Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fb2a7df

Browse files
michaelnebelmichaelnebel
committed
Java: Refactor CaptureSinkModels into language specific and generic part.
1 parent cc5fbbb commit fb2a7df

3 files changed

Lines changed: 51 additions & 44 deletions

File tree

java/ql/src/utils/model-generator/CaptureSinkModels.ql

Lines changed: 1 addition & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -4,51 +4,8 @@
44
* @id java/utils/model-generator/sink-models
55
*/
66

7-
import java
8-
private import semmle.code.java.dataflow.TaintTracking
9-
private import semmle.code.java.dataflow.ExternalFlow
107
private import ModelGeneratorUtils
11-
12-
class PropagateToSinkConfiguration extends TaintTracking::Configuration {
13-
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
14-
15-
override predicate isSource(DataFlow::Node source) {
16-
(source.asExpr().(FieldAccess).isOwnFieldAccess() or source instanceof DataFlow::ParameterNode) and
17-
source.getEnclosingCallable().isPublic() and
18-
exists(RefType t |
19-
t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and
20-
not t instanceof TypeObject and
21-
t.isPublic()
22-
) and
23-
isRelevantForModels(source.getEnclosingCallable())
24-
}
25-
26-
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
27-
28-
override DataFlow::FlowFeature getAFeature() {
29-
result instanceof DataFlow::FeatureHasSourceCallContext
30-
}
31-
}
32-
33-
string asInputArgument(DataFlow::Node source) {
34-
exists(int pos |
35-
source.(DataFlow::ParameterNode).isParameterOf(_, pos) and
36-
result = "Argument[" + pos + "]"
37-
)
38-
or
39-
source.asExpr() instanceof FieldAccess and
40-
result = "Argument[-1]"
41-
}
42-
43-
string captureSink(TargetApi api) {
44-
exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
45-
config.hasFlow(src, sink) and
46-
sinkNode(sink, kind) and
47-
api = src.getEnclosingCallable() and
48-
not kind = "logging" and
49-
result = asSinkModel(api, asInputArgument(src), kind)
50-
)
51-
}
8+
private import CaptureSinkModels
529

5310
from TargetApi api, string sink
5411
where sink = captureSink(api)

java/ql/src/utils/model-generator/CaptureSinkModels.qll

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
private import CaptureSinkModelsSpecific
2+
3+
class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
4+
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
5+
6+
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
7+
8+
override DataFlow::FlowFeature getAFeature() {
9+
result instanceof DataFlow::FeatureHasSourceCallContext
10+
}
11+
}
12+
13+
string captureSink(TargetApi api) {
14+
exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
15+
config.hasFlow(src, sink) and
16+
sinkNode(sink, kind) and
17+
api = src.getEnclosingCallable() and
18+
not kind = "logging" and
19+
result = asSinkModel(api, asInputArgument(src), kind)
20+
)
21+
}

java/ql/src/utils/model-generator/CaptureSinkModelsSpecific.qll

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
import java
2+
import semmle.code.java.dataflow.TaintTracking
3+
import semmle.code.java.dataflow.ExternalFlow
4+
import ModelGeneratorUtils
5+
6+
class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration {
7+
PropagateToSinkConfigurationSpecific() { this = "parameters or fields flowing into sinks" }
8+
9+
override predicate isSource(DataFlow::Node source) {
10+
(source.asExpr().(FieldAccess).isOwnFieldAccess() or source instanceof DataFlow::ParameterNode) and
11+
source.getEnclosingCallable().isPublic() and
12+
exists(RefType t |
13+
t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and
14+
not t instanceof TypeObject and
15+
t.isPublic()
16+
) and
17+
isRelevantForModels(source.getEnclosingCallable())
18+
}
19+
}
20+
21+
string asInputArgument(DataFlow::Node source) {
22+
exists(int pos |
23+
source.(DataFlow::ParameterNode).isParameterOf(_, pos) and
24+
result = "Argument[" + pos + "]"
25+
)
26+
or
27+
source.asExpr() instanceof FieldAccess and
28+
result = "Argument[-1]"
29+
}

0 commit comments

Comments
 (0)