Merge branch 'main' into inlineFlowTest

java/ql/test/library-tests/dataflow/call-sensitivity/flow.expected

@@ -1,6 +1,8 @@
 edges
 | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:27:27:27:34 | o : Number |
 | A2.java:27:27:27:34 | o : Number | A2.java:29:9:29:9 | o |
+| A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number |
+| A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number |
 | A.java:14:29:14:36 | o : Number | A.java:16:9:16:9 | o |
 | A.java:20:30:20:37 | o : Number | A.java:22:9:22:9 | o |
 | A.java:26:31:26:38 | o : Number | A.java:28:9:28:9 | o |
@@ -15,12 +17,14 @@ edges
 | A.java:66:25:66:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:67:25:67:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:68:25:68:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
+| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number |
 | A.java:69:20:69:33 | new Integer(...) : Number | A.java:69:8:69:40 | flowThrough(...) |
 | A.java:71:25:71:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:84:18:84:31 | new Integer(...) : Number | A.java:14:29:14:36 | o : Number |
 | A.java:85:19:85:32 | new Integer(...) : Number | A.java:20:30:20:37 | o : Number |
 | A.java:86:20:86:33 | new Integer(...) : Number | A.java:26:31:26:38 | o : Number |
 | A.java:87:24:87:37 | new Integer(...) : Number | A.java:32:35:32:42 | o : Number |
+| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number |
 | A.java:88:20:88:33 | new Integer(...) : Number | A.java:88:8:88:37 | flowThrough(...) |
 | A.java:99:20:99:33 | new Integer(...) : Number | A.java:106:30:106:37 | o : Number |
 | A.java:100:21:100:34 | new Integer(...) : Number | A.java:113:31:113:38 | o : Number |
@@ -32,6 +36,10 @@ nodes
 | A2.java:15:15:15:28 | new Integer(...) : Number | semmle.label | new Integer(...) : Number |
 | A2.java:27:27:27:34 | o : Number | semmle.label | o : Number |
 | A2.java:29:9:29:9 | o | semmle.label | o |
+| A.java:6:28:6:35 | o : Number | semmle.label | o : Number |
+| A.java:6:28:6:35 | o : Number | semmle.label | o : Number |
+| A.java:8:11:8:11 | o : Number | semmle.label | o : Number |
+| A.java:8:11:8:11 | o : Number | semmle.label | o : Number |
 | A.java:14:29:14:36 | o : Number | semmle.label | o : Number |
 | A.java:16:9:16:9 | o | semmle.label | o |
 | A.java:20:30:20:37 | o : Number | semmle.label | o : Number |
@@ -69,6 +77,9 @@ nodes
 | A.java:115:10:115:10 | o | semmle.label | o |
 | A.java:120:36:120:43 | o : Number | semmle.label | o : Number |
 | A.java:128:9:128:10 | o3 | semmle.label | o3 |
+subpaths
+| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number | A.java:69:8:69:40 | flowThrough(...) : Number |
+| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number | A.java:88:8:88:37 | flowThrough(...) : Number |
 #select
 | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:29:9:29:9 | o | $@ | A2.java:29:9:29:9 | o | o |
 | A.java:62:18:62:31 | new Integer(...) : Number | A.java:62:18:62:31 | new Integer(...) : Number | A.java:16:9:16:9 | o | $@ | A.java:16:9:16:9 | o | o |

java/ql/test/library-tests/dataflow/taint/B.java

@@ -46,6 +46,9 @@ public class B {
     // tainted - tokenized string
     String token = new StringTokenizer(badEscape).nextToken();
     sink(token);
+    // tainted - fluent concatenation
+    String fluentConcat = "".concat("str").concat(token).concat("bar");
+    sink(fluentConcat);
 
     // not tainted
     String safe = notTainty(complex);

java/ql/test/library-tests/dataflow/taint/CharSeq.java

@@ -0,0 +1,13 @@
+public class CharSeq {
+    public static String taint() { return "tainted"; }
+  
+    public static void sink(Object o) { }
+  
+    void test1() {
+      CharSequence seq = taint().subSequence(0,1);
+      sink(seq);
+  
+      CharSequence seqFromSeq = seq.subSequence(0, 1);
+      sink(seqFromSeq);
+    }
+  }

java/ql/test/library-tests/dataflow/taint/test.expected

@@ -14,29 +14,32 @@
 | B.java:15:21:15:27 | taint(...) | B.java:42:10:42:25 | valueOfSubstring |
 | B.java:15:21:15:27 | taint(...) | B.java:45:10:45:18 | badEscape |
 | B.java:15:21:15:27 | taint(...) | B.java:48:10:48:14 | token |
-| B.java:15:21:15:27 | taint(...) | B.java:65:10:65:13 | cond |
-| B.java:15:21:15:27 | taint(...) | B.java:68:10:68:14 | logic |
-| B.java:15:21:15:27 | taint(...) | B.java:70:10:70:39 | endsWith(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:73:10:73:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:51:10:51:21 | fluentConcat |
+| B.java:15:21:15:27 | taint(...) | B.java:68:10:68:13 | cond |
+| B.java:15:21:15:27 | taint(...) | B.java:71:10:71:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:73:10:73:39 | endsWith(...) |
 | B.java:15:21:15:27 | taint(...) | B.java:76:10:76:14 | logic |
-| B.java:15:21:15:27 | taint(...) | B.java:84:10:84:16 | trimmed |
-| B.java:15:21:15:27 | taint(...) | B.java:86:10:86:14 | split |
-| B.java:15:21:15:27 | taint(...) | B.java:88:10:88:14 | lower |
-| B.java:15:21:15:27 | taint(...) | B.java:90:10:90:14 | upper |
-| B.java:15:21:15:27 | taint(...) | B.java:92:10:92:14 | bytes |
-| B.java:15:21:15:27 | taint(...) | B.java:94:10:94:17 | toString |
-| B.java:15:21:15:27 | taint(...) | B.java:96:10:96:13 | subs |
-| B.java:15:21:15:27 | taint(...) | B.java:98:10:98:13 | repl |
-| B.java:15:21:15:27 | taint(...) | B.java:100:10:100:16 | replAll |
-| B.java:15:21:15:27 | taint(...) | B.java:102:10:102:18 | replFirst |
-| B.java:15:21:15:27 | taint(...) | B.java:115:12:115:25 | serializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:127:12:127:27 | deserializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:136:10:136:21 | taintedArray |
-| B.java:15:21:15:27 | taint(...) | B.java:138:10:138:22 | taintedArray2 |
-| B.java:15:21:15:27 | taint(...) | B.java:140:10:140:22 | taintedArray3 |
-| B.java:15:21:15:27 | taint(...) | B.java:143:10:143:44 | toURL(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:37 | toPath(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:149:10:149:46 | toFile(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:79:10:79:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:87:10:87:16 | trimmed |
+| B.java:15:21:15:27 | taint(...) | B.java:89:10:89:14 | split |
+| B.java:15:21:15:27 | taint(...) | B.java:91:10:91:14 | lower |
+| B.java:15:21:15:27 | taint(...) | B.java:93:10:93:14 | upper |
+| B.java:15:21:15:27 | taint(...) | B.java:95:10:95:14 | bytes |
+| B.java:15:21:15:27 | taint(...) | B.java:97:10:97:17 | toString |
+| B.java:15:21:15:27 | taint(...) | B.java:99:10:99:13 | subs |
+| B.java:15:21:15:27 | taint(...) | B.java:101:10:101:13 | repl |
+| B.java:15:21:15:27 | taint(...) | B.java:103:10:103:16 | replAll |
+| B.java:15:21:15:27 | taint(...) | B.java:105:10:105:18 | replFirst |
+| B.java:15:21:15:27 | taint(...) | B.java:118:12:118:25 | serializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:130:12:130:27 | deserializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:139:10:139:21 | taintedArray |
+| B.java:15:21:15:27 | taint(...) | B.java:141:10:141:22 | taintedArray2 |
+| B.java:15:21:15:27 | taint(...) | B.java:143:10:143:22 | taintedArray3 |
+| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:44 | toURL(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:149:10:149:37 | toPath(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:152:10:152:46 | toFile(...) |
+| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:8:12:8:14 | seq |
+| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:11:12:11:21 | seqFromSeq |
 | MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |
 | MethodFlow.java:9:31:9:37 | taint(...) | MethodFlow.java:10:10:10:17 | tainted2 |
 | MethodFlow.java:11:35:11:41 | taint(...) | MethodFlow.java:12:10:12:17 | tainted3 |