Fluent interface dataflow: support argument-output flow directly declared by the simpleLocalFlowStep relation

This means we will treat fluent interfaces that are modelled the same as those where we determine an argument flows to an output by inspection of the function body.
2026-05-03 12:45:27 +02:00 · 2021-03-01 10:23:38 +00:00
parent 54caf501e7
commit e6b1fe9b5f
1 changed files with 8 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -427,6 +427,14 @@ private module Cached {
      fromPre = fromNode.(PostUpdateNode).getPreUpdateNode() and
      toPre = toNode.(PostUpdateNode).getPreUpdateNode()
    |
+      exists(DataFlowCall c |
+        // Does the language-specific simpleLocalFlowStep already model flow
+        // from function input to output?
+        fromPre = getAnOutNode(c, _) and
+        toPre.(ArgumentNode).argumentOf(c, _) and
+        simpleLocalFlowStep(toPre.(ArgumentNode), fromPre)
+      )
+      or
      argumentValueFlowsThrough(toPre, TReadStepTypesNone(), fromPre)
    )
  }