Merge pull request github#13899 from egregius313/egregius313/random-nextbytes-typo-fix

egregius313 · web-flow · commit 58d8a2d77f7c · 2023-08-07T07:36:44.000-04:00
Java: Fix typo in `StdlibRandomSource::getOutput`
diff --git a/java/ql/lib/change-notes/2023-08-07-randomdatasource-typo-fix.md b/java/ql/lib/change-notes/2023-08-07-randomdatasource-typo-fix.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
diff --git a/java/ql/lib/semmle/code/java/security/RandomDataSource.qll b/java/ql/lib/semmle/code/java/security/RandomDataSource.qll
@@ -103,7 +103,7 @@ class StdlibRandomSource extends RandomDataSource {
   }
 
   override Expr getOutput() {
-    if m.hasName("getBytes") then result = this.getArgument(0) else result = this
+    if m.hasName("nextBytes") then result = this.getArgument(0) else result = this
   }
 }
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ class StdlibRandomSource extends RandomDataSource {`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`override Expr getOutput() {`
`106`		`- if m.hasName("getBytes") then result = this.getArgument(0) else result = this`
	`106`	`+ if m.hasName("nextBytes") then result = this.getArgument(0) else result = this`
`107`	`107`	`}`
`108`	`108`	`}`
`109`	`109`