Merge pull request #16861 from michaelnebel/modelgen/sourcesinklift

C#/Java: Do not lift source and sink models.
2026-04-25 08:45:14 +02:00 · 2024-07-02 08:50:31 +02:00
parent b4707abf4c 9cb7018215
commit 25b20186af
17 changed files with 183 additions and 42 deletions
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
@@ -5,6 +5,7 @@ extensions:
      extensible: sinkModel
    data:
      - [ "p", "Sinks", False, "sink", "(Object)", "", "Argument[0]", "test-sink", "manual" ]
+      - [ "p", "Sinks", False, "sink2", "(Object)", "", "Argument[0]", "test-sink2", "manual" ]
      - [ "p", "Sinks", False, "manualSinkAlreadyDefined", "(Object)", "", "Argument[0]", "test-sink", "manual" ]

  - addsTo:
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml
@@ -5,6 +5,7 @@ extensions:
      extensible: sourceModel
    data:
      - [ "p", "Sources", False, "source", "()", "", "ReturnValue", "test-source", "manual" ]
+      - [ "p", "Sources", False, "source2", "()", "", "ReturnValue", "test-source2", "manual" ]
      - [ "p", "Sources", False, "manualSourceAlreadyDefined", "()", "", "ReturnValue", "test-source", "manual" ]

  - addsTo:
--- a/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/ImplOfExternalSPI.java
@@ -6,7 +6,7 @@ import java.nio.file.Files;

 public class ImplOfExternalSPI extends AbstractImplOfExternalSPI {

-  // sink=p;AbstractImplOfExternalSPI;true;accept;(File);;Argument[0];path-injection;df-generated
+  // sink=p;ImplOfExternalSPI;true;accept;(File);;Argument[0];path-injection;df-generated
  // neutral=p;ImplOfExternalSPI;accept;(File);summary;df-generated
  @Override
  public boolean accept(File pathname) {
--- a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
@@ -29,7 +29,6 @@ public class PrivateFlowViaPublicInterface {
    }

    // summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated
-    // sink=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated
    @Override
    public OutputStream openStream() throws IOException {
      return new FileOutputStream(file);
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
@@ -17,6 +17,10 @@ public class Sinks {
  // neutral=p;Sinks;sink;(Object);summary;df-generated
  public void sink(Object o) {}

+  // Defined as a sink in the model file next to the test.
+  // neutral=p;Sinks;sink2;(Object);summary;df-generated
+  public void sink2(Object o) {}
+
  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated
  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated
  // neutral=p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated
@@ -77,4 +81,27 @@ public class Sinks {
  public void manualSinkAlreadyDefined(Object o) {
    sink(o);
  }
+
+  public abstract class DataWriter {
+    // neutral=p;Sinks$DataWriter;write;(String);summary;df-generated
+    public abstract void write(String s);
+  }
+
+  public class DataWriterKind1 extends DataWriter {
+    // sink=p;Sinks$DataWriterKind1;true;write;(String);;Argument[0];test-sink;df-generated
+    // neutral=p;Sinks$DataWriterKind1;write;(String);summary;df-generated
+    @Override
+    public void write(String s) {
+      sink(s);
+    }
+  }
+
+  public class DataWriterKind2 extends DataWriter {
+    // sink=p;Sinks$DataWriterKind2;true;write;(String);;Argument[0];test-sink2;df-generated
+    // neutral=p;Sinks$DataWriterKind2;write;(String);summary;df-generated
+    @Override
+    public void write(String s) {
+      sink2(s);
+    }
+  }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
@@ -14,6 +14,12 @@ public class Sources {
    return "";
  }

+  // Defined as a source in the model file next to the test.
+  // neutral=p;Sources;source2;();summary;df-generated
+  public String source2() {
+    return "";
+  }
+
  // source=p;Sources;true;readUrl;(URL);;ReturnValue;remote;df-generated
  // sink=p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated
  // neutral=p;Sources;readUrl;(URL);summary;df-generated
@@ -79,4 +85,27 @@ public class Sources {
  public String manualSourceAlreadyDefined() {
    return source();
  }
+
+  public abstract class DataReader {
+    // neutral=p;Sources$DataReader;read;();summary;df-generated
+    public abstract String read();
+  }
+
+  public class DataReaderKind1 extends DataReader {
+    // source=p;Sources$DataReaderKind1;true;read;();;ReturnValue;test-source;df-generated
+    // neutral=p;Sources$DataReaderKind1;read;();summary;df-generated
+    @Override
+    public String read() {
+      return source();
+    }
+  }
+
+  public class DataReaderKind2 extends DataReader {
+    // source=p;Sources$DataReaderKind2;true;read;();;ReturnValue;test-source2;df-generated
+    // neutral=p;Sources$DataReaderKind2;read;();summary;df-generated
+    @Override
+    public String read() {
+      return source2();
+    }
+  }
 }