlConstructionFlowConfig extends DataFlow2::Configuration {
src.asExpr() instanceof SafeSnakeYamlConstruction
}
override predicate isSink(DataFlow::Node sink) { sink = yamlClassInstanceExprArgument(_) }
override predicate isSink(DataFlow::Node sink) { sink = this.yamlClassInstanceExprArgument(_) }
private DataFlow::ExprNode yamlClassInstanceExprArgument(ClassInstanceExpr cie) {
cie.getConstructedType() instanceof Yaml and
result.getExpr() = cie.getArgument(0)
}
ClassInstanceExpr getSafeYaml() { hasFlowTo(yamlClassInstanceExprArgument(result)) }
ClassInstanceExpr getSafeYaml() { this.hasFlowTo(this.yamlClassInstanceExprArgument(result)) }
}
/**
@@ -70,13 +70,13 @@ private class SafeYamlFlowConfig extends DataFlow3::Configuration {
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeYaml }
override predicate isSink(DataFlow::Node sink) { sink = yamlParseQualifier(_) }
override predicate isSink(DataFlow::Node sink) { sink = this.yamlParseQualifier(_) }
private DataFlow::ExprNode yamlParseQualifier(SnakeYamlParse syp) {
result.getExpr() = syp.getQualifier()
}
SnakeYamlParse getASafeSnakeYamlParse() { hasFlowTo(yamlParseQualifier(result)) }
SnakeYamlParse getASafeSnakeYamlParse() { this.hasFlowTo(this.yamlParseQualifier(result)) }
}
/**

48
java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll
View File

@@ -77,8 +77,8 @@ class TypeLdapOperations extends Interface {
*/
class MethodSpringLdapTemplateAuthenticate extends Method {
MethodSpringLdapTemplateAuthenticate() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("authenticate")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("authenticate")
}
}
@@ -88,8 +88,8 @@ class MethodSpringLdapTemplateAuthenticate extends Method {
*/
class MethodSpringLdapTemplateFind extends Method {
MethodSpringLdapTemplateFind() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("find")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("find")
}
}
@@ -99,8 +99,8 @@ class MethodSpringLdapTemplateFind extends Method {
*/
class MethodSpringLdapTemplateFindOne extends Method {
MethodSpringLdapTemplateFindOne() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("findOne")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("findOne")
}
}
@@ -110,8 +110,8 @@ class MethodSpringLdapTemplateFindOne extends Method {
*/
class MethodSpringLdapTemplateSearch extends Method {
MethodSpringLdapTemplateSearch() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("search")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("search")
}
}
@@ -121,8 +121,8 @@ class MethodSpringLdapTemplateSearch extends Method {
*/
class MethodSpringLdapTemplateSearchForContext extends Method {
MethodSpringLdapTemplateSearchForContext() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("searchForContext")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("searchForContext")
}
}
@@ -132,8 +132,8 @@ class MethodSpringLdapTemplateSearchForContext extends Method {
*/
class MethodSpringLdapTemplateSearchForObject extends Method {
MethodSpringLdapTemplateSearchForObject() {
getDeclaringType() instanceof TypeSpringLdapTemplate and
hasName("searchForObject")
this.getDeclaringType() instanceof TypeSpringLdapTemplate and
this.hasName("searchForObject")
}
}
@@ -143,8 +143,8 @@ class MethodSpringLdapTemplateSearchForObject extends Method {
*/
class MethodSpringLdapQueryBuilderFilter extends Method {
MethodSpringLdapQueryBuilderFilter() {
getDeclaringType() instanceof TypeSpringLdapQueryBuilder and
hasName("filter")
this.getDeclaringType() instanceof TypeSpringLdapQueryBuilder and
this.hasName("filter")
}
}
@@ -154,8 +154,8 @@ class MethodSpringLdapQueryBuilderFilter extends Method {
*/
class MethodSpringLdapQueryBuilderBase extends Method {
MethodSpringLdapQueryBuilderBase() {
getDeclaringType() instanceof TypeSpringLdapQueryBuilder and
hasName("base")
this.getDeclaringType() instanceof TypeSpringLdapQueryBuilder and
this.hasName("base")
}
}
@@ -165,8 +165,8 @@ class MethodSpringLdapQueryBuilderBase extends Method {
*/
class MethodSpringLdapNameBuilderNewInstance extends Method {
MethodSpringLdapNameBuilderNewInstance() {
getDeclaringType() instanceof TypeSpringLdapNameBuilder and
hasName("newInstance")
this.getDeclaringType() instanceof TypeSpringLdapNameBuilder and
this.hasName("newInstance")
}
}
@@ -176,8 +176,8 @@ class MethodSpringLdapNameBuilderNewInstance extends Method {
*/
class MethodSpringLdapNameBuilderAdd extends Method {
MethodSpringLdapNameBuilderAdd() {
getDeclaringType() instanceof TypeSpringLdapNameBuilder and
hasName("add")
this.getDeclaringType() instanceof TypeSpringLdapNameBuilder and
this.hasName("add")
}
}
@@ -187,8 +187,8 @@ class MethodSpringLdapNameBuilderAdd extends Method {
*/
class MethodSpringLdapNameBuilderBuild extends Method {
MethodSpringLdapNameBuilderBuild() {
getDeclaringType() instanceof TypeSpringLdapNameBuilder and
hasName("build")
this.getDeclaringType() instanceof TypeSpringLdapNameBuilder and
this.hasName("build")
}
}
@@ -198,7 +198,7 @@ class MethodSpringLdapNameBuilderBuild extends Method {
*/
class MethodSpringLdapUtilsNewLdapName extends Method {
MethodSpringLdapUtilsNewLdapName() {
getDeclaringType() instanceof TypeSpringLdapUtils and
hasName("newLdapName")
this.getDeclaringType() instanceof TypeSpringLdapUtils and
this.hasName("newLdapName")
}
}

2
java/ql/lib/semmle/code/java/frameworks/Thrift.qll
View File

@@ -27,7 +27,7 @@ class ThriftIface extends Interface {
Method getAnImplementingMethod() {
result.getDeclaringType().(Class).getASupertype+() = this and
result.overrides(getAMethod()) and
result.overrides(this.getAMethod()) and
not result.getFile() = this.getFile()
}
}

40
java/ql/lib/semmle/code/java/frameworks/UnboundId.qll
View File

@@ -35,79 +35,79 @@ class TypeUnboundIdLDAPConnection extends Class {
/** A method with the name `setBaseDN` declared in `com.unboundid.ldap.sdk.SearchRequest`. */
class MethodUnboundIdSearchRequestSetBaseDN extends Method {
MethodUnboundIdSearchRequestSetBaseDN() {
getDeclaringType() instanceof TypeUnboundIdSearchRequest and
hasName("setBaseDN")
this.getDeclaringType() instanceof TypeUnboundIdSearchRequest and
this.hasName("setBaseDN")
}
}
/** A method with the name `setFilter` declared in `com.unboundid.ldap.sdk.SearchRequest`. */
class MethodUnboundIdSearchRequestSetFilter extends Method {
MethodUnboundIdSearchRequestSetFilter() {
getDeclaringType() instanceof TypeUnboundIdSearchRequest and
hasName("setFilter")
this.getDeclaringType() instanceof TypeUnboundIdSearchRequest and
this.hasName("setFilter")
}
}
/** A method with the name `create` declared in `com.unboundid.ldap.sdk.Filter`. */
class MethodUnboundIdFilterCreate extends Method {
MethodUnboundIdFilterCreate() {
getDeclaringType() instanceof TypeUnboundIdLdapFilter and
hasName("create")
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
this.hasName("create")
}
}
/** A method with the name `createANDFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
class MethodUnboundIdFilterCreateANDFilter extends Method {
MethodUnboundIdFilterCreateANDFilter() {
getDeclaringType() instanceof TypeUnboundIdLdapFilter and
hasName("createANDFilter")
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
this.hasName("createANDFilter")
}
}
/** A method with the name `createORFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
class MethodUnboundIdFilterCreateORFilter extends Method {
MethodUnboundIdFilterCreateORFilter() {
getDeclaringType() instanceof TypeUnboundIdLdapFilter and
hasName("createORFilter")
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
this.hasName("createORFilter")
}
}
/** A method with the name `createNOTFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
class MethodUnboundIdFilterCreateNOTFilter extends Method {
MethodUnboundIdFilterCreateNOTFilter() {
getDeclaringType() instanceof TypeUnboundIdLdapFilter and
hasName("createNOTFilter")
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
this.hasName("createNOTFilter")
}
}
/** A method with the name `simplifyFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
class MethodUnboundIdFilterSimplifyFilter extends Method {
MethodUnboundIdFilterSimplifyFilter() {
getDeclaringType() instanceof TypeUnboundIdLdapFilter and
hasName("simplifyFilter")
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
this.hasName("simplifyFilter")
}
}
/** A method with the name `search` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionSearch extends Method {
MethodUnboundIdLDAPConnectionSearch() {
getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
hasName("search")
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
this.hasName("search")
}
}
/** A method with the name `asyncSearch` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionAsyncSearch extends Method {
MethodUnboundIdLDAPConnectionAsyncSearch() {
getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
hasName("asyncSearch")
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
this.hasName("asyncSearch")
}
}
/** A method with the name `searchForEntry` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionSearchForEntry extends Method {
MethodUnboundIdLDAPConnectionSearchForEntry() {
getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
hasName("searchForEntry")
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
this.hasName("searchForEntry")
}
}

14
java/ql/lib/semmle/code/java/frameworks/android/Android.qll
View File

@@ -37,10 +37,12 @@ class AndroidComponent extends Class {
}
/** Holds if this Android component is configured as `exported` in an `AndroidManifest.xml` file. */
predicate isExported() { getAndroidComponentXmlElement().isExported() }
predicate isExported() { this.getAndroidComponentXmlElement().isExported() }
/** Holds if this Android component has an intent filter configured in an `AndroidManifest.xml` file. */
predicate hasIntentFilter() { exists(getAndroidComponentXmlElement().getAnIntentFilterElement()) }
predicate hasIntentFilter() {
exists(this.getAndroidComponentXmlElement().getAnIntentFilterElement())
}
}
/**
@@ -53,10 +55,10 @@ class ExportableAndroidComponent extends AndroidComponent {
* `AndroidManifest.xml` file.
*/
override predicate isExported() {
getAndroidComponentXmlElement().isExported()
this.getAndroidComponentXmlElement().isExported()
or
hasIntentFilter() and
not getAndroidComponentXmlElement().isNotExported()
this.hasIntentFilter() and
not this.getAndroidComponentXmlElement().isNotExported()
}
}
@@ -88,7 +90,7 @@ class AndroidContentProvider extends ExportableAndroidComponent {
* in an `AndroidManifest.xml` file.
*/
predicate requiresPermissions() {
getAndroidComponentXmlElement().(AndroidProviderXmlElement).requiresPermissions()
this.getAndroidComponentXmlElement().(AndroidProviderXmlElement).requiresPermissions()
}
}

22
java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
View File

@@ -7,35 +7,37 @@ import semmle.code.java.dataflow.ExternalFlow
* The class `android.content.Intent`.
*/
class TypeIntent extends Class {
TypeIntent() { hasQualifiedName("android.content", "Intent") }
TypeIntent() { this.hasQualifiedName("android.content", "Intent") }
}
/**
* The class `android.app.Activity`.
*/
class TypeActivity extends Class {
TypeActivity() { hasQualifiedName("android.app", "Activity") }
TypeActivity() { this.hasQualifiedName("android.app", "Activity") }
}
/**
* The class `android.content.Context`.
*/
class TypeContext extends RefType {
TypeContext() { hasQualifiedName("android.content", "Context") }
TypeContext() { this.hasQualifiedName("android.content", "Context") }
}
/**
* The class `android.content.BroadcastReceiver`.
*/
class TypeBroadcastReceiver extends Class {
TypeBroadcastReceiver() { hasQualifiedName("android.content", "BroadcastReceiver") }
TypeBroadcastReceiver() { this.hasQualifiedName("android.content", "BroadcastReceiver") }
}
/**
* The method `Activity.getIntent`
*/
class AndroidGetIntentMethod extends Method {
AndroidGetIntentMethod() { hasName("getIntent") and getDeclaringType() instanceof TypeActivity }
AndroidGetIntentMethod() {
this.hasName("getIntent") and this.getDeclaringType() instanceof TypeActivity
}
}
/**
@@ -43,7 +45,7 @@ class AndroidGetIntentMethod extends Method {
*/
class AndroidReceiveIntentMethod extends Method {
AndroidReceiveIntentMethod() {
hasName("onReceive") and getDeclaringType() instanceof TypeBroadcastReceiver
this.hasName("onReceive") and this.getDeclaringType() instanceof TypeBroadcastReceiver
}
}
@@ -52,8 +54,8 @@ class AndroidReceiveIntentMethod extends Method {
*/
class ContextStartActivityMethod extends Method {
ContextStartActivityMethod() {
(hasName("startActivity") or hasName("startActivities")) and
getDeclaringType() instanceof TypeContext
(this.hasName("startActivity") or this.hasName("startActivities")) and
this.getDeclaringType() instanceof TypeContext
}
}
@@ -70,8 +72,8 @@ private class IntentFieldsInheritTaint extends DataFlow::SyntheticFieldContent,
*/
class IntentGetParcelableExtraMethod extends Method {
IntentGetParcelableExtraMethod() {
hasName("getParcelableExtra") and
getDeclaringType() instanceof TypeIntent
this.hasName("getParcelableExtra") and
this.getDeclaringType() instanceof TypeIntent
}
}

6
java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
View File

@@ -1,15 +1,15 @@
import java
class TypeWebView extends Class {
TypeWebView() { hasQualifiedName("android.webkit", "WebView") }
TypeWebView() { this.hasQualifiedName("android.webkit", "WebView") }
}
class TypeWebViewClient extends Class {
TypeWebViewClient() { hasQualifiedName("android.webkit", "WebViewClient") }
TypeWebViewClient() { this.hasQualifiedName("android.webkit", "WebViewClient") }
}
class TypeWebSettings extends Class {
TypeWebSettings() { hasQualifiedName("android.webkit", "WebSettings") }
TypeWebSettings() { this.hasQualifiedName("android.webkit", "WebSettings") }
}
class WebViewGetSettingsMethod extends Method {

4
java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
View File

@@ -25,14 +25,14 @@ private class TypeLiteralToParseAsFlowConfiguration extends DataFlowForSerializa
)
}
TypeLiteral getSourceWithFlowToParseAs() { hasFlow(DataFlow::exprNode(result), _) }
TypeLiteral getSourceWithFlowToParseAs() { this.hasFlow(DataFlow::exprNode(result), _) }
}
/** A field that is deserialized by `HttpResponse.parseAs`. */
class HttpResponseParseAsDeserializableField extends DeserializableField {
HttpResponseParseAsDeserializableField() {
exists(RefType decltype, TypeLiteralToParseAsFlowConfiguration conf |
decltype = getDeclaringType() and
decltype = this.getDeclaringType() and
conf.getSourceWithFlowToParseAs().getReferencedType() = decltype and
decltype.fromSource()
)

4
java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll
View File

@@ -38,7 +38,7 @@ class GwtEntryPointClass extends Class {
isGwtXmlIncluded()
implies
// The entry point is live if it is specified in a `*.gwt.xml` file.
exists(getAGwtXmlFile())
exists(this.getAGwtXmlFile())
}
}
@@ -48,7 +48,7 @@ class GwtEntryPointClass extends Class {
*/
class GwtCompilationUnit extends CompilationUnit {
GwtCompilationUnit() {
exists(GwtXmlFile f | getRelativePath().matches(f.getARelativeSourcePath() + "%"))
exists(GwtXmlFile f | this.getRelativePath().matches(f.getARelativeSourcePath() + "%"))
}
}

33
java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinder.qll
View File

@@ -12,57 +12,62 @@ import GwtUiBinderXml
* An annotation in the package `com.google.gwt.uibinder.client`.
*/
class GwtUiBinderClientAnnotation extends Annotation {
GwtUiBinderClientAnnotation() { getType().getPackage().hasName("com.google.gwt.uibinder.client") }
GwtUiBinderClientAnnotation() {
this.getType().getPackage().hasName("com.google.gwt.uibinder.client")
}
}
/**
* A `@com.google.gwt.uibinder.client.UiHandler` annotation.
*/
class GwtUiHandlerAnnotation extends GwtUiBinderClientAnnotation {
GwtUiHandlerAnnotation() { getType().hasName("UiHandler") }
GwtUiHandlerAnnotation() { this.getType().hasName("UiHandler") }
}
/**
* A `@com.google.gwt.uibinder.client.UiField` annotation.
*/
class GwtUiFieldAnnotation extends GwtUiBinderClientAnnotation {
GwtUiFieldAnnotation() { getType().hasName("UiField") }
GwtUiFieldAnnotation() { this.getType().hasName("UiField") }
}
/**
* A `@com.google.gwt.uibinder.client.UiTemplate` annotation.
*/
class GwtUiTemplateAnnotation extends GwtUiBinderClientAnnotation {
GwtUiTemplateAnnotation() { getType().hasName("UiTemplate") }
GwtUiTemplateAnnotation() { this.getType().hasName("UiTemplate") }
}
/**
* A `@com.google.gwt.uibinder.client.UiFactory` annotation.
*/
class GwtUiFactoryAnnotation extends GwtUiBinderClientAnnotation {
GwtUiFactoryAnnotation() { getType().hasName("UiFactory") }
GwtUiFactoryAnnotation() { this.getType().hasName("UiFactory") }
}
/**
* A `@com.google.gwt.uibinder.client.UiConstructor` annotation.
*/
class GwtUiConstructorAnnotation extends GwtUiBinderClientAnnotation {
GwtUiConstructorAnnotation() { getType().hasName("UiConstructor") }
GwtUiConstructorAnnotation() { this.getType().hasName("UiConstructor") }
}
/**
* A field that is reflectively written to, and read from, by the GWT UiBinder framework.
*/
class GwtUiField extends Field {
GwtUiField() { getAnAnnotation() instanceof GwtUiFieldAnnotation }
GwtUiField() { this.getAnAnnotation() instanceof GwtUiFieldAnnotation }
/**
* If true, the field must be filled before `UiBinder.createAndBindUi` is called.
* If false, `UiBinder.createAndBindUi` will fill the field.
*/
predicate isProvided() {
getAnAnnotation().(GwtUiFieldAnnotation).getValue("provided").(BooleanLiteral).getBooleanValue() =
true
this.getAnAnnotation()
.(GwtUiFieldAnnotation)
.getValue("provided")
.(BooleanLiteral)
.getBooleanValue() = true
}
}
@@ -70,14 +75,14 @@ class GwtUiField extends Field {
* A method called as a handler for events thrown by GWT widgets.
*/
class GwtUiHandler extends Method {
GwtUiHandler() { getAnAnnotation() instanceof GwtUiHandlerAnnotation }
GwtUiHandler() { this.getAnAnnotation() instanceof GwtUiHandlerAnnotation }
/**
* Gets the name of the field for which this handler is registered.
*/
string getFieldName() {
result =
getAnAnnotation()
this.getAnAnnotation()
.(GwtUiHandlerAnnotation)
.getValue("value")
.(CompileTimeConstantExpr)
@@ -89,7 +94,7 @@ class GwtUiHandler extends Method {
*/
GwtUiField getField() {
result = this.getDeclaringType().getAField() and
result.getName() = getFieldName()
result.getName() = this.getFieldName()
}
}
@@ -98,12 +103,12 @@ class GwtUiHandler extends Method {
* construct an instance of a class specified in a UiBinder XML file.
*/
class GwtUiFactory extends Method {
GwtUiFactory() { getAnAnnotation() instanceof GwtUiFactoryAnnotation }
GwtUiFactory() { this.getAnAnnotation() instanceof GwtUiFactoryAnnotation }
}
/**
* A constructor that may be called by the UiBinder framework as a result of a `GWT.create()` call.
*/
class GwtUiConstructor extends Constructor {
GwtUiConstructor() { getAnAnnotation() instanceof GwtUiConstructorAnnotation }
GwtUiConstructor() { this.getAnAnnotation() instanceof GwtUiConstructorAnnotation }
}

4
java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll
View File

@@ -36,8 +36,8 @@ class GwtComponentTemplateElement extends XMLElement {
*/
Class getClass() {
exists(string namespace |
namespace = getNamespace().getURI() and
result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + getName()
namespace = this.getNamespace().getURI() and
result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + this.getName()
)
}
}

28
java/ql/lib/semmle/code/java/frameworks/gwt/GwtXml.qll
View File

@@ -16,24 +16,24 @@ class GwtXmlFile extends XMLFile {
/** Gets the name of an inherited GWT module, for example `com.google.gwt.user.User`. */
string getAnInheritedModuleName() {
result = getModuleElement().getAnInheritsElement().getAnInheritedName()
result = this.getModuleElement().getAnInheritsElement().getAnInheritedName()
}
/** Gets a GWT module XML file (from source) inherited from this module. */
GwtXmlFile getAnInheritedXmlFile() {
exists(GwtXmlFile f, string name |
name = getAnInheritedModuleName() and
name = this.getAnInheritedModuleName() and
f.getAbsolutePath().matches("%/" + name.replaceAll(".", "/") + ".gwt.xml") and
result = f
)
}
/** Gets the relative path of the folder containing this GWT module XML file. */
string getRelativeRootFolderPath() { result = getParentContainer().getRelativePath() }
string getRelativeRootFolderPath() { result = this.getParentContainer().getRelativePath() }
/** Gets a GWT-translatable source sub-folder explicitly defined in a `<source>` element. */
string getAnExplicitSourceSubPath() {
result = getModuleElement().getASourceElement().getASourcePath()
result = this.getModuleElement().getASourceElement().getASourcePath()
}
/**
@@ -41,9 +41,9 @@ class GwtXmlFile extends XMLFile {
* Either the default `client` folder or as specified by `<source>` tags.
*/
string getASourceSubPath() {
result = "client" and not exists(getAnExplicitSourceSubPath())
result = "client" and not exists(this.getAnExplicitSourceSubPath())
or
result = getAnExplicitSourceSubPath()
result = this.getAnExplicitSourceSubPath()
}
/**
@@ -52,7 +52,7 @@ class GwtXmlFile extends XMLFile {
* (Includes the full relative root folder path of the GWT module.)
*/
string getARelativeSourcePath() {
result = getRelativeRootFolderPath() + "/" + getASourceSubPath()
result = this.getRelativeRootFolderPath() + "/" + this.getASourceSubPath()
}
}
@@ -81,7 +81,7 @@ class GwtInheritsElement extends XMLElement {
}
/** Gets the name of an inherited GWT module, for example `com.google.gwt.user.User`. */
string getAnInheritedName() { result = getAttribute("name").getValue() }
string getAnInheritedName() { result = this.getAttribute("name").getValue() }
}
/** An `<entry-point>` element within a GWT module XML file. */
@@ -92,7 +92,7 @@ class GwtEntryPointElement extends XMLElement {
}
/** Gets the name of a class that serves as a GWT entry-point. */
string getClassName() { result = getAttribute("class").getValue().trim() }
string getClassName() { result = this.getAttribute("class").getValue().trim() }
}
/** A `<source>` element within a GWT module XML file. */
@@ -104,11 +104,11 @@ class GwtSourceElement extends XMLElement {
/** Gets a path specified to be GWT translatable source code. */
string getASourcePath() {
result = getAttribute("path").getValue() and
result = this.getAttribute("path").getValue() and
// Conservative approximation, ignoring Ant-style `FileSet` semantics.
not exists(getAChild()) and
not exists(getAttribute("includes")) and
not exists(getAttribute("excludes"))
not exists(this.getAChild()) and
not exists(this.getAttribute("includes")) and
not exists(this.getAttribute("excludes"))
}
}
@@ -120,5 +120,5 @@ class GwtServletElement extends XMLElement {
}
/** Gets the name of a class that is used as a servlet. */
string getClassName() { result = getAttribute("class").getValue().trim() }
string getClassName() { result = this.getAttribute("class").getValue().trim() }
}

8
java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll
View File

@@ -10,9 +10,9 @@ import java
class OCNIComment extends Javadoc {
OCNIComment() {
// The comment must start with `-[` ...
getChild(0).getText().matches("-[%") and
this.getChild(0).getText().matches("-[%") and
// ... and it must end with `]-`.
getChild(getNumChild() - 1).getText().matches("%]-")
this.getChild(this.getNumChild() - 1).getText().matches("%]-")
}
}
@@ -42,9 +42,9 @@ class OCNIMethodComment extends OCNIComment {
*/
class OCNIImport extends OCNIComment {
OCNIImport() {
getAChild().getText().regexpMatch(".*#(import|include).*") and
this.getAChild().getText().regexpMatch(".*#(import|include).*") and
not exists(RefType rt | rt.getFile() = this.getFile() |
rt.getLocation().getStartLine() < getLocation().getStartLine()
rt.getLocation().getStartLine() < this.getLocation().getStartLine()
)
}
}

46
java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
View File

@@ -32,21 +32,21 @@ abstract class JacksonSerializableType extends Type { }
private class JacksonWriteValueMethod extends Method, TaintPreservingCallable {
JacksonWriteValueMethod() {
(
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectWriter") or
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
this.getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectWriter") or
this.getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
) and
getName().matches("writeValue%") and
getParameter(getNumberOfParameters() - 1).getType() instanceof TypeObject
this.getName().matches("writeValue%") and
this.getParameter(this.getNumberOfParameters() - 1).getType() instanceof TypeObject
}
override predicate returnsTaintFrom(int arg) {
getNumberOfParameters() = 1 and
this.getNumberOfParameters() = 1 and
arg = 0
}
override predicate transfersTaint(int src, int sink) {
getNumberOfParameters() > 1 and
src = getNumberOfParameters() - 1 and
this.getNumberOfParameters() > 1 and
src = this.getNumberOfParameters() - 1 and
sink = 0
}
}
@@ -58,10 +58,10 @@ private class JacksonWriteValueMethod extends Method, TaintPreservingCallable {
private class JacksonReadValueMethod extends Method, TaintPreservingCallable {
JacksonReadValueMethod() {
(
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") or
getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
this.getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectReader") or
this.getDeclaringType().hasQualifiedName("com.fasterxml.jackson.databind", "ObjectMapper")
) and
hasName(["readValue", "readValues"])
this.hasName(["readValue", "readValues"])
}
override predicate returnsTaintFrom(int arg) { arg = 0 }
@@ -109,7 +109,7 @@ private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlowForS
)
}
TypeLiteral getSourceWithFlowToJacksonDatabind() { hasFlow(DataFlow::exprNode(result), _) }
TypeLiteral getSourceWithFlowToJacksonDatabind() { this.hasFlow(DataFlow::exprNode(result), _) }
}
/** A type whose values are explicitly deserialized in a call to a Jackson method. */
@@ -139,7 +139,7 @@ private class FieldReferencedJacksonDeserializableType extends JacksonDeserializ
class JacksonSerializableField extends SerializableField {
JacksonSerializableField() {
exists(JacksonSerializableType superType |
superType = getDeclaringType().getASupertype*() and
superType = this.getDeclaringType().getASupertype*() and
not superType instanceof TypeObject and
superType.fromSource()
) and
@@ -151,7 +151,7 @@ class JacksonSerializableField extends SerializableField {
class JacksonDeserializableField extends DeserializableField {
JacksonDeserializableField() {
exists(JacksonDeserializableType superType |
superType = getDeclaringType().getASupertype*() and
superType = this.getDeclaringType().getASupertype*() and
not superType instanceof TypeObject and
superType.fromSource()
) and
@@ -161,7 +161,7 @@ class JacksonDeserializableField extends DeserializableField {
/** A call to a field that may be deserialized using the Jackson JSON framework. */
private class JacksonDeserializableFieldAccess extends FieldAccess {
JacksonDeserializableFieldAccess() { getField() instanceof JacksonDeserializableField }
JacksonDeserializableFieldAccess() { this.getField() instanceof JacksonDeserializableField }
}
/**
@@ -194,19 +194,19 @@ class JacksonAddMixinCall extends MethodAccess {
/**
* Gets a possible type for the target of the mixing, if any can be deduced.
*/
RefType getATarget() { result = inferClassParameterType(getArgument(0)) }
RefType getATarget() { result = inferClassParameterType(this.getArgument(0)) }
/**
* Gets a possible type that will be mixed in, if any can be deduced.
*/
RefType getAMixedInType() { result = inferClassParameterType(getArgument(1)) }
RefType getAMixedInType() { result = inferClassParameterType(this.getArgument(1)) }
}
/**
* A Jackson annotation.
*/
class JacksonAnnotation extends Annotation {
JacksonAnnotation() { getType().getPackage().hasName("com.fasterxml.jackson.annotation") }
JacksonAnnotation() { this.getType().getPackage().hasName("com.fasterxml.jackson.annotation") }
}
/**
@@ -228,7 +228,7 @@ class JacksonMixinType extends ClassOrInterface {
* Gets a callable from this type that is mixed in by Jackson.
*/
Callable getAMixedInCallable() {
result = getACallable() and
result = this.getACallable() and
(
result.(Constructor).isDefaultConstructor() or
result.getAnAnnotation() instanceof JacksonAnnotation or
@@ -240,7 +240,7 @@ class JacksonMixinType extends ClassOrInterface {
* Gets a field that is mixed in by Jackson.
*/
Field getAMixedInField() {
result = getAField() and
result = this.getAField() and
result.getAnAnnotation() instanceof JacksonAnnotation
}
}
@@ -264,17 +264,17 @@ class JacksonMixedInCallable extends Callable {
* Gets a callable on a possible target that this is mixed into.
*/
Callable getATargetCallable() {
exists(RefType targetType | targetType = getATargetType() |
result = getATargetType().getACallable() and
exists(RefType targetType | targetType = this.getATargetType() |
result = this.getATargetType().getACallable() and
if this instanceof Constructor
then
// The mixed in type will have a different name to the target type, so just compare the
// parameters.
result.getSignature().suffix(targetType.getName().length()) =
getSignature().suffix(getDeclaringType().getName().length())
this.getSignature().suffix(this.getDeclaringType().getName().length())
else
// Signatures should match
result.getSignature() = getSignature()
result.getSignature() = this.getSignature()
)
}
}

12
java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
View File

@@ -10,8 +10,8 @@ import java
*/
class PersistentEntity extends RefType {
PersistentEntity() {
getAnAnnotation() instanceof EntityAnnotation or
getAnAnnotation() instanceof EmbeddableAnnotation
this.getAnAnnotation() instanceof EntityAnnotation or
this.getAnAnnotation() instanceof EmbeddableAnnotation
}
/**
@@ -22,12 +22,12 @@ class PersistentEntity extends RefType {
* instead.
*/
string getAccessType() {
if exists(getAccessTypeFromAnnotation())
then result = getAccessTypeFromAnnotation()
if exists(this.getAccessTypeFromAnnotation())
then result = this.getAccessTypeFromAnnotation()
else
// If the access type is not explicit, then the location of the `Id` annotation determines
// which access type is used.
if getAMethod().hasAnnotation("javax.persistence", "Id")
if this.getAMethod().hasAnnotation("javax.persistence", "Id")
then result = "property"
else result = "field"
}
@@ -36,7 +36,7 @@ class PersistentEntity extends RefType {
* Gets the access type for this entity as defined by a `@javax.persistence.Access` annotation, if any.
*/
string getAccessTypeFromAnnotation() {
exists(AccessAnnotation accessType | accessType = getAnAnnotation() |
exists(AccessAnnotation accessType | accessType = this.getAnAnnotation() |
result =
accessType.getValue("value").(FieldRead).getField().(EnumConstant).getName().toLowerCase()
)

4
java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll
View File

@@ -100,7 +100,7 @@ class PersistencePropertyElement extends XMLElement {
* disables the EclipseLink shared cache.
*/
predicate disablesEclipseLinkSharedCache() {
getAttribute("name").getValue() = "eclipselink.cache.shared.default" and
getAttribute("value").getValue() = "false"
this.getAttribute("name").getValue() = "eclipselink.cache.shared.default" and
this.getAttribute("value").getValue() = "false"
}
}

30
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
View File

@@ -8,7 +8,7 @@ import EJBJarXML
*/
abstract class EJB extends Class {
/** Gets a `Callable` that is directly or indirectly called from within the EJB. */
Callable getAUsedCallable() { getACallable().polyCalls*(result) }
Callable getAUsedCallable() { this.getACallable().polyCalls*(result) }
}
/**
@@ -33,16 +33,16 @@ class SessionEJB extends EJB {
// Either the EJB does not declare any business interfaces explicitly
// and implements a single interface candidate,
// which is then considered to be the business interface...
count(getAnExplicitBusinessInterface()) = 0 and
count(getAnImplementedBusinessInterfaceCandidate()) = 1 and
result = getAnImplementedBusinessInterfaceCandidate()
count(this.getAnExplicitBusinessInterface()) = 0 and
count(this.getAnImplementedBusinessInterfaceCandidate()) = 1 and
result = this.getAnImplementedBusinessInterfaceCandidate()
or
// ...or each business interface needs to be declared explicitly.
(
count(getAnImplementedBusinessInterfaceCandidate()) != 1 or
count(getAnExplicitBusinessInterface()) != 0
count(this.getAnImplementedBusinessInterfaceCandidate()) != 1 or
count(this.getAnExplicitBusinessInterface()) != 0
) and
result = getAnExplicitBusinessInterface()
result = this.getAnExplicitBusinessInterface()
}
/**
@@ -198,7 +198,7 @@ abstract class EjbInterfaceAnnotation extends Annotation {
// Returns the type `Foo` of any type literal `Foo.class` occurring
// within the "value" element of this annotation.
// Uses `getAChildExpr*()` since the "value" element can have type `Class` or `Class[]`.
exists(TypeLiteral tl | tl = getValue("value").getAChildExpr*() |
exists(TypeLiteral tl | tl = this.getValue("value").getAChildExpr*() |
result = tl.getReferencedType()
)
}
@@ -447,7 +447,7 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
SessionEJB getAnEJB() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
/** Gets a remote interface associated with this legacy remote home interface. */
Interface getAnAssociatedRemoteInterface() { result = getACreateMethod().getReturnType() }
Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() }
}
/** A legacy remote home interface specified within an XML deployment descriptor. */
@@ -511,7 +511,7 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
SessionEJB getAnEJB() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
/** Gets a local interface associated with this legacy local home interface. */
Interface getAnAssociatedLocalInterface() { result = getACreateMethod().getReturnType() }
Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() }
}
/** A legacy local home interface specified within an XML deployment descriptor. */
@@ -562,8 +562,8 @@ class RemoteInterface extends Interface {
/** Gets a remote method implementation for this remote interface. */
Method getARemoteMethodImplementation() {
result = getARemoteMethodImplementationChecked() or
result = getARemoteMethodImplementationUnchecked()
result = this.getARemoteMethodImplementationChecked() or
result = this.getARemoteMethodImplementationUnchecked()
}
/**
@@ -572,7 +572,7 @@ class RemoteInterface extends Interface {
* abstract methods or overriding within an interface hierarchy.
*/
Method getARemoteMethodImplementationChecked() {
result.overrides(getARemoteMethod()) and
result.overrides(this.getARemoteMethod()) and
exists(result.getBody())
}
@@ -586,9 +586,9 @@ class RemoteInterface extends Interface {
*/
Method getARemoteMethodImplementationUnchecked() {
exists(SessionEJB ejb, Method rm |
ejb = getAnEJB() and
ejb = this.getAnEJB() and
not ejb.getASupertype*() = this and
rm = getARemoteMethod() and
rm = this.getARemoteMethod() and
result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and
not exists(inheritsMatchingMethodExceptThrows(ejb, rm))
) and

8
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll
View File

@@ -114,8 +114,8 @@ class EjbJarSessionElement extends EjbJarBeanTypeElement {
* This is either a `business-local` or `business-remote` element.
*/
XMLElement getABusinessElement() {
result = getABusinessLocalElement() or
result = getABusinessRemoteElement()
result = this.getABusinessLocalElement() or
result = this.getABusinessRemoteElement()
}
/** Gets a `remote` child XML element of this `session` XML element. */
@@ -153,7 +153,7 @@ class EjbJarSessionElement extends EjbJarBeanTypeElement {
* XML element nested within this `session` XML element.
*/
XMLElement getACreateMethodNameElement() {
result = getAnInitMethodElement().getACreateMethodElement().getAMethodNameElement()
result = this.getAnInitMethodElement().getACreateMethodElement().getAMethodNameElement()
}
/**
@@ -161,7 +161,7 @@ class EjbJarSessionElement extends EjbJarBeanTypeElement {
* XML element nested within this `session` XML element.
*/
XMLElement getABeanMethodNameElement() {
result = getAnInitMethodElement().getABeanMethodElement().getAMethodNameElement()
result = this.getAnInitMethodElement().getABeanMethodElement().getAMethodNameElement()
}
}

18
java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll
View File

@@ -25,14 +25,14 @@ class FacesConfigXMLElement extends XMLElement {
/**
* Gets the value for this element, with leading and trailing whitespace trimmed.
*/
string getValue() { result = allCharactersString().trim() }
string getValue() { result = this.allCharactersString().trim() }
}
/**
* An element in a JSF config file that declares a managed bean.
*/
class FacesConfigManagedBean extends FacesConfigXMLElement {
FacesConfigManagedBean() { getName() = "managed-bean" }
FacesConfigManagedBean() { this.getName() = "managed-bean" }
}
/**
@@ -40,21 +40,21 @@ class FacesConfigManagedBean extends FacesConfigXMLElement {
*/
class FacesConfigManagedBeanClass extends FacesConfigXMLElement {
FacesConfigManagedBeanClass() {
getName() = "managed-bean-class" and
getParent() instanceof FacesConfigManagedBean
this.getName() = "managed-bean-class" and
this.getParent() instanceof FacesConfigManagedBean
}
/**
* Gets the `Class` of the managed bean.
*/
Class getManagedBeanClass() { result.getQualifiedName() = getValue() }
Class getManagedBeanClass() { result.getQualifiedName() = this.getValue() }
}
/**
* An element in a JSF config file that declares a custom component.
*/
class FacesConfigComponent extends FacesConfigXMLElement {
FacesConfigComponent() { getName() = "component" }
FacesConfigComponent() { this.getName() = "component" }
}
/**
@@ -62,12 +62,12 @@ class FacesConfigComponent extends FacesConfigXMLElement {
*/
class FacesConfigComponentClass extends FacesConfigXMLElement {
FacesConfigComponentClass() {
getName() = "component-class" and
getParent() instanceof FacesConfigComponent
this.getName() = "component-class" and
this.getParent() instanceof FacesConfigComponent
}
/**
* Gets the `Class` of the faces component.
*/
Class getFacesComponentClass() { result.getQualifiedName() = getValue() }
Class getFacesComponentClass() { result.getQualifiedName() = this.getValue() }
}

12
java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
View File

@@ -33,9 +33,9 @@ private class ExternalContextSource extends SourceModelCsv {
*/
class FacesGetResponseWriterMethod extends Method {
FacesGetResponseWriterMethod() {
getDeclaringType() instanceof FacesContext and
hasName("getResponseWriter") and
getNumberOfParameters() = 0
this.getDeclaringType() instanceof FacesContext and
this.hasName("getResponseWriter") and
this.getNumberOfParameters() = 0
}
}
@@ -44,9 +44,9 @@ class FacesGetResponseWriterMethod extends Method {
*/
class FacesGetResponseStreamMethod extends Method {
FacesGetResponseStreamMethod() {
getDeclaringType() instanceof FacesContext and
hasName("getResponseStream") and
getNumberOfParameters() = 0
this.getDeclaringType() instanceof FacesContext and
this.hasName("getResponseStream") and
this.getNumberOfParameters() = 0
}
}

4
java/ql/lib/semmle/code/java/frameworks/javase/Http.qll
View File

@@ -6,12 +6,12 @@ import java
/** The interface representing `HttpRequest.Builder`. */
class TypeHttpRequestBuilder extends Interface {
TypeHttpRequestBuilder() { hasQualifiedName("java.net.http", "HttpRequest$Builder") }
TypeHttpRequestBuilder() { this.hasQualifiedName("java.net.http", "HttpRequest$Builder") }
}
/** The interface representing `java.net.http.HttpRequest`. */
class TypeHttpRequest extends Interface {
TypeHttpRequest() { hasQualifiedName("java.net.http", "HttpRequest") }
TypeHttpRequest() { this.hasQualifiedName("java.net.http", "HttpRequest") }
}
/** The `uri` method on `java.net.http.HttpRequest.Builder`. */

2
java/ql/lib/semmle/code/java/frameworks/play/Play.qll
View File

@@ -45,7 +45,7 @@ class PlayAddCsrfTokenAnnotation extends Annotation {
* The type `play.libs.F.Promise<Result>`.
*/
class PlayAsyncResultPromise extends MemberType {
PlayAsyncResultPromise() { hasQualifiedName("play.libs", "F$Promise<Result>") }
PlayAsyncResultPromise() { this.hasQualifiedName("play.libs", "F$Promise<Result>") }
}
/**

104
java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
View File

@@ -24,7 +24,7 @@ predicate hasInjectAnnotation(Annotatable a) {
class SpringComponentConstructor extends Constructor {
SpringComponentConstructor() {
// Must be a live Spring component.
getDeclaringType().(SpringComponent).isLive() and
this.getDeclaringType().(SpringComponent).isLive() and
(
this.getNumberOfParameters() = 0 or
hasInjectAnnotation(this)
@@ -93,8 +93,8 @@ class SpringBeanXMLAutowiredSetterMethod extends Method {
)
) and
// The resulting bean is of the right type.
result.getClass().getAnAncestor() = getParameter(0).getType() and
getNumberOfParameters() = 1 and
result.getClass().getAnAncestor() = this.getParameter(0).getType() and
this.getNumberOfParameters() = 1 and
this.getName().matches("set%")
)
}
@@ -110,7 +110,7 @@ class SpringBeanAutowiredCallable extends Callable {
// Marked as `@Autowired`.
hasInjectAnnotation(this) and
// No autowiring occurs if there are no parameters
getNumberOfParameters() > 0
this.getNumberOfParameters() > 0
}
/**
@@ -118,7 +118,7 @@ class SpringBeanAutowiredCallable extends Callable {
* defined in.
*/
SpringBean getEnclosingSpringBean() {
result = getDeclaringType().(SpringBeanRefType).getSpringBean()
result = this.getDeclaringType().(SpringBeanRefType).getSpringBean()
}
/**
@@ -129,22 +129,24 @@ class SpringBeanAutowiredCallable extends Callable {
/**
* Gets the qualifier annotation for parameter at `pos`, if any.
*/
SpringQualifierAnnotation getQualifier(int pos) { result = getParameter(pos).getAnAnnotation() }
SpringQualifierAnnotation getQualifier(int pos) {
result = this.getParameter(pos).getAnAnnotation()
}
/**
* Gets the qualifier annotation for this method, if any.
*/
SpringQualifierAnnotation getQualifier() { result = getAnAnnotation() }
SpringQualifierAnnotation getQualifier() { result = this.getAnAnnotation() }
/**
* Gets the resource annotation for this method, if any.
*/
SpringResourceAnnotation getResource() { result = getAnAnnotation() }
SpringResourceAnnotation getResource() { result = this.getAnAnnotation() }
/**
* Gets a bean that will be injected into this callable.
*/
SpringBean getAnInjectedBean() { result = getInjectedBean(_) }
SpringBean getAnInjectedBean() { result = this.getInjectedBean(_) }
/**
* Gets the `SpringBean`, if any, that will be injected for the parameter at position `pos`,
@@ -152,24 +154,24 @@ class SpringBeanAutowiredCallable extends Callable {
*/
SpringBean getInjectedBean(int pos) {
// Must be a sub-type of the parameter type
result.getClass().getAnAncestor() = getParameterType(pos) and
result.getClass().getAnAncestor() = this.getParameterType(pos) and
// Now look up bean
if exists(getQualifier(pos))
if exists(this.getQualifier(pos))
then
// Resolved by `@Qualifier("qualifier")` specified on the parameter
result = getQualifier(pos).getSpringBean()
result = this.getQualifier(pos).getSpringBean()
else
if exists(getQualifier()) and getNumberOfParameters() = 1
if exists(this.getQualifier()) and this.getNumberOfParameters() = 1
then
// Resolved by `@Qualifier("qualifier")` on the method
pos = 0 and
result = getQualifier().getSpringBean()
result = this.getQualifier().getSpringBean()
else
if exists(getResource().getNameValue()) and getNumberOfParameters() = 1
if exists(this.getResource().getNameValue()) and this.getNumberOfParameters() = 1
then
// Resolved by looking at the name part of `@Resource(name="qualifier")`
pos = 0 and
result = getResource().getSpringBean()
result = this.getResource().getSpringBean()
else
// Otherwise no restrictions, just by type
any()
@@ -181,24 +183,24 @@ class SpringBeanAutowiredCallable extends Callable {
*/
SpringComponent getInjectedComponent(int pos) {
// Must be a sub-type of the parameter type
result.getAnAncestor() = getParameterType(pos) and
result.getAnAncestor() = this.getParameterType(pos) and
// Now look up bean
if exists(getQualifier(pos))
if exists(this.getQualifier(pos))
then
// Resolved by `@Qualifier("qualifier")` specified on the parameter
result = getQualifier(pos).getSpringComponent()
result = this.getQualifier(pos).getSpringComponent()
else
if exists(getQualifier()) and getNumberOfParameters() = 1
if exists(this.getQualifier()) and this.getNumberOfParameters() = 1
then
// Resolved by `@Qualifier("qualifier")` on the method
pos = 0 and
result = getQualifier().getSpringComponent()
result = this.getQualifier().getSpringComponent()
else
if exists(getResource().getNameValue()) and getNumberOfParameters() = 1
if exists(this.getResource().getNameValue()) and this.getNumberOfParameters() = 1
then
// Resolved by looking at the name part of `@Resource(name="qualifier")`
pos = 0 and
result = getResource().getSpringComponent()
result = this.getResource().getSpringComponent()
else
// Otherwise no restrictions, just by type
any()
@@ -219,7 +221,7 @@ class SpringBeanAutowiredField extends Field {
* defined in.
*/
SpringBean getEnclosingSpringBean() {
result = getDeclaringType().(SpringBeanRefType).getSpringBean()
result = this.getDeclaringType().(SpringBeanRefType).getSpringBean()
}
/**
@@ -230,12 +232,12 @@ class SpringBeanAutowiredField extends Field {
/**
* Gets the qualifier annotation for this method, if any.
*/
SpringQualifierAnnotation getQualifier() { result = getAnAnnotation() }
SpringQualifierAnnotation getQualifier() { result = this.getAnAnnotation() }
/**
* Gets the resource annotation for this method, if any.
*/
SpringResourceAnnotation getResource() { result = getAnAnnotation() }
SpringResourceAnnotation getResource() { result = this.getAnAnnotation() }
/**
* Gets the `SpringBean`, if any, that will be injected for this field, considering any `@Qualifier`
@@ -243,17 +245,17 @@ class SpringBeanAutowiredField extends Field {
*/
SpringBean getInjectedBean() {
// Must be a sub-type of the parameter type
result.getClass().getAnAncestor() = getType() and
result.getClass().getAnAncestor() = this.getType() and
// Now look up bean
if exists(getQualifier())
if exists(this.getQualifier())
then
// Resolved by `@Qualifier("qualifier")` specified on the field
result = getQualifier().getSpringBean()
result = this.getQualifier().getSpringBean()
else
if exists(getResource().getNameValue())
if exists(this.getResource().getNameValue())
then
// Resolved by looking at the name part of `@Resource(name="qualifier")`
result = getResource().getSpringBean()
result = this.getResource().getSpringBean()
else
// Otherwise no restrictions, just by type
any()
@@ -265,17 +267,17 @@ class SpringBeanAutowiredField extends Field {
*/
SpringComponent getInjectedComponent() {
// Must be a sub-type of the parameter type
result.getAnAncestor() = getType() and
result.getAnAncestor() = this.getType() and
// Now look up bean
if exists(getQualifier())
if exists(this.getQualifier())
then
// Resolved by `@Qualifier("qualifier")` specified on the field
result = getQualifier().getSpringComponent()
result = this.getQualifier().getSpringComponent()
else
if exists(getResource().getNameValue())
if exists(this.getResource().getNameValue())
then
// Resolved by looking at the name part of `@Resource(name="qualifier")`
result = getResource().getSpringComponent()
result = this.getResource().getSpringComponent()
else
// Otherwise no restrictions, just by type
any()
@@ -287,9 +289,9 @@ class SpringBeanAutowiredField extends Field {
*/
class SpringQualifierAnnotationType extends AnnotationType {
SpringQualifierAnnotationType() {
hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or
hasQualifiedName("javax.inject", "Qualifier") or
getAnAnnotation().getType() instanceof SpringQualifierAnnotationType
this.hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or
this.hasQualifiedName("javax.inject", "Qualifier") or
this.getAnAnnotation().getType() instanceof SpringQualifierAnnotationType
}
}
@@ -299,15 +301,15 @@ class SpringQualifierAnnotationType extends AnnotationType {
*/
class SpringQualifierDefinitionAnnotation extends Annotation {
SpringQualifierDefinitionAnnotation() {
getType() instanceof SpringQualifierAnnotationType and
getAnnotatedElement() instanceof SpringComponent
this.getType() instanceof SpringQualifierAnnotationType and
this.getAnnotatedElement() instanceof SpringComponent
}
/**
* Gets the value of the qualifier field for this qualifier.
*/
string getQualifierValue() {
result = getValue("value").(CompileTimeConstantExpr).getStringValue()
result = this.getValue("value").(CompileTimeConstantExpr).getStringValue()
}
}
@@ -315,24 +317,24 @@ class SpringQualifierDefinitionAnnotation extends Annotation {
* A qualifier annotation on a method or field that is used to disambiguate which bean will be used.
*/
class SpringQualifierAnnotation extends Annotation {
SpringQualifierAnnotation() { getType() instanceof SpringQualifierAnnotationType }
SpringQualifierAnnotation() { this.getType() instanceof SpringQualifierAnnotationType }
/**
* Gets the value of the qualifier field for this qualifier.
*/
string getQualifierValue() {
result = getValue("value").(CompileTimeConstantExpr).getStringValue()
result = this.getValue("value").(CompileTimeConstantExpr).getStringValue()
}
/**
* Gets the bean definition in an XML file that this qualifier resolves to, if any.
*/
SpringBean getSpringBean() { result.getQualifierValue() = getQualifierValue() }
SpringBean getSpringBean() { result.getQualifierValue() = this.getQualifierValue() }
/**
* Gets the Spring component that this qualifier resolves to, if any.
*/
SpringComponent getSpringComponent() { result.getQualifierValue() = getQualifierValue() }
SpringComponent getSpringComponent() { result.getQualifierValue() = this.getQualifierValue() }
}
/**
@@ -340,20 +342,22 @@ class SpringQualifierAnnotation extends Annotation {
* autowired by Spring, and can optionally specify a qualifier in the "name".
*/
class SpringResourceAnnotation extends Annotation {
SpringResourceAnnotation() { getType().hasQualifiedName("javax.inject", "Resource") }
SpringResourceAnnotation() { this.getType().hasQualifiedName("javax.inject", "Resource") }
/**
* Gets the specified name value, if any.
*/
string getNameValue() { result = getValue("name").(CompileTimeConstantExpr).getStringValue() }
string getNameValue() {
result = this.getValue("name").(CompileTimeConstantExpr).getStringValue()
}
/**
* Gets the bean definition in an XML file that the resource resolves to, if any.
*/
SpringBean getSpringBean() { result.getQualifierValue() = getNameValue() }
SpringBean getSpringBean() { result.getQualifierValue() = this.getNameValue() }
/**
* Gets the Spring component that this qualifier resolves to, if any.
*/
SpringComponent getSpringComponent() { result.getQualifierValue() = getNameValue() }
SpringComponent getSpringComponent() { result.getQualifierValue() = this.getNameValue() }
}

10
java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
View File

@@ -16,7 +16,7 @@ class SpringBean extends SpringXMLElement {
SpringBean() {
this.getName() = "bean" and
// Do not capture Camel beans, which are different
not getNamespace().getURI() = "http://camel.apache.org/schema/spring"
not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring"
}
override string toString() { result = this.getBeanIdentifier() }
@@ -383,7 +383,7 @@ class SpringBean extends SpringXMLElement {
// If a factory bean is specified, use that, otherwise use the current bean.
(
if exists(this.getFactoryBeanName())
then result.getDeclaringType() = getFactoryBean().getClass()
then result.getDeclaringType() = this.getFactoryBean().getClass()
else (
result.getDeclaringType() = this.getClass() and
// Must be static because we don't yet have an instance.
@@ -400,9 +400,9 @@ class SpringBean extends SpringXMLElement {
* the bean identifier if no qualifier is specified.
*/
string getQualifierValue() {
if exists(getQualifier())
then result = getQualifier().getQualifierValue()
else result = getBeanIdentifier()
if exists(this.getQualifier())
then result = this.getQualifier().getQualifierValue()
else result = this.getBeanIdentifier()
}
/**

7
java/ql/lib/semmle/code/java/frameworks/spring/SpringBeanFile.qll
View File

@@ -35,7 +35,12 @@ class SpringBeanFile extends XMLFile {
*/
string getAProfileExpr() {
result =
getBeansElement().getAttribute("profile").getValue().splitAt(",").splitAt(" ").splitAt(";") and
this.getBeansElement()
.getAttribute("profile")
.getValue()
.splitAt(",")
.splitAt(" ")
.splitAt(";") and
result.length() != 0
}

39
java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll
View File

@@ -20,7 +20,7 @@ class SpringXMLComponentScan extends SpringXMLElement {
* Gets a profile expression for which this `component-scan` is enabled, or nothing if it is
* applicable to any profile.
*/
string getAProfileExpr() { result = getSpringBeanFile().getAProfileExpr() }
string getAProfileExpr() { result = this.getSpringBeanFile().getAProfileExpr() }
}
/**
@@ -29,7 +29,7 @@ class SpringXMLComponentScan extends SpringXMLElement {
*/
class SpringComponentScan extends Annotation {
SpringComponentScan() {
getType().hasQualifiedName("org.springframework.context.annotation", "ComponentScan")
this.getType().hasQualifiedName("org.springframework.context.annotation", "ComponentScan")
}
/**
@@ -37,13 +37,13 @@ class SpringComponentScan extends Annotation {
*/
string getBasePackages() {
// "value" and "basePackages" are synonymous, and are simple strings
result = getAValue("basePackages").(StringLiteral).getRepresentedString()
result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()
or
result = getAValue("value").(StringLiteral).getRepresentedString()
result = this.getAValue("value").(StringLiteral).getRepresentedString()
or
exists(TypeLiteral typeLiteral |
// Base package classes are type literals whose package should be considered a base package.
typeLiteral = getAValue("basePackageClasses")
typeLiteral = this.getAValue("basePackageClasses")
|
result = typeLiteral.getReferencedType().(RefType).getPackage().getName()
)
@@ -97,10 +97,10 @@ class SpringBasePackage extends string {
class SpringComponentAnnotation extends AnnotationType {
SpringComponentAnnotation() {
// Component used directly as an annotation.
hasQualifiedName("org.springframework.stereotype", "Component")
this.hasQualifiedName("org.springframework.stereotype", "Component")
or
// Component can be used as a meta-annotation on other annotation types.
getAnAnnotation().getType() instanceof SpringComponentAnnotation
this.getAnAnnotation().getType() instanceof SpringComponentAnnotation
}
}
@@ -117,20 +117,20 @@ private predicate isSpringXMLEnabled() { exists(SpringXMLElement springXMLElemen
*/
class SpringComponent extends RefType {
SpringComponent() {
getAnAnnotation().getType() instanceof SpringComponentAnnotation and
this.getAnAnnotation().getType() instanceof SpringComponentAnnotation and
not this instanceof AnnotationType
}
/**
* Gets a qualifier used to distinguish when this class should be autowired into other classes.
*/
SpringQualifierDefinitionAnnotation getQualifier() { result = getAnAnnotation() }
SpringQualifierDefinitionAnnotation getQualifier() { result = this.getAnAnnotation() }
/**
* Gets the `@Component` or equivalent annotation.
*/
Annotation getComponentAnnotation() {
result = getAnAnnotation() and
result = this.getAnAnnotation() and
result.getType() instanceof SpringComponentAnnotation
}
@@ -138,13 +138,14 @@ class SpringComponent extends RefType {
* Gets the bean identifier for this component.
*/
string getBeanIdentifier() {
if exists(getComponentAnnotation().getValue("value"))
if exists(this.getComponentAnnotation().getValue("value"))
then
// If the name has been specified in the component annotation, use that.
result = getComponentAnnotation().getValue("value").(CompileTimeConstantExpr).getStringValue()
result =
this.getComponentAnnotation().getValue("value").(CompileTimeConstantExpr).getStringValue()
else
// Otherwise use the name of the class, with the initial letter lower cased.
exists(string name | name = getName() |
exists(string name | name = this.getName() |
result = name.charAt(0).toLowerCase() + name.suffix(1)
)
}
@@ -154,13 +155,13 @@ class SpringComponent extends RefType {
* resolving autowiring on other classes.
*/
string getQualifierValue() {
if exists(getQualifier())
if exists(this.getQualifier())
then
// If given a qualifier, use the value specified.
result = getQualifier().getQualifierValue()
result = this.getQualifier().getQualifierValue()
else
// Otherwise, default to the bean identifier.
result = getBeanIdentifier()
result = this.getBeanIdentifier()
}
/**
@@ -184,8 +185,8 @@ class SpringComponent extends RefType {
this.getPackage().getName() = sbp
) and
(
not exists(getAProfileExpr()) or
getAProfileExpr().(SpringProfileExpr).isActive()
not exists(this.getAProfileExpr()) or
this.getAProfileExpr().(SpringProfileExpr).isActive()
)
}
@@ -195,7 +196,7 @@ class SpringComponent extends RefType {
*/
string getAProfileExpr() {
exists(Annotation profileAnnotation |
profileAnnotation = getAnAnnotation() and
profileAnnotation = this.getAnAnnotation() and
profileAnnotation
.getType()
.hasQualifiedName("org.springframework.context.annotation", "Profile")

114
java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll
View File

@@ -9,10 +9,10 @@ import SpringWebClient
class SpringControllerAnnotation extends AnnotationType {
SpringControllerAnnotation() {
// `@Controller` used directly as an annotation.
hasQualifiedName("org.springframework.stereotype", "Controller")
this.hasQualifiedName("org.springframework.stereotype", "Controller")
or
// `@Controller` can be used as a meta-annotation on other annotation types.
getAnAnnotation().getType() instanceof SpringControllerAnnotation
this.getAnAnnotation().getType() instanceof SpringControllerAnnotation
}
}
@@ -22,28 +22,30 @@ class SpringControllerAnnotation extends AnnotationType {
* Rest controllers are the same as controllers, but imply the `@ResponseBody` annotation.
*/
class SpringRestControllerAnnotation extends SpringControllerAnnotation {
SpringRestControllerAnnotation() { hasName("RestController") }
SpringRestControllerAnnotation() { this.hasName("RestController") }
}
/**
* A class annotated, directly or indirectly, as a Spring `Controller`.
*/
class SpringController extends Class {
SpringController() { getAnAnnotation().getType() instanceof SpringControllerAnnotation }
SpringController() { this.getAnAnnotation().getType() instanceof SpringControllerAnnotation }
}
/**
* A class annotated, directly or indirectly, as a Spring `RestController`.
*/
class SpringRestController extends SpringController {
SpringRestController() { getAnAnnotation().getType() instanceof SpringRestControllerAnnotation }
SpringRestController() {
this.getAnAnnotation().getType() instanceof SpringRestControllerAnnotation
}
}
/**
* A method on a Spring controller which is accessed by the Spring MVC framework.
*/
abstract class SpringControllerMethod extends Method {
SpringControllerMethod() { getDeclaringType() instanceof SpringController }
SpringControllerMethod() { this.getDeclaringType() instanceof SpringController }
}
/**
@@ -83,10 +85,10 @@ class SpringInitBinderMethod extends SpringControllerMethod {
class SpringRequestMappingAnnotationType extends AnnotationType {
SpringRequestMappingAnnotationType() {
// `@RequestMapping` used directly as an annotation.
hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping")
this.hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping")
or
// `@RequestMapping` can be used as a meta-annotation on other annotation types, e.g. GetMapping, PostMapping etc.
getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType
this.getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType
}
}
@@ -96,7 +98,7 @@ class SpringRequestMappingAnnotationType extends AnnotationType {
class SpringResponseBodyAnnotationType extends AnnotationType {
SpringResponseBodyAnnotationType() {
// `@ResponseBody` used directly as an annotation.
hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
this.hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
}
}
@@ -129,7 +131,7 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
}
/** Gets a request mapping parameter. */
SpringRequestMappingParameter getARequestParameter() { result = getAParameter() }
SpringRequestMappingParameter getARequestParameter() { result = this.getAParameter() }
/** Gets the "produces" @RequestMapping annotation value, if present. If an array is specified, gets the array. */
Expr getProducesExpr() {
@@ -158,9 +160,9 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
/** Holds if this is considered an `@ResponseBody` method. */
predicate isResponseBody() {
getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
getDeclaringType() instanceof SpringRestController
this.getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
this.getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
this.getDeclaringType() instanceof SpringRestController
}
}
@@ -185,44 +187,50 @@ class SpringServletInputAnnotation extends Annotation {
/** An annotation of the type `org.springframework.web.bind.annotation.ModelAttribute`. */
class SpringModelAttributeAnnotation extends Annotation {
SpringModelAttributeAnnotation() {
getType().hasQualifiedName("org.springframework.web.bind.annotation", "ModelAttribute")
this.getType().hasQualifiedName("org.springframework.web.bind.annotation", "ModelAttribute")
}
}
/** A parameter of a `SpringRequestMappingMethod`. */
class SpringRequestMappingParameter extends Parameter {
SpringRequestMappingParameter() { getCallable() instanceof SpringRequestMappingMethod }
SpringRequestMappingParameter() { this.getCallable() instanceof SpringRequestMappingMethod }
/** Holds if the parameter should not be consider a direct source of taint. */
predicate isNotDirectlyTaintedInput() {
getType().(RefType).getAnAncestor() instanceof SpringWebRequest or
getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or
getType().(RefType).getAnAncestor().hasQualifiedName("org.springframework.http", "HttpMethod") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "OutputStream") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Writer") or
getType()
this.getType().(RefType).getAnAncestor() instanceof SpringWebRequest or
this.getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.http", "HttpMethod") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "OutputStream") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Writer") or
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.web.servlet.mvc.support", "RedirectAttributes") or
// Also covers BindingResult. Note, you can access the field value through this interface, which should be considered tainted
getType().(RefType).getAnAncestor().hasQualifiedName("org.springframework.validation", "Errors") or
getType()
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.validation", "Errors") or
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.web.bind.support", "SessionStatus") or
getType()
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.web.util", "UriComponentsBuilder") or
getType()
this.getType()
.(RefType)
.getAnAncestor()
.hasQualifiedName("org.springframework.data.domain", "Pageable") or
@@ -231,13 +239,13 @@ class SpringRequestMappingParameter extends Parameter {
private predicate isExplicitlyTaintedInput() {
// InputStream or Reader parameters allow access to the body of a request
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "InputStream") or
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "InputStream") or
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader") or
// The SpringServletInputAnnotations allow access to the URI, request parameters, cookie values and the body of the request
this.getAnAnnotation() instanceof SpringServletInputAnnotation or
// HttpEntity is like @RequestBody, but with a wrapper including the headers
// TODO model unwrapping aspects
getType().(RefType).getASourceSupertype*() instanceof SpringHttpEntity or
this.getType().(RefType).getASourceSupertype*() instanceof SpringHttpEntity or
this.getAnAnnotation()
.getType()
.hasQualifiedName("org.springframework.web.bind.annotation", "RequestAttribute") or
@@ -249,35 +257,35 @@ class SpringRequestMappingParameter extends Parameter {
private predicate isImplicitRequestParam() {
// Any parameter which is not explicitly handled, is consider to be an `@RequestParam`, if
// it is a simple bean property
not isNotDirectlyTaintedInput() and
not isExplicitlyTaintedInput() and
not this.isNotDirectlyTaintedInput() and
not this.isExplicitlyTaintedInput() and
(
getType() instanceof PrimitiveType or
getType() instanceof TypeString
this.getType() instanceof PrimitiveType or
this.getType() instanceof TypeString
)
}
private predicate isImplicitModelAttribute() {
// Any parameter which is not explicitly handled, is consider to be an `@ModelAttribute`, if
// it is not an implicit request param
not isNotDirectlyTaintedInput() and
not isExplicitlyTaintedInput() and
not isImplicitRequestParam()
not this.isNotDirectlyTaintedInput() and
not this.isExplicitlyTaintedInput() and
not this.isImplicitRequestParam()
}
/** Holds if this is an explicit or implicit `@ModelAttribute` parameter. */
predicate isModelAttribute() {
isImplicitModelAttribute() or
getAnAnnotation() instanceof SpringModelAttributeAnnotation
this.isImplicitModelAttribute() or
this.getAnAnnotation() instanceof SpringModelAttributeAnnotation
}
/** Holds if the input is tainted. */
predicate isTaintedInput() {
isExplicitlyTaintedInput()
this.isExplicitlyTaintedInput()
or
// Any parameter which is not explicitly identified, is consider to be an `@RequestParam`, if
// it is a simple bean property) or a @ModelAttribute if not
not isNotDirectlyTaintedInput()
not this.isNotDirectlyTaintedInput()
}
}
@@ -286,7 +294,7 @@ class SpringRequestMappingParameter extends Parameter {
* the method, which will be used to render the response e.g. as a JSP file.
*/
abstract class SpringModel extends Parameter {
SpringModel() { getCallable() instanceof SpringRequestMappingMethod }
SpringModel() { this.getCallable() instanceof SpringRequestMappingMethod }
/**
* Types for which instances are placed inside the model.
@@ -298,11 +306,11 @@ abstract class SpringModel extends Parameter {
* A `java.util.Map` can be accepted as the model parameter for a Spring `RequestMapping` method.
*/
class SpringModelPlainMap extends SpringModel {
SpringModelPlainMap() { getType() instanceof MapType }
SpringModelPlainMap() { this.getType() instanceof MapType }
override RefType getATypeInModel() {
exists(MethodAccess methodCall |
methodCall.getQualifier() = getAnAccess() and
methodCall.getQualifier() = this.getAnAccess() and
methodCall.getCallee().hasName("put")
|
result = methodCall.getArgument(1).getType()
@@ -316,13 +324,13 @@ class SpringModelPlainMap extends SpringModel {
*/
class SpringModelModel extends SpringModel {
SpringModelModel() {
getType().(RefType).hasQualifiedName("org.springframework.ui", "Model") or
getType().(RefType).hasQualifiedName("org.springframework.ui", "ModelMap")
this.getType().(RefType).hasQualifiedName("org.springframework.ui", "Model") or
this.getType().(RefType).hasQualifiedName("org.springframework.ui", "ModelMap")
}
override RefType getATypeInModel() {
exists(MethodAccess methodCall |
methodCall.getQualifier() = getAnAccess() and
methodCall.getQualifier() = this.getAnAccess() and
methodCall.getCallee().hasName("addAttribute")
|
result = methodCall.getArgument(methodCall.getNumArgument() - 1).getType()

8
java/ql/lib/semmle/code/java/frameworks/spring/SpringExpression.qll
View File

@@ -18,7 +18,7 @@ class ExpressionEvaluationMethod extends Method {
* The class `org.springframework.expression.ExpressionParser`.
*/
class ExpressionParser extends RefType {
ExpressionParser() { hasQualifiedName("org.springframework.expression", "ExpressionParser") }
ExpressionParser() { this.hasQualifiedName("org.springframework.expression", "ExpressionParser") }
}
/**
@@ -26,7 +26,7 @@ class ExpressionParser extends RefType {
*/
class SimpleEvaluationContextBuilder extends RefType {
SimpleEvaluationContextBuilder() {
hasQualifiedName("org.springframework.expression.spel.support",
this.hasQualifiedName("org.springframework.expression.spel.support",
"SimpleEvaluationContext$Builder")
}
}
@@ -35,7 +35,7 @@ class SimpleEvaluationContextBuilder extends RefType {
* The class `org.springframework.expression.Expression`.
*/
class Expression extends RefType {
Expression() { hasQualifiedName("org.springframework.expression", "Expression") }
Expression() { this.hasQualifiedName("org.springframework.expression", "Expression") }
}
/**
@@ -43,6 +43,6 @@ class Expression extends RefType {
*/
class SimpleEvaluationContext extends RefType {
SimpleEvaluationContext() {
hasQualifiedName("org.springframework.expression.spel.support", "SimpleEvaluationContext")
this.hasQualifiedName("org.springframework.expression.spel.support", "SimpleEvaluationContext")
}
}

20
java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll
View File

@@ -16,22 +16,22 @@ class SpringRemotingDestination extends SpringXMLElement {
* Gets the bean that this remoting destination refers to.
*/
SpringBean getSpringBean() {
result = getParent() or
result.getBeanIdentifier() = getAttribute("ref").getValue()
result = this.getParent() or
result.getBeanIdentifier() = this.getAttribute("ref").getValue()
}
/**
* Methods that are specifically included when the bean is exposed as a remote destination.
*/
string getAnIncludeMethod() {
result = getAttribute("include-methods").getValue().splitAt(",").trim()
result = this.getAttribute("include-methods").getValue().splitAt(",").trim()
}
/**
* Methods that are specifically excluded when the bean is exposed as a remote destination.
*/
string getAnExcludeMethod() {
result = getAttribute("exclude-methods").getValue().splitAt(",").trim()
result = this.getAttribute("exclude-methods").getValue().splitAt(",").trim()
}
}
@@ -44,7 +44,7 @@ class SpringRemotingDestinationClass extends Class {
this = remotingDestination.getSpringBean().getClass()
)
or
hasAnnotation("org.springframework.flex.remoting", "RemotingDestination") and
this.hasAnnotation("org.springframework.flex.remoting", "RemotingDestination") and
// Must either be a live bean, or a live component.
(
this.(SpringComponent).isLive() or
@@ -66,11 +66,11 @@ class SpringRemotingDestinationClass extends Class {
* basis, only those methods that are not marked as excluded are exported.
*/
predicate isIncluding() {
exists(Method m | m = getAMethod() |
exists(Method m | m = this.getAMethod() |
m.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude")
)
or
exists(getRemotingDestinationXML().getAnIncludeMethod())
exists(this.getRemotingDestinationXML().getAnIncludeMethod())
}
/**
@@ -78,13 +78,13 @@ class SpringRemotingDestinationClass extends Class {
*/
Method getARemotingMethod() {
result = this.getAMethod() and
if isIncluding()
if this.isIncluding()
then
result.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude") or
result.getName() = getRemotingDestinationXML().getAnIncludeMethod()
result.getName() = this.getRemotingDestinationXML().getAnIncludeMethod()
else (
not result.hasAnnotation("org.springframework.flex.remoting", "RemotingExclude") and
not result.getName() = getRemotingDestinationXML().getAnExcludeMethod()
not result.getName() = this.getRemotingDestinationXML().getAnExcludeMethod()
)
}
}

8
java/ql/lib/semmle/code/java/frameworks/spring/SpringProfile.qll
View File

@@ -26,10 +26,10 @@ class SpringProfileExpr extends string {
*/
predicate isActive() {
(
getProfile() instanceof AlwaysEnabledSpringProfile or
getProfile() instanceof SometimesEnabledSpringProfile
this.getProfile() instanceof AlwaysEnabledSpringProfile or
this.getProfile() instanceof SometimesEnabledSpringProfile
) and
not getProfile() instanceof NeverEnabledSpringProfile
not this.getProfile() instanceof NeverEnabledSpringProfile
}
}
@@ -48,7 +48,7 @@ class NotSpringProfileExpr extends SpringProfileExpr {
* This profile expression is active if it can ever be evaluated to true, according to our
* knowledge of which profiles are sometimes/never/always enabled.
*/
override predicate isActive() { not getProfile() instanceof AlwaysEnabledSpringProfile }
override predicate isActive() { not this.getProfile() instanceof AlwaysEnabledSpringProfile }
}
/**

6
java/ql/lib/semmle/code/java/frameworks/spring/SpringWeb.qll
View File

@@ -25,7 +25,7 @@ class SpringNativeWebRequest extends Class {
*/
class ModelAndView extends Class {
ModelAndView() {
hasQualifiedName(["org.springframework.web.servlet", "org.springframework.web.portlet"],
this.hasQualifiedName(["org.springframework.web.servlet", "org.springframework.web.portlet"],
"ModelAndView")
}
}
@@ -33,7 +33,7 @@ class ModelAndView extends Class {
/** A call to the Spring `ModelAndView.setViewName` method. */
class SpringModelAndViewSetViewNameCall extends MethodAccess {
SpringModelAndViewSetViewNameCall() {
getMethod().getDeclaringType() instanceof ModelAndView and
getMethod().hasName("setViewName")
this.getMethod().getDeclaringType() instanceof ModelAndView and
this.getMethod().hasName("setViewName")
}
}

8
java/ql/lib/semmle/code/java/frameworks/struts/StrutsActions.qll
View File

@@ -86,7 +86,7 @@ class Struts2ActionClass extends Class {
* Holds if this action class extends the preparable interface.
*/
predicate isPreparable() {
getAnAncestor().hasQualifiedName("com.opensymphony.xwork2", "Preparable")
this.getAnAncestor().hasQualifiedName("com.opensymphony.xwork2", "Preparable")
}
/**
@@ -96,10 +96,10 @@ class Struts2ActionClass extends Class {
* methods only exist if the class `isPreparable()`.
*/
Method getPrepareMethod() {
isPreparable() and
this.isPreparable() and
exists(Struts2ActionMethod actionMethod |
actionMethod = getActionMethod() and
inherits(result) and
actionMethod = this.getActionMethod() and
this.inherits(result) and
result
.hasName("prepare" + actionMethod.getName().charAt(0).toUpperCase() +
actionMethod.getName().suffix(1))

2
java/ql/lib/semmle/code/java/frameworks/struts/StrutsAnnotations.qll
View File

@@ -16,7 +16,7 @@ class StrutsActionAnnotation extends StrutsAnnotation {
StrutsActionAnnotation() { this.getType().hasName("Action") }
Callable getActionCallable() {
result = getAnnotatedElement()
result = this.getAnnotatedElement()
or
exists(StrutsActionsAnnotation actions | this = actions.getAnAction() |
result = actions.getAnnotatedElement()

8
java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
View File

@@ -8,8 +8,8 @@ import semmle.code.xml.MavenPom
*/
library class Struts2ConventionDependency extends Dependency {
Struts2ConventionDependency() {
getGroup().getValue() = "org.apache.struts" and
getArtifact().getValue() = "struts2-convention-plugin"
this.getGroup().getValue() = "org.apache.struts" and
this.getArtifact().getValue() = "struts2-convention-plugin"
}
}
@@ -100,7 +100,7 @@ class Struts2ConventionActionClass extends Class {
isStrutsConventionPluginUsed(this) and
exists(string ancestorPackage |
// Has an ancestor package on the whitelist
ancestorPackage = getPackage().getName().splitAt(".") and
ancestorPackage = this.getPackage().getName().splitAt(".") and
(
ancestorPackage = "struts" or
ancestorPackage = "struts2" or
@@ -109,7 +109,7 @@ class Struts2ConventionActionClass extends Class {
)
) and
(
getName().matches("%" + getConventionSuffix(this)) or
this.getName().matches("%" + getConventionSuffix(this)) or
this.getAnAncestor().hasQualifiedName("com.opensymphony.xwork2", "Action")
)
}

38
java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll
View File

@@ -31,18 +31,18 @@ abstract class StrutsXMLFile extends XMLFile {
/**
* Gets a transitively included file.
*/
StrutsXMLFile getAnIncludedFile() { result = getADirectlyIncludedFile*() }
StrutsXMLFile getAnIncludedFile() { result = this.getADirectlyIncludedFile*() }
/**
* Gets a `<constant>` defined in this file, or an included file.
*/
StrutsXMLConstant getAConstant() { result.getFile() = getAnIncludedFile() }
StrutsXMLConstant getAConstant() { result.getFile() = this.getAnIncludedFile() }
/**
* Gets the value of the constant with the given `name`.
*/
string getConstantValue(string name) {
exists(StrutsXMLConstant constant | constant = getAConstant() |
exists(StrutsXMLConstant constant | constant = this.getAConstant() |
constant.getConstantName() = name and
result = constant.getConstantValue()
)
@@ -56,8 +56,8 @@ abstract class StrutsXMLFile extends XMLFile {
*/
class StrutsRootXMLFile extends StrutsXMLFile {
StrutsRootXMLFile() {
getBaseName() = "struts.xml" or
getBaseName() = "struts-plugin.xml"
this.getBaseName() = "struts.xml" or
this.getBaseName() = "struts-plugin.xml"
}
}
@@ -73,7 +73,7 @@ class StrutsIncludedXMLFile extends StrutsXMLFile {
*/
class StrutsFolder extends Folder {
StrutsFolder() {
exists(Container c | c = getAChildContainer() |
exists(Container c | c = this.getAChildContainer() |
c instanceof StrutsFolder or
c instanceof StrutsXMLFile
)
@@ -82,14 +82,14 @@ class StrutsFolder extends Folder {
/**
* Holds if this folder has a unique Struts root configuration file.
*/
predicate isUnique() { count(getAStrutsRootFile()) = 1 }
predicate isUnique() { count(this.getAStrutsRootFile()) = 1 }
/**
* Gets a struts root configuration that applies to this folder.
*/
StrutsRootXMLFile getAStrutsRootFile() {
result = getAChildContainer() or
result = getAChildContainer().(StrutsFolder).getAStrutsRootFile()
result = this.getAChildContainer() or
result = this.getAChildContainer().(StrutsFolder).getAStrutsRootFile()
}
}
@@ -102,7 +102,7 @@ class StrutsXMLElement extends XMLElement {
/**
* Gets the value for this element, with leading and trailing whitespace trimmed.
*/
string getValue() { result = allCharactersString().trim() }
string getValue() { result = this.allCharactersString().trim() }
}
/**
@@ -121,7 +121,7 @@ class StrutsXMLInclude extends StrutsXMLElement {
* potentially be included.
*/
XMLFile getIncludedFile() {
exists(string file | file = getAttribute("file").getValue() |
exists(string file | file = this.getAttribute("file").getValue() |
result.getAbsolutePath().matches("%" + escapeForMatch(file))
)
}
@@ -157,10 +157,10 @@ class StrutsXMLAction extends StrutsXMLElement {
* Gets the `Class` that is referenced by this Struts action.
*/
Class getActionClass() {
strutsWildcardMatching(result.getQualifiedName(), getAttribute("class").getValue())
strutsWildcardMatching(result.getQualifiedName(), this.getAttribute("class").getValue())
}
string getMethodName() { result = getAttribute("method").getValue() }
string getMethodName() { result = this.getAttribute("method").getValue() }
/**
* Gets the `Method` which is referenced by this action.
@@ -168,9 +168,9 @@ class StrutsXMLAction extends StrutsXMLElement {
* If no method is specified in the attributes of this element, a method named `execute` is chosen.
*/
Method getActionMethod() {
getActionClass().inherits(result) and
if exists(getMethodName())
then strutsWildcardMatching(result.getName(), getMethodName())
this.getActionClass().inherits(result) and
if exists(this.getMethodName())
then strutsWildcardMatching(result.getName(), this.getMethodName())
else result.hasName("execute")
}
}
@@ -179,9 +179,9 @@ class StrutsXMLAction extends StrutsXMLElement {
* A `<constant>` property, representing a configuration parameter to struts.
*/
class StrutsXMLConstant extends StrutsXMLElement {
StrutsXMLConstant() { getName() = "constant" }
StrutsXMLConstant() { this.getName() = "constant" }
string getConstantName() { result = getAttribute("name").getValue() }
string getConstantName() { result = this.getAttribute("name").getValue() }
string getConstantValue() { result = getAttribute("value").getValue() }
string getConstantValue() { result = this.getAttribute("value").getValue() }
}

20
java/ql/lib/semmle/code/java/metrics/MetricRefType.qll
View File

@@ -137,7 +137,9 @@ class MetricRefType extends RefType, MetricElement {
/** Holds if the specified callable should be included in the CK cohesion computation. */
predicate includeInLackOfCohesionCK(Callable c) {
not c instanceof TestMethod and
exists(Field f | c.getDeclaringType() = this and c.accesses(f) and relevantFieldForCohesion(f))
exists(Field f |
c.getDeclaringType() = this and c.accesses(f) and this.relevantFieldForCohesion(f)
)
}
pragma[noopt]
@@ -152,8 +154,8 @@ class MetricRefType extends RefType, MetricElement {
/** Holds if a (non-ignored) callable reads a field relevant for cohesion. */
private predicate relevantCallableAndFieldCK(Callable m, Field f) {
includeInLackOfCohesionCK(m) and
relevantFieldForCohesion(f) and
this.includeInLackOfCohesionCK(m) and
this.relevantFieldForCohesion(f) and
m.accesses(f) and
m.getDeclaringType() = this
}
@@ -180,12 +182,12 @@ class MetricRefType extends RefType, MetricElement {
*/
float getLackOfCohesionCK() {
exists(int callables, int linked, float n |
callables = count(Callable m | includeInLackOfCohesionCK(m)) and
callables = count(Callable m | this.includeInLackOfCohesionCK(m)) and
linked =
count(Callable m1, Callable m2 |
exists(Field f |
relevantCallableAndFieldCK(m1, f) and
relevantCallableAndFieldCK(m2, f) and
this.relevantCallableAndFieldCK(m1, f) and
this.relevantCallableAndFieldCK(m2, f) and
m1 != m2
)
) and
@@ -207,7 +209,7 @@ class MetricRefType extends RefType, MetricElement {
int getADepth() {
this.hasQualifiedName("java.lang", "Object") and result = 0
or
not cyclic() and result = this.getASupertype().(MetricRefType).getADepth() + 1
not this.cyclic() and result = this.getASupertype().(MetricRefType).getADepth() + 1
}
/**
@@ -229,10 +231,10 @@ class MetricRefType extends RefType, MetricElement {
int getADepth(RefType reference) {
this = reference and result = 0
or
not cyclic() and result = this.getASupertype().(MetricRefType).getADepth(reference) + 1
not this.cyclic() and result = this.getASupertype().(MetricRefType).getADepth(reference) + 1
}
private predicate cyclic() { getASupertype+() = this }
private predicate cyclic() { this.getASupertype+() = this }
/** Gets the depth of inheritance metric relative to the specified reference type. */
int getInheritanceDepth(RefType reference) { result = max(this.getADepth(reference)) }

30
java/ql/lib/semmle/code/java/security/CommandArguments.qll
View File

@@ -69,10 +69,10 @@ private class CommandArgumentList extends SsaExplicitUpdate {
/** Gets a use of the variable for which the list could be empty. */
private RValue getAUseBeforeFirstAdd() {
result = getAFirstUse()
result = this.getAFirstUse()
or
exists(RValue mid |
mid = getAUseBeforeFirstAdd() and
mid = this.getAUseBeforeFirstAdd() and
adjacentUseUse(mid, result) and
not exists(MethodAccess ma |
mid = ma.getQualifier() and
@@ -85,25 +85,25 @@ private class CommandArgumentList extends SsaExplicitUpdate {
* Gets an addition to this list, i.e. a call to an `add` or `addAll` method.
*/
MethodAccess getAnAdd() {
result.getQualifier() = getAUse() and
result.getQualifier() = this.getAUse() and
result.getMethod().getName().matches("add%")
}
/** Gets an addition to this list which could be its first element. */
MethodAccess getAFirstAdd() {
result = getAnAdd() and
result.getQualifier() = getAUseBeforeFirstAdd()
result = this.getAnAdd() and
result.getQualifier() = this.getAUseBeforeFirstAdd()
}
/** Gets an addition to this list which is not the first element. */
MethodAccess getASubsequentAdd() {
result = getAnAdd() and
not result = getAFirstAdd()
result = this.getAnAdd() and
not result = this.getAFirstAdd()
}
/** Holds if the first element of this list is a shell command. */
predicate isShell() {
exists(MethodAccess ma | ma = getAFirstAdd() and isShell(ma.getArgument(0)))
exists(MethodAccess ma | ma = this.getAFirstAdd() and isShell(ma.getArgument(0)))
}
}
@@ -122,7 +122,7 @@ private predicate arrayLValue(ArrayAccess acc) { exists(Assignment a | a.getDest
private class CommandArgumentArray extends SsaExplicitUpdate {
CommandArgumentArray() {
this.getSourceVariable().getType() instanceof ArrayOfStringType and
forall(ArrayAccess a | a.getArray() = getAUse() and arrayLValue(a) |
forall(ArrayAccess a | a.getArray() = this.getAUse() and arrayLValue(a) |
a.getIndexExpr() instanceof CompileTimeConstantExpr
)
}
@@ -139,7 +139,7 @@ private class CommandArgumentArray extends SsaExplicitUpdate {
}
/** Gets an expression that is written to the given index of this array. */
Expr getAWrite(int index) { result = getAWrite(index, _) }
Expr getAWrite(int index) { result = this.getAWrite(index, _) }
}
/**
@@ -147,20 +147,20 @@ private class CommandArgumentArray extends SsaExplicitUpdate {
*/
private class CommandArgArrayImmutableFirst extends CommandArgumentArray {
CommandArgArrayImmutableFirst() {
(exists(getAWrite(0)) or exists(firstElementOf(this.getDefiningExpr()))) and
(exists(this.getAWrite(0)) or exists(firstElementOf(this.getDefiningExpr()))) and
forall(RValue use | exists(this.getAWrite(0, use)) | use = this.getAFirstUse())
}
/** Gets the first element of this array. */
Expr getFirstElement() {
result = getAWrite(0)
result = this.getAWrite(0)
or
not exists(getAWrite(0)) and
result = firstElementOf(getDefiningExpr())
not exists(this.getAWrite(0)) and
result = firstElementOf(this.getDefiningExpr())
}
/** Holds if the first element of this array is a shell command. */
predicate isShell() { isShell(getFirstElement()) }
predicate isShell() { isShell(this.getFirstElement()) }
}
/** Gets the first element of an imutable array of strings */

36
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -18,7 +18,7 @@ class X509TrustManager extends RefType {
}
class HttpsURLConnection extends RefType {
HttpsURLConnection() { hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
HttpsURLConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
}
class SSLSocketFactory extends RefType {
@@ -26,16 +26,16 @@ class SSLSocketFactory extends RefType {
}
class SSLContext extends RefType {
SSLContext() { hasQualifiedName("javax.net.ssl", "SSLContext") }
SSLContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
}
/** The `javax.net.ssl.SSLSession` class. */
class SSLSession extends RefType {
SSLSession() { hasQualifiedName("javax.net.ssl", "SSLSession") }
SSLSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
}
class HostnameVerifier extends RefType {
HostnameVerifier() { hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
}
/** The Java class `javax.crypto.KeyGenerator`. */
@@ -51,10 +51,10 @@ class KeyPairGenerator extends RefType {
/** The `verify` method of the class `javax.net.ssl.HostnameVerifier`. */
class HostnameVerifierVerify extends Method {
HostnameVerifierVerify() {
hasName("verify") and
getDeclaringType().getASupertype*() instanceof HostnameVerifier and
getParameterType(0) instanceof TypeString and
getParameterType(1) instanceof SSLSession
this.hasName("verify") and
this.getDeclaringType().getASupertype*() instanceof HostnameVerifier and
this.getParameterType(0) instanceof TypeString and
this.getParameterType(1) instanceof SSLSession
}
}
@@ -67,37 +67,37 @@ class TrustManagerCheckMethod extends Method {
class CreateSocket extends Method {
CreateSocket() {
hasName("createSocket") and
getDeclaringType() instanceof SSLSocketFactory
this.hasName("createSocket") and
this.getDeclaringType() instanceof SSLSocketFactory
}
}
class GetSocketFactory extends Method {
GetSocketFactory() {
hasName("getSocketFactory") and
getDeclaringType() instanceof SSLContext
this.hasName("getSocketFactory") and
this.getDeclaringType() instanceof SSLContext
}
}
class SetConnectionFactoryMethod extends Method {
SetConnectionFactoryMethod() {
hasName("setSSLSocketFactory") and
getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.hasName("setSSLSocketFactory") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
}
}
class SetHostnameVerifierMethod extends Method {
SetHostnameVerifierMethod() {
hasName("setHostnameVerifier") and
getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.hasName("setHostnameVerifier") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
}
}
/** The `setDefaultHostnameVerifier` method of the class `javax.net.ssl.HttpsURLConnection`. */
class SetDefaultHostnameVerifierMethod extends Method {
SetDefaultHostnameVerifierMethod() {
hasName("setDefaultHostnameVerifier") and
getDeclaringType().getASupertype*() instanceof HttpsURLConnection
this.hasName("setDefaultHostnameVerifier") and
this.getDeclaringType().getASupertype*() instanceof HttpsURLConnection
}
}

43
java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
View File

@@ -17,38 +17,38 @@ private class DefaultSafeExternalAPIMethod extends SafeExternalAPIMethod {
DefaultSafeExternalAPIMethod() {
this instanceof EqualsMethod
or
getName().regexpMatch("size|length|compareTo|getClass|lastIndexOf")
this.getName().regexpMatch("size|length|compareTo|getClass|lastIndexOf")
or
this.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "Validate")
or
getQualifiedName() = "Objects.equals"
this.getQualifiedName() = "Objects.equals"
or
getDeclaringType() instanceof TypeString and getName() = "equals"
this.getDeclaringType() instanceof TypeString and this.getName() = "equals"
or
getDeclaringType().hasQualifiedName("com.google.common.base", "Preconditions")
this.getDeclaringType().hasQualifiedName("com.google.common.base", "Preconditions")
or
getDeclaringType().getPackage().getName().matches("org.junit%")
this.getDeclaringType().getPackage().getName().matches("org.junit%")
or
getDeclaringType().hasQualifiedName("com.google.common.base", "Strings") and
getName() = "isNullOrEmpty"
this.getDeclaringType().hasQualifiedName("com.google.common.base", "Strings") and
this.getName() = "isNullOrEmpty"
or
getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "StringUtils") and
getName() = "isNotEmpty"
this.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "StringUtils") and
this.getName() = "isNotEmpty"
or
getDeclaringType().hasQualifiedName("java.lang", "Character") and
getName() = "isDigit"
this.getDeclaringType().hasQualifiedName("java.lang", "Character") and
this.getName() = "isDigit"
or
getDeclaringType().hasQualifiedName("java.lang", "String") and
getName().regexpMatch("equalsIgnoreCase|regionMatches")
this.getDeclaringType().hasQualifiedName("java.lang", "String") and
this.getName().regexpMatch("equalsIgnoreCase|regionMatches")
or
getDeclaringType().hasQualifiedName("java.lang", "Boolean") and
getName() = "parseBoolean"
this.getDeclaringType().hasQualifiedName("java.lang", "Boolean") and
this.getName() = "parseBoolean"
or
getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils") and
getName() = "closeQuietly"
this.getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils") and
this.getName() = "closeQuietly"
or
getDeclaringType().hasQualifiedName("org.springframework.util", "StringUtils") and
getName().regexpMatch("hasText|isEmpty")
this.getDeclaringType().hasQualifiedName("org.springframework.util", "StringUtils") and
this.getName().regexpMatch("hasText|isEmpty")
}
}
@@ -90,7 +90,8 @@ class ExternalAPIDataNode extends DataFlow::Node {
/** Gets the description of the method being called. */
string getMethodDescription() {
result = getMethod().getDeclaringType().getPackage() + "." + getMethod().getQualifiedName()
result =
this.getMethod().getDeclaringType().getPackage() + "." + this.getMethod().getQualifiedName()
}
}
@@ -130,7 +131,7 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
/** Gets the number of untrusted sources used with this external API. */
int getNumberOfUntrustedSources() {
result = count(getUntrustedDataNode().getAnUntrustedSource())
result = count(this.getUntrustedDataNode().getAnUntrustedSource())
}
/** Gets a textual representation of this element. */

35
java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll
View File

@@ -168,7 +168,9 @@ private predicate createJexlEngineStep(DataFlow::Node fromNode, DataFlow::Node t
* A method that creates a JEXL script.
*/
private class CreateJexlScriptMethod extends Method {
CreateJexlScriptMethod() { getDeclaringType() instanceof JexlEngine and hasName("createScript") }
CreateJexlScriptMethod() {
this.getDeclaringType() instanceof JexlEngine and this.hasName("createScript")
}
}
/**
@@ -176,8 +178,11 @@ private class CreateJexlScriptMethod extends Method {
*/
private class CreateJexlTemplateMethod extends Method {
CreateJexlTemplateMethod() {
(getDeclaringType() instanceof JxltEngine or getDeclaringType() instanceof UnifiedJexl) and
hasName("createTemplate")
(
this.getDeclaringType() instanceof JxltEngine or
this.getDeclaringType() instanceof UnifiedJexl
) and
this.hasName("createTemplate")
}
}
@@ -186,40 +191,42 @@ private class CreateJexlTemplateMethod extends Method {
*/
private class CreateJexlExpressionMethod extends Method {
CreateJexlExpressionMethod() {
(getDeclaringType() instanceof JexlEngine or getDeclaringType() instanceof JxltEngine) and
hasName("createExpression")
(this.getDeclaringType() instanceof JexlEngine or this.getDeclaringType() instanceof JxltEngine) and
this.hasName("createExpression")
or
getDeclaringType() instanceof UnifiedJexl and hasName("parse")
this.getDeclaringType() instanceof UnifiedJexl and this.hasName("parse")
}
}
private class JexlRefType extends RefType {
JexlRefType() { getPackage().hasName(["org.apache.commons.jexl2", "org.apache.commons.jexl3"]) }
JexlRefType() {
this.getPackage().hasName(["org.apache.commons.jexl2", "org.apache.commons.jexl3"])
}
}
private class JexlBuilder extends JexlRefType {
JexlBuilder() { hasName("JexlBuilder") }
JexlBuilder() { this.hasName("JexlBuilder") }
}
private class JexlEngine extends JexlRefType {
JexlEngine() { hasName("JexlEngine") }
JexlEngine() { this.hasName("JexlEngine") }
}
private class JxltEngine extends JexlRefType {
JxltEngine() { hasName("JxltEngine") }
JxltEngine() { this.hasName("JxltEngine") }
}
private class UnifiedJexl extends JexlRefType {
UnifiedJexl() { hasName("UnifiedJEXL") }
UnifiedJexl() { this.hasName("UnifiedJEXL") }
}
private class JexlUberspect extends Interface {
JexlUberspect() {
hasQualifiedName("org.apache.commons.jexl2.introspection", "Uberspect") or
hasQualifiedName("org.apache.commons.jexl3.introspection", "JexlUberspect")
this.hasQualifiedName("org.apache.commons.jexl2.introspection", "Uberspect") or
this.hasQualifiedName("org.apache.commons.jexl3.introspection", "JexlUberspect")
}
}
private class Reader extends RefType {
Reader() { hasQualifiedName("java.io", "Reader") }
Reader() { this.hasQualifiedName("java.io", "Reader") }
}

24
java/ql/lib/semmle/code/java/security/MvelInjection.qll
View File

@@ -183,8 +183,8 @@ private predicate templateCompileStep(DataFlow::Node node1, DataFlow::Node node2
*/
private class MvelScriptEngineCompilationMethod extends Method {
MvelScriptEngineCompilationMethod() {
getDeclaringType() instanceof MvelScriptEngine and
hasName(["compile", "compiledScript"])
this.getDeclaringType() instanceof MvelScriptEngine and
this.hasName(["compile", "compiledScript"])
}
}
@@ -193,8 +193,8 @@ private class MvelScriptEngineCompilationMethod extends Method {
*/
private class TemplateCompilerCompileMethod extends Method {
TemplateCompilerCompileMethod() {
getDeclaringType() instanceof TemplateCompiler and
hasName("compile")
this.getDeclaringType() instanceof TemplateCompiler and
this.hasName("compile")
}
}
@@ -203,31 +203,31 @@ private class TemplateCompilerCompileMethod extends Method {
*/
private class TemplateCompilerCompileTemplateMethod extends Method {
TemplateCompilerCompileTemplateMethod() {
getDeclaringType() instanceof TemplateCompiler and
hasName("compileTemplate")
this.getDeclaringType() instanceof TemplateCompiler and
this.hasName("compileTemplate")
}
}
private class MVEL extends RefType {
MVEL() { hasQualifiedName("org.mvel2", "MVEL") }
MVEL() { this.hasQualifiedName("org.mvel2", "MVEL") }
}
private class ExpressionCompiler extends RefType {
ExpressionCompiler() { hasQualifiedName("org.mvel2.compiler", "ExpressionCompiler") }
ExpressionCompiler() { this.hasQualifiedName("org.mvel2.compiler", "ExpressionCompiler") }
}
private class CompiledAccExpression extends RefType {
CompiledAccExpression() { hasQualifiedName("org.mvel2.compiler", "CompiledAccExpression") }
CompiledAccExpression() { this.hasQualifiedName("org.mvel2.compiler", "CompiledAccExpression") }
}
private class MvelScriptEngine extends RefType {
MvelScriptEngine() { hasQualifiedName("org.mvel2.jsr223", "MvelScriptEngine") }
MvelScriptEngine() { this.hasQualifiedName("org.mvel2.jsr223", "MvelScriptEngine") }
}
private class MvelCompiledScript extends RefType {
MvelCompiledScript() { hasQualifiedName("org.mvel2.jsr223", "MvelCompiledScript") }
MvelCompiledScript() { this.hasQualifiedName("org.mvel2.jsr223", "MvelCompiledScript") }
}
private class TemplateCompiler extends RefType {
TemplateCompiler() { hasQualifiedName("org.mvel2.templates", "TemplateCompiler") }
TemplateCompiler() { this.hasQualifiedName("org.mvel2.templates", "TemplateCompiler") }
}

2
java/ql/lib/semmle/code/java/security/RequestForgery.qll
View File

@@ -138,7 +138,7 @@ private class StringBuilderVarExt extends StringBuilderVar {
private StringBuilderAppend getNextAppendIncludingAssignmentChains(
StringBuilderConstructorOrAppend prev
) {
result = getNextAssignmentChainedAppend(prev)
result = this.getNextAssignmentChainedAppend(prev)
or
prev = this.getAnAssignedValue() and
result = this.getAFirstAppendAfterAssignment()

4
java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll
View File

@@ -58,8 +58,8 @@ private class SafeEvaluationContextFlowConfig extends DataFlow2::Configuration {
*/
private class SafeContextSource extends DataFlow::ExprNode {
SafeContextSource() {
isSimpleEvaluationContextConstructorCall(getExpr()) or
isSimpleEvaluationContextBuilderCall(getExpr())
isSimpleEvaluationContextConstructorCall(this.getExpr()) or
isSimpleEvaluationContextBuilderCall(this.getExpr())
}
}

8
java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -67,10 +67,10 @@ private class SafeKryo extends DataFlow2::Configuration {
}
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
stepKryoPoolBuilderFactoryArgToConstructor(node1, node2) or
stepKryoPoolRunMethodAccessQualifierToFunctionalArgument(node1, node2) or
stepKryoPoolBuilderChainMethod(node1, node2) or
stepKryoPoolBorrowMethod(node1, node2)
this.stepKryoPoolBuilderFactoryArgToConstructor(node1, node2) or
this.stepKryoPoolRunMethodAccessQualifierToFunctionalArgument(node1, node2) or
this.stepKryoPoolBuilderChainMethod(node1, node2) or
this.stepKryoPoolBorrowMethod(node1, node2)
}
/**

2
java/ql/lib/semmle/code/java/security/XSS.qll
View File

@@ -79,7 +79,7 @@ private class XssVulnerableWriterSourceToWritingMethodFlowConfig extends TaintTr
/** A method that can be used to output data to an output stream or writer. */
private class WritingMethod extends Method {
WritingMethod() {
getDeclaringType().getASupertype*().hasQualifiedName("java.io", _) and
this.getDeclaringType().getASupertype*().hasQualifiedName("java.io", _) and
(
this.getName().matches("print%") or
this.getName() = "append" or

23
java/ql/lib/semmle/code/xml/AndroidManifest.qll
View File

@@ -36,7 +36,7 @@ class AndroidManifestXmlElement extends XMLElement {
/**
* Gets the value of the `package` attribute of this `<manifest>` element.
*/
string getPackageAttributeValue() { result = getAttributeValue("package") }
string getPackageAttributeValue() { result = this.getAttributeValue("package") }
}
/**
@@ -141,7 +141,7 @@ class AndroidComponentXmlElement extends XMLElement {
*/
string getComponentName() {
exists(XMLAttribute attr |
attr = getAnAttribute() and
attr = this.getAnAttribute() and
attr.getNamespace().getPrefix() = "android" and
attr.getName() = "name"
|
@@ -153,12 +153,15 @@ class AndroidComponentXmlElement extends XMLElement {
* Gets the resolved value of the `android:name` attribute of this component element.
*/
string getResolvedComponentName() {
if getComponentName().matches(".%")
if this.getComponentName().matches(".%")
then
result =
getParent().(XMLElement).getParent().(AndroidManifestXmlElement).getPackageAttributeValue() +
getComponentName()
else result = getComponentName()
this.getParent()
.(XMLElement)
.getParent()
.(AndroidManifestXmlElement)
.getPackageAttributeValue() + this.getComponentName()
else result = this.getComponentName()
}
/**
@@ -166,7 +169,7 @@ class AndroidComponentXmlElement extends XMLElement {
*/
string getExportedAttributeValue() {
exists(XMLAttribute attr |
attr = getAnAttribute() and
attr = this.getAnAttribute() and
attr.getNamespace().getPrefix() = "android" and
attr.getName() = "exported"
|
@@ -177,12 +180,12 @@ class AndroidComponentXmlElement extends XMLElement {
/**
* Holds if the `android:exported` attribute of this component element is `true`.
*/
predicate isExported() { getExportedAttributeValue() = "true" }
predicate isExported() { this.getExportedAttributeValue() = "true" }
/**
* Holds if the `android:exported` attribute of this component element is explicitly set to `false`.
*/
predicate isNotExported() { getExportedAttributeValue() = "false" }
predicate isNotExported() { this.getExportedAttributeValue() = "false" }
}
/**
@@ -212,7 +215,7 @@ class AndroidActionXmlElement extends XMLElement {
*/
string getActionName() {
exists(XMLAttribute attr |
attr = getAnAttribute() and
attr = this.getAnAttribute() and
attr.getNamespace().getPrefix() = "android" and
attr.getName() = "name"
|

Some files were not shown because too many files have changed in this diff Show More