Covered copyOfRange() and clone() in ArrayUpdate

artem-smotrakov · artem-smotrakov · commit e2dc9753ac76 · 2021-08-14T13:25:46.000+02:00
diff --git a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -51,7 +51,7 @@ private class ArrayUpdate extends Expr {
     )
     or
     exists(StaticMethodAccess ma |
-      ma.getMethod().hasQualifiedName("java.util", "Arrays", "copyOf") and
+      ma.getMethod().hasQualifiedName("java.util", "Arrays", ["copyOf", "copyOfRange"]) and
       ma = this and
       ma = array
     )
@@ -66,6 +66,10 @@ private class ArrayUpdate extends Expr {
       m.hasQualifiedName("java.security", "SecureRandom", "nextBytes") or
       m.hasQualifiedName("java.util", "Random", "nextBytes")
     )
+    or
+    exists(MethodAccess ma, Method m | m = ma.getMethod() |
+      m.getDeclaringType().hasName("byte[]") and m.hasName("clone") and ma = this and ma = array
+    )
   }
 
   /** Returns the updated array. */

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ private class ArrayUpdate extends Expr {`
`51`	`51`	`)`
`52`	`52`	`or`
`53`	`53`	`exists(StaticMethodAccess ma \|`
`54`		`- ma.getMethod().hasQualifiedName("java.util", "Arrays", "copyOf") and`
	`54`	`+ ma.getMethod().hasQualifiedName("java.util", "Arrays", ["copyOf", "copyOfRange"]) and`
`55`	`55`	`ma = this and`
`56`	`56`	`ma = array`
`57`	`57`	`)`
`@@ -66,6 +66,10 @@ private class ArrayUpdate extends Expr {`
`66`	`66`	`m.hasQualifiedName("java.security", "SecureRandom", "nextBytes") or`
`67`	`67`	`m.hasQualifiedName("java.util", "Random", "nextBytes")`
`68`	`68`	`)`
	`69`	`+ or`
	`70`	`+ exists(MethodAccess ma, Method m \| m = ma.getMethod() \|`
	`71`	`+ m.getDeclaringType().hasName("byte[]") and m.hasName("clone") and ma = this and ma = array`
	`72`	`+ )`
`69`	`73`	`}`
`70`	`74`
`71`	`75`	`/** Returns the updated array. */`