Java: Add data flow for record getters.

aschackmull · aschackmull · commit d82fee11b1b7 · 2020-08-24T11:51:04.000+02:00
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -193,6 +193,18 @@ predicate readStep(Node node1, Content f, Node node2) {
     fr.getField() = f.(FieldContent).getField() and
     fr = node2.asExpr()
   )
+  or
+  exists(Record r, Method getter, Field recf, MethodAccess get |
+    getter.getDeclaringType() = r and
+    recf.getDeclaringType() = r and
+    getter.getNumberOfParameters() = 0 and
+    getter.getName() = recf.getName() and
+    not exists(getter.getBody()) and
+    recf = f.(FieldContent).getField() and
+    get.getMethod() = getter and
+    node1.asExpr() = get.getQualifier() and
+    node2.asExpr() = get
+  )
 }
 
 /**
diff --git a/java/ql/test/library-tests/dataflow/records/A.java b/java/ql/test/library-tests/dataflow/records/A.java
@@ -0,0 +1,28 @@
+public class A {
+  record Pair(Object x, Object y) { }
+
+  Object source() { return null; }
+
+  void sink(Object o) { }
+
+  void foo() {
+    Pair p1 = new Pair(source(), null);
+    Pair p2 = new Pair(new Object(), source());
+    bar(p1, p2);
+  }
+
+  void bar(Pair p1, Pair p2) {
+    sink(p1.x);
+    sink(p1.y);
+    sink(p2.x);
+    sink(p2.y);
+    Object p1x = p1.x();
+    Object p1y = p1.y();
+    Object p2x = p2.x();
+    Object p2y = p2.y();
+    sink(p1x);
+    sink(p1y);
+    sink(p2x);
+    sink(p2y);
+  }
+}
diff --git a/java/ql/test/library-tests/dataflow/records/options b/java/ql/test/library-tests/dataflow/records/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args --enable-preview -source 14 -target 14
diff --git a/java/ql/test/library-tests/dataflow/records/test.expected b/java/ql/test/library-tests/dataflow/records/test.expected
@@ -0,0 +1,4 @@
+| A.java:9:24:9:31 | source(...) | A.java:15:10:15:13 | p1.x |
+| A.java:9:24:9:31 | source(...) | A.java:23:10:23:12 | p1x |
+| A.java:10:38:10:45 | source(...) | A.java:18:10:18:13 | p2.y |
+| A.java:10:38:10:45 | source(...) | A.java:26:10:26:12 | p2y |
diff --git a/java/ql/test/library-tests/dataflow/records/test.ql b/java/ql/test/library-tests/dataflow/records/test.ql
@@ -0,0 +1,15 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import DataFlow
+
+class Conf extends Configuration {
+  Conf() { this = "qqconf" }
+
+  override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") }
+
+  override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") }
+}
+
+from Conf conf, Node src, Node sink
+where conf.hasFlow(src, sink)
+select src, sink

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args --enable-preview -source 14 -target 14`