mirror of
https://github.com/github/codeql.git
synced 2025-12-24 04:36:35 +01:00
Use ArrayElement of in flow step specifications
This commit is contained in:
Joe Farebrother
@@ -118,26 +118,39 @@ private class SqlFlowStep extends SummaryModelCsv {
|
||||
// buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit)
|
||||
// buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit)
|
||||
// buildUnionQuery(String[] subQueries, String sortOrder, String limit)
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[-1..5];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[-1..1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[-1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[1..5];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[-1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[3..6];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[-1..2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[-1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[1..2];ReturnValue;taint",
|
||||
// buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set<String> columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String[] selectionArgs, String groupBy, String having)
|
||||
// buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set<String> columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String groupBy, String having)
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;Argument[-1..2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;Argument[-1..0];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;ArrayElement of Argument[1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;Element of Argument[2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;Argument[4..5];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String[],String,String);;Argument[7..8];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String,String);;Argument[-1..2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String,String);;Argument[-1..0];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String,String);;ArrayElement of Argument[1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String,String);;Element of Argument[2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set<String>,int,String,String,String,String);;Argument[4..7];ReturnValue;taint",
|
||||
// static buildQueryString(boolean distinct, String tables, String[] columns, String where, String groupBy, String having, String orderBy, String limit)
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[1..7];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map<String,String>);;Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[1];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;ArrayElement of Argument[2];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[3..7];ReturnValue;taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map<String,String>);;MapKey of Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map<String,String>);;MapValue of Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;setTables;(String);;Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;appendWhere;(CharSequence);;Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;appendWhereStandalone;(CharSequence);;Argument[0];Argument[-1];taint",
|
||||
"android.database.sqlite;SQLiteQueryBuilder;true;appendColumns;(StringBuilder,String[]);;Argument[1];Argument[0];taint",
|
||||
"android.database;DatabaseUtils;false;appendSelectionArgs;(String[],String[]);;Argument;ReturnValue;taint",
|
||||
"android.database;DatabaseUtils;false;concatenateWhere;(String,String);;Argument;ReturnValue;taint",
|
||||
"android.database;DatabaseUtils;false;appendSelectionArgs;(String[],String[]);;ArrayElement of Argument[0..1];ArrayElement of ReturnValue;taint",
|
||||
"android.database;DatabaseUtils;false;concatenateWhere;(String,String);;Argument[0..1];ReturnValue;taint",
|
||||
"android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint",
|
||||
"android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[0];ReturnValue;taint",
|
||||
"android.content;ContentResolver;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint",
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.HashSet;
|
||||
import java.util.HashMap;
|
||||
|
||||
import android.content.ContentProvider;
|
||||
import android.content.ContentResolver;
|
||||
@@ -26,10 +28,10 @@ public class FlowSteps {
|
||||
// Dummy class to test for sub classes
|
||||
}
|
||||
|
||||
public static String[] appendSelectionArgs() {
|
||||
String[] originalValues = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] newValues = {taint()}; // $ MISSING: taintReachesReturn
|
||||
return DatabaseUtils.appendSelectionArgs(originalValues, newValues);
|
||||
public static String appendSelectionArgs() {
|
||||
String[] originalValues = {taint()}; // $taintReachesReturn
|
||||
String[] newValues = {taint()}; // $taintReachesReturn
|
||||
return DatabaseUtils.appendSelectionArgs(originalValues, newValues)[0];
|
||||
}
|
||||
|
||||
public static String concatenateWhere() {
|
||||
@@ -42,7 +44,7 @@ public class FlowSteps {
|
||||
target = taint();
|
||||
boolean distinct = taint();
|
||||
String tables = taint(); // $taintReachesReturn
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] columns = {taint()}; // $taintReachesReturn
|
||||
String where = taint(); // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
@@ -53,7 +55,7 @@ public class FlowSteps {
|
||||
|
||||
public static String buildQuery(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] projectionIn = {taint()};// $ MISSING: taintReachesReturn
|
||||
String[] projectionIn = {taint()}; // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
@@ -64,9 +66,9 @@ public class FlowSteps {
|
||||
|
||||
public static String buildQuery2(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] projectionIn = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] projectionIn = {taint()}; // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String[] selectionArgs = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
String sortOrder = taint(); // $taintReachesReturn
|
||||
@@ -76,7 +78,7 @@ public class FlowSteps {
|
||||
|
||||
public static String buildUnionQuery(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] subQueries = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] subQueries = {taint()}; // $taintReachesReturn
|
||||
String sortOrder = taint(); // $taintReachesReturn
|
||||
String limit = taint(); // $taintReachesReturn
|
||||
return target.buildUnionQuery(subQueries, sortOrder, limit);
|
||||
@@ -85,12 +87,13 @@ public class FlowSteps {
|
||||
public static String buildUnionSubQuery2(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
String typeDiscriminatorColumn = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $ MISSING: taintReachesReturn
|
||||
Set<String> columnsPresentInTable = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $taintReachesReturn
|
||||
Set<String> columnsPresentInTable = new HashSet();
|
||||
columnsPresentInTable.add(taint()); // $taintReachesReturn
|
||||
int computedColumnsOffset = taint();
|
||||
String typeDiscriminatorValue = taint(); // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String[] selectionArgs = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
return target.buildUnionSubQuery(typeDiscriminatorColumn, unionColumns, columnsPresentInTable,
|
||||
@@ -100,8 +103,9 @@ public class FlowSteps {
|
||||
public static String buildUnionSubQuery3(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
String typeDiscriminatorColumn = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $ MISSING: taintReachesReturn
|
||||
Set<String> columnsPresentInTable = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $taintReachesReturn
|
||||
Set<String> columnsPresentInTable = new HashSet();
|
||||
columnsPresentInTable.add(taint()); // $taintReachesReturn
|
||||
int computedColumnsOffset = taint();
|
||||
String typeDiscriminatorValue = taint(); // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
@@ -151,14 +155,17 @@ public class FlowSteps {
|
||||
|
||||
public static StringBuilder appendColumns() {
|
||||
StringBuilder s = taint(); // $taintReachesReturn
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesReturn
|
||||
String[] columns = {taint()}; // $taintReachesReturn
|
||||
SQLiteQueryBuilder.appendColumns(s, columns);
|
||||
return s;
|
||||
}
|
||||
|
||||
public static SQLiteQueryBuilder setProjectionMap(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $taintReachesReturn
|
||||
Map<String, String> columnMap = taint(); // $taintReachesReturn
|
||||
Map<String, String> columnMap = new HashMap();
|
||||
String k = taint(); // $taintReachesReturn
|
||||
String v = taint(); // $taintReachesReturn
|
||||
columnMap.put(k, v);
|
||||
target.setProjectionMap(columnMap);
|
||||
return target;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user