From f4b9efcdce2a1479377bbc683031e00cc872966a Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 7 Nov 2025 10:52:38 +0100 Subject: [PATCH] Java: Replace getAUse with getARead. --- .../lib/semmle/code/java/dataflow/NullGuards.qll | 16 ++++++++-------- .../lib/semmle/code/java/dataflow/Nullness.qll | 14 +++++++------- .../semmle/code/java/dataflow/RangeAnalysis.qll | 4 ++-- .../lib/semmle/code/java/dataflow/RangeUtils.qll | 4 ++-- java/ql/lib/semmle/code/java/dataflow/SSA.qll | 4 ++-- .../code/java/dataflow/internal/DataFlowUtil.qll | 2 +- .../internal/rangeanalysis/BoundSpecific.qll | 4 +++- .../rangeanalysis/ModulusAnalysisSpecific.qll | 4 +++- .../rangeanalysis/SignAnalysisSpecific.qll | 2 +- .../rangeanalysis/SsaReadPositionSpecific.qll | 4 ++-- .../java/security/NumericCastTaintedQuery.qll | 8 ++++---- .../lib/semmle/code/java/security/Validation.qll | 6 +++--- .../Collections/ArrayIndexOutOfBounds.ql | 8 ++++---- .../Comparison/UselessComparisonTest.ql | 16 ++++++++-------- .../Comparison/UselessComparisonTest.qll | 14 +++++++------- .../Likely Typos/ContradictoryTypeChecks.ql | 6 +++--- .../Termination/ConstantLoopCondition.ql | 6 +++--- .../CWE/CWE-470/LoadClassNoSignatureCheck.ql | 6 +++--- java/ql/test/library-tests/ssa-large/countssa.ql | 4 ++-- java/ql/test/library-tests/ssa/ssaUse.ql | 6 +++--- 20 files changed, 71 insertions(+), 67 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll index 8bf95a6a40c..5928960ea24 100644 --- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll +++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll @@ -26,9 +26,9 @@ Expr enumConstEquality(Expr e, boolean polarity, EnumConstant c) { } /** Gets an instanceof expression of `v` with type `type` */ -InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) { +InstanceOfExpr instanceofExpr(SsaDefinition v, RefType type) { result.getCheckedType() = type and - result.getExpr() = v.getAUse() + result.getExpr() = v.getARead() } /** @@ -37,8 +37,8 @@ InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) { * * Note this includes Kotlin's `==` and `!=` operators, which are value-equality tests. */ -EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) { - result.hasOperands(v1.getAUse(), v2.getAUse()) and +EqualityTest varEqualityTestExpr(SsaDefinition v1, SsaDefinition v2, boolean isEqualExpr) { + result.hasOperands(v1.getARead(), v2.getARead()) and isEqualExpr = result.polarity() } @@ -91,18 +91,18 @@ Expr clearlyNotNullExpr(Expr reason) { (reason = r1 or reason = r2) ) or - exists(SsaVariable v, boolean branch, VarRead rval, Guard guard | + exists(SsaDefinition v, boolean branch, VarRead rval, Guard guard | guard = directNullGuard(v, branch, false) and guard.controls(rval.getBasicBlock(), branch) and reason = guard and - rval = v.getAUse() and + rval = v.getARead() and result = rval and not result = baseNotNullExpr() ) or - exists(SsaVariable v | + exists(SsaDefinition v | clearlyNotNull(v, reason) and - result = v.getAUse() and + result = v.getARead() and not result = baseNotNullExpr() ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll index 29ba9dbe0a3..f2b8f336d09 100644 --- a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll +++ b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll @@ -179,9 +179,9 @@ private Expr nonEmptyExpr() { // An array creation with a known positive size is trivially non-empty. result.(ArrayCreationExpr).getFirstDimensionSize() > 0 or - exists(SsaVariable v | + exists(SsaDefinition v | // A use of an array variable is non-empty if... - result = v.getAUse() and + result = v.getARead() and v.getSourceVariable().getType() instanceof Array | // ...its definition is non-empty... @@ -192,13 +192,13 @@ private Expr nonEmptyExpr() { cond.controls(result.getBasicBlock(), branch) and cond.getCondition() = nonZeroGuard(length, branch) and length.getField().hasName("length") and - length.getQualifier() = v.getAUse() + length.getQualifier() = v.getARead() ) ) or - exists(SsaVariable v | + exists(SsaDefinition v | // A use of a Collection variable is non-empty if... - result = v.getAUse() and + result = v.getARead() and v.getSourceVariable().getType() instanceof CollectionType and exists(ConditionBlock cond, boolean branch, Expr c | // ...it is guarded by a condition... @@ -216,13 +216,13 @@ private Expr nonEmptyExpr() { // ...and the condition proves that it is non-empty, either by using the `isEmpty` method... c.(MethodCall).getMethod().hasName("isEmpty") and branch = false and - c.(MethodCall).getQualifier() = v.getAUse() + c.(MethodCall).getQualifier() = v.getARead() or // ...or a check on its `size`. exists(MethodCall size | c = nonZeroGuard(size, branch) and size.getMethod().hasName("size") and - size.getQualifier() = v.getAUse() + size.getQualifier() = v.getARead() ) ) ) diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll index 72ce0e1947e..ac43590e4dc 100644 --- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll +++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll @@ -242,10 +242,10 @@ module Sem implements Semantic { Type getSsaType(SsaVariable var) { result = var.getSourceVariable().getType() } - final private class FinalSsaVariable = SSA::SsaVariable; + final private class FinalSsaVariable = SSA::SsaDefinition; class SsaVariable extends FinalSsaVariable { - Expr getAUse() { result = super.getAUse() } + Expr getAUse() { result = super.getARead() } } class SsaPhiNode extends SsaVariable instanceof SSA::SsaPhiDefinition { diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll index ea1ccb424c5..14b4292db38 100644 --- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll +++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll @@ -74,9 +74,9 @@ ArrayCreationExpr getArrayDef(SsaVariable v) { * `arrlen` without going through a back edge. */ private predicate arrayLengthDef(FieldRead arrlen, ArrayCreationExpr def) { - exists(SsaVariable arr | + exists(SsaDefinition arr | arrlen.getField() instanceof ArrayLengthField and - arrlen.getQualifier() = arr.getAUse() and + arrlen.getQualifier() = arr.getARead() and def = getArrayDef(arr) ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/SSA.qll b/java/ql/lib/semmle/code/java/dataflow/SSA.qll index 520f2a294f4..5d0214b6357 100644 --- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll @@ -417,8 +417,8 @@ private class RefTypeCastingExpr extends CastingExpr { * * The `VarAccess` represents the access to `v` that `result` has the same value as. */ -Expr sameValue(SsaVariable v, VarAccess va) { - result = v.getAUse() and result = va +Expr sameValue(SsaDefinition v, VarAccess va) { + result = v.getARead() and result = va or result.(AssignExpr).getDest() = va and result = v.(SsaExplicitWrite).getDefiningExpr() or diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index 32307de49ce..a06ca9a6a3f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -99,7 +99,7 @@ predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2) * updates. */ predicate hasNonlocalValue(FieldRead fr) { - not exists(SsaVariable v | v.getAUse() = fr) + not exists(SsaDefinition v | v.getARead() = fr) or exists(SsaDefinition v, SsaDefinition def | v.getARead() = fr and def = v.getAnUltimateDefinition() diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll index a1c690b7df4..3ed92f4c551 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll @@ -8,7 +8,9 @@ private import java as J private import semmle.code.java.dataflow.SSA as Ssa private import semmle.code.java.dataflow.RangeUtils as RU -class SsaVariable = Ssa::SsaVariable; +class SsaVariable extends Ssa::SsaDefinition { + Expr getAUse() { result = super.getARead() } +} class Expr = J::Expr; diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll index bb084b46917..e0968c9cf17 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll @@ -11,7 +11,9 @@ module Private { class BasicBlock = BB::BasicBlock; - class SsaVariable = Ssa::SsaVariable; + class SsaVariable extends Ssa::SsaDefinition { + Expr getAUse() { result = super.getARead() } + } class SsaPhiNode = Ssa::SsaPhiDefinition; diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll index 292dfb9e2fa..8abbabe6d7a 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll @@ -324,7 +324,7 @@ private module Impl { result = e.(CastingExpr).getExpr() } - Expr getARead(SsaVariable v) { result = v.getAUse() } + Expr getARead(SsaDefinition v) { result = v.getARead() } Field getField(FieldAccess fa) { result = fa.getField() } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll index 6bf768da44b..f826f192dca 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll @@ -8,14 +8,14 @@ private import semmle.code.java.dataflow.SSA as Ssa private import semmle.code.java.controlflow.BasicBlocks as BB private import SsaReadPositionCommon -class SsaVariable = Ssa::SsaVariable; +class SsaVariable = Ssa::SsaDefinition; class SsaPhiNode = Ssa::SsaPhiDefinition; class BasicBlock = BB::BasicBlock; /** Gets a basic block in which SSA variable `v` is read. */ -BasicBlock getAReadBasicBlock(SsaVariable v) { result = v.getAUse().getBasicBlock() } +BasicBlock getAReadBasicBlock(SsaVariable v) { result = v.getARead().getBasicBlock() } private predicate id(BB::ExprParent x, BB::ExprParent y) { x = y } diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll index 841ff4f8515..4b2d7709fbd 100644 --- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll @@ -46,14 +46,14 @@ class RightShiftOp extends Expr { } private predicate boundedRead(VarRead read) { - exists(SsaVariable v, ConditionBlock cb, ComparisonExpr comp, boolean testIsTrue | - read = v.getAUse() and + exists(SsaDefinition v, ConditionBlock cb, ComparisonExpr comp, boolean testIsTrue | + read = v.getARead() and cb.controls(read.getBasicBlock(), testIsTrue) and cb.getCondition() = comp | - comp.getLesserOperand() = v.getAUse() and testIsTrue = true + comp.getLesserOperand() = v.getARead() and testIsTrue = true or - comp.getGreaterOperand() = v.getAUse() and testIsTrue = false + comp.getGreaterOperand() = v.getARead() and testIsTrue = false ) } diff --git a/java/ql/lib/semmle/code/java/security/Validation.qll b/java/ql/lib/semmle/code/java/security/Validation.qll index 69f57474317..51b8defb5ec 100644 --- a/java/ql/lib/semmle/code/java/security/Validation.qll +++ b/java/ql/lib/semmle/code/java/security/Validation.qll @@ -32,9 +32,9 @@ private predicate validationCall(MethodCall ma, VarAccess va) { } private predicate validatedAccess(VarAccess va) { - exists(SsaVariable v, MethodCall guardcall | - va = v.getAUse() and - validationCall(guardcall, v.getAUse()) + exists(SsaDefinition v, MethodCall guardcall | + va = v.getARead() and + validationCall(guardcall, v.getARead()) | guardcall.(Guard).controls(va.getBasicBlock(), _) or diff --git a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql index 845aae01a3e..701084ac794 100644 --- a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +++ b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql @@ -19,10 +19,10 @@ import semmle.code.java.dataflow.RangeUtils import semmle.code.java.dataflow.RangeAnalysis pragma[nomagic] -predicate ssaArrayLengthBound(SsaVariable arr, Bound b) { +predicate ssaArrayLengthBound(SsaDefinition arr, Bound b) { exists(FieldAccess len | len.getField() instanceof ArrayLengthField and - len.getQualifier() = arr.getAUse() and + len.getQualifier() = arr.getARead() and b.getExpr() = len ) } @@ -31,9 +31,9 @@ predicate ssaArrayLengthBound(SsaVariable arr, Bound b) { * Holds if the index expression of `aa` is less than or equal to the array length plus `k`. */ predicate boundedArrayAccess(ArrayAccess aa, int k) { - exists(SsaVariable arr, Expr index, Bound b, int delta | + exists(SsaDefinition arr, Expr index, Bound b, int delta | aa.getIndexExpr() = index and - aa.getArray() = arr.getAUse() and + aa.getArray() = arr.getARead() and bounded(index, b, delta, true, _) | ssaArrayLengthBound(arr, b) and diff --git a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql index 32bd1ef20bd..5c2fd94a917 100644 --- a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql +++ b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql @@ -142,22 +142,22 @@ Expr overFlowCand() { predicate positiveOrNegative(Expr e) { positive(e) or negative(e) } /** Gets an expression that equals `v` plus a positive or negative value. */ -Expr increaseOrDecreaseOfVar(SsaVariable v) { +Expr increaseOrDecreaseOfVar(SsaDefinition v) { exists(AssignAddExpr add | result = add and positiveOrNegative(add.getDest()) and - add.getRhs() = v.getAUse() + add.getRhs() = v.getARead() ) or exists(AddExpr add, Expr e | result = add and - add.hasOperands(v.getAUse(), e) and + add.hasOperands(v.getARead(), e) and positiveOrNegative(e) ) or exists(SubExpr sub | result = sub and - sub.getLeftOperand() = v.getAUse() and + sub.getLeftOperand() = v.getARead() and positiveOrNegative(sub.getRightOperand()) ) or @@ -172,7 +172,7 @@ Expr increaseOrDecreaseOfVar(SsaVariable v) { predicate overFlowTest(ComparisonExpr comp) { ( - exists(SsaVariable v | comp.hasOperands(increaseOrDecreaseOfVar(v), v.getAUse())) + exists(SsaDefinition v | comp.hasOperands(increaseOrDecreaseOfVar(v), v.getARead())) or comp.getLesserOperand() = overFlowCand() and comp.getGreaterOperand().(IntegerLiteral).getIntValue() = 0 @@ -195,9 +195,9 @@ predicate concurrentModificationTest(BinaryExpr test) { */ pragma[nomagic] predicate guardedTest(EqualityTest test, Guard guard, boolean isEq, int i1, int i2) { - exists(SsaVariable v, CompileTimeConstantExpr c1, CompileTimeConstantExpr c2 | - guard.isEquality(v.getAUse(), c1, isEq) and - test.hasOperands(v.getAUse(), c2) and + exists(SsaDefinition v, CompileTimeConstantExpr c1, CompileTimeConstantExpr c2 | + guard.isEquality(v.getARead(), c1, isEq) and + test.hasOperands(v.getARead(), c2) and i1 = c1.getIntValue() and i2 = c2.getIntValue() and v.getSourceVariable().getType() instanceof IntegralType diff --git a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll index 2933ae5305e..787cda44807 100644 --- a/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll +++ b/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.qll @@ -27,14 +27,14 @@ class BoundKind extends string { */ predicate uselessTest(ConditionNode s1, BinaryExpr test, boolean testIsTrue) { exists( - ConditionBlock cb, SsaVariable v, BinaryExpr cond, boolean condIsTrue, int k1, int k2, + ConditionBlock cb, SsaDefinition v, BinaryExpr cond, boolean condIsTrue, int k1, int k2, CompileTimeConstantExpr c1, CompileTimeConstantExpr c2 | s1.getCondition() = cond and cb.getCondition() = cond and - cond.hasOperands(v.getAUse(), c1) and + cond.hasOperands(v.getARead(), c1) and c1.getIntValue() = k1 and - test.hasOperands(v.getAUse(), c2) and + test.hasOperands(v.getARead(), c2) and c2.getIntValue() = k2 and v.getSourceVariable().getVariable() instanceof LocalScopeVariable and cb.controls(test.getBasicBlock(), condIsTrue) and @@ -49,7 +49,7 @@ predicate uselessTest(ConditionNode s1, BinaryExpr test, boolean testIsTrue) { ) or exists(ComparisonExpr comp | comp = cond | - comp.getLesserOperand() = v.getAUse() and + comp.getLesserOperand() = v.getARead() and ( condIsTrue = true and boundKind.isUpper() and @@ -60,7 +60,7 @@ predicate uselessTest(ConditionNode s1, BinaryExpr test, boolean testIsTrue) { (if comp.isStrict() then bound = k1 else bound = k1 + 1) ) or - comp.getGreaterOperand() = v.getAUse() and + comp.getGreaterOperand() = v.getARead() and ( condIsTrue = true and boundKind.isLower() and @@ -88,7 +88,7 @@ predicate uselessTest(ConditionNode s1, BinaryExpr test, boolean testIsTrue) { ) or exists(ComparisonExpr comp | comp = test | - comp.getLesserOperand() = v.getAUse() and + comp.getLesserOperand() = v.getARead() and ( boundKind.providesLowerBound() and testIsTrue = false and @@ -107,7 +107,7 @@ predicate uselessTest(ConditionNode s1, BinaryExpr test, boolean testIsTrue) { ) ) or - comp.getGreaterOperand() = v.getAUse() and + comp.getGreaterOperand() = v.getARead() and ( boundKind.providesLowerBound() and testIsTrue = true and diff --git a/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql b/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql index e48eb1f5ce6..8f8d04e6eb2 100644 --- a/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +++ b/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql @@ -37,11 +37,11 @@ predicate requiresInstanceOf(Expr e, VarAccess va, RefType t) { * `v` is not of type `sup`, which is a supertype of `t`. */ predicate contradictoryTypeCheck(Expr e, Variable v, RefType t, RefType sup, Expr cond) { - exists(SsaVariable ssa | + exists(SsaDefinition ssa | ssa.getSourceVariable().getVariable() = v and - requiresInstanceOf(e, ssa.getAUse(), t) and + requiresInstanceOf(e, ssa.getARead(), t) and sup = t.getAnAncestor() and - instanceOfCheck(cond, ssa.getAUse(), sup) and + instanceOfCheck(cond, ssa.getARead(), sup) and cond.(Guard).controls(e.getBasicBlock(), false) and not t instanceof ErrorType and not sup instanceof ErrorType diff --git a/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql b/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql index d4fbc480e1b..bf03191bdac 100644 --- a/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +++ b/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql @@ -75,9 +75,9 @@ where loopWhileTrue(loop) and loopExitGuard(loop, cond) ) and // None of the ssa variables in `cond` are updated inside the loop. - forex(SsaVariable ssa, VarRead use | ssa.getAUse() = use and use.getParent*() = cond | - not ssa.getCfgNode().getEnclosingStmt().getEnclosingStmt*() = loop or - ssa.getCfgNode().asExpr().getParent*() = loop.(ForStmt).getAnInit() + forex(SsaDefinition ssa, VarRead use | ssa.getARead() = use and use.getParent*() = cond | + not ssa.getControlFlowNode().getEnclosingStmt().getEnclosingStmt*() = loop or + ssa.getControlFlowNode().asExpr().getParent*() = loop.(ForStmt).getAnInit() ) and // And `cond` does not use method calls, field reads, or array reads. not exists(MethodCall ma | ma.getParent*() = cond) and diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql b/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql index d328b79f5b1..ddf00714f40 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql @@ -42,9 +42,9 @@ class CheckSignaturesGuard extends Guard instanceof EqualityTest { } predicate signatureChecked(Expr safe) { - exists(CheckSignaturesGuard g, SsaVariable v | - v.getAUse() = g.getCheckedExpr() and - safe = v.getAUse() and + exists(CheckSignaturesGuard g, SsaDefinition v | + v.getARead() = g.getCheckedExpr() and + safe = v.getARead() and g.controls(safe.getBasicBlock(), g.(EqualityTest).polarity()) ) } diff --git a/java/ql/test/library-tests/ssa-large/countssa.ql b/java/ql/test/library-tests/ssa-large/countssa.ql index 8d7b5939c5c..3d07a8dad29 100644 --- a/java/ql/test/library-tests/ssa-large/countssa.ql +++ b/java/ql/test/library-tests/ssa-large/countssa.ql @@ -3,6 +3,6 @@ import semmle.code.java.dataflow.SSA from int uses, int live where - uses = strictcount(SsaVariable ssa, VarRead use | use = ssa.getAUse()) and - live = strictcount(SsaVariable ssa, BasicBlock b | ssa.isLiveAtEndOfBlock(b)) + uses = strictcount(SsaDefinition ssa, VarRead use | use = ssa.getARead()) and + live = strictcount(SsaDefinition ssa, BasicBlock b | ssa.isLiveAtEndOfBlock(b)) select uses, live diff --git a/java/ql/test/library-tests/ssa/ssaUse.ql b/java/ql/test/library-tests/ssa/ssaUse.ql index cab6f47c955..7bcec95cab8 100644 --- a/java/ql/test/library-tests/ssa/ssaUse.ql +++ b/java/ql/test/library-tests/ssa/ssaUse.ql @@ -1,6 +1,6 @@ import java import semmle.code.java.dataflow.SSA -from SsaVariable ssa, SsaSourceVariable v, Expr use -where use = ssa.getAUse() and ssa.getSourceVariable() = v -select v, ssa.getCfgNode(), ssa.toString(), use +from SsaDefinition ssa, SsaSourceVariable v, Expr use +where use = ssa.getARead() and ssa.getSourceVariable() = v +select v, ssa.getControlFlowNode(), ssa.toString(), use