Java/C++/C#: Address review comments and fix test.

2026-02-28 21:03:50 +01:00 · 2019-10-02 14:28:54 +02:00
parent f97958296d
commit f87cb4d6ac
10 changed files with 132 additions and 3 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -34,6 +34,16 @@ private module ImplCommon {
      )
    }

+    /*
+     * The `FlowThrough_*` modules take a `step` relation as input and provide
+     * an `argumentValueFlowsThrough` relation as output.
+     *
+     * `FlowThrough_v1` includes just `simpleLocalFlowStep`, which is then used
+     * to detect getters and setters.
+     * `FlowThrough_v2` then includes a little bit of local field flow on top
+     * of `simpleLocalFlowStep`.
+     */
+
    private module FlowThrough_v1 {
      private predicate step = simpleLocalFlowStep/2;

@@ -233,6 +243,11 @@ private module ImplCommon {
      FlowThrough_v1::argumentValueFlowsThrough(node1, node2, _)
    }

+    /**
+     * Holds if `p` can flow to `node` in the same callable allowing local flow
+     * steps and value flow through methods. Call contexts are only accounted
+     * for in the nested calls.
+     */
    private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
      p = node
      or