Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 158366a

Browse files
jorgectfatorralba
jorgectf
and
atorralba
authored
Apply suggestions from code review
Co-authored-by: Tony Torralba <[email protected]>
1 parent a0bf68f commit 158366a

1 file changed

Lines changed: 12 additions & 14 deletions

File tree

java/ql/lib/semmle/code/java/frameworks/MyBatis.qll

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -129,10 +129,9 @@ private class MyBatisAbstractSQLMethodNames extends string {
129129

130130
class MyBatisInjectionSink extends DataFlow::Node {
131131
MyBatisInjectionSink() {
132-
exists(Annotation a, Method m, TypeLiteral type, Class c |
132+
exists(Annotation a, Method m |
133133
a.getType() instanceof MyBatisProvider and
134-
type = a.getValue(["type", "value"]) and
135-
c.hasMethod(m, type.getTypeName().getType()) and
134+
m.getDeclaringType() = a.getValue(["type", "value"]).(TypeLiteral).getTypeName().getType() and
136135
m.hasName(a.getValue("method").(StringLiteral).getValue()) and
137136
this.asExpr() = m.getBody().getAStmt().(ReturnStmt).getResult()
138137
)
@@ -141,18 +140,17 @@ class MyBatisInjectionSink extends DataFlow::Node {
141140

142141
private class MyBatisProviderStep extends TaintTracking::AdditionalTaintStep {
143142
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
144-
exists(
145-
MethodAccess ma, Annotation a, Method annotatedMethod, Method providerMethod,
146-
TypeLiteral type, Class c
143+
exists(MethodAccess ma, Annotation a, Method providerMethod |
144+
exists(int i |
145+
ma.getArgument(i) = n1.asExpr() and
146+
providerMethod.getParameter(i) = n2.asParameter()
147+
)
147148
|
148-
a.getType() instanceof MyBatisProvider and
149-
annotatedMethod.getAnAnnotation() = a and
150-
ma.getMethod() = annotatedMethod and
151-
ma.getAnArgument() = n1.asExpr() and
152-
type = a.getValue(["type", "value"]) and
153-
providerMethod.hasName(a.getValue("method").(StringLiteral).getValue()) and
154-
c.hasMethod(providerMethod, type.getTypeName().getType()) and
155-
providerMethod.getAParameter() = n2.asParameter()
149+
a.getType() instanceof MyBatisProvider and
150+
ma.getMethod().getAnAnnotation() = a and
151+
providerMethod.getDeclaringType() =
152+
a.getValue(["type", "value"]).(TypeLiteral).getTypeName().getType() and
153+
providerMethod.hasName(a.getValue("method").(StringLiteral).getValue())
156154
)
157155
}
158156
}

0 commit comments

Comments
 (0)