Improve representation of implicit varargs arrays to more reliably filter out known flow steps.

Max Schaefer · Max Schaefer · commit 02547d38398d · 2024-02-08T13:22:52.000Z
diff --git a/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll b/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll
@@ -35,14 +35,10 @@ newtype TApplicationModeEndpoint =
     arg = DataFlow::getInstanceArgument(call) and
     not call instanceof ConstructorCall
   } or
-  TImplicitVarargsArray(Call call, DataFlow::Node arg, int idx) {
+  TImplicitVarargsArray(Call call, DataFlow::ImplicitVarargsArray arg, int idx) {
     AutomodelJavaUtil::isFromSource(call) and
-    exists(Argument argExpr |
-      arg.asExpr() = argExpr and
-      call.getArgument(idx) = argExpr and
-      argExpr.isVararg() and
-      not exists(int i | i < idx and call.getArgument(i).(Argument).isVararg())
-    )
+    call = arg.getCall() and
+    idx = call.getCallee().getVaragsParameterIndex()
   } or
   TMethodReturnValue(Call call) {
     AutomodelJavaUtil::isFromSource(call) and
diff --git a/java/ql/automodel/test/AutomodelApplicationModeExtraction/Test.java b/java/ql/automodel/test/AutomodelApplicationModeExtraction/Test.java
@@ -40,11 +40,12 @@ public static InputStream getInputStream(Path openPath) throws Exception {
 		); // $ sourceModelCandidate=newInputStream(Path,OpenOption[]):ReturnValue
 	}
 
-	public static InputStream getInputStream(String openPath) throws Exception {
+	public static InputStream getInputStream(String openPath, String otherPath) throws Exception {
 		return Test.getInputStream( // the call is not a source candidate (argument to local call)
 			Paths.get(
-				openPath // $ negativeSinkExample=get(String,String[]):Argument[0] // modeled as a flow step
-			) // $ sourceModelCandidate=get(String,String[]):ReturnValue
+				openPath, // $ negativeSinkExample=get(String,String[]):Argument[0] // modeled as a flow step
+				otherPath
+			) // $ sourceModelCandidate=get(String,String[]):ReturnValue negativeSinkExample=get(String,String[]):Argument[1]
 		);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -40,11 +40,12 @@ public static InputStream getInputStream(Path openPath) throws Exception {`
`40`	`40`	`); // $ sourceModelCandidate=newInputStream(Path,OpenOption[]):ReturnValue`
`41`	`41`	`}`
`42`	`42`
`43`		`- public static InputStream getInputStream(String openPath) throws Exception {`
	`43`	`+ public static InputStream getInputStream(String openPath, String otherPath) throws Exception {`
`44`	`44`	`return Test.getInputStream( // the call is not a source candidate (argument to local call)`
`45`	`45`	`Paths.get(`
`46`		`- openPath // $ negativeSinkExample=get(String,String[]):Argument[0] // modeled as a flow step`
`47`		`- ) // $ sourceModelCandidate=get(String,String[]):ReturnValue`
	`46`	`+ openPath, // $ negativeSinkExample=get(String,String[]):Argument[0] // modeled as a flow step`
	`47`	`+ otherPath`
	`48`	`+ ) // $ sourceModelCandidate=get(String,String[]):ReturnValue negativeSinkExample=get(String,String[]):Argument[1]`
`48`	`49`	`);`
`49`	`50`	`}`
`50`	`51`