Track taint through java.io.File constructor and #toURI; URI#toURL

2026-05-02 20:25:13 +02:00 · 2020-10-10 20:29:01 +02:00
parent c8cacb9fee
commit 0c70be145f
3 changed files with 15 additions and 0 deletions
--- a/java/ql/test/library-tests/dataflow/taint/B.java
+++ b/java/ql/test/library-tests/dataflow/taint/B.java
@@ -129,6 +129,9 @@ public class B {
    String[][][] taintedArray3 = new String[][][] { { { s } } };
    sink(taintedArray3);

+    // Tainted file path and URI
+    sink(new java.io.File(s).toURI().toURL());
+
    return;
  }

--- a/java/ql/test/library-tests/dataflow/taint/test.expected
+++ b/java/ql/test/library-tests/dataflow/taint/test.expected
@@ -33,6 +33,7 @@
 | B.java:15:21:15:27 | taint(...) | B.java:126:10:126:21 | taintedArray |
 | B.java:15:21:15:27 | taint(...) | B.java:128:10:128:22 | taintedArray2 |
 | B.java:15:21:15:27 | taint(...) | B.java:130:10:130:22 | taintedArray3 |
+| B.java:15:21:15:27 | taint(...) | B.java:133:10:133:44 | toURL(...) |
 | MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |
 | MethodFlow.java:9:31:9:37 | taint(...) | MethodFlow.java:10:10:10:17 | tainted2 |
 | MethodFlow.java:11:35:11:41 | taint(...) | MethodFlow.java:12:10:12:17 | tainted3 |