hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify handling of tainting fields

Browse Source
This commit is contained in:
Benjamin Muskalla
2021-11-15 16:40:09 +01:00
parent d7ed325b3f
commit fd9199c0c0
1 changed files with 1 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/utils/model-generator/CaptureSummaryModels.ql
View File

@@ -95,10 +95,6 @@ string captureFieldFlow(TargetAPI api) {
) )
} }
class FieldAssignment extends AssignExpr {
FieldAssignment() { exists(Field f | f.getAnAccess() = this.getDest()) }
}
class ParameterToFieldConfig extends TaintTracking::Configuration { class ParameterToFieldConfig extends TaintTracking::Configuration {
ParameterToFieldConfig() { this = "ParameterToFieldConfig" } ParameterToFieldConfig() { this = "ParameterToFieldConfig" }
@@ -112,11 +108,7 @@ class ParameterToFieldConfig extends TaintTracking::Configuration {
} }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(FieldAssignment a | store(node1, _, node2, _)
a.getSource() = node1.asExpr() and
DataFlow::getFieldQualifier(a.getDest()) = node2.(DataFlow::PostUpdateNode).getPreUpdateNode() and
isRelevantType(a.getDest().(FieldAccess).getField().getType())
)
} }
override DataFlow::FlowFeature getAFeature() { override DataFlow::FlowFeature getAFeature() {
@@ -128,8 +120,6 @@ private predicate thisAccess(DataFlow::Node n) {
n.asExpr().(InstanceAccess).isOwnInstanceAccess() n.asExpr().(InstanceAccess).isOwnInstanceAccess()
or or
n.(DataFlow::ImplicitInstanceAccess).getInstanceAccess() instanceof OwnInstanceAccess n.(DataFlow::ImplicitInstanceAccess).getInstanceAccess() instanceof OwnInstanceAccess
or
n.asExpr().(FieldAccess).isOwnFieldAccess()
} }
/** /**