Skip to content

Commit 9149a17

Browse files
michaelnebelmichaelnebel
committed
Java: Only keep the best generated model in terms of taint/value.
1 parent d7e61d0 commit 9149a17

File tree

1 file changed

+20
-10
lines changed

1 file changed

+20
-10
lines changed

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -525,6 +525,23 @@ private predicate apiRelevantContentFlow(
525525
)
526526
}
527527

528+
pragma[nomagic]
529+
private predicate captureContentFlow0(
530+
ContentDataFlowSummaryTargetApi api, string input, string output, boolean preservesValue,
531+
boolean lift
532+
) {
533+
exists(
534+
DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, PropagateContentFlow::AccessPath reads,
535+
PropagateContentFlow::AccessPath stores
536+
|
537+
apiRelevantContentFlow(api, p, reads, returnNodeExt, stores, preservesValue) and
538+
input = parameterNodeAsContentInput(p) + printReadAccessPath(reads) and
539+
output = getContentOutput(returnNodeExt) + printStoreAccessPath(stores) and
540+
input != output and
541+
(if mentionsField(reads) or mentionsField(stores) then lift = false else lift = true)
542+
)
543+
}
544+
528545
/**
529546
* Gets the content based summary model(s) of the API `api` (if there is flow from a parameter to
530547
* the return value or a parameter).
@@ -533,16 +550,9 @@ private predicate apiRelevantContentFlow(
533550
* contain a field or synthetic field access.
534551
*/
535552
string captureContentFlow(ContentDataFlowSummaryTargetApi api) {
536-
exists(
537-
DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, string input, string output,
538-
PropagateContentFlow::AccessPath reads, PropagateContentFlow::AccessPath stores,
539-
boolean preservesValue, boolean lift
540-
|
541-
apiRelevantContentFlow(api, p, reads, returnNodeExt, stores, preservesValue) and
542-
input = parameterNodeAsContentInput(p) + printReadAccessPath(reads) and
543-
output = getContentOutput(returnNodeExt) + printStoreAccessPath(stores) and
544-
input != output and
545-
(if mentionsField(reads) or mentionsField(stores) then lift = false else lift = true) and
553+
exists(string input, string output, boolean lift, boolean preservesValue |
554+
captureContentFlow0(api, input, output, _, lift) and
555+
preservesValue = max(boolean p | captureContentFlow0(api, input, output, p, lift)) and
546556
result = Printing::asModel(api, input, output, preservesValue, lift)
547557
)
548558
}

0 commit comments

Comments
 (0)