hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Covered copyOfRange() and clone() in ArrayUpdate

Browse Source
This commit is contained in:
Fosstars
2021-08-14 13:25:46 +02:00
parent d218813320
commit e2dc9753ac
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
View File

@@ -51,7 +51,7 @@ private class ArrayUpdate extends Expr {
)
or
exists(StaticMethodAccess ma |
ma.getMethod().hasQualifiedName("java.util", "Arrays", "copyOf") and
ma.getMethod().hasQualifiedName("java.util", "Arrays", ["copyOf", "copyOfRange"]) and
ma = this and
ma = array
)
@@ -66,6 +66,10 @@ private class ArrayUpdate extends Expr {
m.hasQualifiedName("java.security", "SecureRandom", "nextBytes") or
m.hasQualifiedName("java.util", "Random", "nextBytes")
)
or
exists(MethodAccess ma, Method m | m = ma.getMethod() |
m.getDeclaringType().hasName("byte[]") and m.hasName("clone") and ma = this and ma = array
)
}
/** Returns the updated array. */