hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java/C++/C#: Address review comments and fix test.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2019-10-02 14:28:54 +02:00
parent f97958296d
commit f87cb4d6ac
10 changed files with 132 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -34,6 +34,16 @@ private module ImplCommon {
)
}
/*
* The `FlowThrough_*` modules take a `step` relation as input and provide
* an `argumentValueFlowsThrough` relation as output.
*
* `FlowThrough_v1` includes just `simpleLocalFlowStep`, which is then used
* to detect getters and setters.
* `FlowThrough_v2` then includes a little bit of local field flow on top
* of `simpleLocalFlowStep`.
*/
private module FlowThrough_v1 {
private predicate step = simpleLocalFlowStep/2;
@@ -233,6 +243,11 @@ private module ImplCommon {
FlowThrough_v1::argumentValueFlowsThrough(node1, node2, _)
}
/**
* Holds if `p` can flow to `node` in the same callable allowing local flow
* steps and value flow through methods. Call contexts are only accounted
* for in the nested calls.
*/
private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
p = node
or

15
cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -34,6 +34,16 @@ private module ImplCommon {
)
}
/*
* The `FlowThrough_*` modules take a `step` relation as input and provide
* an `argumentValueFlowsThrough` relation as output.
*
* `FlowThrough_v1` includes just `simpleLocalFlowStep`, which is then used
* to detect getters and setters.
* `FlowThrough_v2` then includes a little bit of local field flow on top
* of `simpleLocalFlowStep`.
*/
private module FlowThrough_v1 {
private predicate step = simpleLocalFlowStep/2;
@@ -233,6 +243,11 @@ private module ImplCommon {
FlowThrough_v1::argumentValueFlowsThrough(node1, node2, _)
}
/**
* Holds if `p` can flow to `node` in the same callable allowing local flow
* steps and value flow through methods. Call contexts are only accounted
* for in the nested calls.
*/
private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
p = node
or

2
csharp/ql/src/semmle/code/csharp/Caching.qll
View File

@@ -50,7 +50,7 @@ module Stages {
cached
module DataFlowStage {
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon::Public
private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
cached

15
csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -34,6 +34,16 @@ private module ImplCommon {
)
}
/*
* The `FlowThrough_*` modules take a `step` relation as input and provide
* an `argumentValueFlowsThrough` relation as output.
*
* `FlowThrough_v1` includes just `simpleLocalFlowStep`, which is then used
* to detect getters and setters.
* `FlowThrough_v2` then includes a little bit of local field flow on top
* of `simpleLocalFlowStep`.
*/
private module FlowThrough_v1 {
private predicate step = simpleLocalFlowStep/2;
@@ -233,6 +243,11 @@ private module ImplCommon {
FlowThrough_v1::argumentValueFlowsThrough(node1, node2, _)
}
/**
* Holds if `p` can flow to `node` in the same callable allowing local flow
* steps and value flow through methods. Call contexts are only accounted
* for in the nested calls.
*/
private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
p = node
or

1
csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -3,7 +3,6 @@ private import cil
private import dotnet
private import DataFlowPublic
private import DataFlowDispatch
private import DataFlowImplCommon
private import ControlFlowReachability
private import DelegateDataFlow
private import semmle.code.csharp.Caching

1
csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -1,6 +1,5 @@
private import csharp
private import TaintTrackingPublic
private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
private import semmle.code.csharp.dataflow.internal.ControlFlowReachability
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow

15
java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -34,6 +34,16 @@ private module ImplCommon {
)
}
/*
* The `FlowThrough_*` modules take a `step` relation as input and provide
* an `argumentValueFlowsThrough` relation as output.
*
* `FlowThrough_v1` includes just `simpleLocalFlowStep`, which is then used
* to detect getters and setters.
* `FlowThrough_v2` then includes a little bit of local field flow on top
* of `simpleLocalFlowStep`.
*/
private module FlowThrough_v1 {
private predicate step = simpleLocalFlowStep/2;
@@ -233,6 +243,11 @@ private module ImplCommon {
FlowThrough_v1::argumentValueFlowsThrough(node1, node2, _)
}
/**
* Holds if `p` can flow to `node` in the same callable allowing local flow
* steps and value flow through methods. Call contexts are only accounted
* for in the nested calls.
*/
private predicate parameterValueFlowNoCtx(ParameterNode p, Node node) {
p = node
or

51
java/ql/test/library-tests/dataflow/gettersetter/A.java Normal file
View File

@@ -0,0 +1,51 @@
public class A {
int foo;
int getFoo() {
return this.foo;
}
void setFoo(int x) {
this.foo = x;
}
static A withFoo(int x) {
A a = new A();
a.foo = x;
return a;
}
static void run() {
A a = new A();
a.setFoo(1);
int x = a.getFoo();
A a2 = withFoo(2);
x = a.aGetter();
x = a2.notAGetter();
}
static class C1 {
A maybeId(A a) {
return a;
}
}
static class C2 extends C1 {
@Override
A maybeId(A a) {
return new A();
}
}
static A maybeIdWrap(A a, C1 c) {
return c.maybeId(a);
}
int aGetter() {
return maybeIdWrap(this, new C1()).foo;
}
int notAGetter() {
return maybeIdWrap(this, new C2()).foo;
}
}

9
java/ql/test/library-tests/dataflow/gettersetter/gettersetter.expected Normal file
View File

@@ -0,0 +1,9 @@
| Read | A.java:5:12:5:15 | this | A.java:5:12:5:19 | this.foo | A.java:2:7:2:9 | foo |
| Read | A.java:21:13:21:13 | a | A.java:21:13:21:22 | getFoo(...) | A.java:2:7:2:9 | foo |
| Read | A.java:23:9:23:9 | a | A.java:23:9:23:19 | aGetter(...) | A.java:2:7:2:9 | foo |
| Read | A.java:45:12:45:38 | maybeIdWrap(...) | A.java:45:12:45:42 | maybeIdWrap(...).foo | A.java:2:7:2:9 | foo |
| Read | A.java:49:12:49:38 | maybeIdWrap(...) | A.java:49:12:49:42 | maybeIdWrap(...).foo | A.java:2:7:2:9 | foo |
| Store | A.java:9:16:9:16 | x | A.java:9:5:9:8 | this [post update] | A.java:2:7:2:9 | foo |
| Store | A.java:14:13:14:13 | x | A.java:14:5:14:5 | a [post update] | A.java:2:7:2:9 | foo |
| Store | A.java:20:14:20:14 | 1 | A.java:20:5:20:5 | a [post update] | A.java:2:7:2:9 | foo |
| Store | A.java:22:20:22:20 | 2 | A.java:22:12:22:21 | withFoo(...) | A.java:2:7:2:9 | foo |

11
java/ql/test/library-tests/dataflow/gettersetter/gettersetter.ql Normal file
View File

@@ -0,0 +1,11 @@
import java
import semmle.code.java.dataflow.internal.DataFlowImplCommon::Public
import semmle.code.java.dataflow.internal.DataFlowImplSpecific::Public
import semmle.code.java.dataflow.internal.DataFlowImplSpecific::Private
from Node n1, Content f, Node n2, string k
where
read(n1, f, n2) and k = "Read"
or
store(n1, f, n2) and k = "Store"
select k, n1, n2, f