Skip to content

Commit 2cc1f46

Browse files
smowtonsmowton
committed
Model constructors for (Imm|M)utable(Pair|Triple)
1 parent fbaa382 commit 2cc1f46

File tree

3 files changed

+74
-0
lines changed

3 files changed

+74
-0
lines changed

java/ql/src/semmle/code/java/frameworks/apache/Lang.qll

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -803,12 +803,16 @@ private class ApachePairModel extends SummaryModelCsv {
803803
"org.apache.commons.lang3.tuple;Pair;false;getValue;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
804804
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
805805
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
806+
"org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];value",
807+
"org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];value",
806808
"org.apache.commons.lang3.tuple;ImmutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];ReturnValue;value",
807809
"org.apache.commons.lang3.tuple;ImmutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];ReturnValue;value",
808810
"org.apache.commons.lang3.tuple;ImmutablePair;false;left;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
809811
"org.apache.commons.lang3.tuple;ImmutablePair;false;right;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
810812
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
811813
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
814+
"org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];value",
815+
"org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];value",
812816
"org.apache.commons.lang3.tuple;MutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];ReturnValue;value",
813817
"org.apache.commons.lang3.tuple;MutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
814818
"org.apache.commons.lang3.tuple;MutablePair;false;setLeft;;;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];value",
@@ -830,12 +834,18 @@ private class ApacheTripleModel extends SummaryModelCsv {
830834
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
831835
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
832836
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
837+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of Argument[-1];value",
838+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of Argument[-1];value",
839+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of Argument[-1];value",
833840
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.left of Argument[-1];ReturnValue;value",
834841
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of Argument[-1];ReturnValue;value",
835842
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.right of Argument[-1];ReturnValue;value",
836843
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
837844
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
838845
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
846+
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];value",
847+
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];value",
848+
"org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];value",
839849
"org.apache.commons.lang3.tuple;MutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];ReturnValue;value",
840850
"org.apache.commons.lang3.tuple;MutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];ReturnValue;value",
841851
"org.apache.commons.lang3.tuple;MutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];ReturnValue;value",

java/ql/test/library-tests/frameworks/apache-commons-lang3/PairTest.java

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ void test() throws Exception {
2121
ImmutablePair<String, String> taintedRight2 = (ImmutablePair)taintedRight2_;
2222
Pair<String, String> taintedLeft3 = Pair.of(taint(), "clean-right");
2323
Pair<String, String> taintedRight3 = Pair.of("clean-left", taint());
24+
ImmutablePair<String, String> taintedLeft4 = new ImmutablePair(taint(), "clean-right");
25+
ImmutablePair<String, String> taintedRight4 = new ImmutablePair("clean-left", taint());
2426

2527
// Check flow through ImmutablePairs:
2628
sink(taintedLeft.getLeft()); // $hasValueFlow
@@ -55,6 +57,18 @@ void test() throws Exception {
5557
sink(taintedRight3.getRight()); // $hasValueFlow
5658
sink(taintedRight3.getKey());
5759
sink(taintedRight3.getValue()); // $hasValueFlow
60+
sink(taintedLeft4.getLeft()); // $hasValueFlow
61+
sink(taintedLeft4.getRight());
62+
sink(taintedLeft4.getKey()); // $hasValueFlow
63+
sink(taintedLeft4.getValue());
64+
sink(taintedLeft4.left); // $hasValueFlow
65+
sink(taintedLeft4.right);
66+
sink(taintedRight4.getLeft());
67+
sink(taintedRight4.getRight()); // $hasValueFlow
68+
sink(taintedRight4.getKey());
69+
sink(taintedRight4.getValue()); // $hasValueFlow
70+
sink(taintedRight4.left);
71+
sink(taintedRight4.right); // $hasValueFlow
5872

5973
// Check flow also works via an alias of type Pair:
6074
sink(taintedLeft2_.getLeft()); // $hasValueFlow
@@ -75,6 +89,8 @@ void test() throws Exception {
7589
setTaintRight.setRight(taint());
7690
MutablePair<String, String> setTaintValue = MutablePair.of("clean-left", "clean-right");
7791
setTaintValue.setValue(taint());
92+
MutablePair<String, String> taintedLeftMutableConstructed = new MutablePair(taint(), "clean-right");
93+
MutablePair<String, String> taintedRightMutableConstructed = new MutablePair("clean-left", taint());
7894

7995
sink(taintedLeftMutable.getLeft()); // $hasValueFlow
8096
sink(taintedLeftMutable.getRight());
@@ -106,6 +122,18 @@ void test() throws Exception {
106122
sink(setTaintValue.getValue()); // $hasValueFlow
107123
sink(setTaintValue.left);
108124
sink(setTaintValue.right); // $hasValueFlow
125+
sink(taintedLeftMutableConstructed.getLeft()); // $hasValueFlow
126+
sink(taintedLeftMutableConstructed.getRight());
127+
sink(taintedLeftMutableConstructed.getKey()); // $hasValueFlow
128+
sink(taintedLeftMutableConstructed.getValue());
129+
sink(taintedLeftMutableConstructed.left); // $hasValueFlow
130+
sink(taintedLeftMutableConstructed.right);
131+
sink(taintedRightMutableConstructed.getLeft());
132+
sink(taintedRightMutableConstructed.getRight()); // $hasValueFlow
133+
sink(taintedRightMutableConstructed.getKey());
134+
sink(taintedRightMutableConstructed.getValue()); // $hasValueFlow
135+
sink(taintedRightMutableConstructed.left);
136+
sink(taintedRightMutableConstructed.right); // $hasValueFlow
109137

110138
// Check flow also works via an alias of type Pair:
111139
Pair<String, String> taintedLeftMutableAlias = taintedLeftMutable;

java/ql/test/library-tests/frameworks/apache-commons-lang3/TripleTest.java

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,21 @@ void test() throws Exception {
6767
sink(taintedRight3.getMiddle());
6868
sink(taintedRight3.getRight()); // $hasValueFlow
6969

70+
// Check flow via constructor:
71+
ImmutableTriple<String, String, String> taintedLeft4 = new ImmutableTriple(taint(), "clean-middle", "clean-right");
72+
ImmutableTriple<String, String, String> taintedMiddle4 = new ImmutableTriple("clean-left", taint(), "clean-right");
73+
ImmutableTriple<String, String, String> taintedRight4 = new ImmutableTriple("clean-left", "clean-middle", taint());
74+
75+
sink(taintedLeft4.getLeft()); // $hasValueFlow
76+
sink(taintedLeft4.getMiddle());
77+
sink(taintedLeft4.getRight());
78+
sink(taintedMiddle4.getLeft());
79+
sink(taintedMiddle4.getMiddle()); // $hasValueFlow
80+
sink(taintedMiddle4.getRight());
81+
sink(taintedRight4.getLeft());
82+
sink(taintedRight4.getMiddle());
83+
sink(taintedRight4.getRight()); // $hasValueFlow
84+
7085
MutableTriple<String, String, String> mutableTaintedLeft = MutableTriple.of(taint(), "clean-middle", "clean-right");
7186
MutableTriple<String, String, String> mutableTaintedMiddle = MutableTriple.of("clean-left", taint(), "clean-right");
7287
MutableTriple<String, String, String> mutableTaintedRight = MutableTriple.of("clean-left", "clean-middle", taint());
@@ -76,6 +91,9 @@ void test() throws Exception {
7691
setTaintedMiddle.setMiddle(taint());
7792
MutableTriple<String, String, String> setTaintedRight = MutableTriple.of("clean-left", "clean-middle", "clean-right");
7893
setTaintedRight.setRight(taint());
94+
MutableTriple<String, String, String> mutableTaintedLeftConstructed = new MutableTriple(taint(), "clean-middle", "clean-right");
95+
MutableTriple<String, String, String> mutableTaintedMiddleConstructed = new MutableTriple("clean-left", taint(), "clean-right");
96+
MutableTriple<String, String, String> mutableTaintedRightConstructed = new MutableTriple("clean-left", "clean-middle", taint());
7997

8098
// Check flow through MutableTriples:
8199
sink(mutableTaintedLeft.getLeft()); // $hasValueFlow
@@ -114,6 +132,24 @@ void test() throws Exception {
114132
sink(setTaintedRight.left);
115133
sink(setTaintedRight.middle);
116134
sink(setTaintedRight.right); // $hasValueFlow
135+
sink(mutableTaintedLeftConstructed.getLeft()); // $hasValueFlow
136+
sink(mutableTaintedLeftConstructed.getMiddle());
137+
sink(mutableTaintedLeftConstructed.getRight());
138+
sink(mutableTaintedLeftConstructed.left); // $hasValueFlow
139+
sink(mutableTaintedLeftConstructed.middle);
140+
sink(mutableTaintedLeftConstructed.right);
141+
sink(mutableTaintedMiddleConstructed.getLeft());
142+
sink(mutableTaintedMiddleConstructed.getMiddle()); // $hasValueFlow
143+
sink(mutableTaintedMiddleConstructed.getRight());
144+
sink(mutableTaintedMiddleConstructed.left);
145+
sink(mutableTaintedMiddleConstructed.middle); // $hasValueFlow
146+
sink(mutableTaintedMiddleConstructed.right);
147+
sink(mutableTaintedRightConstructed.getLeft());
148+
sink(mutableTaintedRightConstructed.getMiddle());
149+
sink(mutableTaintedRightConstructed.getRight()); // $hasValueFlow
150+
sink(mutableTaintedRightConstructed.left);
151+
sink(mutableTaintedRightConstructed.middle);
152+
sink(mutableTaintedRightConstructed.right); // $hasValueFlow
117153

118154
Triple<String, String, String> mutableTaintedLeft2 = mutableTaintedLeft;
119155
Triple<String, String, String> mutableTaintedMiddle2 = mutableTaintedMiddle;

0 commit comments

Comments
 (0)