-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathGuardsInline.ql
More file actions
53 lines (51 loc) · 1.39 KB
/
GuardsInline.ql
File metadata and controls
53 lines (51 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import java
import semmle.code.java.controlflow.Guards
import codeql.util.Boolean
string ppGuard(Guard g, Boolean branch) {
exists(MethodCall mc, Literal s |
mc = g and
mc.getAnArgument() = s and
result = mc.getMethod().getName() + "(" + s.getValue() + ")" + ":" + branch
)
or
exists(BinaryExpr bin |
bin = g and
result =
"'" + bin.getLeftOperand() + " " + bin.getOp() + " " + bin.getRightOperand() + ":" + branch +
"'"
)
or
exists(SwitchCase cc, Expr s, string match, string value |
cc = g and
cc.getSelectorExpr() = s and
(
cc.(ConstCase).getValue().toString() = value
or
cc instanceof DefaultCase and value = "default"
) and
if branch = true then match = ":match " else match = ":non-match "
|
result = "'" + s.toString() + match + value + "'"
)
}
query predicate guarded(MethodCall mc, string guard) {
mc.getMethod().hasName("chk") and
exists(Guard g, BasicBlock bb, boolean branch |
g.controls(bb, branch) and
mc.getBasicBlock() = bb
|
guard = ppGuard(g, branch)
or
not exists(ppGuard(g, branch)) and
guard = g.toString() + ":" + branch
)
or
mc.getMethod().hasName("chk") and
exists(Guard g, BasicBlock bb, GuardValue val |
g.valueControls(bb, val) and
not exists(val.asBooleanValue()) and
mc.getBasicBlock() = bb
|
guard = "'" + g.toString() + ":" + val + "'"
)
}