From e2bd792fc2ee4a61d55dac8a7bb593204de81883 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 28 Oct 2021 14:17:21 +0200 Subject: [PATCH] Consider bulk-like data for argument accessors --- java/ql/src/utils/model-generator/CaptureSummaryModels.ql | 4 ---- java/ql/src/utils/model-generator/ModelGeneratorUtils.qll | 8 +++++++- .../utils/model-generator/CaptureSummaryModels.expected | 3 ++- java/ql/test/utils/model-generator/p/ParamFlow.java | 5 +++++ 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql index 08a67b81608..bc9fd73e0de 100644 --- a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql +++ b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql @@ -228,10 +228,6 @@ predicate isRelevantType(Type t) { ) } -predicate isPrimitiveTypeUsedForBulkData(Type t) { - t.getName().regexpMatch("byte|char|Byte|Character") -} - from TargetAPI api, string flow where flow = captureFlow(api) select flow order by flow diff --git a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll index 2154b1f74cb..7192a371ab5 100644 --- a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll +++ b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll @@ -102,10 +102,16 @@ private string typeAsModel(RefType type) { } string parameterAccess(Parameter p) { - if p.getType() instanceof Array + if + p.getType() instanceof Array and + not isPrimitiveTypeUsedForBulkData(p.getType().(Array).getElementType()) then result = "ArrayElement of Argument[" + p.getPosition() + "]" else if p.getType() instanceof ContainerType then result = "Element of Argument[" + p.getPosition() + "]" else result = "Argument[" + p.getPosition() + "]" } + +predicate isPrimitiveTypeUsedForBulkData(Type t) { + t.getName().regexpMatch("byte|char|Byte|Character") +} diff --git a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected index 644fb396a67..ef44f78804a 100644 --- a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected +++ b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected @@ -30,7 +30,8 @@ | p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[1];ReturnValue;taint; | | p;ParamFlow;true;returnVarArgElement;(String[]);;ArrayElement of Argument[0];ReturnValue;taint; | | p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint; | -| p;ParamFlow;true;writeChunked;(byte[],OutputStream);;ArrayElement of Argument[0];Argument[1];taint; | +| p;ParamFlow;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint; | +| p;ParamFlow;true;writeChunked;(char[],OutputStream);;Argument[0];Argument[1];taint; | | p;Pojo;false;fillIn;(List);;Argument[-1];Element of Argument[0];taint; | | p;Pojo;false;getBoxedBytes;();;Argument[-1];ReturnValue;taint; | | p;Pojo;false;getBoxedChars;();;Argument[-1];ReturnValue;taint; | diff --git a/java/ql/test/utils/model-generator/p/ParamFlow.java b/java/ql/test/utils/model-generator/p/ParamFlow.java index 2b2846c1f9e..8b58c377316 100644 --- a/java/ql/test/utils/model-generator/p/ParamFlow.java +++ b/java/ql/test/utils/model-generator/p/ParamFlow.java @@ -51,6 +51,11 @@ public class ParamFlow { throws IOException { output.write(data, 0, data.length); } + + public void writeChunked(char[] data, OutputStream output) + throws IOException { + output.write(String.valueOf(data).getBytes(), 0, data.length); + } public void addTo(String data, List target) { target.add(data);