Skip to content

Commit 19e5c3d

Browse files
d10cd10c
committed
[DIFF-INFORMED] Java: ImproperValidationOfArray…
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24
1 parent 919fea5 commit 19e5c3d

4 files changed

+22
-0
lines changed

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,15 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
1717
predicate isSink(DataFlow::Node sink) {
1818
any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
1919
}
20+
21+
predicate observeDiffInformedIncrementalMode() { any() }
22+
23+
Location getASelectedSinkLocation(DataFlow::Node sink) {
24+
exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
25+
result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
26+
arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)
27+
)
28+
}
2029
}
2130

2231
/**

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,15 @@ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSi
1414
predicate isSink(DataFlow::Node sink) {
1515
any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
1616
}
17+
18+
predicate observeDiffInformedIncrementalMode() { any() }
19+
20+
Location getASelectedSinkLocation(DataFlow::Node sink) {
21+
exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
22+
result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
23+
arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)
24+
)
25+
}
1726
}
1827

1928
/**

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
1414
predicate isSink(DataFlow::Node sink) {
1515
exists(CheckableArrayAccess arrayAccess | arrayAccess.canThrowOutOfBounds(sink.asExpr()))
1616
}
17+
18+
predicate observeDiffInformedIncrementalMode() { any() }
1719
}
1820

1921
/**

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig {
1818
predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType }
1919

2020
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
21+
22+
predicate observeDiffInformedIncrementalMode() { any() }
2123
}
2224

2325
/**

0 commit comments

Comments
 (0)