Avoid certain test sources in models

Benjamin Muskalla · Benjamin Muskalla · commit 060862ab3bb2 · 2021-11-10T16:30:21.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSinkModels.ql b/java/ql/src/utils/model-generator/CaptureSinkModels.ql
@@ -12,10 +12,10 @@ import semmle.code.java.dataflow.ExternalFlow
 import ModelGeneratorUtils
 
 class PropagateToSinkConfiguration extends TaintTracking::Configuration {
-  PropagateToSinkConfiguration() { this = "public methods calling sinks" }
+  PropagateToSinkConfiguration() { this = "parameters on public api flowing into sinks" }
 
   override predicate isSource(DataFlow::Node source) {
-    source.asParameter().getCallable().isPublic()
+    source instanceof DataFlow::ParameterNode and source.asParameter().getCallable().isPublic() and source.asParameter().getCallable().getDeclaringType().isPublic()
   }
 
   override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
@@ -29,7 +29,7 @@ string captureSink(Callable api) {
   exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
     config.hasFlow(src, sink) and
     sinkNode(sink, kind) and
-    api = src.asParameter().getCallable() and
+    api = src.getEnclosingCallable() and
     result = asSinkModel(api, asInputArgument(src), kind)
   )
 }
diff --git a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -60,5 +60,6 @@ string parameterAccess(Parameter p) {
 
 predicate isInTestFile(Callable api) {
   api.getCompilationUnit().getFile().getAbsolutePath().matches("%src/test/%") or
-  api.getCompilationUnit().getFile().getAbsolutePath().matches("%src/guava-tests/%")
+  api.getCompilationUnit().getFile().getAbsolutePath().matches("%/guava-tests/%") or
+  api.getCompilationUnit().getFile().getAbsolutePath().matches("%/guava-testlib/%")
 }

Original file line number	Diff line number	Diff line change
`@@ -12,10 +12,10 @@ import semmle.code.java.dataflow.ExternalFlow`
`12`	`12`	`import ModelGeneratorUtils`
`13`	`13`
`14`	`14`	`class PropagateToSinkConfiguration extends TaintTracking::Configuration {`
`15`		`- PropagateToSinkConfiguration() { this = "public methods calling sinks" }`
	`15`	`+ PropagateToSinkConfiguration() { this = "parameters on public api flowing into sinks" }`
`16`	`16`
`17`	`17`	`override predicate isSource(DataFlow::Node source) {`
`18`		`- source.asParameter().getCallable().isPublic()`
	`18`	`+ source instanceof DataFlow::ParameterNode and source.asParameter().getCallable().isPublic() and source.asParameter().getCallable().getDeclaringType().isPublic()`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }`
`@@ -29,7 +29,7 @@ string captureSink(Callable api) {`
`29`	`29`	`exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind \|`
`30`	`30`	`config.hasFlow(src, sink) and`
`31`	`31`	`sinkNode(sink, kind) and`
`32`		`- api = src.asParameter().getCallable() and`
	`32`	`+ api = src.getEnclosingCallable() and`
`33`	`33`	`result = asSinkModel(api, asInputArgument(src), kind)`
`34`	`34`	`)`
`35`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,5 +60,6 @@ string parameterAccess(Parameter p) {`
`60`	`60`
`61`	`61`	`predicate isInTestFile(Callable api) {`
`62`	`62`	`api.getCompilationUnit().getFile().getAbsolutePath().matches("%src/test/%") or`
`63`		`- api.getCompilationUnit().getFile().getAbsolutePath().matches("%src/guava-tests/%")`
	`63`	`+ api.getCompilationUnit().getFile().getAbsolutePath().matches("%/guava-tests/%") or`
	`64`	`+ api.getCompilationUnit().getFile().getAbsolutePath().matches("%/guava-testlib/%")`
`64`	`65`	`}`