Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: CompilationUnit elements in Module are .class files instead of .java files #5556

Open
Marcono1234 opened this issue Mar 29, 2021 · 1 comment
Open

Java: CompilationUnit elements in Module are .class files instead of .java files #5556

Marcono1234 opened this issue Mar 29, 2021 · 1 comment
Labels
Java not security This issue does not relate to a security query question Further information is requested

Comments

@Marcono1234
Copy link
Contributor

Marcono1234 commented Mar 29, 2021
edited
Loading

There are two predicates for matching CompilationUnit to corresponding Module, Module.getACompilationUnit() and CompilationUnit.getModule() (both using the database predicate cumodule(@file, @module)).
The issue is that the reported compilation units appear to always be the .class files instead of the source .java files, even when the module-info.java file was part of the source.

For example the following query against OpenJDK has no results:

import java

from Module m, RefType t
where
  t.fromSource()
  and t.getCompilationUnit().getModule() = m
select m, t

Query Console link

However, if you manually try to match .class compilation units with .java compilation units, you will get the desired results:

import java

predicate areProbablySame(CompilationUnit classComp, CompilationUnit sourceComp) {
  classComp.getPackage() = sourceComp.getPackage()
  and classComp.getName() = sourceComp.getName()
}

from Module m, TopLevelType t, CompilationUnit classComp, CompilationUnit sourceComp
where
  t.fromSource()
  and sourceComp = t.getCompilationUnit()
  and classComp = m.getACompilationUnit()
  and areProbablySame(classComp, sourceComp)
select m, t, classComp.getRelativePath(), sourceComp.getRelativePath()

Query Console link
@Marcono1234 Marcono1234 added the question Further information is requested label Mar 29, 2021
@rdmarsh2 rdmarsh2 added the Java label Mar 29, 2021
@aeisenberg aeisenberg added the not security This issue does not relate to a security query label Apr 5, 2021
@aeisenberg
Copy link
Contributor

Thanks for raising this issue.

Our current focus is on improving our security analysis. Because it not obvious that this defect relates to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Java not security This issue does not relate to a security query question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aeisenberg @rdmarsh2 @Marcono1234