Skip to content

Commit

Permalink
Format query
Browse files Browse the repository at this point in the history
  • Loading branch information
DarkaMaul committed Nov 19, 2024
1 parent 512a659 commit 06cae62
Showing 1 changed file with 19 additions and 22 deletions.
41 changes: 19 additions & 22 deletions java/src/security/Recursion/Recursion.ql
Original file line number Diff line number Diff line change
Expand Up @@ -23,22 +23,21 @@ class RecursionSource extends MethodCall {
RecursionSource() { not isTestPackage(this.getCaller().getDeclaringType()) }

override string toString() {
result = this.getCaller().toString() + " clls " + this.getCallee().toString()
result = this.getCaller().toString() + " calls " + this.getCallee().toString()
}

}

/**
* Check if the Expr uses directly an argument of the enclosing function
*/
class ParameterOperation extends Expr {
ParameterOperation() {
this instanceof BinaryExpr or this instanceof UnaryAssignExpr
and exists(
VarAccess va |
va.getVariable() = this.getEnclosingCallable().getAParameter() |
this.getAChildExpr+() = va
)
this instanceof BinaryExpr
or
this instanceof UnaryAssignExpr and
exists(VarAccess va | va.getVariable() = this.getEnclosingCallable().getAParameter() |
this.getAChildExpr+() = va
)
}
}

Expand All @@ -57,25 +56,24 @@ module RecursiveConfig implements DataFlow::StateConfigSig {
}

predicate isBarrier(DataFlow::Node node) {
exists(MethodCall ma |
ma = node.asExpr()
and (
exists(Expr e | e = ma.getAnArgument() and e instanceof ParameterOperation)
// or exists(
// VarAccess e|
// e = ma.getAnArgument() |
// e.getVariable().getAnAssignedValue().getAChildExpr() instanceof ParameterOperation
// )
)
exists(MethodCall ma |
ma = node.asExpr() and
exists(Expr e | e = ma.getAnArgument() and e instanceof ParameterOperation)
// or exists(
// VarAccess e|
// e = ma.getAnArgument() |
// e.getVariable().getAnAssignedValue().getAChildExpr() instanceof ParameterOperation
// )
)
}

/**
* Weird but useful deduplication logic
*/
predicate isBarrierIn(DataFlow::Node node, FlowState state) {
not node.asExpr() instanceof MethodCall
or node.asExpr().(MethodCall).getCaller().getLocation().getStartLine() > state.getLocation().getStartLine()
not node.asExpr() instanceof MethodCall or
node.asExpr().(MethodCall).getCaller().getLocation().getStartLine() >
state.getLocation().getStartLine()
}
}

Expand All @@ -92,5 +90,4 @@ import RecursiveFlow::PathGraph

from RecursiveFlow::PathNode source, RecursiveFlow::PathNode sink
where RecursiveFlow::flowPath(source, sink)
// TODO(dm): de-duplicate results
select sink.getNode(), source, sink, "Found a recursion: "
select sink.getNode(), source, sink, "Found a recursion: "

0 comments on commit 06cae62

Please sign in to comment.