-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathdfg.ql
More file actions
31 lines (25 loc) · 879 Bytes
/
dfg.ql
File metadata and controls
31 lines (25 loc) · 879 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import java
import semmle.code.java.controlflow.Guards
import semmle.code.java.dataflow.DataFlow
private predicate isSafe(Guard g, Expr checked, boolean branch) {
exists(MethodCall mc | g = mc |
mc.getMethod().hasName("isSafe") and
checked = mc.getAnArgument() and
branch = true
)
}
module TestConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.asExpr() = any(MethodCall mc | mc.getMethod().getName() = "source")
}
predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(MethodCall mc | mc.getMethod().getName() = "sink").getAnArgument()
}
predicate isBarrier(DataFlow::Node node) {
node = DataFlow::BarrierGuard<isSafe/3>::getABarrierNode()
}
}
module Flow = DataFlow::Global<TestConfig>;
from DataFlow::Node source, DataFlow::Node sink
where Flow::flow(source, sink)
select source, sink