Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7bb7d83

Browse files
am0o0am0o0
committed
remove duplicate sinks
replace some RefType with DecompressionBomb::BombTypeInputStream
1 parent aef0a03 commit 7bb7d83

1 file changed

Lines changed: 6 additions & 59 deletions

File tree

java/ql/src/experimental/semmle/code/java/security/DecompressionBomb.qll

Lines changed: 6 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -68,22 +68,12 @@ module XerialSnappy {
6868
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
6969
exists(Call call |
7070
// Constructors
71-
call.getCallee().getDeclaringType() = any(TypeInputStream t) and
71+
call.getCallee().getDeclaringType() instanceof TypeInputStream and
7272
call.getArgument(0) = n1.asExpr() and
7373
call = n2.asExpr()
7474
)
7575
}
7676
}
77-
78-
class Sink extends DecompressionBomb::Sink {
79-
Sink() {
80-
this.asExpr() = any(ReadInputStreamCall r).getQualifier()
81-
or
82-
exists(ConstructorCall call | call.getConstructedType() instanceof TypeInputStream |
83-
this.asExpr() = call.getArgument(0)
84-
)
85-
}
86-
}
8777
}
8878

8979
/**
@@ -117,7 +107,7 @@ module ApacheCommons {
117107
/**
118108
* The types that are responsible for specific compression format of `CompressorInputStream` Class
119109
*/
120-
class TypeCompressors extends RefType {
110+
class TypeCompressors extends DecompressionBomb::BombTypeInputStream {
121111
TypeCompressors() {
122112
this.getASupertype*()
123113
.hasQualifiedName("org.apache.commons.compress.compressors.gzip",
@@ -166,16 +156,6 @@ module ApacheCommons {
166156
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
167157
}
168158
}
169-
170-
class Sink extends DecompressionBomb::Sink {
171-
Sink() {
172-
this.asExpr() = any(ReadInputStreamCall r).getQualifier()
173-
or
174-
exists(ConstructorCall call | call.getConstructedType() instanceof TypeCompressors |
175-
this.asExpr() = call.getArgument(0)
176-
)
177-
}
178-
}
179159
}
180160

181161
/**
@@ -185,7 +165,7 @@ module ApacheCommons {
185165
/**
186166
* The types that are responsible for specific compression format of `ArchiveInputStream` Class
187167
*/
188-
class TypeArchivers extends RefType {
168+
class TypeArchivers extends DecompressionBomb::BombTypeInputStream {
189169
TypeArchivers() {
190170
this.getASupertype*()
191171
.hasQualifiedName("org.apache.commons.compress.archivers.ar", "ArArchiveInputStream") or
@@ -211,16 +191,6 @@ module ApacheCommons {
211191
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
212192
}
213193
}
214-
215-
class Sink extends DecompressionBomb::Sink {
216-
Sink() {
217-
this.asExpr() = any(ReadInputStreamCall r).getQualifier()
218-
or
219-
exists(ConstructorCall call | call.getConstructedType() instanceof TypeArchivers |
220-
this.asExpr() = call.getArgument(0)
221-
)
222-
}
223-
}
224194
}
225195

226196
/**
@@ -230,7 +200,7 @@ module ApacheCommons {
230200
/**
231201
* A type that is responsible for `ArchiveInputStream` Class
232202
*/
233-
class TypeArchivers extends RefType {
203+
class TypeArchivers extends DecompressionBomb::BombTypeInputStream {
234204
TypeArchivers() {
235205
this.getASupertype*()
236206
.hasQualifiedName("org.apache.commons.compress.archivers", "ArchiveStreamFactory")
@@ -260,9 +230,9 @@ module ApacheCommons {
260230
exists(Call call |
261231
// Constructors
262232
(
263-
call.getCallee().getDeclaringType() = any(TypeCompressors t)
233+
call.getCallee().getDeclaringType() instanceof TypeCompressors
264234
or
265-
call.getCallee().getDeclaringType() = any(TypeArchivers t)
235+
call.getCallee().getDeclaringType() instanceof TypeArchivers
266236
) and
267237
call.getArgument(0) = n1.asExpr() and
268238
call = n2.asExpr()
@@ -283,19 +253,6 @@ module ApacheCommons {
283253
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
284254
}
285255
}
286-
287-
class Sink extends DecompressionBomb::Sink {
288-
Sink() {
289-
this.asExpr() = any(ReadInputStreamCall r).getQualifier()
290-
or
291-
exists(ConstructorCall call |
292-
call.getConstructedType() instanceof TypeCompressors or
293-
call.getConstructedType() instanceof TypeArchivers
294-
|
295-
this.asExpr() = call.getArgument(0)
296-
)
297-
}
298-
}
299256
}
300257
}
301258

@@ -358,16 +315,6 @@ module Zip {
358315
}
359316
}
360317

361-
class ReadInputStreamSink extends DecompressionBomb::Sink {
362-
ReadInputStreamSink() {
363-
this.asExpr() = any(ReadInputStreamCall r).getQualifier()
364-
or
365-
exists(ConstructorCall call | call.getConstructedType() instanceof TypeInputStream |
366-
this.asExpr() = call.getArgument(0)
367-
)
368-
}
369-
}
370-
371318
/**
372319
* A type that is responsible for `Inflater` Class
373320
*/

0 commit comments

Comments
 (0)