Java: Model java.util.Optional lambda methods

Signed-off-by: Jonathan Leitschuh <[email protected]>

Author: JLLeitschuh

java/change-notes/2021-10-29-optional-lambda-flow.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added data flow models for lambda methods on `java.util.Optional`.

java/ql/lib/semmle/code/java/frameworks/Optional.qll

@@ -15,7 +15,16 @@ private class OptionalModel extends SummaryModelCsv {
         "java.util;Optional;false;orElse;;;Argument[0];ReturnValue;value",
         "java.util;Optional;false;orElseGet;;;Element of Argument[-1];ReturnValue;value",
         "java.util;Optional;false;orElseThrow;;;Element of Argument[-1];ReturnValue;value",
-        "java.util;Optional;false;stream;;;Element of Argument[-1];Element of ReturnValue;value"
+        "java.util;Optional;false;stream;;;Element of Argument[-1];Element of ReturnValue;value",
+        "java.util;Optional;false;ifPresent;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;ifPresentOrElse;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;map;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;map;;;ReturnValue of Argument[0];Element of ReturnValue;value",
+        "java.util;Optional;false;flatMap;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;flatMap;;;ReturnValue of Argument[0];ReturnValue;value",
+        "java.util;Optional;false;filter;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;or;;;ReturnValue of Argument[0];ReturnValue;value",
+        "java.util;Optional;false;orElseGet;;;ReturnValue of Argument[0];ReturnValue;value"
       ]
   }
 }

java/ql/test/library-tests/optional/FunctionalTest.java

@@ -0,0 +1,58 @@
+import java.util.Optional;
+
+public class FunctionalTest {
+    String source() {
+        return null;
+    }
+
+    void sink(Object o) {
+    }
+
+    void test() {
+        Optional<String> o = Optional.of(source());
+        o.ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        o.ifPresentOrElse(v -> {
+            sink(v); // $hasValueFlow
+        }, () -> {
+            // no-op
+        });
+        o.map(v -> {
+            sink(v); // $hasValueFlow
+            return v;
+        }).ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        o.flatMap(v -> {
+            sink(v); // $hasValueFlow
+            return Optional.of(v);
+        }).ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        o.flatMap(v -> {
+            sink(v); // $hasValueFlow
+            return Optional.of("safe");
+        }).ifPresent(v -> {
+            sink(v); // no value flow
+        });
+        o.filter(v -> {
+            sink(v); // $hasValueFlow
+            return true;
+        }).ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        Optional.of("safe").map(v -> {
+            sink(v); // no value flow
+            return v;
+        }).or(() -> o).ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        Optional<String> safe = Optional.of("safe");
+        o.or(() -> safe).ifPresent(v -> {
+            sink(v); // $hasValueFlow
+        });
+        String value = safe.orElseGet(() -> source());
+        sink(value); // $hasValueFlow
+    }
+}