Capture model for defining interface

Benjamin Muskalla · Benjamin Muskalla · commit 157f56f48a80 · 2021-11-10T16:30:22.000+01:00
Instead of modeling individual implementations, take a more general
approach of reuse dataflows for interfaces defined by a library. This allows
tracking flows across all implementations and aligns better with how we
manually model frameworks. This may have some FPs given all possible flows
are modeled for a specific interface but also covers more scenarios where
we don't know which implementation of an interface is used.
diff --git a/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll b/java/ql/src/utils/model-generator/ModelGeneratorUtils.qll
@@ -69,14 +69,27 @@ string asSourceModel(Callable api, string output, string kind) {
  */
 private string asPartialModel(Callable api) {
   result =
-    api.getCompilationUnit().getPackage().getName() + ";" //
-      + api.getDeclaringType().nestedName() + ";" //
+    asModelName(api) + ";" //
       + isExtensible(api.getDeclaringType()).toString() + ";" //
       + api.getName() + ";" //
       + paramsString(api) + ";" //
       + /* ext + */ ";" //
 }
 
+/**
+ * Returns the appropriate type name for the model. Either the type
+ * declaring the method or the supertype introducing the method.
+ */
+private string asModelName(Callable api) {
+  if api.(Method).getASourceOverriddenMethod().fromSource()
+  then result = typeAsModel(api.(Method).getASourceOverriddenMethod().getDeclaringType())
+  else result = typeAsModel(api.getDeclaringType())
+}
+
+private string typeAsModel(RefType type) {
+  result = type.getCompilationUnit().getPackage().getName() + ";" + type.nestedName()
+}
+
 string parameterAccess(Parameter p) {
   if p.getType() instanceof Array
   then result = "ArrayElement of Argument[" + p.getPosition() + "]"
diff --git a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -17,6 +17,9 @@
 | p;Joiner;false;setEmptyValue;(CharSequence);;Argument[-1];ReturnValue;value; |
 | p;Joiner;false;setEmptyValue;(CharSequence);;Argument[0];Argument[-1];taint; |
 | p;Joiner;false;toString;();;Argument[-1];ReturnValue;taint; |
+| p;MultipleImpls$Strat2;true;getValue;();;Argument[-1];ReturnValue;taint; |
+| p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];Argument[-1];taint; |
+| p;MultipleImpls$Strategy;true;doSomething;(String);;Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;addTo;(String,List);;Argument[0];Element of Argument[1];taint; |
 | p;ParamFlow;true;returnArrayElement;(String[]);;ArrayElement of Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;returnCollectionElement;(List);;Element of Argument[0];ReturnValue;taint; |
diff --git a/java/ql/test/utils/model-generator/p/MultipleImpls.java b/java/ql/test/utils/model-generator/p/MultipleImpls.java
@@ -0,0 +1,38 @@
+package p;
+
+import java.util.concurrent.Callable;
+
+public class MultipleImpls {
+    
+    public static interface Strategy {
+        String doSomething(String value);
+    }
+
+    public static class Strat1 implements Strategy {
+        public String doSomething(String value) {
+            return value;
+        }
+    }
+
+    // implements in different library should not count as impl
+    public static class Strat3 implements Callable<String> {
+
+        @Override
+        public String call() throws Exception {
+            return null;
+        }
+
+    }
+    public static class Strat2 implements Strategy {
+        private String foo;
+
+        public String doSomething(String value) {
+            this.foo = value;
+            return "none";
+        }
+        
+        public String getValue() {
+            return this.foo;
+        }
+    }
+}
