Add test case

2026-04-25 16:55:19 +02:00 · 2020-04-24 19:57:00 +02:00
parent 9742d3892d
commit 31e284a707
13 changed files with 658 additions and 0 deletions
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/Test.java
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/Test.java
@@ -0,0 +1,33 @@
+import org.apache.commons.codec.Encoder;
+import org.apache.commons.codec.Decoder;
+import org.apache.commons.codec.BinaryEncoder;
+import org.apache.commons.codec.BinaryDecoder;
+import org.apache.commons.codec.StringEncoder;
+import org.apache.commons.codec.StringDecoder;
+
+
+
+class Test {
+	public static void taintSteps(
+		Decoder decoder,
+		Encoder encoder,
+		StringEncoder stringEncoder,
+		StringDecoder stringDecoder,
+		BinaryEncoder binEncoder,
+		BinaryDecoder binDecoder) throws Exception {
+		String string1 = "hello";
+                String string2 = "world";
+
+		byte [] bytes1 = new byte[0];
+                byte [] bytes2 = new byte[0];
+
+		Object obj1 = decoder.decode(string2);
+                Object obj2 = encoder.encode(bytes2);
+
+		string1 = stringDecoder.decode(string2);
+		string1 = stringEncoder.encode(string2);
+
+		bytes1 = binEncoder.encode(bytes2);
+		bytes1 = binDecoder.decode(bytes2);
+	}
+}
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.expected
@@ -0,0 +1,6 @@
+| Test.java:24:32:24:38 | string2 | Test.java:24:17:24:39 | decode(...) |
+| Test.java:25:46:25:51 | bytes2 | Test.java:25:31:25:52 | encode(...) |
+| Test.java:27:34:27:40 | string2 | Test.java:27:13:27:41 | decode(...) |
+| Test.java:28:34:28:40 | string2 | Test.java:28:13:28:41 | encode(...) |
+| Test.java:30:30:30:35 | bytes2 | Test.java:30:12:30:36 | encode(...) |
+| Test.java:31:30:31:35 | bytes2 | Test.java:31:12:31:36 | decode(...) |
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql
@@ -0,0 +1,6 @@
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.internal.TaintTrackingUtil
+
+from DataFlow::Node src, DataFlow::Node sink
+where localAdditionalTaintStep(src, sink)
+select src, sink
--- a/java/ql/test/library-tests/dataflow/local-additional-taint/options
+++ b/java/ql/test/library-tests/dataflow/local-additional-taint/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-codec-1.14
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-codec-1.14`