hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6119 from smowton/smowton/fix/jaxrs-tests-field-flow

Browse Source 
Increase field flow branch limit in Jax-RS tests
This commit is contained in:
Anders Schack-Mulligen
2021-06-21 14:43:59 +02:00
committed by GitHub
parent 9110dfaeb3 e2aaae8181
commit 14b485efa4
3 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/test/library-tests/frameworks/JaxWs/JakartaRsFlow.java
View File

@@ -160,12 +160,12 @@ public class JakartaRsFlow {
void testAbstractMultivaluedMap(Map<String, List<String>> map1, Map<String, List<String>> map2, List<String> list) {
map1.put(taint(), list);
AbstractMultivaluedMap<String, String> amm1 = new MyAbstractMultivaluedMapJak<String, String>(map1);
sink(amm1.keySet().iterator().next()); // $ MISSING: hasValueFlow
sink(amm1.keySet().iterator().next()); // $ hasValueFlow
list.add(taint());
map2.put("key", list);
AbstractMultivaluedMap<String, String> amm2 = new MyAbstractMultivaluedMapJak<String, String>(map2);
sink(amm2.get("key").get(0)); // $ MISSING: hasValueFlow SPURIOUS: hasTaintFlow
sink(amm2.get("key").get(0)); // $ hasValueFlow
}
void testMultivaluedHashMap(Map<String, String> map1, Map<String, String> map2,

4
java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.java
View File

@@ -160,12 +160,12 @@ public class JaxRsFlow {
void testAbstractMultivaluedMap(Map<String, List<String>> map1, Map<String, List<String>> map2, List<String> list) {
map1.put(taint(), list);
AbstractMultivaluedMap<String, String> amm1 = new MyAbstractMultivaluedMap<String, String>(map1);
sink(amm1.keySet().iterator().next()); // $ MISSING: hasValueFlow
sink(amm1.keySet().iterator().next()); // $ hasValueFlow
list.add(taint());
map2.put("key", list);
AbstractMultivaluedMap<String, String> amm2 = new MyAbstractMultivaluedMap<String, String>(map2);
sink(amm2.get("key").get(0)); // $ MISSING: hasValueFlow SPURIOUS: hasTaintFlow
sink(amm2.get("key").get(0)); // $ hasValueFlow
}
void testMultivaluedHashMap(Map<String, String> map1, Map<String, String> map2,

4
java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql
View File

@@ -12,6 +12,8 @@ class TaintFlowConf extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node n) {
exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
override int fieldFlowBranchLimit() { result = 1000 }
}
class ValueFlowConf extends DataFlow::Configuration {
@@ -24,6 +26,8 @@ class ValueFlowConf extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node n) {
exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
override int fieldFlowBranchLimit() { result = 1000 }
}
class HasFlowTest extends InlineExpectationsTest {