Merge branch 'dm/java-recursion' of github.com:trailofbits/codeql-que…

…ries into dm/java-recursion
trailofbits · Nov 18, 2024 · e4c26e3 · e4c26e3
2 parents b505f25 + c3213e4
commit e4c26e3
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 33 deletions.
diff --git a/java/src/security/Recursion/Recursion.ql b/java/src/security/Recursion/Recursion.ql
@@ -13,6 +13,7 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 
+
 predicate isTestPackage(RefType referenceType) {
   referenceType.getPackage().getName().toLowerCase().matches("%test%") or
   referenceType.getPackage().getName().toLowerCase().matches("%benchmark%") or
@@ -25,6 +26,7 @@ class RecursionSource extends MethodCall {
   override string toString() {
     result = this.getCaller().toString() + " calls " + this.getCallee().toString()
   }
+
 }
 
 module RecursiveConfig implements DataFlow::StateConfigSig {

diff --git a/java/test/query-tests/security/Recursion/Recursion.java b/java/test/query-tests/security/Recursion/Recursion.java
@@ -106,6 +106,39 @@ private boolean someCondition() {
     }
 }
 
+class RecursiveCallNonLinear {
+    // finding: level0->...->level0
+    public boolean level0() {
+        if (someOtherCondition()) {
+            return true;
+        }
+        if (someCondition()) {
+            return level1();
+        }        
+        return level2();
+    }
+    public boolean level1() {
+        if (someCondition()) {
+            return true;
+        }        
+        return level2();
+    }
+    public boolean level2() {
+        if (someCondition()) {
+            return level1();
+        }
+        return level0();
+    }
+
+    private boolean someCondition() {
+        return false;
+    }
+
+    private boolean someOtherCondition() {
+        return true;
+    }
+}
+
 class RecursiveCallWronglyLimited {
     // finding: recursion is not limited
     public boolean directRecursiveNoDepth(int anything, int depth) {
@@ -172,37 +205,4 @@ public static boolean foo() {
     public static boolean bar() {
         return true;
     }
-}
-
-class RecursiveCallNonLinear {
-    // finding: level0->...->level0
-    public boolean level0() {
-        if (someOtherCondition()) {
-            return true;
-        }
-        if (someCondition()) {
-            return level1();
-        }        
-        return level2();
-    }
-    public boolean level1() {
-        if (someCondition()) {
-            return true;
-        }        
-        return level2();
-    }
-    public boolean level2() {
-        if (someCondition()) {
-            return level1();
-        }
-        return level0();
-    }
-
-    private boolean someCondition() {
-        return false;
-    }
-
-    private boolean someOtherCondition() {
-        return true;
-    }
 }