diff --git a/java/ql/src/semmle/code/java/frameworks/guava/IO.qll b/java/ql/src/semmle/code/java/frameworks/guava/IO.qll index 8d8dc2b8ebf..9fe05fa6376 100644 --- a/java/ql/src/semmle/code/java/frameworks/guava/IO.qll +++ b/java/ql/src/semmle/code/java/frameworks/guava/IO.qll @@ -25,6 +25,7 @@ private class GuavaIoCsv extends SummaryModelCsv { "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint", "com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint", "com.google.common.io;ByteSource;true;concat;;;Argument[0];ReturnValue;taint", + "com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint", "com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint", "com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint", "com.google.common.io;ByteSource;true;read;();;Argument[-1];ReturnValue;taint", diff --git a/java/ql/test/library-tests/frameworks/guava/TestIO.java b/java/ql/test/library-tests/frameworks/guava/TestIO.java index 797e1700913..6d333b4ca2b 100644 --- a/java/ql/test/library-tests/frameworks/guava/TestIO.java +++ b/java/ql/test/library-tests/frameworks/guava/TestIO.java @@ -5,6 +5,7 @@ import java.io.InputStreamReader; import java.io.Reader; import java.lang.StringBuffer; import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.Closeable; import java.nio.file.Path; @@ -40,6 +41,9 @@ class TestIO { sink(ByteSource.concat(ByteSource.empty(), ByteSource.empty(), b)); // $numTaintFlow=1 sink(ByteSource.concat(ImmutableList.of(ByteSource.empty(), ByteSource.empty(), b))); // $numTaintFlow=1 sink(b.read(new MyByteProcessor())); // $ MISSING:numTaintFlow=1 + ByteArrayOutputStream out = new ByteArrayOutputStream(); + b.copyTo(out); + sink(out.toByteArray()); // $numTaintFlow=1 CharSource c = CharSource.wrap(staint()); sink(c.openStream()); // $numTaintFlow=1