|
| 1 | +/** |
| 2 | + * Provides abstract classes representing generic concepts such as file system |
| 3 | + * access or system command execution, for which individual framework libraries |
| 4 | + * provide concrete subclasses. |
| 5 | + */ |
| 6 | +overlay[local?] |
| 7 | +module; |
| 8 | + |
| 9 | +import java |
| 10 | +private import semmle.code.java.dataflow.DataFlow |
| 11 | + |
| 12 | +/** |
| 13 | + * A data-flow node that executes a regular expression. |
| 14 | + * |
| 15 | + * Extend this class to refine existing API models. If you want to model new APIs, |
| 16 | + * extend `RegexExecution::Range` instead. |
| 17 | + */ |
| 18 | +class RegexExecution extends DataFlow::Node instanceof RegexExecution::Range { |
| 19 | + /** Gets the data flow node for the regex being executed by this node. */ |
| 20 | + DataFlow::Node getRegex() { result = super.getRegex() } |
| 21 | + |
| 22 | + /** Gets a dataflow node for the string to be searched or matched against. */ |
| 23 | + DataFlow::Node getString() { result = super.getString() } |
| 24 | + |
| 25 | + /** |
| 26 | + * Gets the name of this regex execution, typically the name of an executing method. |
| 27 | + * This is used for nice alert messages and should include the module if possible. |
| 28 | + */ |
| 29 | + string getName() { result = super.getName() } |
| 30 | +} |
| 31 | + |
| 32 | +/** Provides classes for modeling new regular-expression execution APIs. */ |
| 33 | +module RegexExecution { |
| 34 | + /** |
| 35 | + * A data flow node that executes a regular expression. |
| 36 | + * |
| 37 | + * Extend this class to model new APIs. If you want to refine existing API models, |
| 38 | + * extend `RegexExecution` instead. |
| 39 | + */ |
| 40 | + abstract class Range extends DataFlow::Node { |
| 41 | + /** Gets the data flow node for the regex being executed by this node. */ |
| 42 | + abstract DataFlow::Node getRegex(); |
| 43 | + |
| 44 | + /** Gets a data flow node for the string to be searched or matched against. */ |
| 45 | + abstract DataFlow::Node getString(); |
| 46 | + |
| 47 | + /** |
| 48 | + * Gets the name of this regex execution, typically the name of an executing method. |
| 49 | + * This is used for nice alert messages and should include the module if possible. |
| 50 | + */ |
| 51 | + abstract string getName(); |
| 52 | + } |
| 53 | + |
| 54 | + private class RangeFromExpr extends Range { |
| 55 | + private RegexExecutionExpr::Range ree; |
| 56 | + |
| 57 | + RangeFromExpr() { this.asExpr() = ree } |
| 58 | + |
| 59 | + override DataFlow::Node getRegex() { result.asExpr() = ree.getRegex() } |
| 60 | + |
| 61 | + override DataFlow::Node getString() { result.asExpr() = ree.getString() } |
| 62 | + |
| 63 | + override string getName() { result = ree.getName() } |
| 64 | + } |
| 65 | +} |
| 66 | + |
| 67 | +/** Provides classes for modeling new regular-expression execution APIs. */ |
| 68 | +module RegexExecutionExpr { |
| 69 | + /** |
| 70 | + * An expression that executes a regular expression. |
| 71 | + * |
| 72 | + * Extend this class to model new APIs. If you want to refine existing API models, |
| 73 | + * extend `RegexExecution` instead. |
| 74 | + */ |
| 75 | + abstract class Range extends Expr { |
| 76 | + /** Gets the expression for the regex being executed by this node. */ |
| 77 | + abstract Expr getRegex(); |
| 78 | + |
| 79 | + /** Gets a expression for the string to be searched or matched against. */ |
| 80 | + abstract Expr getString(); |
| 81 | + |
| 82 | + /** |
| 83 | + * Gets the name of this regex execution, typically the name of an executing method. |
| 84 | + * This is used for nice alert messages and should include the module if possible. |
| 85 | + */ |
| 86 | + abstract string getName(); |
| 87 | + } |
| 88 | +} |
0 commit comments