Skip to content

Commit 5067b78

Browse files
joefarebrotherjoefarebrother
committed
Java: Add qldoc
1 parent 9495c5e commit 5067b78

File tree

1 file changed

+12
-4
lines changed

1 file changed

+12
-4
lines changed

java/ql/src/Security/CWE/CWE-789/UnboundedAllocationCommon.qll

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,13 @@
1+
/**
2+
* Common definitions for the unbounded allocation queries.
3+
*/
4+
15
import semmle.code.java.dataflow.RangeAnalysis
26
import semmle.code.java.dataflow.FlowSteps
37
import semmle.code.java.dataflow.DataFlow
48
import semmle.code.java.dataflow.TaintTracking
59

10+
/** A sink where memory is allocated. */
611
class AllocationSink extends DataFlow::Node {
712
AllocationSink() {
813
this.asExpr() = any(ArrayCreationExpr a).getADimension()
@@ -14,11 +19,13 @@ class AllocationSink extends DataFlow::Node {
1419
}
1520
}
1621

22+
/** A callable that allocates memory. */
1723
abstract class AllocatingCallable extends Callable {
24+
/** Returns the parameter index controlling the size of the allocated memory. */
1825
abstract int getParam();
1926
}
2027

21-
class AtomicArrayConstructor extends AllocatingCallable, Constructor {
28+
private class AtomicArrayConstructor extends AllocatingCallable, Constructor {
2229
AtomicArrayConstructor() {
2330
this
2431
.getDeclaringType()
@@ -30,7 +37,7 @@ class AtomicArrayConstructor extends AllocatingCallable, Constructor {
3037
override int getParam() { result = 0 }
3138
}
3239

33-
class ListConstructor extends AllocatingCallable, Constructor {
40+
private class ListConstructor extends AllocatingCallable, Constructor {
3441
ListConstructor() {
3542
this.getDeclaringType().hasQualifiedName("java.util", ["ArrayList", "Vector"]) and
3643
this.getParameterType(0) instanceof IntegralType
@@ -39,7 +46,7 @@ class ListConstructor extends AllocatingCallable, Constructor {
3946
override int getParam() { result = 0 }
4047
}
4148

42-
class ReadMethod extends TaintPreservingCallable {
49+
private class ReadMethod extends TaintPreservingCallable {
4350
ReadMethod() {
4451
this.getDeclaringType().hasQualifiedName("java.io", "ObjectInputStream") and
4552
this.getName().matches("read%")
@@ -48,7 +55,7 @@ class ReadMethod extends TaintPreservingCallable {
4855
override predicate returnsTaintFrom(int arg) { arg = -1 }
4956
}
5057

51-
class ArithmeticStep extends TaintTracking::AdditionalTaintStep {
58+
private class ArithmeticStep extends TaintTracking::AdditionalTaintStep {
5259
override predicate step(DataFlow::Node src, DataFlow::Node sink) {
5360
exists(BinaryExpr binex | sink.asExpr() = binex and src.asExpr() = binex.getAnOperand() |
5461
binex instanceof AddExpr
@@ -71,4 +78,5 @@ class ArithmeticStep extends TaintTracking::AdditionalTaintStep {
7178
}
7279
}
7380

81+
/** Holds if `e` has a known upper bound. */
7482
predicate hasUpperBound(Expr e) { bounded(e, any(ZeroBound z), _, true, _) }

0 commit comments

Comments
 (0)