Add models for WordUtils and StrTokenizer

Both of these have commons-text and commons-lang variants.

java/ql/test/library-tests/frameworks/apache-commons-lang3/StrTokenizerTest.java

@@ -0,0 +1,46 @@
+import org.apache.commons.lang3.text.StrTokenizer;
+import org.apache.commons.lang3.text.StrMatcher;
+
+public class StrTokenizerTest {
+  String taint() { return "tainted"; }
+
+  void sink(Object o) {}
+
+  void test() throws Exception {
+
+    // Test constructors:
+    sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
+
+    // Test constructing static methods:
+    sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
+
+    // Test accessors:
+    sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).next()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow=y
+
+    // Test mutators:
+    sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
+
+  }
+}

java/ql/test/library-tests/frameworks/apache-commons-lang3/StrTokenizerTextTest.java

@@ -0,0 +1,46 @@
+import org.apache.commons.text.StrTokenizer;
+import org.apache.commons.text.StrMatcher;
+
+public class StrTokenizerTextTest {
+  String taint() { return "tainted"; }
+
+  void sink(Object o) {}
+
+  void test() throws Exception {
+
+    // Test constructors:
+    sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
+
+    // Test constructing static methods:
+    sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
+
+    // Test accessors:
+    sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).next()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow=y
+    sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow=y
+
+    // Test mutators:
+    sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
+
+  }
+}

java/ql/test/library-tests/frameworks/apache-commons-lang3/StringTokenizerTest.java

@@ -0,0 +1,46 @@
+import org.apache.commons.text.StringTokenizer;
+import org.apache.commons.text.matcher.StringMatcher;
+
+public class StringTokenizerTest {
+  String taint() { return "tainted"; }
+
+  void sink(Object o) {}
+
+  void test() throws Exception {
+
+    // Test constructors:
+    sink((new StringTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
+
+    // Test constructing static methods:
+    sink(StringTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StringTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
+    sink(StringTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink(StringTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
+
+    // Test accessors:
+    sink((new StringTokenizer(taint())).clone()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).getContent()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).next()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).nextToken()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).previous()); // $hasTaintFlow=y
+    sink((new StringTokenizer(taint())).previousToken()); // $hasTaintFlow=y
+
+    // Test mutators:
+    sink((new StringTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
+    sink((new StringTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
+
+  }
+}

java/ql/test/library-tests/frameworks/apache-commons-lang3/WordUtilsTest.java

@@ -0,0 +1,26 @@
+import org.apache.commons.lang3.text.WordUtils;
+
+public class WordUtilsTest {
+  String taint() { return "tainted"; }
+
+  void sink(Object o) {}
+
+  void test() throws Exception {
+    sink(WordUtils.capitalize(taint())); // $hasTaintFlow=y
+    sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow=y
+    sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.initials(taint())); // $hasTaintFlow=y
+    sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.swapCase(taint())); // $hasTaintFlow=y
+    sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow=y
+    sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow=y
+    sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow=y
+    sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow=y
+    // GOOD: the wrap-on line terminator does not propagate to the return value
+    sink(WordUtils.wrap("wrap me", 0, "\n", false, taint()));
+  }
+}

java/ql/test/library-tests/frameworks/apache-commons-lang3/WordUtilsTextTest.java

@@ -0,0 +1,28 @@
+import org.apache.commons.text.WordUtils;
+
+public class WordUtilsTextTest {
+  String taint() { return "tainted"; }
+
+  void sink(Object o) {}
+
+  void test() throws Exception {
+    sink(WordUtils.abbreviate(taint(), 0, 0, "append me")); // $hasTaintFlow=y
+    sink(WordUtils.abbreviate("abbreviate me", 0, 0, taint())); // $hasTaintFlow=y
+    sink(WordUtils.capitalize(taint())); // $hasTaintFlow=y
+    sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow=y
+    sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.initials(taint())); // $hasTaintFlow=y
+    sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.swapCase(taint())); // $hasTaintFlow=y
+    sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow=y
+    sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow=y
+    sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow=y
+    sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow=y
+    sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow=y
+    // GOOD: the wrap-on line terminator does not propagate to the return value
+    sink(WordUtils.wrap("wrap me", 0, "\n", false, taint()));
+  }
+}