Skip to content

Commit 472a2a6

Browse files
smowtonsmowton
committed
Add models for Apache Commons tuples
1 parent 73fa680 commit 472a2a6

File tree

9 files changed

+1311
-0
lines changed

9 files changed

+1311
-0
lines changed

java/ql/src/semmle/code/java/frameworks/apache/Lang.qll

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -789,3 +789,62 @@ private class ApacheToStringBuilderModel extends SummaryModelCsv {
789789
]
790790
}
791791
}
792+
793+
/**
794+
* Value-propagating models for `Pair`, `ImmutablePair` and `MutablePair`.
795+
*/
796+
private class ApachePairModel extends SummaryModelCsv {
797+
override predicate row(string row) {
798+
row =
799+
[
800+
"org.apache.commons.lang3.tuple;Pair;false;getKey;;;Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];ReturnValue;value",
801+
"org.apache.commons.lang3.tuple;Pair;false;getValue;;;Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];ReturnValue;value",
802+
"org.apache.commons.lang3.tuple;Pair;false;getKey;;;Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];ReturnValue;value",
803+
"org.apache.commons.lang3.tuple;Pair;false;getValue;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
804+
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
805+
"org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
806+
"org.apache.commons.lang3.tuple;ImmutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutablePair.left of Argument[-1];ReturnValue;value",
807+
"org.apache.commons.lang3.tuple;ImmutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutablePair.right of Argument[-1];ReturnValue;value",
808+
"org.apache.commons.lang3.tuple;ImmutablePair;false;right;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
809+
"org.apache.commons.lang3.tuple;ImmutablePair;false;left;;;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
810+
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutablePair.left of ReturnValue;value",
811+
"org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutablePair.right of ReturnValue;value",
812+
"org.apache.commons.lang3.tuple;MutablePair;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];ReturnValue;value",
813+
"org.apache.commons.lang3.tuple;MutablePair;false;getRight;;;Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];ReturnValue;value",
814+
"org.apache.commons.lang3.tuple;MutablePair;false;setLeft;;;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of Argument[-1];value",
815+
"org.apache.commons.lang3.tuple;MutablePair;false;setRight;;;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];value",
816+
"org.apache.commons.lang3.tuple;MutablePair;false;setValue;;;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.right of Argument[-1];value",
817+
"org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutablePair.left of ReturnValue;value",
818+
"org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutablePair.right of ReturnValue;value"
819+
]
820+
}
821+
}
822+
823+
/**
824+
* Value-propagating models for `Triple`, `ImmutableTriple` and `MutableTriple`.
825+
*/
826+
private class ApacheTripleModel extends SummaryModelCsv {
827+
override predicate row(string row) {
828+
row =
829+
[
830+
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
831+
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
832+
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
833+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.left of Argument[-1];ReturnValue;value",
834+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of Argument[-1];ReturnValue;value",
835+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.ImmutableTriple.right of Argument[-1];ReturnValue;value",
836+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.ImmutableTriple.left of ReturnValue;value",
837+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.ImmutableTriple.middle of ReturnValue;value",
838+
"org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.ImmutableTriple.right of ReturnValue;value",
839+
"org.apache.commons.lang3.tuple;MutableTriple;false;getLeft;;;Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];ReturnValue;value",
840+
"org.apache.commons.lang3.tuple;MutableTriple;false;getMiddle;;;Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];ReturnValue;value",
841+
"org.apache.commons.lang3.tuple;MutableTriple;false;getRight;;;Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];ReturnValue;value",
842+
"org.apache.commons.lang3.tuple;MutableTriple;false;setLeft;;;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.left of Argument[-1];value",
843+
"org.apache.commons.lang3.tuple;MutableTriple;false;setMiddle;;;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.middle of Argument[-1];value",
844+
"org.apache.commons.lang3.tuple;MutableTriple;false;setRight;;;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.right of Argument[-1];value",
845+
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field org.apache.commons.lang3.tuple.MutableTriple.left of ReturnValue;value",
846+
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field org.apache.commons.lang3.tuple.MutableTriple.middle of ReturnValue;value",
847+
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field org.apache.commons.lang3.tuple.MutableTriple.right of ReturnValue;value"
848+
]
849+
}
850+
}

java/ql/test/library-tests/frameworks/apache-commons-lang3/PairTest.java

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
import org.apache.commons.lang3.tuple.Pair;
2+
import org.apache.commons.lang3.tuple.ImmutablePair;
3+
import org.apache.commons.lang3.tuple.MutablePair;
4+
5+
class PairTest {
6+
String taint() { return "tainted"; }
7+
8+
private static class IntSource {
9+
static int taint() { return 0; }
10+
}
11+
12+
void sink(Object o) {}
13+
14+
void test() throws Exception {
15+
16+
ImmutablePair<String, String> taintedLeft = ImmutablePair.of(taint(), "clean-right");
17+
ImmutablePair<String, String> taintedRight = ImmutablePair.of("clean-left", taint());
18+
Pair<String, String> taintedLeft2_ = ImmutablePair.left(taint());
19+
ImmutablePair<String, String> taintedLeft2 = (ImmutablePair)taintedLeft2_;
20+
Pair<String, String> taintedRight2_ = ImmutablePair.right(taint());
21+
ImmutablePair<String, String> taintedRight2 = (ImmutablePair)taintedRight2_;
22+
23+
// Check flow through ImmutablePairs:
24+
sink(taintedLeft.getLeft()); // $hasValueFlow
25+
sink(taintedLeft.getRight());
26+
sink(taintedLeft.getKey()); // $hasValueFlow
27+
sink(taintedLeft.getValue());
28+
sink(taintedLeft.left); // $hasValueFlow
29+
sink(taintedLeft.right);
30+
sink(taintedRight.getLeft());
31+
sink(taintedRight.getRight()); // $hasValueFlow
32+
sink(taintedRight.getKey());
33+
sink(taintedRight.getValue()); // $hasValueFlow
34+
sink(taintedRight.left);
35+
sink(taintedRight.right); // $hasValueFlow
36+
sink(taintedLeft2.getLeft()); // $hasValueFlow
37+
sink(taintedLeft2.getRight());
38+
sink(taintedLeft2.getKey()); // $hasValueFlow
39+
sink(taintedLeft2.getValue());
40+
sink(taintedLeft2.left); // $hasValueFlow
41+
sink(taintedLeft2.right);
42+
sink(taintedRight2.getLeft());
43+
sink(taintedRight2.getRight()); // $hasValueFlow
44+
sink(taintedRight2.getKey());
45+
sink(taintedRight2.getValue()); // $hasValueFlow
46+
sink(taintedRight2.left);
47+
sink(taintedRight2.right); // $hasValueFlow
48+
49+
// Check flow also works via an alias of type Pair:
50+
sink(taintedLeft2_.getLeft()); // $hasValueFlow
51+
sink(taintedLeft2_.getRight());
52+
sink(taintedLeft2_.getKey()); // $hasValueFlow
53+
sink(taintedLeft2_.getValue());
54+
sink(taintedRight2_.getLeft());
55+
sink(taintedRight2_.getRight()); // $hasValueFlow
56+
sink(taintedRight2_.getKey());
57+
sink(taintedRight2_.getValue()); // $hasValueFlow
58+
59+
// Check flow through MutablePairs:
60+
MutablePair<String, String> taintedLeftMutable = MutablePair.of(taint(), "clean-right");
61+
MutablePair<String, String> taintedRightMutable = MutablePair.of("clean-left", taint());
62+
MutablePair<String, String> setTaintLeft = MutablePair.of("clean-left", "clean-right");
63+
setTaintLeft.setLeft(taint());
64+
MutablePair<String, String> setTaintRight = MutablePair.of("clean-left", "clean-right");
65+
setTaintRight.setRight(taint());
66+
MutablePair<String, String> setTaintValue = MutablePair.of("clean-left", "clean-right");
67+
setTaintValue.setValue(taint());
68+
69+
sink(taintedLeftMutable.getLeft()); // $hasValueFlow
70+
sink(taintedLeftMutable.getRight());
71+
sink(taintedLeftMutable.getKey()); // $hasValueFlow
72+
sink(taintedLeftMutable.getValue());
73+
sink(taintedLeftMutable.left); // $hasValueFlow
74+
sink(taintedLeftMutable.right);
75+
sink(taintedRightMutable.getLeft());
76+
sink(taintedRightMutable.getRight()); // $hasValueFlow
77+
sink(taintedRightMutable.getKey());
78+
sink(taintedRightMutable.getValue()); // $hasValueFlow
79+
sink(taintedRightMutable.left);
80+
sink(taintedRightMutable.right); // $hasValueFlow
81+
sink(setTaintLeft.getLeft()); // $hasValueFlow
82+
sink(setTaintLeft.getRight());
83+
sink(setTaintLeft.getKey()); // $hasValueFlow
84+
sink(setTaintLeft.getValue());
85+
sink(setTaintLeft.left); // $hasValueFlow
86+
sink(setTaintLeft.right);
87+
sink(setTaintRight.getLeft());
88+
sink(setTaintRight.getRight()); // $hasValueFlow
89+
sink(setTaintRight.getKey());
90+
sink(setTaintRight.getValue()); // $hasValueFlow
91+
sink(setTaintRight.left);
92+
sink(setTaintRight.right); // $hasValueFlow
93+
sink(setTaintValue.getLeft());
94+
sink(setTaintValue.getRight()); // $hasValueFlow
95+
sink(setTaintValue.getKey());
96+
sink(setTaintValue.getValue()); // $hasValueFlow
97+
sink(setTaintValue.left);
98+
sink(setTaintValue.right); // $hasValueFlow
99+
100+
// Check flow also works via an alias of type Pair:
101+
Pair<String, String> taintedLeftMutableAlias = taintedLeftMutable;
102+
Pair<String, String> taintedRightMutableAlias = taintedRightMutable;
103+
sink(taintedLeftMutableAlias.getLeft()); // $hasValueFlow
104+
sink(taintedLeftMutableAlias.getRight());
105+
sink(taintedLeftMutableAlias.getKey()); // $hasValueFlow
106+
sink(taintedLeftMutableAlias.getValue());
107+
sink(taintedRightMutableAlias.getLeft());
108+
sink(taintedRightMutableAlias.getRight()); // $hasValueFlow
109+
sink(taintedRightMutableAlias.getKey());
110+
sink(taintedRightMutableAlias.getValue()); // $hasValueFlow
111+
}
112+
}

java/ql/test/library-tests/frameworks/apache-commons-lang3/TripleTest.java

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
import org.apache.commons.lang3.tuple.Triple;
2+
import org.apache.commons.lang3.tuple.ImmutableTriple;
3+
import org.apache.commons.lang3.tuple.MutableTriple;
4+
5+
class TripleTest {
6+
String taint() { return "tainted"; }
7+
8+
private static class IntSource {
9+
static int taint() { return 0; }
10+
}
11+
12+
void sink(Object o) {}
13+
14+
void test() throws Exception {
15+
16+
ImmutableTriple<String, String, String> taintedLeft = ImmutableTriple.of(taint(), "clean-middle", "clean-right");
17+
ImmutableTriple<String, String, String> taintedMiddle = ImmutableTriple.of("clean-left", taint(), "clean-right");
18+
ImmutableTriple<String, String, String> taintedRight = ImmutableTriple.of("clean-left", "clean-middle", taint());
19+
20+
// Check flow through ImmutableTriples:
21+
sink(taintedLeft.getLeft()); // $hasValueFlow
22+
sink(taintedLeft.getMiddle());
23+
sink(taintedLeft.getRight());
24+
sink(taintedLeft.left); // $hasValueFlow
25+
sink(taintedLeft.middle);
26+
sink(taintedLeft.right);
27+
sink(taintedMiddle.getLeft());
28+
sink(taintedMiddle.getMiddle()); // $hasValueFlow
29+
sink(taintedMiddle.getRight());
30+
sink(taintedMiddle.left);
31+
sink(taintedMiddle.middle); // $hasValueFlow
32+
sink(taintedMiddle.right);
33+
sink(taintedRight.getLeft());
34+
sink(taintedRight.getMiddle());
35+
sink(taintedRight.getRight()); // $hasValueFlow
36+
sink(taintedRight.left);
37+
sink(taintedRight.middle);
38+
sink(taintedRight.right); // $hasValueFlow
39+
40+
Triple<String, String, String> taintedLeft2 = taintedLeft;
41+
Triple<String, String, String> taintedMiddle2 = taintedMiddle;
42+
Triple<String, String, String> taintedRight2 = taintedRight;
43+
44+
// Check flow also works via an alias of type Triple:
45+
sink(taintedLeft2.getLeft()); // $hasValueFlow
46+
sink(taintedLeft2.getMiddle());
47+
sink(taintedLeft2.getRight());
48+
sink(taintedMiddle2.getLeft());
49+
sink(taintedMiddle2.getMiddle()); // $hasValueFlow
50+
sink(taintedMiddle2.getRight());
51+
sink(taintedRight2.getLeft());
52+
sink(taintedRight2.getMiddle());
53+
sink(taintedRight2.getRight()); // $hasValueFlow
54+
55+
MutableTriple<String, String, String> mutableTaintedLeft = MutableTriple.of(taint(), "clean-middle", "clean-right");
56+
MutableTriple<String, String, String> mutableTaintedMiddle = MutableTriple.of("clean-left", taint(), "clean-right");
57+
MutableTriple<String, String, String> mutableTaintedRight = MutableTriple.of("clean-left", "clean-middle", taint());
58+
MutableTriple<String, String, String> setTaintedLeft = MutableTriple.of("clean-left", "clean-middle", "clean-right");
59+
setTaintedLeft.setLeft(taint());
60+
MutableTriple<String, String, String> setTaintedMiddle = MutableTriple.of("clean-left", "clean-middle", "clean-right");
61+
setTaintedMiddle.setMiddle(taint());
62+
MutableTriple<String, String, String> setTaintedRight = MutableTriple.of("clean-left", "clean-middle", "clean-right");
63+
setTaintedRight.setRight(taint());
64+
65+
// Check flow through MutableTriples:
66+
sink(mutableTaintedLeft.getLeft()); // $hasValueFlow
67+
sink(mutableTaintedLeft.getMiddle());
68+
sink(mutableTaintedLeft.getRight());
69+
sink(mutableTaintedLeft.left); // $hasValueFlow
70+
sink(mutableTaintedLeft.middle);
71+
sink(mutableTaintedLeft.right);
72+
sink(mutableTaintedMiddle.getLeft());
73+
sink(mutableTaintedMiddle.getMiddle()); // $hasValueFlow
74+
sink(mutableTaintedMiddle.getRight());
75+
sink(mutableTaintedMiddle.left);
76+
sink(mutableTaintedMiddle.middle); // $hasValueFlow
77+
sink(mutableTaintedMiddle.right);
78+
sink(mutableTaintedRight.getLeft());
79+
sink(mutableTaintedRight.getMiddle());
80+
sink(mutableTaintedRight.getRight()); // $hasValueFlow
81+
sink(mutableTaintedRight.left);
82+
sink(mutableTaintedRight.middle);
83+
sink(mutableTaintedRight.right); // $hasValueFlow
84+
sink(setTaintedLeft.getLeft()); // $hasValueFlow
85+
sink(setTaintedLeft.getMiddle());
86+
sink(setTaintedLeft.getRight());
87+
sink(setTaintedLeft.left); // $hasValueFlow
88+
sink(setTaintedLeft.middle);
89+
sink(setTaintedLeft.right);
90+
sink(setTaintedMiddle.getLeft());
91+
sink(setTaintedMiddle.getMiddle()); // $hasValueFlow
92+
sink(setTaintedMiddle.getRight());
93+
sink(setTaintedMiddle.left);
94+
sink(setTaintedMiddle.middle); // $hasValueFlow
95+
sink(setTaintedMiddle.right);
96+
sink(setTaintedRight.getLeft());
97+
sink(setTaintedRight.getMiddle());
98+
sink(setTaintedRight.getRight()); // $hasValueFlow
99+
sink(setTaintedRight.left);
100+
sink(setTaintedRight.middle);
101+
sink(setTaintedRight.right); // $hasValueFlow
102+
103+
Triple<String, String, String> mutableTaintedLeft2 = mutableTaintedLeft;
104+
Triple<String, String, String> mutableTaintedMiddle2 = mutableTaintedMiddle;
105+
Triple<String, String, String> mutableTaintedRight2 = mutableTaintedRight;
106+
Triple<String, String, String> setTaintedLeft2 = setTaintedLeft;
107+
Triple<String, String, String> setTaintedMiddle2 = setTaintedMiddle;
108+
Triple<String, String, String> setTaintedRight2 = setTaintedRight;
109+
110+
// Check flow also works via an alias of type Triple:
111+
sink(mutableTaintedLeft2.getLeft()); // $hasValueFlow
112+
sink(mutableTaintedLeft2.getMiddle());
113+
sink(mutableTaintedLeft2.getRight());
114+
sink(mutableTaintedMiddle2.getLeft());
115+
sink(mutableTaintedMiddle2.getMiddle()); // $hasValueFlow
116+
sink(mutableTaintedMiddle2.getRight());
117+
sink(mutableTaintedRight2.getLeft());
118+
sink(mutableTaintedRight2.getMiddle());
119+
sink(mutableTaintedRight2.getRight()); // $hasValueFlow
120+
sink(setTaintedLeft2.getLeft()); // $hasValueFlow
121+
sink(setTaintedLeft2.getMiddle());
122+
sink(setTaintedLeft2.getRight());
123+
sink(setTaintedMiddle2.getLeft());
124+
sink(setTaintedMiddle2.getMiddle()); // $hasValueFlow
125+
sink(setTaintedMiddle2.getRight());
126+
sink(setTaintedRight2.getLeft());
127+
sink(setTaintedRight2.getMiddle());
128+
sink(setTaintedRight2.getRight()); // $hasValueFlow
129+
}
130+
}

0 commit comments

Comments
 (0)