Skip to content

Commit cf2c146

Browse files
hvitvedhvitved
committed
Java: Adapt to changes in FlowSummaryImpl
Missing manual models were added using the following code added to `FlowSummaryImpl.qll`: ```ql private predicate testsummaryElement( Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model, boolean isExact ) { exists(string input, string output, Callable baseCallable | summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model) and baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and ( c.asCallable() = baseCallable and input = originalInput and output = originalOutput or correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput, input) and correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput, output) ) ) } private predicate testsummaryElement2( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model ) { exists(Input::SummarizedCallableBase c | testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance, model, false) and testsummaryElement(c, namespace, type, subtypes, name, signature, ext, _, _, _, provenance, _, true) and not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance, _, true) ) } private string getAMissingManualModel() { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model | testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model) and result = "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature + "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" + provenance + "\"]" ) } ```
1 parent 0da5282 commit cf2c146

File tree

26 files changed

+4790
-5102
lines changed

26 files changed

+4790
-5102
lines changed

java/ql/lib/ext/java.util.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -398,6 +398,7 @@ extensions:
398398
- ["java.util", "StringJoiner", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
399399
- ["java.util", "StringTokenizer", False, "StringTokenizer", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
400400
- ["java.util", "StringTokenizer", False, "nextElement", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
401+
- ["java.util", "StringTokenizer", False, "nextElement", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
401402
- ["java.util", "StringTokenizer", False, "nextToken", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
402403
- ["java.util", "TreeMap", False, "TreeMap", "(Map)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
403404
- ["java.util", "TreeMap", False, "TreeMap", "(Map)", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]

java/ql/lib/ext/org.apache.commons.collections4.map.model.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,8 +72,13 @@ extensions:
7272
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "listOrderedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
7373
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[1]", "Argument[this].MapKey", "value", "manual"]
7474
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[2]", "Argument[this].MapValue", "value", "manual"]
75+
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"]
76+
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
77+
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "put", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
7578
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapKey", "Argument[this].MapKey", "value", "manual"]
7679
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[1].MapValue", "Argument[this].MapValue", "value", "manual"]
80+
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
81+
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "putAll", "", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]
7782
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "remove", "(int)", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
7883
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "setValue", "", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"]
7984
- ["org.apache.commons.collections4.map", "ListOrderedMap", True, "valueList", "", "", "Argument[this].MapValue", "ReturnValue.Element", "value", "manual"]
@@ -87,6 +92,8 @@ extensions:
8792
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object)", "", "Argument[4]", "Argument[this].MapValue", "value", "manual"]
8893
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[0..4]", "Argument[this].MapKey.Element", "value", "manual"]
8994
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "(Object,Object,Object,Object,Object,Object)", "", "Argument[5]", "Argument[this].MapValue", "value", "manual"]
95+
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
96+
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "put", "", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"]
9097
- ["org.apache.commons.collections4.map", "MultiKeyMap", True, "removeMultiKey", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
9198
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "getCollection", "", "", "Argument[this].MapValue.Element", "ReturnValue.Element", "value", "manual"]
9299
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "iterator", "()", "", "Argument[this].MapKey", "ReturnValue.Element.MapKey", "value", "manual"]
@@ -98,7 +105,10 @@ extensions:
98105
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue.Element", "Argument[this].MapValue.Element", "value", "manual"]
99106
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
100107
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Object,Collection)", "", "Argument[1].Element", "Argument[this].MapValue.Element", "value", "manual"]
108+
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
109+
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "putAll", "(Map)", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]
101110
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "values", "", "", "Argument[this].MapValue.Element", "ReturnValue.Element", "value", "manual"]
111+
- ["org.apache.commons.collections4.map", "MultiValueMap", True, "values", "", "", "Argument[this].MapValue", "ReturnValue.Element", "value", "manual"]
102112
- ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(PassiveExpiringMap$ExpirationPolicy,Map)", "", "Argument[1].MapKey", "Argument[this].MapKey", "value", "manual"]
103113
- ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(PassiveExpiringMap$ExpirationPolicy,Map)", "", "Argument[1].MapValue", "Argument[this].MapValue", "value", "manual"]
104114
- ["org.apache.commons.collections4.map", "PassiveExpiringMap", True, "PassiveExpiringMap", "(Map)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]

java/ql/lib/ext/org.apache.commons.collections4.model.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -287,10 +287,13 @@ extensions:
287287
- ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
288288
- ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
289289
- ["org.apache.commons.collections4", "MapUtils", True, "unmodifiableSortedMap", "", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
290-
- ["org.apache.commons.collections4", "MultiMap", True, "get", "", "", "Argument[this].MapValue.Element", "ReturnValue.Element", "value", "manual"]
290+
- ["org.apache.commons.collections4", "MultiMap", True, "get", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
291291
- ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"]
292292
- ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[1]", "Argument[this].MapValue.Element", "value", "manual"]
293+
- ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
294+
- ["org.apache.commons.collections4", "MultiMap", True, "put", "", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"]
293295
- ["org.apache.commons.collections4", "MultiMap", True, "values", "", "", "Argument[this].MapValue.Element", "ReturnValue.Element", "value", "manual"]
296+
- ["org.apache.commons.collections4", "MultiMap", True, "values", "", "", "Argument[this].MapValue", "ReturnValue.Element", "value", "manual"]
294297
- ["org.apache.commons.collections4", "MultiMapUtils", True, "emptyIfNull", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
295298
- ["org.apache.commons.collections4", "MultiMapUtils", True, "getCollection", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
296299
- ["org.apache.commons.collections4", "MultiMapUtils", True, "getValuesAsBag", "", "", "Argument[0].MapValue.Element", "ReturnValue.Element", "value", "manual"]

java/ql/lib/ext/org.apache.commons.collections4.set.model.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,9 @@ extensions:
2020
- ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[0].Element", "value", "manual"]
2121
- ["org.apache.commons.collections4.set", "CompositeSet$SetMutator", True, "addAll", "", "", "Argument[2].Element", "Argument[1].Element.Element", "value", "manual"]
2222
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "add", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
23+
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "add", "", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
2324
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "addAll", "", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"]
25+
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "addAll", "", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
2426
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
2527
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
2628
- ["org.apache.commons.collections4.set", "ListOrderedSet", True, "listOrderedSet", "(List)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]

java/ql/lib/ext/org.springframework.web.util.model.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ extensions:
3030
- ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "builder", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
3131
- ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "getDefaultUriVariables", "", "", "Argument[this]", "ReturnValue.MapValue", "taint", "manual"]
3232
- ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "setDefaultUriVariables", "", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual"]
33-
- ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "uriString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
33+
- ["org.springframework.web.util", "DefaultUriBuilderFactory", False, "uriString", "", "", "Argument[this,0]", "ReturnValue", "taint", "manual"]
3434
- ["org.springframework.web.util", "HtmlUtils", False, "htmlEscape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
3535
- ["org.springframework.web.util", "HtmlUtils", False, "htmlEscapeDecimal", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
3636
- ["org.springframework.web.util", "HtmlUtils", False, "htmlEscapeHex", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -83,8 +83,7 @@ extensions:
8383
- ["org.springframework.web.util", "UriBuilder", True, "userInfo", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
8484
- ["org.springframework.web.util", "UriBuilder", True, "userInfo", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
8585
- ["org.springframework.web.util", "UriBuilderFactory", True, "builder", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
86-
- ["org.springframework.web.util", "UriBuilderFactory", True, "uriString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
87-
- ["org.springframework.web.util", "UriBuilderFactory", True, "uriString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
86+
- ["org.springframework.web.util", "UriBuilderFactory", True, "uriString", "", "", "Argument[this,0]", "ReturnValue", "taint", "manual"]
8887
- ["org.springframework.web.util", "UriComponents", False, "UriComponents", "", "", "Argument[0..1]", "Argument[this]", "taint", "manual"]
8988
- ["org.springframework.web.util", "UriComponents", False, "copyToUriComponentsBuilder", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
9089
- ["org.springframework.web.util", "UriComponents", False, "encode", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@@ -107,6 +106,9 @@ extensions:
107106
- ["org.springframework.web.util", "UriComponents", False, "toUriString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
108107
- ["org.springframework.web.util", "UriComponents$UriTemplateVariables", True, "getValue", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
109108
- ["org.springframework.web.util", "UriComponentsBuilder", False, "build", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
109+
- ["org.springframework.web.util", "UriComponentsBuilder", False, "build", "(Map)", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual"]
110+
- ["org.springframework.web.util", "UriComponentsBuilder", False, "build", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
111+
- ["org.springframework.web.util", "UriComponentsBuilder", False, "build", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
110112
- ["org.springframework.web.util", "UriComponentsBuilder", False, "buildAndExpand", "(Map)", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
111113
- ["org.springframework.web.util", "UriComponentsBuilder", False, "buildAndExpand", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
112114
- ["org.springframework.web.util", "UriComponentsBuilder", False, "cloneBuilder", "", "", "Argument[this]", "ReturnValue", "value", "manual"]

java/ql/lib/semmle/code/java/ConflictingAccess.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ module Modification {
2323
/** Holds if the call `c` modifies a shared resource. */
2424
predicate isModifyingCall(Call c) {
2525
exists(SummarizedCallable sc, string output | sc.getACall() = c |
26-
sc.propagatesFlow(_, output, _, _) and
26+
sc.propagatesFlow(_, output, _, _, _, _) and
2727
output.matches("Argument[this]%")
2828
)
2929
}

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 14 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -620,48 +620,25 @@ predicate barrierNode(Node node, string kind) { barrierNode(node, kind, _) }
620620

621621
// adapter class for converting Mad summaries to `SummarizedCallable`s
622622
private class SummarizedCallableAdapter extends SummarizedCallable {
623-
SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _, _) }
623+
string input_;
624+
string output_;
625+
string kind;
626+
Provenance p_;
627+
boolean isExact_;
628+
string model_;
624629

625-
private predicate relevantSummaryElementManual(
626-
string input, string output, string kind, string model
627-
) {
628-
exists(Provenance provenance |
629-
summaryElement(this, input, output, kind, provenance, model, _) and
630-
provenance.isManual()
631-
)
632-
}
633-
634-
private predicate relevantSummaryElementGenerated(
635-
string input, string output, string kind, string model
636-
) {
637-
exists(Provenance provenance |
638-
summaryElement(this, input, output, kind, provenance, model, _) and
639-
provenance.isGenerated()
640-
) and
641-
not exists(Provenance provenance |
642-
neutralElement(this, "summary", provenance, _) and
643-
provenance.isManual()
644-
)
645-
}
630+
SummarizedCallableAdapter() { summaryElement(this, input_, output_, kind, p_, model_, isExact_) }
646631

647632
override predicate propagatesFlow(
648-
string input, string output, boolean preservesValue, string model
633+
string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
649634
) {
650-
exists(string kind |
651-
this.relevantSummaryElementManual(input, output, kind, model)
652-
or
653-
not this.relevantSummaryElementManual(_, _, _, _) and
654-
this.relevantSummaryElementGenerated(input, output, kind, model)
655-
|
656-
if kind = "value" then preservesValue = true else preservesValue = false
657-
)
635+
input = input_ and
636+
output = output_ and
637+
(if kind = "value" then preservesValue = true else preservesValue = false) and
638+
p = p_ and
639+
isExact = isExact_ and
640+
model = model_
658641
}
659-
660-
override predicate hasProvenance(Provenance provenance) {
661-
summaryElement(this, _, _, _, provenance, _, _)
662-
}
663-
664-
override predicate hasExactModel() { summaryElement(this, _, _, _, _, _, true) }
665642
}
666643

667644
final class SinkCallable = SinkModelCallable;

java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -121,24 +121,31 @@ class SummarizedCallableBase extends TSummarizedCallableBase {
121121

122122
class Provenance = Impl::Public::Provenance;
123123

124-
class SummarizedCallable = Impl::Public::SummarizedCallable;
124+
/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
125+
module SummarizedCallable {
126+
class Range = Impl::Public::SummarizedCallable;
127+
}
128+
129+
class SummarizedCallable = Impl::Public::RelevantSummarizedCallable;
125130

126131
/**
127132
* An adapter class to add the flow summaries specified on `SyntheticCallable`
128133
* to `SummarizedCallable`.
129134
*/
130-
private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable {
135+
private class SummarizedSyntheticCallableAdapter extends SummarizedCallable::Range,
136+
TSyntheticCallable
137+
{
131138
override predicate propagatesFlow(
132-
string input, string output, boolean preservesValue, string model
139+
string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
133140
) {
134141
exists(SyntheticCallable sc |
135142
sc = this.asSyntheticCallable() and
136143
sc.propagatesFlow(input, output, preservesValue) and
144+
p = "manual" and
145+
isExact = true and
137146
model = sc
138147
)
139148
}
140-
141-
override predicate hasExactModel() { any() }
142149
}
143150

144151
deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll

Lines changed: 9 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,11 @@ private import semmle.code.java.dispatch.internal.Unification
1212

1313
private module DispatchImpl {
1414
private predicate hasHighConfidenceTarget(Call c) {
15-
exists(Impl::Public::SummarizedCallable sc | sc.getACall() = c and not sc.applyGeneratedModel())
15+
exists(Impl::Public::SummarizedCallable sc, Impl::Public::Provenance p |
16+
sc.getACall() = c and
17+
sc.propagatesFlow(_, _, _, p, _, _) and
18+
not p.isGenerated()
19+
)
1620
or
1721
exists(Impl::Public::NeutralSummaryCallable nc | nc.getACall() = c and nc.hasManualModel())
1822
or
@@ -25,8 +29,10 @@ private module DispatchImpl {
2529
private predicate hasExactManualModel(Call c, Callable tgt) {
2630
tgt = c.getCallee().getSourceDeclaration() and
2731
(
28-
exists(Impl::Public::SummarizedCallable sc |
29-
sc.getACall() = c and sc.hasExactModel() and sc.hasManualModel()
32+
exists(Impl::Public::SummarizedCallable sc, Impl::Public::Provenance p |
33+
sc.getACall() = c and
34+
sc.propagatesFlow(_, _, _, p, true, _) and
35+
p.isManual()
3036
)
3137
or
3238
exists(Impl::Public::NeutralSummaryCallable nc |
@@ -57,16 +63,6 @@ private module DispatchImpl {
5763
exists(Call call | call = c.asCall() |
5864
result.asCallable() = sourceDispatch(call)
5965
or
60-
not (
61-
// Only use summarized callables with generated summaries in case
62-
// the static call target is not in the source code.
63-
// Note that if `applyGeneratedModel` holds it implies that there doesn't
64-
// exist a manual model.
65-
exists(Callable staticTarget | staticTarget = call.getCallee().getSourceDeclaration() |
66-
staticTarget.fromSource() and not staticTarget.isStub()
67-
) and
68-
result.asSummarizedCallable().applyGeneratedModel()
69-
) and
7066
result.asSummarizedCallable().getACall() = call
7167
)
7268
}

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@ module Input implements InputSig<Location, DataFlowImplSpecific::JavaDataFlow> {
3333

3434
class SummarizedCallableBase = FlowSummary::SummarizedCallableBase;
3535

36+
predicate callableFromSource(SummarizedCallableBase sc) {
37+
sc.asCallable() = any(Callable c | c.fromSource() and not c.isStub())
38+
}
39+
3640
class SourceBase = Void;
3741

3842
class SinkBase = Void;

0 commit comments

Comments
 (0)