From d7094a96b5810a977549ea59940041bfef8db3c6 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 4 Jul 2025 13:12:23 +0200 Subject: [PATCH 1/3] Overlay: Add discarding of all Java base properties --- java/ql/lib/semmle/code/java/Overlay.qll | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index f1cfc5c434f2..be218e0e78e6 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -81,3 +81,21 @@ private predicate discardReferableLocatable(@locatable el) { not drl.existsInOverlay() ) } + +overlay[local] +private predicate baseConfigLocatable(@configLocatable l) { not isOverlay() and l = l } + +overlay[local] +private predicate overlayHasConfigLocatables() { + isOverlay() and + exists(@configLocatable el) +} + +overlay[discard_entity] +private predicate discardBaseConfigLocatable(@configLocatable el) { + // The properties extractor is currently not incremental, so if + // the overlay contains any config locatables, the overlay should + // contain a full extraction and all config locatables from base + // should be discarded. + baseConfigLocatable(el) and overlayHasConfigLocatables() +} From 0739c03d03d3c54ca1280d167a8b7eaae2d65411 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 4 Jul 2025 14:59:52 +0200 Subject: [PATCH 2/3] Overlay: Add discarding of base XML locatables for Java --- java/ql/lib/semmle/code/java/Overlay.qll | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index be218e0e78e6..ddae9a9aa79a 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -99,3 +99,23 @@ private predicate discardBaseConfigLocatable(@configLocatable el) { // should be discarded. baseConfigLocatable(el) and overlayHasConfigLocatables() } + +overlay[local] +private predicate baseXmlLocatable(@xmllocatable l) { + not isOverlay() and not files(l, _) and not xmlNs(l, _, _, _) +} + +overlay[local] +private predicate overlayHasXmlLocatable() { + isOverlay() and + exists(@xmllocatable l | not files(l, _) and not xmlNs(l, _, _, _)) +} + +overlay[discard_entity] +private predicate discardBaseXmlLocatable(@xmllocatable el) { + // The XML extractor is currently not incremental, so if + // the overlay contains any XML locatables, the overlay should + // contain a full extraction and all XML locatables from base + // should be discarded. + baseXmlLocatable(el) and overlayHasXmlLocatable() +} From f84a3084f065a057c4c738ccf5ad7a85c37441b9 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 15 Jul 2025 15:34:08 +0200 Subject: [PATCH 3/3] Address review comment about ignored QL variable Co-authored-by: Anders Schack-Mulligen --- java/ql/lib/semmle/code/java/Overlay.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index ddae9a9aa79a..6df93d6ac671 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -83,7 +83,7 @@ private predicate discardReferableLocatable(@locatable el) { } overlay[local] -private predicate baseConfigLocatable(@configLocatable l) { not isOverlay() and l = l } +private predicate baseConfigLocatable(@configLocatable l) { not isOverlay() and exists(l) } overlay[local] private predicate overlayHasConfigLocatables() {