Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4b160b9

Browse files
joefarebrotherjoefarebrother
committed
Java: Merge Guava definitions for string utilities into one file
1 parent adad75b commit 4b160b9

4 files changed

Lines changed: 74 additions & 90 deletions

File tree

java/ql/src/semmle/code/java/frameworks/guava/Guava.qll

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
/**
2-
* Definitions for tracking taint steps throught the Guava framework.
2+
* Definitions for tracking taint steps through the Guava framework.
33
*/
44

55
import java
6-
private import Strings
7-
private import Splitter
8-
private import Joiner
6+
private import StringUtils

java/ql/src/semmle/code/java/frameworks/guava/Splitter.qll

Lines changed: 0 additions & 43 deletions
This file was deleted.

java/ql/src/semmle/code/java/frameworks/guava/Joiner.qll renamed to java/ql/src/semmle/code/java/frameworks/guava/StringUtils.qll

Lines changed: 72 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,15 @@
1-
/**
2-
* Definitions for tracking taint steps through the methods of `com.google.common.base.Joiner`.
3-
*/
1+
/** Definitions of flow steps through the various string utility fenctions in the Guava framework. */
42

53
import java
64
import semmle.code.java.dataflow.FlowSteps
75

6+
/**
7+
* The class `com.google.common.base.Strings`.
8+
*/
9+
class TypeGuavaStrings extends Class {
10+
TypeGuavaStrings() { this.hasQualifiedName("com.google.common.base", "Strings") }
11+
}
12+
813
/**
914
* The class `com.google.common.base.Joiner`.
1015
*/
@@ -22,13 +27,53 @@ class TypeGuavaMapJoiner extends NestedClass {
2227
}
2328
}
2429

30+
/**
31+
* The class `com.google.common.base.Splitter`.
32+
*/
33+
class TypeGuavaSplitter extends Class {
34+
TypeGuavaSplitter() { this.hasQualifiedName("com.google.common.base", "Splitter") }
35+
}
36+
37+
/**
38+
* The nested class `Splitter.MapSplitter`.
39+
*/
40+
class TypeGuavaMapSplitter extends NestedClass {
41+
TypeGuavaMapSplitter() {
42+
this.getEnclosingType() instanceof TypeGuavaSplitter and
43+
this.hasName("MapSplitter")
44+
}
45+
}
46+
47+
/**
48+
* A taint preserving method on `com.google.common.base.Strings`.
49+
*/
50+
private class GuavaStringsTaintPreservingMethod extends TaintPreservingCallable {
51+
GuavaStringsTaintPreservingMethod() {
52+
this.getDeclaringType() instanceof TypeGuavaStrings and
53+
// static String emptyToNull(String string)
54+
// static String emptyToNull(String string)
55+
// static String padEnd(String string, int minLength, char padChar)
56+
// static String padStart(String string, int minLength, char padChar)
57+
// static String repeat(String string, int count)
58+
// static String lenientFormat(String template, Object ... args)
59+
this.hasName(["emptyToNull", "nullToEmpty", "padStart", "padEnd", "repeat", "lenientFormat"])
60+
}
61+
62+
override predicate returnsTaintFrom(int src) {
63+
src = 0
64+
or
65+
this.hasName("lenientFormat") and
66+
src = [0 .. getNumberOfParameters()]
67+
}
68+
}
69+
2570
/**
2671
* A method of `Joiner` or `MapJoiner`.
2772
*/
2873
private class GuavaJoinerMethod extends Method {
2974
GuavaJoinerMethod() {
30-
this.getDeclaringType() instanceof TypeGuavaJoiner or
31-
this.getDeclaringType() instanceof TypeGuavaMapJoiner
75+
this.getDeclaringType().getASourceSupertype*() instanceof TypeGuavaJoiner or
76+
this.getDeclaringType().getASourceSupertype*() instanceof TypeGuavaMapJoiner
3277
}
3378
}
3479

@@ -54,7 +99,7 @@ private class GuavaJoinerBuilderMethod extends GuavaJoinerMethod, TaintPreservin
5499
}
55100

56101
/**
57-
* An `appendTo` method on `Joiner` or `MapJoiner`
102+
* An `appendTo` method on `Joiner` or `MapJoiner`.
58103
*/
59104
private class GuavaJoinerAppendToMethod extends GuavaJoinerMethod, TaintPreservingCallable {
60105
GuavaJoinerAppendToMethod() {
@@ -85,7 +130,7 @@ private class GuavaJoinerAppendToMethod extends GuavaJoinerMethod, TaintPreservi
85130
}
86131

87132
/**
88-
* A `join` method on `Joiner` or `MapJoiner`
133+
* A `join` method on `Joiner` or `MapJoiner`.
89134
*/
90135
private class GuavaJoinMethod extends GuavaJoinerMethod, TaintPreservingCallable {
91136
GuavaJoinMethod() {
@@ -101,3 +146,23 @@ private class GuavaJoinMethod extends GuavaJoinerMethod, TaintPreservingCallable
101146

102147
override predicate returnsTaintFrom(int src) { src = [-1 .. getNumberOfParameters()] }
103148
}
149+
150+
/**
151+
* A method of `Splitter` or `MapSplitter` that splits its input string.
152+
*/
153+
private class GuavaSplitMethod extends TaintPreservingCallable {
154+
GuavaSplitMethod() {
155+
(
156+
this.getDeclaringType() instanceof TypeGuavaSplitter
157+
or
158+
this.getDeclaringType() instanceof TypeGuavaMapSplitter
159+
) and
160+
// Iterable<String> split(CharSequence sequence)
161+
// List<String> splitToList(CharSequence sequence)
162+
// Stream<String> splitToStream(CharSequence sequence)
163+
// Map<String,String> split(CharSequence sequence) [on MapSplitter]
164+
this.hasName(["split", "splitToList", "splitToStream"])
165+
}
166+
167+
override predicate returnsTaintFrom(int src) { src = 0 }
168+
}

java/ql/src/semmle/code/java/frameworks/guava/Strings.qll

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)