microsoft
diff --git a/‎java/ql/lib/ext/java.lang.model.yml
Lines changed: 0 additions & 3 deletions b/‎java/ql/lib/ext/java.lang.model.yml
Lines changed: 0 additions & 3 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
Lines changed: 12 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
Lines changed: 12 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
Lines changed: 0 additions & 3 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
Lines changed: 0 additions & 3 deletions
diff --git a/‎java/ql/lib/semmle/code/java/frameworks/Jndi.qll
Lines changed: 6 additions & 2 deletions b/‎java/ql/lib/semmle/code/java/frameworks/Jndi.qll
Lines changed: 6 additions & 2 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/LdapInjection.qll
Lines changed: 1 addition & 2 deletions b/‎java/ql/lib/semmle/code/java/security/LdapInjection.qll
Lines changed: 1 addition & 2 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected
Lines changed: 2087 additions & 2087 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected
Lines changed: 2087 additions & 2087 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected
Lines changed: 1 addition & 1 deletion b/‎java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected
Lines changed: 3 additions & 3 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected
Lines changed: 3 additions & 3 deletions
@@ -91,9 +91,6 @@ extensions:
       - ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
       - ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
       - ["java.lang", "NullPointerException", False, "NullPointerException", "(String)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
-      - ["java.lang", "Object", True, "clone", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
-      - ["java.lang", "Object", True, "clone", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"]
-      - ["java.lang", "Object", True, "clone", "", "", "Argument[this].MapValue", "ReturnValue.MapValue", "value", "manual"]
       - ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
       - ["java.lang", "RuntimeException", False, "RuntimeException", "(String,Throwable)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
       - ["java.lang", "RuntimeException", False, "RuntimeException", "(String,Throwable)", "", "Argument[1]", "Argument[this].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
 
@@ -22,6 +22,8 @@ module JavaDataFlow implements InputSig<Location> {
 
   predicate getSecondLevelScope = Private::getSecondLevelScope/1;
 
+  predicate validParameterAliasStep = Private::validParameterAliasStep/2;
+
   predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
 
   predicate viableImplInCallContext = Private::viableImplInCallContext/2;
 
@@ -400,6 +400,18 @@ class CastNode extends ExprNode {
   }
 }
 
+/** Holds if `n1` is the qualifier of a call to `clone()` and `n2` is the result. */
+predicate cloneStep(Node n1, Node n2) {
+  exists(MethodCall mc |
+    mc.getMethod() instanceof CloneMethod and
+    n1 = getInstanceArgument(mc) and
+    n2.asExpr() = mc
+  )
+}
+
+bindingset[node1, node2]
+predicate validParameterAliasStep(Node node1, Node node2) { not cloneStep(node1, node2) }
+
 private newtype TDataFlowCallable =
   TSrcCallable(Callable c) or
   TSummarizedCallable(SummarizedCallable c) or
 
@@ -258,6 +258,8 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2, string model) {
     model = "ValuePreservingMethod"
   )
   or
+  cloneStep(node1, node2) and model = "CloneStep"
+  or
   FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(),
     node2.(FlowSummaryNode).getSummaryNode(), true, model)
 }
 
@@ -316,9 +316,6 @@ private predicate qualifierToMethodStep(Expr tracked, MethodCall sink, string mo
  * Methods that return tainted data when called on tainted data.
  */
 private predicate taintPreservingQualifierToMethod(Method m, string model) {
-  model = "" and
-  m instanceof CloneMethod
-  or
   model = "%StringWriter" and
   m.getDeclaringType().getQualifiedName().matches("%StringWriter") and
   (
 
@@ -44,8 +44,12 @@ class MethodLdapNameAddAll extends Method {
   }
 }
 
-/** A method with the name `clone` declared in `javax.naming.ldap.LdapName`. */
-class MethodLdapNameClone extends Method {
+/**
+ * DEPRECATED: No longer needed as clone steps are handled uniformly.
+ *
+ * A method with the name `clone` declared in `javax.naming.ldap.LdapName`.
+ */
+deprecated class MethodLdapNameClone extends Method {
   MethodLdapNameClone() {
     this.getDeclaringType() instanceof TypeLdapName and
     this.hasName("clone")
 
@@ -62,7 +62,7 @@ private predicate ldapNameAddAllStep(DataFlow::ExprNode n1, DataFlow::ExprNode n
 
 /**
  * Holds if `n1` to `n2` is a dataflow step that converts between `LdapName` and `LdapName` or
- * `String`, i.e. `taintedLdapName.clone()`, `taintedLdapName.getAll()`,
+ * `String`, i.e. `taintedLdapName.getAll()`,
  * `taintedLdapName.getRdns()` or `taintedLdapName.toString()`.
  */
 private predicate ldapNameGetCloneStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
@@ -71,7 +71,6 @@ private predicate ldapNameGetCloneStep(DataFlow::ExprNode n1, DataFlow::ExprNode
     n2.asExpr() = ma and
     ma.getMethod() = m
   |
-    m instanceof MethodLdapNameClone or
     m instanceof MethodLdapNameGetAll or
     m instanceof MethodLdapNameGetRdns or
     m instanceof MethodLdapNameToString
 
@@ -3,7 +3,7 @@ edges
 | FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42557 |
 | FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42557 |
 | FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance |  Sink:MaD:42554 |
-| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:44687  |
+| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:44684  |
 | FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance |  Sink:MaD:42541 |
 | FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:217:19:217:22 | file : File | provenance |  |
 | FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:42613 |
 
@@ -9,10 +9,10 @@ edges
 | RuntimeExecTest.java:25:66:25:71 | script : String | RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | provenance |  |
 | RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | RuntimeExecTest.java:32:43:32:55 | commandArray2 | provenance |  Sink:MaD:42686 |
 | RuntimeExecTest.java:31:36:31:41 | script : String | RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | MaD:44369 |
+| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | MaD:44366 |
 | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) | provenance |  Sink:MaD:42686 |
-| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | provenance | MaD:44304 |
-| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | provenance | MaD:43738 |
+| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | provenance | MaD:44301 |
+| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | provenance | MaD:43735 |
 | RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | provenance |  |
 | RuntimeExecTest.java:38:52:38:57 | script : String | RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | provenance |  |
 nodes
Original file line number	Diff line number	Diff line change
`@@ -258,6 +258,8 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2, string model) {`
`258`	`258`	`model = "ValuePreservingMethod"`
`259`	`259`	`)`
`260`	`260`	`or`
	`261`	`+ cloneStep(node1, node2) and model = "CloneStep"`
	`262`	`+ or`
`261`	`263`	`FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(),`
`262`	`264`	`node2.(FlowSummaryNode).getSummaryNode(), true, model)`
`263`	`265`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,12 @@ class MethodLdapNameAddAll extends Method {`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`
`47`		-/** A method with the name `clone` declared in `javax.naming.ldap.LdapName`. */
`48`		`-class MethodLdapNameClone extends Method {`
	`47`	`+/**`
	`48`	`+ * DEPRECATED: No longer needed as clone steps are handled uniformly.`
	`49`	`+ *`
	`50`	+ * A method with the name `clone` declared in `javax.naming.ldap.LdapName`.
	`51`	`+ */`
	`52`	`+deprecated class MethodLdapNameClone extends Method {`
`49`	`53`	`MethodLdapNameClone() {`
`50`	`54`	`this.getDeclaringType() instanceof TypeLdapName and`
`51`	`55`	`this.hasName("clone")`