Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e2bd792

Browse files
author
Benjamin Muskalla
committed
Consider bulk-like data for argument accessors
1 parent 739fe75 commit e2bd792

4 files changed

Lines changed: 14 additions & 6 deletions

File tree

java/ql/src/utils/model-generator/CaptureSummaryModels.ql

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -228,10 +228,6 @@ predicate isRelevantType(Type t) {
228228
)
229229
}
230230

231-
predicate isPrimitiveTypeUsedForBulkData(Type t) {
232-
t.getName().regexpMatch("byte|char|Byte|Character")
233-
}
234-
235231
from TargetAPI api, string flow
236232
where flow = captureFlow(api)
237233
select flow order by flow

java/ql/src/utils/model-generator/ModelGeneratorUtils.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,10 +102,16 @@ private string typeAsModel(RefType type) {
102102
}
103103

104104
string parameterAccess(Parameter p) {
105-
if p.getType() instanceof Array
105+
if
106+
p.getType() instanceof Array and
107+
not isPrimitiveTypeUsedForBulkData(p.getType().(Array).getElementType())
106108
then result = "ArrayElement of Argument[" + p.getPosition() + "]"
107109
else
108110
if p.getType() instanceof ContainerType
109111
then result = "Element of Argument[" + p.getPosition() + "]"
110112
else result = "Argument[" + p.getPosition() + "]"
111113
}
114+
115+
predicate isPrimitiveTypeUsedForBulkData(Type t) {
116+
t.getName().regexpMatch("byte|char|Byte|Character")
117+
}

java/ql/test/utils/model-generator/CaptureSummaryModels.expected

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,8 @@
3030
| p;ParamFlow;true;returnMultipleParameters;(String,String);;Argument[1];ReturnValue;taint; |
3131
| p;ParamFlow;true;returnVarArgElement;(String[]);;ArrayElement of Argument[0];ReturnValue;taint; |
3232
| p;ParamFlow;true;returnsInput;(String);;Argument[0];ReturnValue;taint; |
33-
| p;ParamFlow;true;writeChunked;(byte[],OutputStream);;ArrayElement of Argument[0];Argument[1];taint; |
33+
| p;ParamFlow;true;writeChunked;(byte[],OutputStream);;Argument[0];Argument[1];taint; |
34+
| p;ParamFlow;true;writeChunked;(char[],OutputStream);;Argument[0];Argument[1];taint; |
3435
| p;Pojo;false;fillIn;(List);;Argument[-1];Element of Argument[0];taint; |
3536
| p;Pojo;false;getBoxedBytes;();;Argument[-1];ReturnValue;taint; |
3637
| p;Pojo;false;getBoxedChars;();;Argument[-1];ReturnValue;taint; |

java/ql/test/utils/model-generator/p/ParamFlow.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,11 @@ public void writeChunked(byte[] data, OutputStream output)
5151
throws IOException {
5252
output.write(data, 0, data.length);
5353
}
54+
55+
public void writeChunked(char[] data, OutputStream output)
56+
throws IOException {
57+
output.write(String.valueOf(data).getBytes(), 0, data.length);
58+
}
5459

5560
public void addTo(String data, List<String> target) {
5661
target.add(data);

0 commit comments

Comments
 (0)