Merge pull request #10173 from zbazztian/spring-crudrepository

Java: Add data flow model for Spring's CrudRepository.save() method
2026-04-28 10:15:14 +02:00 · 2022-08-29 15:00:07 +02:00
parent d6ee54eb09 130e1892f4
commit e26a7fc4f3
8 changed files with 45 additions and 0 deletions
--- a/java/ql/lib/change-notes/2022-08-25-taint-model-spring-crudrepository.md
+++ b/java/ql/lib/change-notes/2022-08-25-taint-model-spring-crudrepository.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow summary for `org.springframework.data.repository.CrudRepository.save()`.
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -120,6 +120,7 @@ private module Frameworks {
  private import semmle.code.java.frameworks.ratpack.RatpackExec
  private import semmle.code.java.frameworks.spring.SpringCache
  private import semmle.code.java.frameworks.spring.SpringContext
+  private import semmle.code.java.frameworks.spring.SpringData
  private import semmle.code.java.frameworks.spring.SpringHttp
  private import semmle.code.java.frameworks.spring.SpringUtil
  private import semmle.code.java.frameworks.spring.SpringUi
--- a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
@@ -13,6 +13,7 @@ import semmle.code.java.frameworks.spring.SpringContext
 import semmle.code.java.frameworks.spring.SpringComponentScan
 import semmle.code.java.frameworks.spring.SpringConstructorArg
 import semmle.code.java.frameworks.spring.SpringController
+import semmle.code.java.frameworks.spring.SpringData
 import semmle.code.java.frameworks.spring.SpringDescription
 import semmle.code.java.frameworks.spring.SpringEntry
 import semmle.code.java.frameworks.spring.SpringFlex
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll
@@ -0,0 +1,17 @@
+/**
+ * Provides classes and predicates for working with Spring classes and interfaces from
+ * `org.springframework.data`.
+ */
+
+import java
+private import semmle.code.java.dataflow.ExternalFlow
+
+/**
+ * Provides models for the `org.springframework.data` package.
+ */
+private class FlowSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "org.springframework.data.repository;CrudRepository;true;save;;;Argument[0];ReturnValue;value;manual"
+  }
+}
--- a/java/ql/test/library-tests/frameworks/spring/data/Test.java
+++ b/java/ql/test/library-tests/frameworks/spring/data/Test.java
@@ -0,0 +1,19 @@
+import org.springframework.data.repository.CrudRepository;
+
+class Struct {
+  public String field;
+  public Struct(String f){
+    this.field = f;
+  }
+}
+
+public class Test {
+  String source() { return null; }
+  void sink(Object o) {}
+
+  void testCrudRepository(CrudRepository<Struct, Integer> cr) {
+    Struct s = new Struct(source());
+    s = cr.save(s);
+    sink(s.field); //$hasValueFlow
+  }
+}
--- a/java/ql/test/library-tests/frameworks/spring/data/options
+++ b/java/ql/test/library-tests/frameworks/spring/data/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1
--- a/java/ql/test/library-tests/frameworks/spring/data/test.expected
+++ b/java/ql/test/library-tests/frameworks/spring/data/test.expected
--- a/java/ql/test/library-tests/frameworks/spring/data/test.ql
+++ b/java/ql/test/library-tests/frameworks/spring/data/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1`