hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
24c9a516c97a2aecdfb51b2c87c287fca36d0646
codeql/java/ql/lib/semmle/code/java/frameworks/Protobuf.qll
Ian Lynagh 7ce9b160d0 Java: Performance tweaks
2022-02-21 17:05:00 +00:00

68 lines
2.1 KiB
Plaintext
Raw Blame History

/**
* Provides classes and predicates for working with the Protobuf framework.
*/
import java
import semmle.code.java.dataflow.FlowSteps
/**
* The interface `com.google.protobuf.Parser`.
*/
class ProtobufParser extends Interface {
ProtobufParser() { this.hasQualifiedName("com.google.protobuf", "Parser") }
/**
* Gets a method named `parseFrom` (or similar) declared on a subtype of `com.google.protobuf.Parser`.
*/
Method getAParseFromMethod() {
result.getDeclaringType().getAnAncestor().getSourceDeclaration() = this and
result.getName().matches("parse%From")
}
}
/**
* The interface `com.google.protobuf.MessageLite`.
*/
class ProtobufMessageLite extends Interface {
ProtobufMessageLite() { this.hasQualifiedName("com.google.protobuf", "MessageLite") }
/**
* Gets a static method named `parseFrom` (or similar) declared on a subtype of the `MessageLite` interface.
*/
Method getAParseFromMethod() {
result = this.getASubtype+().getAMethod() and
result.getName().matches("parse%From") and
result.isStatic()
}
/**
* Gets a getter method declared on a subtype of the `MessageLite` interface.
*/
Method getAGetterMethod() {
exists(RefType decl | decl = result.getDeclaringType() and decl = this.getASubtype+() |
exists(string name, string suffix | suffix = ["", "list", "map", "ordefault", "orthrow"] |
exists(Field f | f.getDeclaringType() = decl |
f.getName().toLowerCase().replaceAll("_", "") = name
) and
result.getName().toLowerCase() = "get" + name + suffix
)
)
}
}
private class TaintPreservingGetterMethod extends TaintPreservingCallable {
TaintPreservingGetterMethod() { this = any(ProtobufMessageLite p).getAGetterMethod() }
override predicate returnsTaintFrom(int arg) { arg = -1 }
}
private class TaintPreservingParseFromMethod extends TaintPreservingCallable {
TaintPreservingParseFromMethod() {
exists(ProtobufParser p | this = p.getAParseFromMethod())
or
exists(ProtobufMessageLite m | this = m.getAParseFromMethod())
}
override predicate returnsTaintFrom(int arg) { arg = 0 }
}
Reference in New Issue View Git Blame Copy Permalink