CodeQL library for Java
codeql/java-all 0.5.1 (changelog, source)
Search

Predicate Private::Steps::summaryClearsContent

Holds if values stored inside content c are cleared at n. n is a synthesized summary node, so in order for values to be cleared at calls to the relevant method, it is important that flow does not pass over the argument, either via use-use flow or def-use flow.

Example:

a.b = taint;
a.clearB(); // assume we have a flow summary for `clearB` that clears `b` on the qualifier
sink(a.b);

In the above, flow should not pass from a on the first line (or the second line) to a on the third line. Instead, there will be synthesized flow from a on line 2 to the post-update node for a on that line (via an intermediate node where field b is cleared).

Import path

import semmle.code.java.dataflow.internal.FlowSummaryImpl
predicate summaryClearsContent(Node n, ContentSet c)