From 3aedadcb353795b6ef7dfdcbc4dcb161ae6b7784 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <schack@semmle.com>
Date: Thu, 22 Aug 2019 11:25:23 +0200
Subject: [PATCH] Java: Add localExprFlow and localExprTaint.

---
 .../semmle/code/java/dataflow/internal/DataFlowUtil.qll   | 6 ++++++
 .../code/java/dataflow/internal/TaintTrackingUtil.qll     | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
index 6303f3660730..a20b22cd8464 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -334,6 +334,12 @@ private module ThisFlow {
  */
 predicate localFlow(Node node1, Node node2) { localFlowStep*(node1, node2) }
 
+/**
+ * Holds if data can flow from `e1` to `e2` in zero or more
+ * local (intra-procedural) steps.
+ */
+predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) }
+
 /**
  * Holds if the `FieldRead` is not completely determined by explicit SSA
  * updates.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index e63dcc80416d..8ba6374f47b9 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -17,6 +17,14 @@ private import semmle.code.java.dataflow.internal.ContainerFlow
  */
 predicate localTaint(DataFlow::Node src, DataFlow::Node sink) { localTaintStep*(src, sink) }
 
+/**
+ * Holds if taint can flow from `src` to `sink` in zero or more
+ * local (intra-procedural) steps.
+ */
+predicate localExprTaint(Expr src, Expr sink) {
+  localTaint(DataFlow::exprNode(src), DataFlow::exprNode(sink))
+}
+
 /**
  * Holds if taint can flow in one local step from `src` to `sink`.
  */