Support bulkdata for boxed types as well

Benjamin Muskalla · Benjamin Muskalla · commit 35baa1c3df2e · 2021-11-10T16:30:23.000+01:00
diff --git a/java/ql/src/utils/model-generator/CaptureSummaryModels.ql b/java/ql/src/utils/model-generator/CaptureSummaryModels.ql
@@ -131,10 +131,20 @@ predicate isRelevantType(Type t) {
   not t.(RefType).hasQualifiedName("java.math", "BigInteger") and
   (
     not t.(Array).getElementType() instanceof PrimitiveType or
-    t.(Array).getElementType().(PrimitiveType).getName().regexpMatch("byte|char")
+    isPrimitiveTypeUsedForBulkData(t.(Array).getElementType())
   ) and
-  not t.(Array).getElementType() instanceof BoxedType and
-  not t.(CollectionType).getElementType() instanceof BoxedType
+  (
+    not t.(Array).getElementType() instanceof BoxedType or
+    isPrimitiveTypeUsedForBulkData(t.(Array).getElementType())
+  ) and
+  (
+    not t.(CollectionType).getElementType() instanceof BoxedType or
+    isPrimitiveTypeUsedForBulkData(t.(CollectionType).getElementType())
+  )
+}
+
+predicate isPrimitiveTypeUsedForBulkData(Type t) {
+  t.getName().regexpMatch("byte|char|Byte|Character")
 }
 
 from TargetAPI api, string flow
diff --git a/java/ql/test/utils/model-generator/CaptureSummaryModels.expected b/java/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -32,6 +32,8 @@
 | p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint; |
 | p;ParamFlow;true;writeChunked;(byte[],OutputStream);;ArrayElement of Argument[0];Argument[1];taint; |
 | p;Pojo;false;fillIn;(List);;Argument[-1];Element of Argument[0];taint; |
+| p;Pojo;false;getBoxedBytes;();;Argument[-1];ReturnValue;taint; |
+| p;Pojo;false;getBoxedChars;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getByteArray;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getCharArray;();;Argument[-1];ReturnValue;taint; |
 | p;Pojo;false;getValue;();;Argument[-1];ReturnValue;taint; |
diff --git a/java/ql/test/utils/model-generator/p/Pojo.java b/java/ql/test/utils/model-generator/p/Pojo.java
@@ -67,6 +67,14 @@ public Collection<Integer> getBoxedCollection() {
         return List.of(Integer.valueOf(intValue));
     }
 
+    public List<Character> getBoxedChars() {
+        return List.of((char)intValue);
+    }
+
+    public Byte[] getBoxedBytes() {
+        return new Byte[] { Byte.valueOf((byte) intValue) };
+    }
+    
     public BigInteger getBigInt() {
         return BigInteger.valueOf(intValue);
     }

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,14 @@ public Collection<Integer> getBoxedCollection() {`
`67`	`67`	`return List.of(Integer.valueOf(intValue));`
`68`	`68`	`}`
`69`	`69`
	`70`	`+ public List<Character> getBoxedChars() {`
	`71`	`+ return List.of((char)intValue);`
	`72`	`+ }`
	`73`	`+`
	`74`	`+ public Byte[] getBoxedBytes() {`
	`75`	`+ return new Byte[] { Byte.valueOf((byte) intValue) };`
	`76`	`+ }`
	`77`	`+`
`70`	`78`	`public BigInteger getBigInt() {`
`71`	`79`	`return BigInteger.valueOf(intValue);`
`72`	`80`	`}`