Reduce FPs from empty arrays

joefarebrother · joefarebrother · commit 4d0957711b06 · 2022-08-17T10:35:14.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -84,7 +84,12 @@ private class ArrayUpdateConfig extends TaintTracking2::Configuration {
 private class StaticInitializationVectorSource extends DataFlow::Node {
   StaticInitializationVectorSource() {
     exists(StaticByteArrayCreation array | array = this.asExpr() |
-      not exists(ArrayUpdateConfig config | config.hasFlow(DataFlow2::exprNode(array), _))
+      not exists(ArrayUpdateConfig config | config.hasFlow(DataFlow2::exprNode(array), _)) and
+      // Reduce FPs from utility methods that return an empty array in an exceptional case
+      not exists(ReturnStmt ret |
+        array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and
+        DataFlow::localExprFlow(array, ret.getResult())
+      )
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,12 @@ private class ArrayUpdateConfig extends TaintTracking2::Configuration {`
`84`	`84`	`private class StaticInitializationVectorSource extends DataFlow::Node {`
`85`	`85`	`StaticInitializationVectorSource() {`
`86`	`86`	`exists(StaticByteArrayCreation array \| array = this.asExpr() \|`
`87`		`- not exists(ArrayUpdateConfig config \| config.hasFlow(DataFlow2::exprNode(array), _))`
	`87`	`+ not exists(ArrayUpdateConfig config \| config.hasFlow(DataFlow2::exprNode(array), _)) and`
	`88`	`+ // Reduce FPs from utility methods that return an empty array in an exceptional case`
	`89`	`+ not exists(ReturnStmt ret \|`
	`90`	`+ array.getADimension().(CompileTimeConstantExpr).getIntValue() = 0 and`
	`91`	`+ DataFlow::localExprFlow(array, ret.getResult())`
	`92`	`+ )`
`88`	`93`	`)`
`89`	`94`	`}`
`90`	`95`	`}`