Merge pull request github#6555 from bmuskalla/objectsAsCsv

smowton · web-flow · commit 4e243f9277eb · 2021-08-26T13:45:16.000+01:00
Java: Migrate `Objects` flow to CSV model
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -87,6 +87,7 @@ private module Frameworks {
   private import semmle.code.java.frameworks.JaxWS
   private import semmle.code.java.frameworks.JoddJson
   private import semmle.code.java.frameworks.JsonJava
+  private import semmle.code.java.frameworks.Objects
   private import semmle.code.java.frameworks.Optional
   private import semmle.code.java.frameworks.spring.SpringCache
   private import semmle.code.java.frameworks.spring.SpringHttp
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
@@ -50,27 +50,6 @@ abstract class FluentMethod extends ValuePreservingMethod {
   override predicate returnsValue(int arg) { arg = -1 }
 }
 
-private class StandardLibraryValuePreservingMethod extends ValuePreservingMethod {
-  int returnsArgNo;
-
-  StandardLibraryValuePreservingMethod() {
-    this.getDeclaringType().hasQualifiedName("java.util", "Objects") and
-    (
-      this.hasName(["requireNonNull", "requireNonNullElseGet"]) and returnsArgNo = 0
-      or
-      this.hasName("requireNonNullElse") and returnsArgNo = [0 .. this.getNumberOfParameters() - 1]
-      or
-      this.hasName("toString") and returnsArgNo = 1
-    )
-    or
-    this.getDeclaringType().getASourceSupertype*().hasQualifiedName("java.util", "Stack") and
-    this.hasName("push") and
-    returnsArgNo = 0
-  }
-
-  override predicate returnsValue(int argNo) { argNo = returnsArgNo }
-}
-
 /**
  * A unit class for adding additional taint steps.
  *
diff --git a/java/ql/lib/semmle/code/java/frameworks/Objects.qll b/java/ql/lib/semmle/code/java/frameworks/Objects.qll
@@ -0,0 +1,17 @@
+/** Definitions of taint steps in Objects class of the JDK */
+
+import java
+private import semmle.code.java.dataflow.ExternalFlow
+
+private class ObjectsSummaryCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //`namespace; type; subtypes; name; signature; ext; input; output; kind`
+        "java.util;Objects;false;requireNonNull;;;Argument[0];ReturnValue;value",
+        "java.util;Objects;false;requireNonNullElse;;;Argument[0..1];ReturnValue;value",
+        "java.util;Objects;false;requireNonNullElseGet;;;Argument[0];ReturnValue;value",
+        "java.util;Objects;false;toString;;;Argument[1];ReturnValue;value"
+      ]
+  }
+}
