hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add data flow for record getters.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-08-24 11:51:04 +02:00
parent b8d6f76749
commit d82fee11b1
5 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
View File

@@ -193,6 +193,18 @@ predicate readStep(Node node1, Content f, Node node2) {
fr.getField() = f.(FieldContent).getField() and
fr = node2.asExpr()
)
or
exists(Record r, Method getter, Field recf, MethodAccess get |
getter.getDeclaringType() = r and
recf.getDeclaringType() = r and
getter.getNumberOfParameters() = 0 and
getter.getName() = recf.getName() and
not exists(getter.getBody()) and
recf = f.(FieldContent).getField() and
get.getMethod() = getter and
node1.asExpr() = get.getQualifier() and
node2.asExpr() = get
)
}
/**

28
java/ql/test/library-tests/dataflow/records/A.java Normal file
View File

@@ -0,0 +1,28 @@
public class A {
record Pair(Object x, Object y) { }
Object source() { return null; }
void sink(Object o) { }
void foo() {
Pair p1 = new Pair(source(), null);
Pair p2 = new Pair(new Object(), source());
bar(p1, p2);
}
void bar(Pair p1, Pair p2) {
sink(p1.x);
sink(p1.y);
sink(p2.x);
sink(p2.y);
Object p1x = p1.x();
Object p1y = p1.y();
Object p2x = p2.x();
Object p2y = p2.y();
sink(p1x);
sink(p1y);
sink(p2x);
sink(p2y);
}
}

1
java/ql/test/library-tests/dataflow/records/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args --enable-preview -source 14 -target 14

4
java/ql/test/library-tests/dataflow/records/test.expected Normal file
View File

@@ -0,0 +1,4 @@
| A.java:9:24:9:31 | source(...) | A.java:15:10:15:13 | p1.x |
| A.java:9:24:9:31 | source(...) | A.java:23:10:23:12 | p1x |
| A.java:10:38:10:45 | source(...) | A.java:18:10:18:13 | p2.y |
| A.java:10:38:10:45 | source(...) | A.java:26:10:26:12 | p2y |

15
java/ql/test/library-tests/dataflow/records/test.ql Normal file
View File

@@ -0,0 +1,15 @@
import java
import semmle.code.java.dataflow.DataFlow
import DataFlow
class Conf extends Configuration {
Conf() { this = "qqconf" }
override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") }
override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") }
}
from Conf conf, Node src, Node sink
where conf.hasFlow(src, sink)
select src, sink