Merge branch 'dm/java-recursion' of github.com:trailofbits/codeql-queries into dm/java-recursion

DarkaMaul · DarkaMaul · commit e4c26e3a6a28 · 2024-11-18T15:17:39.000+01:00
diff --git a/java/src/security/Recursion/Recursion.ql b/java/src/security/Recursion/Recursion.ql
@@ -13,6 +13,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 
+
 predicate isTestPackage(RefType referenceType) {
   referenceType.getPackage().getName().toLowerCase().matches("%test%") or
   referenceType.getPackage().getName().toLowerCase().matches("%benchmark%") or
@@ -25,6 +26,7 @@ class RecursionSource extends MethodCall {
   override string toString() {
     result = this.getCaller().toString() + " calls " + this.getCallee().toString()
   }
+
 }
 
 module RecursiveConfig implements DataFlow::StateConfigSig {
diff --git a/java/test/query-tests/security/Recursion/Recursion.java b/java/test/query-tests/security/Recursion/Recursion.java
@@ -106,6 +106,39 @@ private boolean someCondition() {
     }
 }
 
+class RecursiveCallNonLinear {
+    // finding: level0->...->level0
+    public boolean level0() {
+        if (someOtherCondition()) {
+            return true;
+        }
+        if (someCondition()) {
+            return level1();
+        }        
+        return level2();
+    }
+    public boolean level1() {
+        if (someCondition()) {
+            return true;
+        }        
+        return level2();
+    }
+    public boolean level2() {
+        if (someCondition()) {
+            return level1();
+        }
+        return level0();
+    }
+
+    private boolean someCondition() {
+        return false;
+    }
+
+    private boolean someOtherCondition() {
+        return true;
+    }
+}
+
 class RecursiveCallWronglyLimited {
     // finding: recursion is not limited
     public boolean directRecursiveNoDepth(int anything, int depth) {
@@ -172,37 +205,4 @@ public static boolean foo() {
     public static boolean bar() {
         return true;
     }
-}
-
-class RecursiveCallNonLinear {
-    // finding: level0->...->level0
-    public boolean level0() {
-        if (someOtherCondition()) {
-            return true;
-        }
-        if (someCondition()) {
-            return level1();
-        }        
-        return level2();
-    }
-    public boolean level1() {
-        if (someCondition()) {
-            return true;
-        }        
-        return level2();
-    }
-    public boolean level2() {
-        if (someCondition()) {
-            return level1();
-        }
-        return level0();
-    }
-
-    private boolean someCondition() {
-        return false;
-    }
-
-    private boolean someOtherCondition() {
-        return true;
-    }
 }

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`	`import java`
`14`	`14`	`import semmle.code.java.dataflow.DataFlow`
`15`	`15`
	`16`	`+`
`16`	`17`	`predicate isTestPackage(RefType referenceType) {`
`17`	`18`	`referenceType.getPackage().getName().toLowerCase().matches("%test%") or`
`18`	`19`	`referenceType.getPackage().getName().toLowerCase().matches("%benchmark%") or`
`@@ -25,6 +26,7 @@ class RecursionSource extends MethodCall {`
`25`	`26`	`override string toString() {`
`26`	`27`	`result = this.getCaller().toString() + " calls " + this.getCallee().toString()`
`27`	`28`	`}`
	`29`	`+`
`28`	`30`	`}`
`29`	`31`
`30`	`32`	`module RecursiveConfig implements DataFlow::StateConfigSig {`