Skip to content

Commit dba93b3

Browse files
criemenaschackmull
criemen
authored and
aschackmull
committed
Add tests exhibiting false positives in the dataflow library, where call context is not used to prune branches.
1 parent 3f45d86 commit dba93b3

File tree

4 files changed

+223
-0
lines changed

4 files changed

+223
-0
lines changed

java/ql/test/library-tests/dataflow/call-sensitivity/A.java

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
public class A {
2+
3+
public static void sink(Object o) {
4+
}
5+
6+
public void callSinkIfTrue(Object o, boolean cond) {
7+
if (cond) {
8+
sink(o);
9+
}
10+
}
11+
12+
public void callSinkIfFalse(Object o, boolean cond) {
13+
if (!cond) {
14+
sink(o);
15+
}
16+
}
17+
18+
public void callSinkFromLoop(Object o, boolean cond) {
19+
while (cond) {
20+
sink(o);
21+
}
22+
}
23+
24+
public void localCallSensitivity(Object o, boolean c) {
25+
Object o1 = o;
26+
Object o2 = null;
27+
if (c) {
28+
Object tmp = o1;
29+
o2 = 1 == 1 ? (tmp) : (tmp);
30+
}
31+
Object o3 = o2;
32+
sink(o3);
33+
}
34+
35+
public void f1() {
36+
// should not exhibit flow
37+
callSinkIfTrue(new Integer(1), false);
38+
callSinkIfFalse(new Integer(2), true);
39+
callSinkFromLoop(new Integer(3), false);
40+
localCallSensitivity(new Integer(4), false);
41+
// should exhibit flow
42+
callSinkIfTrue(new Integer(1), true);
43+
callSinkIfFalse(new Integer(2), false);
44+
callSinkFromLoop(new Integer(3), true);
45+
localCallSensitivity(new Integer(4), true);
46+
}
47+
48+
public void f2() {
49+
boolean t = true;
50+
boolean f = false;
51+
// should not exhibit flow
52+
callSinkIfTrue(new Integer(4), f);
53+
callSinkIfFalse(new Integer(5), t);
54+
callSinkFromLoop(new Integer(6), f);
55+
localCallSensitivity(new Integer(4), f);
56+
// should exhibit flow
57+
callSinkIfTrue(new Integer(4), t);
58+
callSinkIfFalse(new Integer(5), f);
59+
callSinkFromLoop(new Integer(6), t);
60+
localCallSensitivity(new Integer(4), t);
61+
}
62+
63+
public void f3(InterfaceA b) {
64+
boolean t = true;
65+
boolean f = false;
66+
// should not exhibit flow
67+
b.callSinkIfTrue(new Integer(4), f);
68+
b.callSinkIfFalse(new Integer(5), t);
69+
b.localCallSensitivity(new Integer(4), f);
70+
// should exhibit flow
71+
b.callSinkIfTrue(new Integer(4), t);
72+
b.callSinkIfFalse(new Integer(5), f);
73+
b.localCallSensitivity(new Integer(4), t);
74+
}
75+
76+
class B implements InterfaceA {
77+
@Override
78+
public void callSinkIfTrue(Object o, boolean cond) {
79+
if (cond) {
80+
sink(o);
81+
}
82+
}
83+
84+
@Override
85+
public void callSinkIfFalse(Object o, boolean cond) {
86+
if (!cond) {
87+
sink(o);
88+
}
89+
}
90+
91+
@Override
92+
public void localCallSensitivity(Object o, boolean c) {
93+
Object o1 = o;
94+
Object o2 = null;
95+
if (c) {
96+
Object tmp = o1;
97+
o2 = 1 == 1 ? (tmp) : (tmp);
98+
}
99+
Object o3 = o2;
100+
sink(o3);
101+
}
102+
103+
}
104+
}

java/ql/test/library-tests/dataflow/call-sensitivity/InterfaceA.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
public interface InterfaceA {
2+
public void callSinkIfTrue(Object o, boolean cond);
3+
public void callSinkIfFalse(Object o, boolean cond);
4+
public void localCallSensitivity(Object o, boolean c);
5+
}

java/ql/test/library-tests/dataflow/call-sensitivity/flow.expected

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
edges
2+
| A.java:6:29:6:36 | o [ : Number] | A.java:8:9:8:9 | o |
3+
| A.java:12:30:12:37 | o [ : Number] | A.java:14:9:14:9 | o |
4+
| A.java:18:31:18:38 | o [ : Number] | A.java:20:9:20:9 | o |
5+
| A.java:24:35:24:42 | o [ : Number] | A.java:32:8:32:9 | o3 |
6+
| A.java:37:18:37:31 | new Integer(...) [ : Number] | A.java:6:29:6:36 | o [ : Number] |
7+
| A.java:38:19:38:32 | new Integer(...) [ : Number] | A.java:12:30:12:37 | o [ : Number] |
8+
| A.java:39:20:39:33 | new Integer(...) [ : Number] | A.java:18:31:18:38 | o [ : Number] |
9+
| A.java:40:24:40:37 | new Integer(...) [ : Number] | A.java:24:35:24:42 | o [ : Number] |
10+
| A.java:42:18:42:31 | new Integer(...) [ : Number] | A.java:6:29:6:36 | o [ : Number] |
11+
| A.java:43:19:43:32 | new Integer(...) [ : Number] | A.java:12:30:12:37 | o [ : Number] |
12+
| A.java:44:20:44:33 | new Integer(...) [ : Number] | A.java:18:31:18:38 | o [ : Number] |
13+
| A.java:45:24:45:37 | new Integer(...) [ : Number] | A.java:24:35:24:42 | o [ : Number] |
14+
| A.java:52:18:52:31 | new Integer(...) [ : Number] | A.java:6:29:6:36 | o [ : Number] |
15+
| A.java:53:19:53:32 | new Integer(...) [ : Number] | A.java:12:30:12:37 | o [ : Number] |
16+
| A.java:54:20:54:33 | new Integer(...) [ : Number] | A.java:18:31:18:38 | o [ : Number] |
17+
| A.java:55:24:55:37 | new Integer(...) [ : Number] | A.java:24:35:24:42 | o [ : Number] |
18+
| A.java:57:18:57:31 | new Integer(...) [ : Number] | A.java:6:29:6:36 | o [ : Number] |
19+
| A.java:58:19:58:32 | new Integer(...) [ : Number] | A.java:12:30:12:37 | o [ : Number] |
20+
| A.java:59:20:59:33 | new Integer(...) [ : Number] | A.java:18:31:18:38 | o [ : Number] |
21+
| A.java:60:24:60:37 | new Integer(...) [ : Number] | A.java:24:35:24:42 | o [ : Number] |
22+
| A.java:67:20:67:33 | new Integer(...) [ : Number] | A.java:78:30:78:37 | o [ : Number] |
23+
| A.java:68:21:68:34 | new Integer(...) [ : Number] | A.java:85:31:85:38 | o [ : Number] |
24+
| A.java:69:26:69:39 | new Integer(...) [ : Number] | A.java:92:36:92:43 | o [ : Number] |
25+
| A.java:71:20:71:33 | new Integer(...) [ : Number] | A.java:78:30:78:37 | o [ : Number] |
26+
| A.java:72:21:72:34 | new Integer(...) [ : Number] | A.java:85:31:85:38 | o [ : Number] |
27+
| A.java:73:26:73:39 | new Integer(...) [ : Number] | A.java:92:36:92:43 | o [ : Number] |
28+
| A.java:78:30:78:37 | o [ : Number] | A.java:80:10:80:10 | o |
29+
| A.java:85:31:85:38 | o [ : Number] | A.java:87:10:87:10 | o |
30+
| A.java:92:36:92:43 | o [ : Number] | A.java:100:9:100:10 | o3 |
31+
nodes
32+
| A.java:6:29:6:36 | o [ : Number] | semmle.label | o [ : Number] |
33+
| A.java:8:9:8:9 | o | semmle.label | o |
34+
| A.java:12:30:12:37 | o [ : Number] | semmle.label | o [ : Number] |
35+
| A.java:14:9:14:9 | o | semmle.label | o |
36+
| A.java:18:31:18:38 | o [ : Number] | semmle.label | o [ : Number] |
37+
| A.java:20:9:20:9 | o | semmle.label | o |
38+
| A.java:24:35:24:42 | o [ : Number] | semmle.label | o [ : Number] |
39+
| A.java:32:8:32:9 | o3 | semmle.label | o3 |
40+
| A.java:37:18:37:31 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
41+
| A.java:38:19:38:32 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
42+
| A.java:39:20:39:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
43+
| A.java:40:24:40:37 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
44+
| A.java:42:18:42:31 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
45+
| A.java:43:19:43:32 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
46+
| A.java:44:20:44:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
47+
| A.java:45:24:45:37 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
48+
| A.java:52:18:52:31 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
49+
| A.java:53:19:53:32 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
50+
| A.java:54:20:54:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
51+
| A.java:55:24:55:37 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
52+
| A.java:57:18:57:31 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
53+
| A.java:58:19:58:32 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
54+
| A.java:59:20:59:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
55+
| A.java:60:24:60:37 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
56+
| A.java:67:20:67:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
57+
| A.java:68:21:68:34 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
58+
| A.java:69:26:69:39 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
59+
| A.java:71:20:71:33 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
60+
| A.java:72:21:72:34 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
61+
| A.java:73:26:73:39 | new Integer(...) [ : Number] | semmle.label | new Integer(...) [ : Number] |
62+
| A.java:78:30:78:37 | o [ : Number] | semmle.label | o [ : Number] |
63+
| A.java:80:10:80:10 | o | semmle.label | o |
64+
| A.java:85:31:85:38 | o [ : Number] | semmle.label | o [ : Number] |
65+
| A.java:87:10:87:10 | o | semmle.label | o |
66+
| A.java:92:36:92:43 | o [ : Number] | semmle.label | o [ : Number] |
67+
| A.java:100:9:100:10 | o3 | semmle.label | o3 |
68+
#select
69+
| A.java:37:18:37:31 | new Integer(...) [ : Number] | A.java:37:18:37:31 | new Integer(...) [ : Number] | A.java:8:9:8:9 | o | $@ | A.java:8:9:8:9 | o | o |
70+
| A.java:38:19:38:32 | new Integer(...) [ : Number] | A.java:38:19:38:32 | new Integer(...) [ : Number] | A.java:14:9:14:9 | o | $@ | A.java:14:9:14:9 | o | o |
71+
| A.java:39:20:39:33 | new Integer(...) [ : Number] | A.java:39:20:39:33 | new Integer(...) [ : Number] | A.java:20:9:20:9 | o | $@ | A.java:20:9:20:9 | o | o |
72+
| A.java:40:24:40:37 | new Integer(...) [ : Number] | A.java:40:24:40:37 | new Integer(...) [ : Number] | A.java:32:8:32:9 | o3 | $@ | A.java:32:8:32:9 | o3 | o3 |
73+
| A.java:42:18:42:31 | new Integer(...) [ : Number] | A.java:42:18:42:31 | new Integer(...) [ : Number] | A.java:8:9:8:9 | o | $@ | A.java:8:9:8:9 | o | o |
74+
| A.java:43:19:43:32 | new Integer(...) [ : Number] | A.java:43:19:43:32 | new Integer(...) [ : Number] | A.java:14:9:14:9 | o | $@ | A.java:14:9:14:9 | o | o |
75+
| A.java:44:20:44:33 | new Integer(...) [ : Number] | A.java:44:20:44:33 | new Integer(...) [ : Number] | A.java:20:9:20:9 | o | $@ | A.java:20:9:20:9 | o | o |
76+
| A.java:45:24:45:37 | new Integer(...) [ : Number] | A.java:45:24:45:37 | new Integer(...) [ : Number] | A.java:32:8:32:9 | o3 | $@ | A.java:32:8:32:9 | o3 | o3 |
77+
| A.java:52:18:52:31 | new Integer(...) [ : Number] | A.java:52:18:52:31 | new Integer(...) [ : Number] | A.java:8:9:8:9 | o | $@ | A.java:8:9:8:9 | o | o |
78+
| A.java:53:19:53:32 | new Integer(...) [ : Number] | A.java:53:19:53:32 | new Integer(...) [ : Number] | A.java:14:9:14:9 | o | $@ | A.java:14:9:14:9 | o | o |
79+
| A.java:54:20:54:33 | new Integer(...) [ : Number] | A.java:54:20:54:33 | new Integer(...) [ : Number] | A.java:20:9:20:9 | o | $@ | A.java:20:9:20:9 | o | o |
80+
| A.java:55:24:55:37 | new Integer(...) [ : Number] | A.java:55:24:55:37 | new Integer(...) [ : Number] | A.java:32:8:32:9 | o3 | $@ | A.java:32:8:32:9 | o3 | o3 |
81+
| A.java:57:18:57:31 | new Integer(...) [ : Number] | A.java:57:18:57:31 | new Integer(...) [ : Number] | A.java:8:9:8:9 | o | $@ | A.java:8:9:8:9 | o | o |
82+
| A.java:58:19:58:32 | new Integer(...) [ : Number] | A.java:58:19:58:32 | new Integer(...) [ : Number] | A.java:14:9:14:9 | o | $@ | A.java:14:9:14:9 | o | o |
83+
| A.java:59:20:59:33 | new Integer(...) [ : Number] | A.java:59:20:59:33 | new Integer(...) [ : Number] | A.java:20:9:20:9 | o | $@ | A.java:20:9:20:9 | o | o |
84+
| A.java:60:24:60:37 | new Integer(...) [ : Number] | A.java:60:24:60:37 | new Integer(...) [ : Number] | A.java:32:8:32:9 | o3 | $@ | A.java:32:8:32:9 | o3 | o3 |
85+
| A.java:67:20:67:33 | new Integer(...) [ : Number] | A.java:67:20:67:33 | new Integer(...) [ : Number] | A.java:80:10:80:10 | o | $@ | A.java:80:10:80:10 | o | o |
86+
| A.java:68:21:68:34 | new Integer(...) [ : Number] | A.java:68:21:68:34 | new Integer(...) [ : Number] | A.java:87:10:87:10 | o | $@ | A.java:87:10:87:10 | o | o |
87+
| A.java:69:26:69:39 | new Integer(...) [ : Number] | A.java:69:26:69:39 | new Integer(...) [ : Number] | A.java:100:9:100:10 | o3 | $@ | A.java:100:9:100:10 | o3 | o3 |
88+
| A.java:71:20:71:33 | new Integer(...) [ : Number] | A.java:71:20:71:33 | new Integer(...) [ : Number] | A.java:80:10:80:10 | o | $@ | A.java:80:10:80:10 | o | o |
89+
| A.java:72:21:72:34 | new Integer(...) [ : Number] | A.java:72:21:72:34 | new Integer(...) [ : Number] | A.java:87:10:87:10 | o | $@ | A.java:87:10:87:10 | o | o |
90+
| A.java:73:26:73:39 | new Integer(...) [ : Number] | A.java:73:26:73:39 | new Integer(...) [ : Number] | A.java:100:9:100:10 | o3 | $@ | A.java:100:9:100:10 | o3 | o3 |

java/ql/test/library-tests/dataflow/call-sensitivity/flow.ql

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
/**
2+
* @kind path-problem
3+
*/
4+
5+
import java
6+
import semmle.code.java.dataflow.DataFlow
7+
import DataFlow::PathGraph
8+
9+
class Conf extends DataFlow::Configuration {
10+
Conf() { this = "CallSensitiveFlowConf" }
11+
12+
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ClassInstanceExpr }
13+
14+
override predicate isSink(DataFlow::Node sink) {
15+
exists(MethodAccess ma |
16+
ma.getMethod().hasName("sink") and
17+
ma.getAnArgument() = sink.asExpr()
18+
)
19+
}
20+
}
21+
22+
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
23+
where conf.hasFlowPath(source, sink)
24+
select source, source, sink, "$@", sink, sink.toString()

0 commit comments

Comments
 (0)