forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJdkInternalAccess.ql
More file actions
129 lines (112 loc) · 3.65 KB
/
JdkInternalAccess.ql
File metadata and controls
129 lines (112 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/**
* @name Access to unsupported JDK-internal API
* @description Use of unsupported JDK-internal APIs may cause compatibility issues
* when upgrading to newer versions of Java, in particular Java 9.
* @kind problem
* @problem.severity recommendation
* @precision high
* @id java/jdk-internal-api-access
* @suites security-and-quality
* @tags maintainability
*/
import java
import JdkInternals
import JdkInternalsReplacement
predicate importedType(Import i, RefType t) {
i.(ImportType).getImportedType() = t or
i.(ImportStaticTypeMember).getTypeHoldingImport() = t or
i.(ImportStaticOnDemand).getTypeHoldingImport() = t or
i.(ImportOnDemandFromType).getTypeHoldingImport() = t
}
predicate importedPackage(Import i, Package p) {
i.(ImportOnDemandFromPackage).getPackageHoldingImport() = p
}
predicate typeReplacement(RefType t, string repl) {
exists(string old | jdkInternalReplacement(old, repl) | t.getQualifiedName() = old)
}
predicate packageReplacementForType(RefType t, string repl) {
exists(string old, string pkgName |
jdkInternalReplacement(old, repl) and t.getPackage().getName() = pkgName
|
pkgName = old or
pkgName.prefix(old.length() + 1) = old + "."
)
}
predicate packageReplacement(Package p, string repl) {
exists(string old | jdkInternalReplacement(old, repl) |
p.getName() = old or
p.getName().prefix(old.length() + 1) = old + "."
)
}
predicate replacement(RefType t, string repl) {
typeReplacement(t, repl)
or
not typeReplacement(t, _) and packageReplacementForType(t, repl)
}
abstract class JdkInternalAccess extends Element {
abstract string getAccessedApi();
abstract string getReplacement();
}
class JdkInternalTypeAccess extends JdkInternalAccess, TypeAccess {
JdkInternalTypeAccess() { jdkInternalApi(this.getType().(RefType).getPackage().getName()) }
override string getAccessedApi() { result = this.getType().(RefType).getQualifiedName() }
override string getReplacement() {
exists(RefType t | this.getType() = t |
(
replacement(t, result)
or
not replacement(t, _) and result = "unknown"
)
)
}
}
class JdkInternalImport extends JdkInternalAccess, Import {
JdkInternalImport() {
exists(RefType t | importedType(this, t) | jdkInternalApi(t.getPackage().getName()))
or
exists(Package p | importedPackage(this, p) | jdkInternalApi(p.getName()))
}
override string getAccessedApi() {
exists(RefType t | result = t.getQualifiedName() | importedType(this, t))
or
exists(Package p | result = p.getName() | importedPackage(this, p))
}
override string getReplacement() {
exists(RefType t |
importedType(this, t) and
(
replacement(t, result)
or
not replacement(t, _) and result = "unknown"
)
)
or
exists(Package p |
importedPackage(this, p) and
(
packageReplacement(p, result)
or
not packageReplacement(p, _) and result = "unknown"
)
)
}
}
predicate jdkPackage(Package p) {
exists(string pkgName |
p.getName() = pkgName or
p.getName().prefix(pkgName.length() + 1) = pkgName + "."
|
pkgName =
[
"com.sun", "sun", "java", "javax", "com.oracle.net", "genstubs", "jdk", "build.tools",
"org.omg.CORBA", "org.ietf.jgss"
]
)
}
from JdkInternalAccess ta, string repl, string msg
where
repl = ta.getReplacement() and
(if repl = "unknown" then msg = "" else msg = " (" + repl + ")") and
not jdkInternalApi(ta.getCompilationUnit().getPackage().getName()) and
not jdkPackage(ta.getCompilationUnit().getPackage())
select ta, "Access to unsupported JDK-internal API '" + ta.getAccessedApi() + "'." + msg