Kotlin: Support apply

atorralba · atorralba · commit 0f18c0227b0e · 2023-07-10T16:15:27.000+02:00
diff --git a/java/ql/lib/change-notes/2023-07-10-kotlin-apply.md b/java/ql/lib/change-notes/2023-07-10-kotlin-apply.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added support for the Kotlin method `apply`.
diff --git a/java/ql/lib/ext/kotlin.model.yml b/java/ql/lib/ext/kotlin.model.yml
@@ -3,5 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
+      - ["kotlin", "StandardKt", False, "apply", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["kotlin", "StandardKt", False, "apply", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
       - ["kotlin", "StandardKt", False, "with", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
       - ["kotlin", "StandardKt", False, "with", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/Kotlin.qll
@@ -0,0 +1,21 @@
+/** Provides classes and predicates related to `kotlin`. */
+
+import java
+
+/** A call to Kotlin's `apply` method. */
+class KotlinApply extends MethodAccess {
+  ExtensionMethod m;
+
+  KotlinApply() {
+    this.getMethod() = m and
+    m.hasQualifiedName("kotlin", "StandardKt", "apply")
+  }
+
+  /** Gets the function block argument of this call. */
+  LambdaExpr getLambdaArg() {
+    result = this.getArgument(m.getExtensionReceiverParameterIndex() + 1)
+  }
+
+  /** Gets the receiver argument of this call. */
+  Argument getReceiver() { result = this.getArgument(m.getExtensionReceiverParameterIndex()) }
+}
diff --git a/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.expected b/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.expected
@@ -0,0 +1,2 @@
+| apply.kt:6:9:6:41 | apply(...) |
+| apply.kt:7:14:7:40 | apply(...) |
diff --git a/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.kt b/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.kt
@@ -0,0 +1,9 @@
+class ApplyFlowTest {
+    fun <T> taint(t: T) = t
+    fun sink(s: String) { }
+
+    fun test(input: String) {
+        taint(input).apply { sink(this) } // $ hasValueFlow
+        sink(taint(input).apply { this }) // $ hasValueFlow
+    }
+}
diff --git a/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.ql b/java/ql/test/kotlin/library-tests/dataflow/summaries/apply.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.java.frameworks.kotlin.Kotlin
+
+from KotlinApply a
+select a

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added support for the Kotlin method `apply`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| apply.kt:6:9:6:41 \| apply(...) \|`
	`2`	`+\| apply.kt:7:14:7:40 \| apply(...) \|`