hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add backward dataflow edges through fluent function invocations.

Browse Source 
This means that much as obj.getA().setB(...) already has a side-effect on `obj`, all three setters in obj.setA(...).setB(...).setC(...) will have a side-effect on `obj`.
This commit is contained in:
Chris Smowton
2021-02-19 13:59:03 +00:00
parent 37baf77b93
commit fadbb32bd6
5 changed files with 102 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
java/ql/test/library-tests/dataflow/fluent-methods/Test.java Normal file
View File

@@ -0,0 +1,52 @@
package smowton;
public class Test {
private String field;
public Test fluentNoop() {
return this;
}
public Test indirectlyFluentNoop() {
return this.fluentNoop();
}
public Test fluentSet(String x) {
this.field = x;
return this;
}
public static Test identity(Test t) {
return t;
}
public String get() {
return field;
}
public static String source() {
return "taint";
}
public static void sink(String s) {}
public static void test1() {
Test t = new Test();
t.fluentNoop().fluentSet(source()).fluentNoop();
sink(t.get()); // $hasTaintFlow=y
}
public static void test2() {
Test t = new Test();
Test.identity(t).fluentNoop().fluentSet(source()).fluentNoop();
sink(t.get()); // $hasTaintFlow=y
}
public static void test3() {
Test t = new Test();
t.indirectlyFluentNoop().fluentSet(source()).fluentNoop();
sink(t.get()); // $hasTaintFlow=y
}
}