Java: More qldoc.

aschackmull · aschackmull · commit 650c4f19d208 · 2021-06-01T16:09:17.000+02:00
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -710,6 +710,11 @@ predicate containerStep(Expr n1, Expr n2) {
   containerUpdateStep(n1, n2)
 }
 
+/**
+ * Holds if the step from `node1` to `node2` stores a value in an array.
+ * This covers array assignments and initializers as well as implicit array
+ * creations for varargs.
+ */
 predicate arrayStoreStep(Node node1, Node node2) {
   exists(Argument arg |
     node1.asExpr() = arg and
@@ -734,6 +739,11 @@ private predicate enhancedForStmtStep(Node node1, Node node2, Type containerType
   )
 }
 
+/**
+ * Holds if the step from `node1` to `node2` reads a value from an array.
+ * This covers ordinary array reads as well as array iteration through enhanced
+ * `for` statements.
+ */
 predicate arrayReadStep(Node node1, Node node2, Type elemType) {
   exists(ArrayAccess aa |
     aa.getArray() = node1.asExpr() and
@@ -747,6 +757,10 @@ predicate arrayReadStep(Node node1, Node node2, Type elemType) {
   )
 }
 
+/**
+ * Holds if the step from `node1` to `node2` reads a value from a collection.
+ * This only covers iteration through enhanced `for` statements.
+ */
 predicate collectionReadStep(Node node1, Node node2) {
   enhancedForStmtStep(node1, node2, any(Type t | not t instanceof Array))
 }
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -98,6 +98,17 @@ private module Cached {
 
 import Cached
 
+/**
+ * These configurations add a number of configuration-dependent additional taint
+ * steps to all taint configurations. For each sink or additional step provided
+ * by a given configuration the types are inspected to find those implicit
+ * collection or array read steps that might be required at the sink or step
+ * input. The corresponding store steps are then added as additional taint steps
+ * to provide backwards-compatible taint flow to such sinks and steps.
+ *
+ * This is a temporary measure until support is added for such sinks that
+ * require implicit read steps.
+ */
 private module StoreTaintSteps {
   private import semmle.code.java.dataflow.TaintTracking
   private import semmle.code.java.dataflow.TaintTracking2

Original file line number	Diff line number	Diff line change
`@@ -710,6 +710,11 @@ predicate containerStep(Expr n1, Expr n2) {`
`710`	`710`	`containerUpdateStep(n1, n2)`
`711`	`711`	`}`
`712`	`712`
	`713`	`+/**`
	`714`	+ * Holds if the step from `node1` to `node2` stores a value in an array.
	`715`	`+ * This covers array assignments and initializers as well as implicit array`
	`716`	`+ * creations for varargs.`
	`717`	`+ */`
`713`	`718`	`predicate arrayStoreStep(Node node1, Node node2) {`
`714`	`719`	`exists(Argument arg \|`
`715`	`720`	`node1.asExpr() = arg and`
`@@ -734,6 +739,11 @@ private predicate enhancedForStmtStep(Node node1, Node node2, Type containerType`
`734`	`739`	`)`
`735`	`740`	`}`
`736`	`741`
	`742`	`+/**`
	`743`	+ * Holds if the step from `node1` to `node2` reads a value from an array.
	`744`	`+ * This covers ordinary array reads as well as array iteration through enhanced`
	`745`	+ * `for` statements.
	`746`	`+ */`
`737`	`747`	`predicate arrayReadStep(Node node1, Node node2, Type elemType) {`
`738`	`748`	`exists(ArrayAccess aa \|`
`739`	`749`	`aa.getArray() = node1.asExpr() and`
`@@ -747,6 +757,10 @@ predicate arrayReadStep(Node node1, Node node2, Type elemType) {`
`747`	`757`	`)`
`748`	`758`	`}`
`749`	`759`
	`760`	`+/**`
	`761`	+ * Holds if the step from `node1` to `node2` reads a value from a collection.
	`762`	+ * This only covers iteration through enhanced `for` statements.
	`763`	`+ */`
`750`	`764`	`predicate collectionReadStep(Node node1, Node node2) {`
`751`	`765`	`enhancedForStmtStep(node1, node2, any(Type t \| not t instanceof Array))`
`752`	`766`	`}`