hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9963 from intrigus-lgtm/java/model-set-properties

Browse Source 
Model `java.util.Properties.setProperty`
This commit is contained in:
Anders Schack-Mulligen
2022-08-10 14:51:00 +02:00
committed by GitHub
parent 8c32758ae5 b7d94906bf
commit cbd6d24b9c
4 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2022-08-03-properties.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added a data-flow model for the `setProperty` method of `java.util.Properties`. Additional results may be found where relevant data is stored in and then retrieved from a `Properties` instance.

3
java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
View File

@@ -244,6 +244,9 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
"java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
"java.util;Properties;true;setProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;setProperty;(String,String);;Argument[0];Argument[-1].MapKey;value;manual",
"java.util;Properties;true;setProperty;(String,String);;Argument[1];Argument[-1].MapValue;value;manual",
"java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
"java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",

19
java/ql/test/library-tests/dataflow/collections/Test.java
View File

@@ -88,4 +88,23 @@ public class Test {
Properties clean = new Properties();
sink(clean.getProperty("key", tainted)); // Flow
}
public void run5() {
Properties p = new Properties();
p.setProperty("key", tainted);
sink(p.getProperty("key")); // Flow
sink(p.getProperty("key", "defaultValue")); // Flow
}
public void run6() {
Properties p = new Properties();
sink(p.put("key", tainted)); // No flow
sink(p.put("key", "notTainted")); // Flow
}
public void run7() {
Properties p = new Properties();
sink(p.setProperty("key", tainted)); // No flow
sink(p.setProperty("key", "notTainted")); // Flow
}
}

4
java/ql/test/library-tests/dataflow/collections/flow.expected
View File

@@ -14,3 +14,7 @@
| Test.java:84:18:84:24 | tainted | Test.java:85:10:85:29 | getProperty(...) |
| Test.java:84:18:84:24 | tainted | Test.java:86:10:86:45 | getProperty(...) |
| Test.java:89:35:89:41 | tainted | Test.java:89:10:89:42 | getProperty(...) |
| Test.java:94:26:94:32 | tainted | Test.java:95:10:95:29 | getProperty(...) |
| Test.java:94:26:94:32 | tainted | Test.java:96:10:96:45 | getProperty(...) |
| Test.java:101:23:101:29 | tainted | Test.java:102:10:102:35 | put(...) |
| Test.java:107:31:107:37 | tainted | Test.java:108:10:108:43 | setProperty(...) |