revert some mistakes

am0o0 · am0o0 · commit 8f7c690529d3 · 2024-07-13T17:03:24.000+02:00
diff --git a/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll
@@ -1,14 +1,14 @@
 private import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.internal.DataFlowPrivate
+private import semmle.code.java.dataflow.internal.FlowSummaryImpl
 private import semmle.code.java.dataflow.internal.ModelExclusions
 private import ModelEditor
 
 /**
  * A class of effectively public callables from source code.
  */
 class PublicEndpointFromSource extends Endpoint, ModelApi {
-  override predicate isSource() { this instanceof SourceCallable }
+  override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _, _) }
 
-  override predicate isSink() { this instanceof SinkCallable }
+  override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _, _) }
 }
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -41,21 +41,18 @@ private module Printing implements PrintingSig {
 
 module ModelPrinting = PrintingImpl<Printing>;
 
-/**
- * Holds if `c` is a relevant content kind, where the underlying type is relevant.
- */
-private predicate isRelevantTypeInContent(DataFlow::Content c) {
-  isRelevantType(getUnderlyingContentType(c))
-}
-
 /**
  * Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`.
  */
 private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
   exists(DataFlow::Content f |
     DataFlowPrivate::readStep(node1, f, node2) and
-    // Partially restrict the content types used for intermediate steps.
-    (not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f))
+    if f instanceof DataFlow::FieldContent
+    then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
+    else
+      if f instanceof DataFlow::SyntheticFieldContent
+      then isRelevantType(f.(DataFlow::SyntheticFieldContent).getField().getType())
+      else any()
   )
   or
   exists(DataFlow::Content f | DataFlowPrivate::storeStep(node1, f, node2) |
@@ -64,11 +61,12 @@ private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2
 }
 
 /**
- * Holds if content `c` is either a field, a synthetic field or language specific
- * content of a relevant type or a container like content.
+ * Holds if content `c` is either a field or synthetic field of a relevant type
+ * or a container like content.
  */
 private predicate isRelevantContent(DataFlow::Content c) {
-  isRelevantTypeInContent(c) or
+  isRelevantType(c.(DataFlow::FieldContent).getField().getType()) or
+  isRelevantType(c.(DataFlow::SyntheticFieldContent).getField().getType()) or
   DataFlowPrivate::containerContent(c)
 }
 
@@ -260,10 +258,6 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { sinkModelSanitizer(node) }
 
   DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isRelevantTaintStep(node1, node2)
-  }
 }
 
 private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;
diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
@@ -186,14 +186,6 @@ predicate isRelevantType(J::Type t) {
   )
 }
 
-/**
- * Gets the underlying type of the content `c`.
- */
-J::Type getUnderlyingContentType(DataFlow::Content c) {
-  result = c.(DataFlow::FieldContent).getField().getType() or
-  result = c.(DataFlow::SyntheticFieldContent).getField().getType()
-}
-
 /**
  * Gets the MaD string representation of the qualifier.
  */
diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/NewPathInjection/PathInjection/pom.xml b/java/ql/test/query-tests/security/CWE-022/semmle/tests/NewPathInjection/PathInjection/pom.xml

Original file line number	Diff line number	Diff line change
`@@ -186,14 +186,6 @@ predicate isRelevantType(J::Type t) {`
`186`	`186`	`)`
`187`	`187`	`}`
`188`	`188`
`189`		`-/**`
`190`		- * Gets the underlying type of the content `c`.
`191`		`- */`
`192`		`-J::Type getUnderlyingContentType(DataFlow::Content c) {`
`193`		`- result = c.(DataFlow::FieldContent).getField().getType() or`
`194`		`- result = c.(DataFlow::SyntheticFieldContent).getField().getType()`
`195`		`-}`
`196`		`-`
`197`	`189`	`/**`
`198`	`190`	`* Gets the MaD string representation of the qualifier.`
`199`	`191`	`*/`