step 1.2

Author: jcogs33

codeql-custom-queries-java/ctf4.ql

@@ -149,6 +149,25 @@ module Bonus {
     }
   }
 
+/* Step 1.2 */
+/** The type `javax.validation.ConstraintValidatorContext`. */
+class TypeConstraintValidatorContext extends RefType {
+    TypeConstraintValidatorContext() {
+      this.hasQualifiedName("javax.validation", "ConstraintValidatorContext")
+    }
+  }
+  
+  /**
+   * A method named `buildConstraintViolationWithTemplate` declared on a subtype
+   * of `javax.validation.ConstraintValidatorContext`.
+   */
+  class BuildConstraintViolationWithTemplateMethod extends Method {
+    BuildConstraintViolationWithTemplateMethod() {
+      this.getDeclaringType().getASupertype*() instanceof TypeConstraintValidatorContext and
+      this.hasName("buildConstraintViolationWithTemplate")
+    }
+  }
+
 predicate isSource(DataFlow::Node source) { 
     /* TODO describe source */
     //source.asExpr() instanceof StringLiteral
@@ -159,6 +178,14 @@ predicate isSource(DataFlow::Node source) {
     source instanceof BeanValidationSource
 }
 
+/* Step 1.2 */
+predicate isSink(DataFlow::Node sink) {
+    exists(MethodAccess ma |
+      ma.getMethod() instanceof BuildConstraintViolationWithTemplateMethod and
+      sink.asExpr() = ma.getArgument(0)
+    )
+}
+
 // from Method method, MethodAccess call
 // where 
 //     call.getMethod() = method and