Merge pull request #10173 from zbazztian/spring-crudrepository

aschackmull · web-flow · commit e26a7fc4f383 · 2022-08-29T15:00:07.000+02:00
Java: Add data flow model for Spring's CrudRepository.save() method
diff --git a/java/ql/lib/change-notes/2022-08-25-taint-model-spring-crudrepository.md b/java/ql/lib/change-notes/2022-08-25-taint-model-spring-crudrepository.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow summary for `org.springframework.data.repository.CrudRepository.save()`.
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -120,6 +120,7 @@ private module Frameworks {
   private import semmle.code.java.frameworks.ratpack.RatpackExec
   private import semmle.code.java.frameworks.spring.SpringCache
   private import semmle.code.java.frameworks.spring.SpringContext
+  private import semmle.code.java.frameworks.spring.SpringData
   private import semmle.code.java.frameworks.spring.SpringHttp
   private import semmle.code.java.frameworks.spring.SpringUtil
   private import semmle.code.java.frameworks.spring.SpringUi
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
@@ -13,6 +13,7 @@ import semmle.code.java.frameworks.spring.SpringContext
 import semmle.code.java.frameworks.spring.SpringComponentScan
 import semmle.code.java.frameworks.spring.SpringConstructorArg
 import semmle.code.java.frameworks.spring.SpringController
+import semmle.code.java.frameworks.spring.SpringData
 import semmle.code.java.frameworks.spring.SpringDescription
 import semmle.code.java.frameworks.spring.SpringEntry
 import semmle.code.java.frameworks.spring.SpringFlex
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll
@@ -0,0 +1,17 @@
+/**
+ * Provides classes and predicates for working with Spring classes and interfaces from
+ * `org.springframework.data`.
+ */
+
+import java
+private import semmle.code.java.dataflow.ExternalFlow
+
+/**
+ * Provides models for the `org.springframework.data` package.
+ */
+private class FlowSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "org.springframework.data.repository;CrudRepository;true;save;;;Argument[0];ReturnValue;value;manual"
+  }
+}
diff --git a/java/ql/test/library-tests/frameworks/spring/data/Test.java b/java/ql/test/library-tests/frameworks/spring/data/Test.java
@@ -0,0 +1,19 @@
+import org.springframework.data.repository.CrudRepository;
+
+class Struct {
+  public String field;
+  public Struct(String f){
+    this.field = f;
+  }
+}
+
+public class Test {
+  String source() { return null; }
+  void sink(Object o) {}
+
+  void testCrudRepository(CrudRepository<Struct, Integer> cr) {
+    Struct s = new Struct(source());
+    s = cr.save(s);
+    sink(s.field); //$hasValueFlow
+  }
+}
diff --git a/java/ql/test/library-tests/frameworks/spring/data/options b/java/ql/test/library-tests/frameworks/spring/data/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1
diff --git a/java/ql/test/library-tests/frameworks/spring/data/test.expected b/java/ql/test/library-tests/frameworks/spring/data/test.expected
diff --git a/java/ql/test/library-tests/frameworks/spring/data/test.ql b/java/ql/test/library-tests/frameworks/spring/data/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added flow summary for `org.springframework.data.repository.CrudRepository.save()`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+import java`
	`2`	`+import TestUtilities.InlineFlowTest`