Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4570444

Browse files
intrigusintrigus
committed
Rename to getAnInput and clarify doc.
1 parent 641c5df commit 4570444

3 files changed

Lines changed: 20 additions & 17 deletions

File tree

java/ql/src/Security/CWE/CWE-022/TaintedPath.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ class TaintedPathConfig extends TaintTracking::Configuration {
3434
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
3535

3636
override predicate isSink(DataFlow::Node sink) {
37-
exists(Expr e | e = sink.asExpr() | e = any(PathCreation p).getInput() and not guarded(e))
37+
exists(Expr e | e = sink.asExpr() | e = any(PathCreation p).getAnInput() and not guarded(e))
3838
}
3939

4040
override predicate isSanitizer(DataFlow::Node node) {
@@ -48,7 +48,7 @@ class TaintedPathConfig extends TaintTracking::Configuration {
4848

4949
from DataFlow::PathNode source, DataFlow::PathNode sink, PathCreation p, TaintedPathConfig conf
5050
where
51-
sink.getNode().asExpr() = p.getInput() and
51+
sink.getNode().asExpr() = p.getAnInput() and
5252
conf.hasFlowPath(source, sink)
5353
select p, source, sink, "$@ flows to here and is used in a path.", source.getNode(),
5454
"User-provided value"

java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,15 +22,15 @@ class TaintedPathLocalConfig extends TaintTracking::Configuration {
2222

2323
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
2424

25-
override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PathCreation p).getInput() }
25+
override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PathCreation p).getAnInput() }
2626
}
2727

2828
from
2929
DataFlow::PathNode source, DataFlow::PathNode sink, PathCreation p, Expr e,
3030
TaintedPathLocalConfig conf
3131
where
3232
e = sink.getNode().asExpr() and
33-
e = p.getInput() and
33+
e = p.getAnInput() and
3434
conf.hasFlowPath(source, sink) and
3535
not guarded(e)
3636
select p, source, sink, "$@ flows to here and is used in a path.", source.getNode(),

java/ql/src/semmle/code/java/security/PathCreation.qll

Lines changed: 16 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,11 @@ import semmle.code.java.controlflow.Guards
77

88
/** Models the creation of a path. */
99
abstract class PathCreation extends Expr {
10-
/** Gets an input that is used in the creation of this path. */
11-
abstract Expr getInput();
10+
/**
11+
* Gets an input that is used in the creation of this path.
12+
* This excludes inputs of type `File` and `Path`.
13+
*/
14+
abstract Expr getAnInput();
1215
}
1316

1417
/** Models the `java.nio.file.Paths.get` method. */
@@ -20,7 +23,7 @@ class PathsGet extends PathCreation, MethodAccess {
2023
)
2124
}
2225

23-
override Expr getInput() { result = this.getAnArgument() }
26+
override Expr getAnInput() { result = this.getAnArgument() }
2427
}
2528

2629
/** Models the `java.nio.file.FileSystem.getPath` method. */
@@ -32,14 +35,14 @@ class FileSystemGetPath extends PathCreation, MethodAccess {
3235
)
3336
}
3437

35-
override Expr getInput() { result = this.getAnArgument() }
38+
override Expr getAnInput() { result = this.getAnArgument() }
3639
}
3740

3841
/** Models the `new java.io.File(...)` constructor. */
3942
class FileCreation extends PathCreation, ClassInstanceExpr {
4043
FileCreation() { this.getConstructedType() instanceof TypeFile }
4144

42-
override Expr getInput() {
45+
override Expr getAnInput() {
4346
result = this.getAnArgument() and
4447
// Relevant arguments include those that are not a `File`.
4548
not result.getType() instanceof TypeFile
@@ -55,7 +58,7 @@ class PathResolveSiblingCreation extends PathCreation, MethodAccess {
5558
)
5659
}
5760

58-
override Expr getInput() {
61+
override Expr getAnInput() {
5962
result = this.getAnArgument() and
6063
// Relevant arguments are those of type `String`.
6164
result.getType() instanceof TypeString
@@ -71,7 +74,7 @@ class PathResolveCreation extends PathCreation, MethodAccess {
7174
)
7275
}
7376

74-
override Expr getInput() {
77+
override Expr getAnInput() {
7578
result = this.getAnArgument() and
7679
// Relevant arguments are those of type `String`.
7780
result.getType() instanceof TypeString
@@ -87,14 +90,14 @@ class PathOfCreation extends PathCreation, MethodAccess {
8790
)
8891
}
8992

90-
override Expr getInput() { result = this.getAnArgument() }
93+
override Expr getAnInput() { result = this.getAnArgument() }
9194
}
9295

9396
/** Models the `new java.io.FileWriter(...)` constructor. */
9497
class FileWriterCreation extends PathCreation, ClassInstanceExpr {
9598
FileWriterCreation() { this.getConstructedType().hasQualifiedName("java.io", "FileWriter") }
9699

97-
override Expr getInput() {
100+
override Expr getAnInput() {
98101
result = this.getAnArgument() and
99102
// Relevant arguments are those of type `String`.
100103
result.getType() instanceof TypeString
@@ -105,7 +108,7 @@ class FileWriterCreation extends PathCreation, ClassInstanceExpr {
105108
class FileReaderCreation extends PathCreation, ClassInstanceExpr {
106109
FileReaderCreation() { this.getConstructedType().hasQualifiedName("java.io", "FileReader") }
107110

108-
override Expr getInput() {
111+
override Expr getAnInput() {
109112
result = this.getAnArgument() and
110113
// Relevant arguments are those of type `String`.
111114
result.getType() instanceof TypeString
@@ -118,7 +121,7 @@ class FileInputStreamCreation extends PathCreation, ClassInstanceExpr {
118121
this.getConstructedType().hasQualifiedName("java.io", "FileInputStream")
119122
}
120123

121-
override Expr getInput() {
124+
override Expr getAnInput() {
122125
result = this.getAnArgument() and
123126
// Relevant arguments are those of type `String`.
124127
result.getType() instanceof TypeString
@@ -131,7 +134,7 @@ class FileOutputStreamCreation extends PathCreation, ClassInstanceExpr {
131134
this.getConstructedType().hasQualifiedName("java.io", "FileOutputStream")
132135
}
133136

134-
override Expr getInput() {
137+
override Expr getAnInput() {
135138
result = this.getAnArgument() and
136139
// Relevant arguments are those of type `String`.
137140
result.getType() instanceof TypeString
@@ -154,7 +157,7 @@ private predicate inWeakCheck(Expr e) {
154157
// Ignore cases where the variable has been checked somehow,
155158
// but allow some particularly obviously bad cases.
156159
predicate guarded(VarAccess e) {
157-
exists(PathCreation p | e = p.getInput()) and
160+
exists(PathCreation p | e = p.getAnInput()) and
158161
exists(ConditionBlock cb, Expr c |
159162
cb.getCondition().getAChildExpr*() = c and
160163
c = e.getVariable().getAnAccess() and

0 commit comments

Comments
 (0)