For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

StringPrefixes

Module StringPrefixes

Provides classes and predicates for identifying expressions that may be appended to an interesting prefix.

To use this library, extend the abstract class InterestingPrefix to have the library identify expressions that may be appended to it, then check InterestingPrefix.getAnAppendedExpression(Expr) to get your results.

For example, to identify expressions that may follow “foo:” in some string, we could define:

private class FooPrefix extends InterestingPrefix {
  int offset;
  FooPrefix() { this.getStringValue().substring("foo:") = offset };
  override int getOffset() { result = offset }
};

predicate mayFollowFoo(Expr e) { e = any(FooPrefix fp).getAnAppendedExpression() }

This will identify all the suffix expressions in contexts such as:

"foo:" + suffix1
"barfoo:" + suffix2
stringBuilder.append("foo:").append(suffix3);
String.format("%sfoo:%s", notSuffix, suffix4);

Import path


                                import semmle.code.java.dataflow.StringPrefixes

Imports

java	Provides all default Java QL imports.

Classes

InterestingPrefix

A string constant that contains a prefix whose possibly-appended strings are returned by getAnAppendedExpression.