22 * Provides predicates related to capturing summary models of the Standard or a 3rd party library.
33 */
44
5- import java
5+ private import java as J
66private import semmle.code.java.dataflow.internal.DataFlowNodes
77private import semmle.code.java.dataflow.internal.DataFlowPrivate
8- private import semmle.code.java.dataflow.InstanceAccess
9- private import semmle.code.java.dataflow.internal.ContainerFlow
10- import semmle.code.java.dataflow.TaintTracking
8+ private import semmle.code.java.dataflow.internal.ContainerFlow as ContainerFlow
119import semmle.code.java.dataflow.ExternalFlow as ExternalFlow
1210import semmle.code.java.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
1311import semmle.code.java.dataflow.internal.DataFlowPrivate as DataFlowPrivate
1412
15- private Method superImpl ( Method m ) {
13+ module DataFlow = J:: DataFlow;
14+
15+ module TaintTracking = J:: TaintTracking;
16+
17+ class Type = J:: Type ;
18+
19+ private J:: Method superImpl ( J:: Method m ) {
1620 result = m .getAnOverride ( ) and
1721 not exists ( result .getAnOverride ( ) ) and
18- not m instanceof ToStringMethod
22+ not m instanceof J :: ToStringMethod
1923}
2024
21- private predicate isInTestFile ( File file ) {
25+ private predicate isInTestFile ( J :: File file ) {
2226 file .getAbsolutePath ( ) .matches ( "%src/test/%" ) or
2327 file .getAbsolutePath ( ) .matches ( "%/guava-tests/%" ) or
2428 file .getAbsolutePath ( ) .matches ( "%/guava-testlib/%" )
2529}
2630
27- private predicate isJdkInternal ( CompilationUnit cu ) {
31+ private predicate isJdkInternal ( J :: CompilationUnit cu ) {
2832 cu .getPackage ( ) .getName ( ) .matches ( "org.graalvm%" ) or
2933 cu .getPackage ( ) .getName ( ) .matches ( "com.sun%" ) or
3034 cu .getPackage ( ) .getName ( ) .matches ( "javax.swing%" ) or
@@ -46,10 +50,10 @@ private predicate isJdkInternal(CompilationUnit cu) {
4650/**
4751 * Holds if it is relevant to generate models for `api`.
4852 */
49- private predicate isRelevantForModels ( Callable api ) {
53+ private predicate isRelevantForModels ( J :: Callable api ) {
5054 not isInTestFile ( api .getCompilationUnit ( ) .getFile ( ) ) and
5155 not isJdkInternal ( api .getCompilationUnit ( ) ) and
52- not api instanceof MainMethod
56+ not api instanceof J :: MainMethod
5357}
5458
5559/**
@@ -58,7 +62,7 @@ private predicate isRelevantForModels(Callable api) {
5862 * In the Standard library and 3rd party libraries it the Callables that can be called
5963 * from outside the library itself.
6064 */
61- class TargetApiSpecific extends Callable {
65+ class TargetApiSpecific extends J :: Callable {
6266 TargetApiSpecific ( ) {
6367 this .isPublic ( ) and
6468 this .fromSource ( ) and
@@ -70,15 +74,15 @@ class TargetApiSpecific extends Callable {
7074 }
7175}
7276
73- private string isExtensible ( RefType ref ) {
77+ private string isExtensible ( J :: RefType ref ) {
7478 if ref .isFinal ( ) then result = "false" else result = "true"
7579}
7680
77- private string typeAsModel ( RefType type ) {
81+ private string typeAsModel ( J :: RefType type ) {
7882 result = type .getCompilationUnit ( ) .getPackage ( ) .getName ( ) + ";" + type .nestedName ( )
7983}
8084
81- private RefType bestTypeForModel ( TargetApiSpecific api ) {
85+ private J :: RefType bestTypeForModel ( TargetApiSpecific api ) {
8286 if exists ( superImpl ( api ) )
8387 then superImpl ( api ) .fromSource ( ) and result = superImpl ( api ) .getDeclaringType ( )
8488 else result = api .getDeclaringType ( )
@@ -104,42 +108,42 @@ string asPartialModel(TargetApiSpecific api) {
104108 + /* ext + */ ";" //
105109}
106110
107- private predicate isPrimitiveTypeUsedForBulkData ( Type t ) {
111+ private predicate isPrimitiveTypeUsedForBulkData ( J :: Type t ) {
108112 t .getName ( ) .regexpMatch ( "byte|char|Byte|Character" )
109113}
110114
111115/**
112116 * Holds for type `t` for fields that are relevant as an intermediate
113117 * read or write step in the data flow analysis.
114118 */
115- predicate isRelevantType ( Type t ) {
116- not t instanceof TypeClass and
117- not t instanceof EnumType and
118- not t instanceof PrimitiveType and
119- not t instanceof BoxedType and
120- not t .( RefType ) .getAnAncestor ( ) .hasQualifiedName ( "java.lang" , "Number" ) and
121- not t .( RefType ) .getAnAncestor ( ) .hasQualifiedName ( "java.nio.charset" , "Charset" ) and
119+ predicate isRelevantType ( J :: Type t ) {
120+ not t instanceof J :: TypeClass and
121+ not t instanceof J :: EnumType and
122+ not t instanceof J :: PrimitiveType and
123+ not t instanceof J :: BoxedType and
124+ not t .( J :: RefType ) .getAnAncestor ( ) .hasQualifiedName ( "java.lang" , "Number" ) and
125+ not t .( J :: RefType ) .getAnAncestor ( ) .hasQualifiedName ( "java.nio.charset" , "Charset" ) and
122126 (
123- not t .( Array ) .getElementType ( ) instanceof PrimitiveType or
124- isPrimitiveTypeUsedForBulkData ( t .( Array ) .getElementType ( ) )
127+ not t .( J :: Array ) .getElementType ( ) instanceof J :: PrimitiveType or
128+ isPrimitiveTypeUsedForBulkData ( t .( J :: Array ) .getElementType ( ) )
125129 ) and
126130 (
127- not t .( Array ) .getElementType ( ) instanceof BoxedType or
128- isPrimitiveTypeUsedForBulkData ( t .( Array ) .getElementType ( ) )
131+ not t .( J :: Array ) .getElementType ( ) instanceof J :: BoxedType or
132+ isPrimitiveTypeUsedForBulkData ( t .( J :: Array ) .getElementType ( ) )
129133 ) and
130134 (
131- not t .( CollectionType ) .getElementType ( ) instanceof BoxedType or
132- isPrimitiveTypeUsedForBulkData ( t .( CollectionType ) .getElementType ( ) )
135+ not t .( ContainerFlow :: CollectionType ) .getElementType ( ) instanceof J :: BoxedType or
136+ isPrimitiveTypeUsedForBulkData ( t .( ContainerFlow :: CollectionType ) .getElementType ( ) )
133137 )
134138}
135139
136- private string parameterAccess ( Parameter p ) {
140+ private string parameterAccess ( J :: Parameter p ) {
137141 if
138- p .getType ( ) instanceof Array and
139- not isPrimitiveTypeUsedForBulkData ( p .getType ( ) .( Array ) .getElementType ( ) )
142+ p .getType ( ) instanceof J :: Array and
143+ not isPrimitiveTypeUsedForBulkData ( p .getType ( ) .( J :: Array ) .getElementType ( ) )
140144 then result = "Argument[" + p .getPosition ( ) + "].ArrayElement"
141145 else
142- if p .getType ( ) instanceof ContainerType
146+ if p .getType ( ) instanceof ContainerFlow :: ContainerType
143147 then result = "Argument[" + p .getPosition ( ) + "].Element"
144148 else result = "Argument[" + p .getPosition ( ) + "]"
145149}
@@ -172,15 +176,15 @@ string returnNodeAsOutput(DataFlowImplCommon::ReturnNodeExt node) {
172176/**
173177 * Gets the enclosing callable of `ret`.
174178 */
175- Callable returnNodeEnclosingCallable ( DataFlowImplCommon:: ReturnNodeExt ret ) {
179+ J :: Callable returnNodeEnclosingCallable ( DataFlowImplCommon:: ReturnNodeExt ret ) {
176180 result = DataFlowImplCommon:: getNodeEnclosingCallable ( ret ) .asCallable ( )
177181}
178182
179183/**
180184 * Holds if `node` is an own instance access.
181185 */
182186predicate isOwnInstanceAccessNode ( ReturnNode node ) {
183- node .asExpr ( ) .( ThisAccess ) .isOwnInstanceAccess ( )
187+ node .asExpr ( ) .( J :: ThisAccess ) .isOwnInstanceAccess ( )
184188}
185189
186190/**
@@ -195,11 +199,14 @@ class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration
195199 PropagateToSinkConfigurationSpecific ( ) { this = "parameters or fields flowing into sinks" }
196200
197201 override predicate isSource ( DataFlow:: Node source ) {
198- ( source .asExpr ( ) .( FieldAccess ) .isOwnFieldAccess ( ) or source instanceof DataFlow:: ParameterNode ) and
202+ (
203+ source .asExpr ( ) .( J:: FieldAccess ) .isOwnFieldAccess ( ) or
204+ source instanceof DataFlow:: ParameterNode
205+ ) and
199206 source .getEnclosingCallable ( ) .isPublic ( ) and
200- exists ( RefType t |
207+ exists ( J :: RefType t |
201208 t = source .getEnclosingCallable ( ) .getDeclaringType ( ) .getAnAncestor ( ) and
202- not t instanceof TypeObject and
209+ not t instanceof J :: TypeObject and
203210 t .isPublic ( )
204211 ) and
205212 isRelevantForModels ( source .getEnclosingCallable ( ) )
@@ -215,7 +222,7 @@ string asInputArgument(DataFlow::Node source) {
215222 result = "Argument[" + pos + "]"
216223 )
217224 or
218- source .asExpr ( ) instanceof FieldAccess and
225+ source .asExpr ( ) instanceof J :: FieldAccess and
219226 result = qualifierString ( )
220227}
221228
0 commit comments