Java: Implement ContentSet

Author: hvitved

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll

@@ -256,6 +256,34 @@ class SyntheticFieldContent extends Content, TSyntheticFieldContent {
   override string toString() { result = s.toString() }
 }
 
+/**
+ * An entity that represents a set of `Content`s.
+ *
+ * The set may be interpreted differently depending on whether it is
+ * stored into (`getAStoreContent`) or read from (`getAReadContent`).
+ */
+class ContentSet instanceof Content {
+  /** Gets a content that may be stored into when storing into this set. */
+  Content getAStoreContent() { result = this }
+
+  /** Gets a content that may be read from when reading from this set. */
+  Content getAReadContent() { result = this }
+
+  /** Gets a textual representation of this content set. */
+  string toString() { result = super.toString() }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    super.hasLocationInfo(path, sl, sc, el, ec)
+  }
+}
+
 /**
  * A guard that validates some expression.
  *

java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll

@@ -142,7 +142,7 @@ class SensitiveCommunicationConfig extends TaintTracking::Configuration {
    */
   override predicate isSanitizer(DataFlow::Node node) { node instanceof ExplicitIntentSanitizer }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     super.allowImplicitRead(node, c)
     or
     this.isSink(node)

java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll

@@ -36,7 +36,7 @@ class ImplicitPendingIntentStartConf extends TaintTracking::Configuration {
     any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, state1, node2, state2)
   }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     super.allowImplicitRead(node, c)
     or
     this.isSink(node, _) and

java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll

@@ -17,7 +17,7 @@ class InsecureTrustManagerConfiguration extends DataFlow::Configuration {
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     (this.isSink(node) or this.isAdditionalFlowStep(node, _)) and
     node.getType() instanceof Array and
     c instanceof DataFlow::ArrayContent

java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll

@@ -40,7 +40,7 @@ class GetContentIntentConfig extends TaintTracking2::Configuration {
     )
   }
 
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content content) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet content) {
     super.allowImplicitRead(node, content)
     or
     // Allow the wrapped intent created by Intent.getChooser to be consumed

java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected

@@ -1,13 +1,9 @@
 edges
-| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] |
 | UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:25:29:25:62 | ...[...] |
 | UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue |
-| UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | UnsafeReflection.java:25:29:25:62 | ...[...] |
-| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] |
 | UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:39:13:39:41 | ...[...] |
 | UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:39:50:39:55 | object |
 | UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue |
-| UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] | UnsafeReflection.java:39:13:39:41 | ...[...] |
 | UnsafeReflection.java:46:24:46:82 | beanIdOrClassName : String | UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String |
 | UnsafeReflection.java:46:132:46:168 | body : Map | UnsafeReflection.java:49:37:49:40 | body : Map |
 | UnsafeReflection.java:49:23:49:59 | (...)... : Object | UnsafeReflection.java:53:67:53:73 | rawData : Object |
@@ -24,12 +20,10 @@ edges
 nodes
 | UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 | UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | semmle.label | getDeclaredConstructors(...) : Constructor[] |
 | UnsafeReflection.java:25:29:25:62 | ...[...] | semmle.label | ...[...] |
 | UnsafeReflection.java:25:76:25:89 | parameterValue | semmle.label | parameterValue |
 | UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 | UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] | semmle.label | getDeclaredMethods(...) : Method[] |
 | UnsafeReflection.java:39:13:39:41 | ...[...] | semmle.label | ...[...] |
 | UnsafeReflection.java:39:50:39:55 | object | semmle.label | object |
 | UnsafeReflection.java:39:58:39:71 | parameterValue | semmle.label | parameterValue |

java/ql/test/library-tests/dataflow/getter/getter.ql

@@ -3,10 +3,10 @@ import semmle.code.java.dataflow.internal.DataFlowImplCommon
 import semmle.code.java.dataflow.internal.DataFlowImplSpecific::Public
 import semmle.code.java.dataflow.internal.DataFlowImplSpecific::Private
 
-from Node n1, Content f, Node n2
+from Node n1, ContentSet f, Node n2
 where
   (
-    read(n1, f, n2) or
+    readSet(n1, f, n2) or
     getterStep(n1, f, n2)
   ) and
   n1.getEnclosingCallable().fromSource()

java/ql/test/library-tests/frameworks/android/slice/test.ql

@@ -9,7 +9,7 @@ class SliceValueFlowConf extends DefaultValueFlowConf {
 }
 
 class SliceTaintFlowConf extends DefaultTaintFlowConf {
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     super.allowImplicitRead(node, c)
     or
     isSink(node) and