Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e781990

Browse files
aschackmullaschackmull
committed
Java: Autoformat semmle.code.java.security.
1 parent c6c6e43 commit e781990

11 files changed

Lines changed: 441 additions & 346 deletions

File tree

java/ql/src/semmle/code/java/security/ControlledString.qll

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,15 @@ private predicate boxedToString(Method method) {
2121
* it is better to use a prepared query than to just put single quotes around the string.
2222
*/
2323
predicate endsInQuote(Expr expr) {
24-
exists(string str | str = expr.(StringLiteral).getRepresentedString() |
25-
str.matches("%'")) or
26-
exists(Variable var | expr = var.getAnAccess() | endsInQuote(var.getAnAssignedValue())) or
24+
exists(string str | str = expr.(StringLiteral).getRepresentedString() | str.matches("%'"))
25+
or
26+
exists(Variable var | expr = var.getAnAccess() | endsInQuote(var.getAnAssignedValue()))
27+
or
2728
endsInQuote(expr.(AddExpr).getRightOperand())
2829
}
2930

3031
/** The given expression is controlled if the other expression is controlled. */
31-
private
32-
predicate controlledStringProp(Expr src, Expr dest) {
32+
private predicate controlledStringProp(Expr src, Expr dest) {
3333
// Propagation through variables.
3434
exists(Variable var | var.getAnAccess() = dest | src = var.getAnAssignedValue())
3535
or
@@ -54,17 +54,15 @@ predicate controlledStringProp(Expr src, Expr dest) {
5454
}
5555

5656
/** Expressions that have a small number of inflows from `controlledStringProp`. */
57-
private
58-
predicate modestControlledStringInflow(Expr dest) {
57+
private predicate modestControlledStringInflow(Expr dest) {
5958
strictcount(Expr src | controlledStringProp(src, dest)) < 10
6059
}
6160

6261
/**
6362
* A limited version of `controlledStringProp` that ignores destinations that are written a
6463
* very high number of times.
6564
*/
66-
private
67-
predicate controlledStringLimitedProp(Expr src, Expr dest) {
65+
private predicate controlledStringLimitedProp(Expr src, Expr dest) {
6866
controlledStringProp(src, dest) and
6967
modestControlledStringInflow(dest)
7068
}
@@ -76,17 +74,24 @@ predicate controlledStringLimitedProp(Expr src, Expr dest) {
7674
cached
7775
predicate controlledString(Expr expr) {
7876
(
79-
expr instanceof StringLiteral or
80-
expr instanceof NullLiteral or
81-
expr.(VarAccess).getVariable() instanceof EnumConstant or
82-
expr.getType() instanceof PrimitiveType or
83-
expr.getType() instanceof BoxedType or
77+
expr instanceof StringLiteral
78+
or
79+
expr instanceof NullLiteral
80+
or
81+
expr.(VarAccess).getVariable() instanceof EnumConstant
82+
or
83+
expr.getType() instanceof PrimitiveType
84+
or
85+
expr.getType() instanceof BoxedType
86+
or
8487
exists(Method method | method = expr.(MethodAccess).getMethod() |
8588
method instanceof ClassNameMethod or
8689
method instanceof ClassSimpleNameMethod or
8790
boxedToString(method)
88-
) or
89-
exists(ValidatedVariable var | var.getAnAccess() = expr) or
91+
)
92+
or
93+
exists(ValidatedVariable var | var.getAnAccess() = expr)
94+
or
9095
forex(Expr other | controlledStringLimitedProp(other, expr) | controlledString(other))
9196
) and
9297
not expr instanceof TypeAccess

0 commit comments

Comments
 (0)