hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add test case for StringEscapeUtils.escapeJson() taint step.

Browse Source
This commit is contained in:
Sebastian Bauersfeld
2022-01-13 11:18:12 +07:00
parent e2a9ced691
commit 39b6678b7d
3 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/test/library-tests/frameworks/apache-commons-lang3/StringEscapeUtilsTest.java Normal file
View File

@@ -0,0 +1,11 @@
import org.apache.commons.lang3.StringEscapeUtils;
public class StringEscapeUtilsTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
sink(StringEscapeUtils.escapeJson(taint())); // $hasTaintFlow
}
}

42
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/StringEscapeUtils.java generated Normal file
View File

@@ -0,0 +1,42 @@
// Generated automatically from org.apache.commons.lang3.StringEscapeUtils for testing purposes
package org.apache.commons.lang3;
import org.apache.commons.lang3.text.translate.CharSequenceTranslator;
public class StringEscapeUtils
{
public StringEscapeUtils(){}
public static CharSequenceTranslator ESCAPE_CSV = null;
public static CharSequenceTranslator ESCAPE_ECMASCRIPT = null;
public static CharSequenceTranslator ESCAPE_HTML3 = null;
public static CharSequenceTranslator ESCAPE_HTML4 = null;
public static CharSequenceTranslator ESCAPE_JAVA = null;
public static CharSequenceTranslator ESCAPE_JSON = null;
public static CharSequenceTranslator ESCAPE_XML = null;
public static CharSequenceTranslator ESCAPE_XML10 = null;
public static CharSequenceTranslator ESCAPE_XML11 = null;
public static CharSequenceTranslator UNESCAPE_CSV = null;
public static CharSequenceTranslator UNESCAPE_ECMASCRIPT = null;
public static CharSequenceTranslator UNESCAPE_HTML3 = null;
public static CharSequenceTranslator UNESCAPE_HTML4 = null;
public static CharSequenceTranslator UNESCAPE_JAVA = null;
public static CharSequenceTranslator UNESCAPE_JSON = null;
public static CharSequenceTranslator UNESCAPE_XML = null;
public static String escapeCsv(String p0){ return null; }
public static String escapeEcmaScript(String p0){ return null; }
public static String escapeHtml3(String p0){ return null; }
public static String escapeHtml4(String p0){ return null; }
public static String escapeJava(String p0){ return null; }
public static String escapeJson(String p0){ return null; }
public static String escapeXml(String p0){ return null; }
public static String escapeXml10(String p0){ return null; }
public static String escapeXml11(String p0){ return null; }
public static String unescapeCsv(String p0){ return null; }
public static String unescapeEcmaScript(String p0){ return null; }
public static String unescapeHtml3(String p0){ return null; }
public static String unescapeHtml4(String p0){ return null; }
public static String unescapeJava(String p0){ return null; }
public static String unescapeJson(String p0){ return null; }
public static String unescapeXml(String p0){ return null; }
}

15
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/text/translate/CharSequenceTranslator.java generated Normal file
View File

@@ -0,0 +1,15 @@
// Generated automatically from org.apache.commons.lang3.text.translate.CharSequenceTranslator for testing purposes
package org.apache.commons.lang3.text.translate;
import java.io.Writer;
abstract public class CharSequenceTranslator
{
public CharSequenceTranslator(){}
public abstract int translate(CharSequence p0, int p1, Writer p2);
public final CharSequenceTranslator with(CharSequenceTranslator... p0){ return null; }
public final String translate(CharSequence p0){ return null; }
public final void translate(CharSequence p0, Writer p1){}
public static String hex(int p0){ return null; }
}