Java: add models for miscellaneous text-processing utilities from Commons Lang #5209
Conversation
smowton
force-pushed
the
smowton/feature/commons-misc-text
branch
from
38b7f10 to
399e646
Compare
smowton
force-pushed
the
smowton/feature/commons-misc-text
branch
from
399e646 to
db5cd63
Compare
|
@aschackmull I have converted this to use CSV specs, and slightly generalised the format to simplify describing generic types when we don't care to distinguish different specialsiations. |
|
Now includes @joefarebrother's commit 41b7db1 to permit array types in signatures |
| @@ -279,7 +279,7 @@ private predicate elementSpec( | |||
| bindingset[namespace, type, subtypes] | |||
| private RefType interpretType(string namespace, string type, boolean subtypes) { | |||
| exists(RefType t | | |||
| t.hasQualifiedName(namespace, type) and | |||
| [t, t.getSourceDeclaration()].hasQualifiedName(namespace, type) and | |||
There was a problem hiding this comment.
I think this is the wrong place to put .getSourceDeclaration(). Instead we should change the 3 instances of ref.(Call).getCallee() = e to ref.(Call).getCallee().getSourceDeclaration() = e below in sourceElementRef, sinkElementRef, and summaryElementRef. With this change we'll track much fewer tuples in the intermediate predicates. It also allows specifying signatures when type variables are mentioned, as the current solution doesn't work for that case.
| @@ -2,6 +2,7 @@ | |||
|
|
|||
| import java | |||
| private import semmle.code.java.dataflow.FlowSteps | |||
| private import semmle.code.java.dataflow.ExternalFlow | |||
There was a problem hiding this comment.
We need bidirectional import. Currently that happens indirectly, but I think it's best to import this file directly in the private module Frameworks in ExternalFlow.qll.
Both of these have commons-text and commons-lang variants.
…imply either the type itself or any generic specialisation. It is still possible to specify a precise generic signature if need be.
smowton
force-pushed
the
smowton/feature/commons-misc-text
branch
from
62903a7 to
71cd329
Compare
This adds models for WordUtils, StrTokenizer, StrLookup, StrSubstitutor, and all their equivalents in the Commons Text library.
The commits relating to StrBuilder are from #5172 which this PR is based upon; review only the latest 3 commits here.