Merge pull request #12305 from pwntester/new_java_net_URL_toURI_taintstep

Java: Add new java.net.URI taintsteps

java/ql/lib/ext/java.net.model.yml

@@ -23,8 +23,10 @@ extensions:
     data:
       - ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["java.net", "URI", False, "toAsciiString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URI", False, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URI", False, "toURL", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["java.net", "URL", False, "toURI", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URL", False, "toExternalForm", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URLDecoder", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

java/ql/test/library-tests/frameworks/jdk/java.net/Test.java

@@ -0,0 +1,99 @@
+package generatedtest;
+
+import java.net.URI;
+import java.net.URL;
+import java.net.URLDecoder;
+import java.nio.charset.Charset;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() {
+		return null;
+	}
+
+	void sink(Object o) {}
+
+	public void test() throws Exception {
+
+		{
+			// "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint;manual"
+			URI out = null;
+			String in = (String) source();
+			out = new URI(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URI;false;create;;;Argument[0];ReturnValue;taint;manual"
+			URI out = null;
+			String in = (String) source();
+			out = URI.create(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URI;false;toASCIIString;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			URI in = (URI) source();
+			out = in.toASCIIString();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URI;false;toString;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			URI in = (URI) source();
+			out = in.toString();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URI;false;toURL;;;Argument[-1];ReturnValue;taint;manual"
+			URL out = null;
+			URI in = (URI) source();
+			out = in.toURL();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URL;false;URL;(String);;Argument[0];Argument[-1];taint;manual"
+			URL out = null;
+			String in = (String) source();
+			out = new URL(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URL;false;toExternalForm;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			URL in = (URL) source();
+			out = in.toExternalForm();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URL;false;toURI;;;Argument[-1];ReturnValue;taint;manual"
+			URI out = null;
+			URL in = (URL) source();
+			out = in.toURI();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint;manual"
+			String out = null;
+			String in = (String) source();
+			out = URLDecoder.decode(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint;manual"
+			String out = null;
+			String in = (String) source();
+			out = URLDecoder.decode(in, (Charset) null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint;manual"
+			String out = null;
+			String in = (String) source();
+			out = URLDecoder.decode(in, (String) null);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}

java/ql/test/library-tests/frameworks/jdk/java.net/test.ql

@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest