Skip to content

Commit c9ae2c8

Browse files
aibaarsaibaars
committed
Java: ContainerFlow: organize taintPreservingArgumentToQualifier
1 parent 5d73b99 commit c9ae2c8

File tree

1 file changed

+35
-5
lines changed

1 file changed

+35
-5
lines changed

java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -188,19 +188,49 @@ private predicate qualifierToArgumentStep(Expr tracked, RValue sink) {
188188
}
189189

190190
private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
191-
method.(MapMethod).hasName("put") and arg = 1
191+
// java.util.Map.Entry
192+
method.getDeclaringType() instanceof EntryType and
193+
method.hasName("setValue") and
194+
arg = 0
192195
or
193-
method.(MapMethod).hasName("putAll") and arg = 0
196+
// java.util.Map
197+
method.(MapMethod).hasName(["merge", "put", "putIfAbsent"]) and arg = 1
194198
or
195-
method.(CollectionMethod).hasName("add") and arg = method.getNumberOfParameters() - 1
199+
method.(MapMethod).hasName("replace") and arg = method.getNumberOfParameters() - 1
200+
or
201+
method.(MapMethod).hasName("putAll") and arg = 0
196202
or
197-
method.(CollectionMethod).hasName("addAll") and arg = method.getNumberOfParameters() - 1
203+
// java.util.ListIterator
204+
method.getDeclaringType() instanceof IteratorType and
205+
method.hasName(["add", "set"]) and
206+
arg = 0
198207
or
199-
method.(CollectionMethod).hasName("addElement") and arg = 0
208+
// java.util.Collection
209+
method.(CollectionMethod).hasName(["add", "addAll"]) and arg = method.getNumberOfParameters() - 1
200210
or
211+
// java.util.List
201212
method.(CollectionMethod).hasName("set") and arg = 1
202213
or
214+
// java.util.Vector
215+
method.(CollectionMethod).hasName(["addElement", "insertElementAt", "setElementAt"]) and arg = 0
216+
or
217+
// java.util.Stack
218+
method.(CollectionMethod).hasName("push") and arg = 0
219+
or
220+
// java.util.Queue
203221
method.(CollectionMethod).hasName("offer") and arg = 0
222+
or
223+
// java.util.Deque
224+
method.(CollectionMethod).hasName(["addFirst", "addLast", "offerFirst", "offerLast"]) and arg = 0
225+
or
226+
// java.util.concurrent.BlockingQueue
227+
method.(CollectionMethod).hasName("put") and arg = 0
228+
or
229+
// java.util.concurrent.TransferQueue
230+
method.(CollectionMethod).hasName(["transfer", "tryTransfer"]) and arg = 0
231+
or
232+
// java.util.concurrent.BlockingDeque
233+
method.(CollectionMethod).hasName(["putFirst", "putLast"]) and arg = 0
204234
}
205235

206236
/**

0 commit comments

Comments
 (0)