Java: Restrict use-use flow

2026-04-29 10:45:15 +02:00 · 2021-09-29 20:22:21 +02:00
parent a1511e13d8
commit ec5d8ab2db
2 changed files with 5 additions and 6 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -139,11 +139,7 @@ predicate readStep(Node node1, Content f, Node node2) {
 */
 predicate clearsContent(Node n, Content c) {
  c instanceof FieldContent and
-  (
-    n = any(PostUpdateNode pun | storeStep(_, c, pun)).getPreUpdateNode()
-    or
-    FlowSummaryImpl::Private::Steps::summaryStoresIntoArg(c, n)
-  )
+  n = any(PostUpdateNode pun | storeStep(_, c, pun)).getPreUpdateNode()
  or
  FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c)
 }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -101,6 +101,8 @@ predicate hasNonlocalValue(FieldRead fr) {
 predicate localFlowStep(Node node1, Node node2) {
  simpleLocalFlowStep(node1, node2)
  or
+  adjacentUseUse(node1.asExpr(), node2.asExpr())
+  or
  // Simple flow through library code is included in the exposed local
  // step relation, even though flow is technically inter-procedural
  FlowSummaryImpl::Private::Steps::summaryThroughStep(node1, node2, true)
@@ -131,7 +133,8 @@ predicate simpleLocalFlowStep(Node node1, Node node2) {
  adjacentUseUse(node1.asExpr(), node2.asExpr()) and
  not exists(FieldRead fr |
    hasNonlocalValue(fr) and fr.getField().isStatic() and fr = node1.asExpr()
-  )
+  ) and
+  not FlowSummaryImpl::Private::Steps::summaryClearsContentArg(node1, _)
  or
  ThisFlow::adjacentThisRefs(node1, node2)
  or