hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 18:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Remove low-confidence dispatch to known neutrals.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-03-14 11:17:01 +01:00
parent 04f422ea5d
commit dbfc256f40
5 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
View File

@@ -236,6 +236,8 @@ private VirtualMethodAccess objectToString(ObjNode n) {
result.getQualifier() = n.asExpr() and sink(n)
}
predicate objectToStringCall(VirtualMethodAccess ma) { ma = objectToString(_) }
/**
* Holds if the qualifier of the `Object.toString()` call `ma` might have type `t`.
*/

3
java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll
View File

@@ -93,7 +93,8 @@ private module Dispatch {
exists(RefType t | qualUnionType(ma, t, false) |
lowConfidenceDispatchType(t.getSourceDeclaration())
)
)
) and
not ObjFlow::objectToStringCall(ma)
}
private predicate lowConfidenceDispatchType(SrcRefType t) {