hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix Micronaut local threat model value flow test

Browse Source
This commit is contained in:
Nicolas Will
2026-02-27 17:31:52 +01:00
parent 3869abebea
commit 157a1550e0
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java Normal file
View File

@@ -0,0 +1,30 @@
import io.micronaut.context.annotation.Value;
import io.micronaut.context.annotation.Property;
import io.micronaut.http.annotation.*;
@Controller("/config")
class MicronautConfig {
private static void sink(Object o) {}
@Value("${app.secret}")
String secretValue;
@Property(name = "app.api-key")
String apiKey;
@Get("/secret")
void testValueField() {
sink(secretValue); // $hasLocalValueFlow
}
@Get("/key")
void testPropertyField() {
sink(apiKey); // $hasLocalValueFlow
}
@Get("/param")
void testValueParam(@Value("${app.name}") String appName) {
sink(appName); // $hasLocalValueFlow
}
}

2
java/ql/test/library-tests/dataflow/taintsources/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/micronaut-4.x