hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add models for WordUtils and StrTokenizer

Browse Source 
Both of these have commons-text and commons-lang variants.
This commit is contained in:
Chris Smowton
2021-02-17 09:33:10 +00:00
parent fe07630e40
commit 1580d23b2b
10 changed files with 429 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
java/ql/test/library-tests/frameworks/apache-commons-lang3/StringTokenizerTest.java Normal file
View File

@@ -0,0 +1,46 @@
import org.apache.commons.text.StringTokenizer;
import org.apache.commons.text.matcher.StringMatcher;
public class StringTokenizerTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
// Test constructors:
sink((new StringTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
sink((new StringTokenizer(taint(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
// Test constructing static methods:
sink(StringTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
sink(StringTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
sink(StringTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
sink(StringTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
// Test accessors:
sink((new StringTokenizer(taint())).clone()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).getContent()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).next()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).nextToken()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).previous()); // $hasTaintFlow=y
sink((new StringTokenizer(taint())).previousToken()); // $hasTaintFlow=y
// Test mutators:
sink((new StringTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
sink((new StringTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
}
}