Java: Add support for framework modelling through csv data.

Author: aschackmull

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

@@ -0,0 +1,62 @@
+package my.qltest;
+
+public class A {
+  void foo() {
+    Object x;
+    x = src1();
+    x = src1("");
+
+    Sub sub = new Sub();
+    x = sub.src2();
+    x = sub.src3();
+
+    srcArg(x);
+
+    Handler h = srcparam1 -> { };
+
+    Handler h2 = new Handler() {
+      @Override public void handle(Object srcparam2) { }
+    };
+
+    x = taggedSrcMethod();
+    x = taggedSrcField;
+
+    x = srcTwoArg("", "");
+  }
+
+  @Tag
+  void tagged1(Object taggedMethodParam) {
+  }
+
+  void tagged2(@Tag Object taggedSrcParam) {
+  }
+
+  Object src1() { return null; }
+
+  Object src1(String s) { return null; }
+
+  Object src2() { return null; }
+
+  Object src3() { return null; }
+
+  static class Sub extends A {
+    // inherit src2
+    @Override Object src3() { return null; }
+  }
+
+  void srcArg(Object src) { }
+
+  interface Handler {
+    void handle(Object src);
+  }
+
+  @interface Tag { }
+
+  @Tag
+  Object taggedSrcMethod() { return null; }
+
+  @Tag
+  Object taggedSrcField;
+
+  Object srcTwoArg(String s1, String s2) { return null; }
+}

java/ql/test/library-tests/dataflow/external-models/A.java

@@ -0,0 +1,35 @@
+package my.qltest;
+
+public class B {
+  void foo() {
+    Object arg1 = new Object();
+    sink1(arg1);
+
+    Object argToTagged = new Object();
+    taggedSinkMethod(argToTagged);
+
+    Object fieldWrite = new Object();
+    taggedField = fieldWrite; // not currently handled
+  }
+
+  Object sinkMethod() {
+    Object res = new Object();
+    return res;
+  }
+
+  @Tag
+  Object taggedSinkMethod() {
+    Object resTag = new Object();
+    return resTag;
+  }
+
+  void sink1(Object x) { }
+
+  @interface Tag { }
+
+  @Tag
+  void taggedSinkMethod(Object x) { }
+
+  @Tag
+  Object taggedField;
+}

java/ql/test/library-tests/dataflow/external-models/B.java

@@ -0,0 +1,36 @@
+package my.qltest;
+
+public class C {
+  void foo() {
+    Object arg1 = new Object();
+    stepArgRes(arg1);
+
+    Object argIn1 = new Object();
+    Object argOut1 = new Object();
+    stepArgArg(argIn1, argOut1);
+    Object argIn2 = new Object();
+    Object argOut2 = new Object();
+    stepArgArg(argIn2, argOut2);
+
+    Object arg2 = new Object();
+    stepArgQual(arg2);
+    Object arg3 = new Object();
+    this.stepArgQual(arg3);
+
+    this.stepQualRes();
+    stepQualRes();
+
+    Object argOut = new Object();
+    stepQualArg(argOut);
+  }
+
+  Object stepArgRes(Object x) { return null; }
+
+  void stepArgArg(Object in, Object out) { }
+
+  void stepArgQual(Object x) { }
+
+  Object stepQualRes() { return null; }
+
+  void stepQualArg(Object out) { }
+}

java/ql/test/library-tests/dataflow/external-models/C.java

@@ -0,0 +1,7 @@
+invalidModelRow
+#select
+| B.java:6:11:6:14 | arg1 | qltest |
+| B.java:9:5:9:33 | this <.method> | qltest-arg |
+| B.java:9:22:9:32 | argToTagged | qltest-arg |
+| B.java:17:12:17:14 | res | qltest |
+| B.java:23:12:23:17 | resTag | qltest-retval |

java/ql/test/library-tests/dataflow/external-models/sinks.expected

@@ -0,0 +1,22 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.ExternalFlow
+import CsvValidation
+
+class SinkModelTest extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //"package;type;overrides;name;signature;ext;spec;kind",
+        "my.qltest;B;false;sink1;(Object);;Argument[0];qltest",
+        "my.qltest;B;false;sinkMethod;();;ReturnValue;qltest",
+        "my.qltest;B$Tag;false;;;Annotated;ReturnValue;qltest-retval",
+        "my.qltest;B$Tag;false;;;Annotated;Argument;qltest-arg",
+        "my.qltest;B$Tag;false;;;Annotated;;qltest-nospec"
+      ]
+  }
+}
+
+from DataFlow::Node node, string kind
+where sinkNode(node, kind)
+select node, kind

java/ql/test/library-tests/dataflow/external-models/sinks.ql

@@ -0,0 +1,24 @@
+invalidModelRow
+#select
+| A.java:6:9:6:14 | src1(...) | qltest |
+| A.java:6:9:6:14 | src1(...) | qltest-all-overloads |
+| A.java:7:9:7:16 | src1(...) | qltest |
+| A.java:7:9:7:16 | src1(...) | qltest-all-overloads |
+| A.java:7:9:7:16 | src1(...) | qltest-alt |
+| A.java:10:9:10:18 | src2(...) | qltest |
+| A.java:10:9:10:18 | src2(...) | qltest-w-subtypes |
+| A.java:11:9:11:18 | src3(...) | qltest-w-subtypes |
+| A.java:13:5:13:13 | this <.method> [post update] | qltest-argany |
+| A.java:13:12:13:12 | x [post update] | qltest-argany |
+| A.java:13:12:13:12 | x [post update] | qltest-argnum |
+| A.java:15:17:15:25 | srcparam1 | qltest-param-override |
+| A.java:18:36:18:51 | srcparam2 | qltest-param-override |
+| A.java:21:9:21:25 | taggedSrcMethod(...) | qltest-retval |
+| A.java:22:9:22:22 | taggedSrcField | qltest-nospec |
+| A.java:24:9:24:25 | srcTwoArg(...) | qltest-longsig |
+| A.java:24:9:24:25 | srcTwoArg(...) | qltest-shortsig |
+| A.java:28:8:28:14 | parameter this | qltest-param |
+| A.java:28:16:28:39 | taggedMethodParam | qltest-param |
+| A.java:31:16:31:41 | taggedSrcParam | qltest-nospec |
+| A.java:31:16:31:41 | taggedSrcParam | qltest-param |
+| A.java:56:10:56:24 | parameter this | qltest-param |

java/ql/test/library-tests/dataflow/external-models/srcs.expected

@@ -0,0 +1,33 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.ExternalFlow
+import CsvValidation
+
+class SourceModelTest extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //"package;type;overrides;name;signature;ext;spec;kind",
+        "my.qltest;A;false;src1;();;ReturnValue;qltest",
+        "my.qltest;A;false;src1;(String);;ReturnValue;qltest",
+        "my.qltest;A;false;src1;(java.lang.String);;ReturnValue;qltest-alt",
+        "my.qltest;A;false;src1;;;ReturnValue;qltest-all-overloads",
+        "my.qltest;A;false;src2;();;ReturnValue;qltest",
+        "my.qltest;A;false;src3;();;ReturnValue;qltest",
+        "my.qltest;A;true;src2;();;ReturnValue;qltest-w-subtypes",
+        "my.qltest;A;true;src3;();;ReturnValue;qltest-w-subtypes",
+        "my.qltest;A;false;srcArg;(Object);;Argument[0];qltest-argnum",
+        "my.qltest;A;false;srcArg;(Object);;Argument;qltest-argany",
+        "my.qltest;A$Handler;true;handle;(Object);;Parameter[0];qltest-param-override",
+        "my.qltest;A$Tag;false;;;Annotated;ReturnValue;qltest-retval",
+        "my.qltest;A$Tag;false;;;Annotated;Parameter;qltest-param",
+        "my.qltest;A$Tag;false;;;Annotated;;qltest-nospec",
+        "my.qltest;A;false;srcTwoArg;(String,String);;ReturnValue;qltest-shortsig",
+        "my.qltest;A;false;srcTwoArg;(java.lang.String,java.lang.String);;ReturnValue;qltest-longsig"
+      ]
+  }
+}
+
+from DataFlow::Node node, string kind
+where sourceNode(node, kind)
+select node, kind

java/ql/test/library-tests/dataflow/external-models/srcs.ql

@@ -0,0 +1,10 @@
+invalidModelRow
+#select
+| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) | qltest |
+| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] | qltest |
+| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] | qltest |
+| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] | qltest |
+| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] | qltest |
+| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) | qltest |
+| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) | qltest |
+| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] | qltest |

java/ql/test/library-tests/dataflow/external-models/steps.expected

@@ -0,0 +1,22 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.ExternalFlow
+import CsvValidation
+
+class SummaryModelTest extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
+        "my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;qltest",
+        "my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];qltest",
+        "my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];qltest",
+        "my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;qltest",
+        "my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];qltest"
+      ]
+  }
+}
+
+from DataFlow::Node node1, DataFlow::Node node2, string kind
+where summaryStep(node1, node2, kind)
+select node1, node2, kind