mirror of
https://github.com/github/codeql.git
synced 2026-02-23 18:33:42 +01:00
135 lines
4.3 KiB
Plaintext
135 lines
4.3 KiB
Plaintext
/**
|
|
* Provides classes and predicates for defining flow summaries.
|
|
*/
|
|
|
|
import java
|
|
private import internal.FlowSummaryImpl as Impl
|
|
private import internal.DataFlowUtil
|
|
|
|
deprecated class SummaryComponent = Impl::Private::SummaryComponent;
|
|
|
|
deprecated module SummaryComponent = Impl::Private::SummaryComponent;
|
|
|
|
deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
|
|
|
|
deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
|
|
|
|
/** A synthetic callable with a set of concrete call sites and a flow summary. */
|
|
abstract class SyntheticCallable extends string {
|
|
bindingset[this]
|
|
SyntheticCallable() { any() }
|
|
|
|
/** Gets a call that targets this callable. */
|
|
abstract Call getACall();
|
|
|
|
/**
|
|
* Holds if data may flow from `input` to `output` through this callable.
|
|
*
|
|
* See `SummarizedCallable::propagatesFlow` for details.
|
|
*/
|
|
abstract predicate propagatesFlow(string input, string output, boolean preservesValue);
|
|
|
|
/**
|
|
* Gets the type of the parameter at the specified position with -1 indicating
|
|
* the instance parameter. If no types are provided then the types default to
|
|
* `Object`.
|
|
*/
|
|
Type getParameterType(int pos) { none() }
|
|
|
|
/**
|
|
* Gets the return type of this callable. If no type is provided then the type
|
|
* defaults to `Object`.
|
|
*/
|
|
Type getReturnType() { none() }
|
|
}
|
|
|
|
/**
|
|
* A module for importing frameworks that define synthetic callables.
|
|
*/
|
|
private module SyntheticCallables {
|
|
private import semmle.code.java.dispatch.WrappedInvocation
|
|
private import semmle.code.java.frameworks.android.Intent
|
|
private import semmle.code.java.frameworks.Stream
|
|
}
|
|
|
|
private newtype TSummarizedCallableBase =
|
|
TSimpleCallable(Callable c) { c.isSourceDeclaration() } or
|
|
TSyntheticCallable(SyntheticCallable c)
|
|
|
|
/**
|
|
* A callable that may have a flow summary. This is either a regular `Callable`
|
|
* or a `SyntheticCallable`.
|
|
*/
|
|
class SummarizedCallableBase extends TSummarizedCallableBase {
|
|
/** Gets a textual representation of this callable. */
|
|
string toString() { result = this.asCallable().toString() or result = this.asSyntheticCallable() }
|
|
|
|
/** Gets the source location for this callable. */
|
|
Location getLocation() {
|
|
result = this.asCallable().getLocation()
|
|
or
|
|
result.hasLocationInfo("", 0, 0, 0, 0) and
|
|
this instanceof TSyntheticCallable
|
|
}
|
|
|
|
/** Gets this callable cast as a `Callable`. */
|
|
Callable asCallable() { this = TSimpleCallable(result) }
|
|
|
|
/** Gets this callable cast as a `SyntheticCallable`. */
|
|
SyntheticCallable asSyntheticCallable() { this = TSyntheticCallable(result) }
|
|
|
|
/** Gets a call that targets this callable. */
|
|
Call getACall() {
|
|
result.getCallee().getSourceDeclaration() = this.asCallable()
|
|
or
|
|
result = this.asSyntheticCallable().getACall()
|
|
}
|
|
|
|
/**
|
|
* Gets the type of the parameter at the specified position with -1 indicating
|
|
* the instance parameter.
|
|
*/
|
|
Type getParameterType(int pos) {
|
|
result = this.asCallable().getParameterType(pos)
|
|
or
|
|
pos = -1 and result = this.asCallable().getDeclaringType()
|
|
or
|
|
result = this.asSyntheticCallable().getParameterType(pos)
|
|
or
|
|
exists(SyntheticCallable sc, Impl::Private::SummaryNode p | sc = this.asSyntheticCallable() |
|
|
Impl::Private::summaryParameterNode(p, pos) and
|
|
this = p.getSummarizedCallable() and
|
|
not exists(sc.getParameterType(pos)) and
|
|
result instanceof TypeObject
|
|
)
|
|
}
|
|
|
|
/** Gets the return type of this callable. */
|
|
Type getReturnType() {
|
|
result = this.asCallable().getReturnType()
|
|
or
|
|
exists(SyntheticCallable sc | sc = this.asSyntheticCallable() |
|
|
result = sc.getReturnType()
|
|
or
|
|
not exists(sc.getReturnType()) and
|
|
result instanceof TypeObject
|
|
)
|
|
}
|
|
}
|
|
|
|
class Provenance = Impl::Public::Provenance;
|
|
|
|
class SummarizedCallable = Impl::Public::SummarizedCallable;
|
|
|
|
/**
|
|
* An adapter class to add the flow summaries specified on `SyntheticCallable`
|
|
* to `SummarizedCallable`.
|
|
*/
|
|
private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable {
|
|
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
|
|
this.asSyntheticCallable().propagatesFlow(input, output, preservesValue)
|
|
}
|
|
}
|
|
|
|
deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
|