@@ -18,12 +18,12 @@ predicate isSafeCommandArgument(Expr ex) {
1818 )
1919 or
2020 exists ( CommandArgumentList cal |
21- cal .isNotShell ( ) and
21+ not cal .isShell ( ) and
2222 ex = cal .getASubsequentAdd ( ) .getArgument ( 0 )
2323 )
2424 or
25- exists ( CommandArgumentArray caa |
26- caa .isNotShell ( ) and
25+ exists ( CommandArgArrayImmutableFirst caa |
26+ not caa .isShell ( ) and
2727 ex = caa .getAWrite ( any ( int i | i > 0 ) )
2828 )
2929}
@@ -101,9 +101,9 @@ private class CommandArgumentList extends SsaExplicitUpdate {
101101 not result = getAFirstAdd ( )
102102 }
103103
104- /** Holds if the first element of this list isn't a shell command. */
105- predicate isNotShell ( ) {
106- forex ( MethodAccess ma | ma = getAFirstAdd ( ) | not isShell ( ma .getArgument ( 0 ) ) )
104+ /** Holds if the first element of this list is a shell command. */
105+ predicate isShell ( ) {
106+ exists ( MethodAccess ma | ma = getAFirstAdd ( ) and isShell ( ma .getArgument ( 0 ) ) )
107107 }
108108}
109109
@@ -140,18 +140,14 @@ private class CommandArgumentArray extends SsaExplicitUpdate {
140140
141141 /** Gets an expression that is written to the given index of this array. */
142142 Expr getAWrite ( int index ) { result = getAWrite ( index , _) }
143-
144- predicate isNotShell ( ) {
145- exists ( Expr e | e = this .( CommandArgArrayImmutableFirst ) .getFirstElement ( ) | not isShell ( e ) )
146- }
147143}
148144
149145/**
150146 * A `CommandArgArray` whose element at index 0 is never written to, except possibly once to initialise it.
151147 */
152148private class CommandArgArrayImmutableFirst extends CommandArgumentArray {
153149 CommandArgArrayImmutableFirst ( ) {
154- this .getDefiningExpr ( ) instanceof ImmutableFirstArrayExpr and
150+ ( exists ( getAWrite ( 0 ) ) or exists ( firstElementOf ( this .getDefiningExpr ( ) ) ) ) and
155151 forall ( RValue use | exists ( this .getAWrite ( 0 , use ) ) | use = this .getAFirstUse ( ) )
156152 }
157153
@@ -160,58 +156,38 @@ private class CommandArgArrayImmutableFirst extends CommandArgumentArray {
160156 result = getAWrite ( 0 )
161157 or
162158 not exists ( getAWrite ( 0 ) ) and
163- result = getDefiningExpr ( ) . ( ImmutableFirstArrayExpr ) . getFirstElement ( )
159+ result = firstElementOf ( getDefiningExpr ( ) )
164160 }
165- }
166161
167- /**
168- * An expression that evaluates to an array of strings whose first element is immutable.
169- */
170- private class ImmutableFirstArrayExpr extends Expr {
171- ImmutableFirstArrayExpr ( ) {
172- this .getType ( ) instanceof ArrayOfStringType and
173- (
174- this .( Assignment ) .getRhs ( ) instanceof ImmutableFirstArrayExpr
175- or
176- this .( LocalVariableDeclExpr ) .getInit ( ) instanceof ImmutableFirstArrayExpr
177- or
178- this instanceof ArrayInit
179- or
180- this instanceof ArrayCreationExpr
181- or
182- this .( RValue ) = any ( CommandArgArrayImmutableFirst caa ) .getAUse ( )
183- or
184- exists ( MethodAccess ma , Method m |
185- ma .getMethod ( ) = m and
186- m .getDeclaringType ( ) .hasQualifiedName ( "java.util" , "Arrays" ) and
187- m .hasName ( "copyOf" ) and
188- ma .getArgument ( 0 ) instanceof ImmutableFirstArrayExpr
189- )
190- or
191- exists ( Field f |
192- this = f .getAnAccess ( ) and
193- f .isFinal ( ) and
194- f .getInitializer ( ) instanceof ImmutableFirstArrayExpr
195- )
196- )
197- }
162+ /** Holds if the first element of this array is a shell command. */
163+ predicate isShell ( ) { isShell ( getFirstElement ( ) ) }
164+ }
198165
199- /** Gets the first element of this array. */
200- Expr getFirstElement ( ) {
201- result = this .( Assignment ) .getRhs ( ) .( ImmutableFirstArrayExpr ) .getFirstElement ( )
166+ /** Gets the first element of an imutable array of strings */
167+ private Expr firstElementOf ( Expr arr ) {
168+ arr .getType ( ) instanceof ArrayOfStringType and
169+ (
170+ result = firstElementOf ( arr .( Assignment ) .getRhs ( ) )
202171 or
203- result = this .( LocalVariableDeclExpr ) .getInit ( ) . ( ImmutableFirstArrayExpr ) . getFirstElement ( )
172+ result = firstElementOf ( arr .( LocalVariableDeclExpr ) .getInit ( ) )
204173 or
205- exists ( CommandArgArrayImmutableFirst caa | this = caa .getAUse ( ) |
206- result = caa .getFirstElement ( )
207- )
174+ exists ( CommandArgArrayImmutableFirst caa | arr = caa .getAUse ( ) | result = caa .getFirstElement ( ) )
208175 or
209- result = this .( MethodAccess ) .getArgument ( 0 ) .( ImmutableFirstArrayExpr ) .getFirstElement ( )
176+ exists ( MethodAccess ma , Method m |
177+ ma .getMethod ( ) = m and
178+ m .getDeclaringType ( ) .hasQualifiedName ( "java.util" , "Arrays" ) and
179+ m .hasName ( "copyOf" ) and
180+ result = firstElementOf ( ma .getArgument ( 0 ) )
181+ )
210182 or
211- result = this .( FieldAccess ) .getField ( ) .getInitializer ( )
183+ exists ( Field f |
184+ f .isStatic ( ) and
185+ arr .( FieldRead ) .getField ( ) = f and
186+ result = firstElementOf ( f .getInitializer ( ) )
187+ )
212188 or
213- result = this .( ArrayInit ) .getInit ( 0 )
189+ result = arr .( ArrayInit ) .getInit ( 0 )
214190 or
215- result = this .( ArrayCreationExpr ) .getInit ( ) .getInit ( 0 )
216- }
191+ result = arr .( ArrayCreationExpr ) .getInit ( ) .getInit ( 0 )
192+ )
217193}
0 commit comments