Java: model java.util.Arrays

aibaars · aibaars · commit a07af79fff16 · 2020-07-03T17:15:17.000+02:00
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -180,6 +180,12 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
     or
     method.hasName(["nCopies", "singletonMap"]) and arg = 1
   )
+  or
+  method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
+  (
+    method.hasName(["copyOf", "copyOfRange", "deepToString", "spliterator", "stream", "toString"]) and
+    arg = 0
+  )
 }
 
 /**
@@ -195,6 +201,13 @@ private predicate taintPreservingArgToArg(Method method, int input, int output)
     or
     method.hasName("replaceAll") and input = 2 and output = 0
   )
+  or
+  method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and
+  (
+    method.hasName(["fill", "parallelPrefix", "parallelSetAll", "setAll"]) and
+    output = 0 and
+    input = method.getNumberOfParameters() - 1
+  )
 }
 
 private predicate argToQualifierStep(Expr tracked, Expr sink) {

Original file line number	Diff line number	Diff line change
`@@ -180,6 +180,12 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {`
`180`	`180`	`or`
`181`	`181`	`method.hasName(["nCopies", "singletonMap"]) and arg = 1`
`182`	`182`	`)`
	`183`	`+ or`
	`184`	`+ method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and`
	`185`	`+ (`
	`186`	`+ method.hasName(["copyOf", "copyOfRange", "deepToString", "spliterator", "stream", "toString"]) and`
	`187`	`+ arg = 0`
	`188`	`+ )`
`183`	`189`	`}`
`184`	`190`
`185`	`191`	`/**`
`@@ -195,6 +201,13 @@ private predicate taintPreservingArgToArg(Method method, int input, int output)`
`195`	`201`	`or`
`196`	`202`	`method.hasName("replaceAll") and input = 2 and output = 0`
`197`	`203`	`)`
	`204`	`+ or`
	`205`	`+ method.getDeclaringType().hasQualifiedName("java.util", "Arrays") and`
	`206`	`+ (`
	`207`	`+ method.hasName(["fill", "parallelPrefix", "parallelSetAll", "setAll"]) and`
	`208`	`+ output = 0 and`
	`209`	`+ input = method.getNumberOfParameters() - 1`
	`210`	`+ )`
`198`	`211`	`}`
`199`	`212`
`200`	`213`	`private predicate argToQualifierStep(Expr tracked, Expr sink) {`