mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
Rename test labels for more clarity
This commit is contained in:
Joe Farebrother
@@ -27,94 +27,94 @@ public class FlowSteps {
|
||||
}
|
||||
|
||||
public static String[] appendSelectionArgs() {
|
||||
String[] originalValues = {taint()}; // $hasTaintFlowStep
|
||||
String[] newValues = {taint()}; // $hasTaintFlowStep
|
||||
String[] originalValues = {taint()}; // $taintReachesReturn
|
||||
String[] newValues = {taint()}; // $taintReachesReturn
|
||||
return DatabaseUtils.appendSelectionArgs(originalValues, newValues);
|
||||
}
|
||||
|
||||
public static String concatenateWhere() {
|
||||
String a = taint(); // $hasTaintFlowStep
|
||||
String b = taint(); // $hasTaintFlowStep
|
||||
String a = taint(); // $taintReachesReturn
|
||||
String b = taint(); // $taintReachesReturn
|
||||
return DatabaseUtils.concatenateWhere(a, b);
|
||||
}
|
||||
|
||||
public static String buildQueryString(MySQLiteQueryBuilder target) {
|
||||
target = taint();
|
||||
boolean distinct = taint();
|
||||
String tables = taint(); // $hasTaintFlowStep
|
||||
String[] columns = {taint()}; // $hasTaintFlowStep
|
||||
String where = taint(); // $hasTaintFlowStep
|
||||
String groupBy = taint(); // $hasTaintFlowStep
|
||||
String having = taint(); // $hasTaintFlowStep
|
||||
String orderBy = taint(); // $hasTaintFlowStep
|
||||
String limit = taint(); // $hasTaintFlowStep
|
||||
String tables = taint(); // $taintReachesReturn
|
||||
String[] columns = {taint()}; // $taintReachesReturn
|
||||
String where = taint(); // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
String orderBy = taint(); // $taintReachesReturn
|
||||
String limit = taint(); // $taintReachesReturn
|
||||
return SQLiteQueryBuilder.buildQueryString(distinct, tables, columns, where, groupBy, having, orderBy, limit);
|
||||
}
|
||||
|
||||
public static String buildQuery(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String[] projectionIn = {taint()};// $hasTaintFlowStep
|
||||
String selection = taint(); // $hasTaintFlowStep
|
||||
String groupBy = taint(); // $hasTaintFlowStep
|
||||
String having = taint(); // $hasTaintFlowStep
|
||||
String sortOrder = taint(); // $hasTaintFlowStep
|
||||
String limit = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] projectionIn = {taint()};// $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
String sortOrder = taint(); // $taintReachesReturn
|
||||
String limit = taint(); // $taintReachesReturn
|
||||
return target.buildQuery(projectionIn, selection, groupBy, having, sortOrder, limit);
|
||||
}
|
||||
|
||||
public static String buildQuery2(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String[] projectionIn = {taint()}; // $hasTaintFlowStep
|
||||
String selection = taint(); // $hasTaintFlowStep
|
||||
String[] selectionArgs = {taint()}; // $hasTaintFlowStep
|
||||
String groupBy = taint(); // $hasTaintFlowStep
|
||||
String having = taint(); // $hasTaintFlowStep
|
||||
String sortOrder = taint(); // $hasTaintFlowStep
|
||||
String limit = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] projectionIn = {taint()}; // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String[] selectionArgs = {taint()}; // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
String sortOrder = taint(); // $taintReachesReturn
|
||||
String limit = taint(); // $taintReachesReturn
|
||||
return target.buildQuery(projectionIn, selection, selectionArgs, groupBy, having, sortOrder, limit);
|
||||
}
|
||||
|
||||
public static String buildUnionQuery(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String[] subQueries = {taint()}; // $hasTaintFlowStep
|
||||
String sortOrder = taint(); // $hasTaintFlowStep
|
||||
String limit = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String[] subQueries = {taint()}; // $taintReachesReturn
|
||||
String sortOrder = taint(); // $taintReachesReturn
|
||||
String limit = taint(); // $taintReachesReturn
|
||||
return target.buildUnionQuery(subQueries, sortOrder, limit);
|
||||
}
|
||||
|
||||
public static String buildUnionSubQuery2(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String typeDiscriminatorColumn = taint(); // $hasTaintFlowStep
|
||||
String[] unionColumns = {taint()}; // $hasTaintFlowStep
|
||||
Set<String> columnsPresentInTable = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String typeDiscriminatorColumn = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $taintReachesReturn
|
||||
Set<String> columnsPresentInTable = taint(); // $taintReachesReturn
|
||||
int computedColumnsOffset = taint();
|
||||
String typeDiscriminatorValue = taint(); // $hasTaintFlowStep
|
||||
String selection = taint(); // $hasTaintFlowStep
|
||||
String[] selectionArgs = {taint()}; // $hasTaintFlowStep
|
||||
String groupBy = taint(); // $hasTaintFlowStep
|
||||
String having = taint(); // $hasTaintFlowStep
|
||||
String typeDiscriminatorValue = taint(); // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String[] selectionArgs = {taint()}; // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
return target.buildUnionSubQuery(typeDiscriminatorColumn, unionColumns, columnsPresentInTable,
|
||||
computedColumnsOffset, typeDiscriminatorValue, selection, selectionArgs, groupBy, having);
|
||||
}
|
||||
|
||||
public static String buildUnionSubQuery3(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String typeDiscriminatorColumn = taint(); // $hasTaintFlowStep
|
||||
String[] unionColumns = {taint()}; // $hasTaintFlowStep
|
||||
Set<String> columnsPresentInTable = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String typeDiscriminatorColumn = taint(); // $taintReachesReturn
|
||||
String[] unionColumns = {taint()}; // $taintReachesReturn
|
||||
Set<String> columnsPresentInTable = taint(); // $taintReachesReturn
|
||||
int computedColumnsOffset = taint();
|
||||
String typeDiscriminatorValue = taint(); // $hasTaintFlowStep
|
||||
String selection = taint(); // $hasTaintFlowStep
|
||||
String groupBy = taint(); // $hasTaintFlowStep
|
||||
String having = taint(); // $hasTaintFlowStep
|
||||
String typeDiscriminatorValue = taint(); // $taintReachesReturn
|
||||
String selection = taint(); // $taintReachesReturn
|
||||
String groupBy = taint(); // $taintReachesReturn
|
||||
String having = taint(); // $taintReachesReturn
|
||||
return target.buildUnionSubQuery(typeDiscriminatorColumn, unionColumns, columnsPresentInTable, computedColumnsOffset,
|
||||
typeDiscriminatorValue, selection, groupBy, having);
|
||||
}
|
||||
|
||||
public static Cursor query(MyContentResolver target) {
|
||||
Uri uri = taint(); // $hasTaintFlowStep
|
||||
Uri uri = taint(); // $taintReachesReturn
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
@@ -122,9 +122,9 @@ public class FlowSteps {
|
||||
}
|
||||
|
||||
public static Cursor query(MyContentProvider target) {
|
||||
Uri uri = taint(); // $hasTaintFlowStep
|
||||
Uri uri = taint(); // $taintReachesReturn
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
@@ -132,54 +132,54 @@ public class FlowSteps {
|
||||
}
|
||||
|
||||
public static Cursor query2(MyContentResolver target) {
|
||||
Uri uri = taint(); // $hasTaintFlowStep
|
||||
Uri uri = taint(); // $taintReachesReturn
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
return target.query(uri, projection, selection, selectionArgs, sortOrder);
|
||||
}
|
||||
|
||||
public static Cursor query2(MyContentProvider target) {
|
||||
Uri uri = taint(); // $hasTaintFlowStep
|
||||
Uri uri = taint(); // $taintReachesReturn
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
return target.query(uri, projection, selection, selectionArgs, sortOrder);
|
||||
}
|
||||
|
||||
public static StringBuilder appendColumns() {
|
||||
StringBuilder s = taint(); // $hasTaintFlowStep
|
||||
String[] columns = {taint()}; // $hasTaintFlowStep
|
||||
StringBuilder s = taint(); // $taintReachesReturn
|
||||
String[] columns = {taint()}; // $taintReachesReturn
|
||||
SQLiteQueryBuilder.appendColumns(s, columns);
|
||||
return s;
|
||||
}
|
||||
|
||||
public static SQLiteQueryBuilder setProjectionMap(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
Map<String, String> columnMap = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
Map<String, String> columnMap = taint(); // $taintReachesReturn
|
||||
target.setProjectionMap(columnMap);
|
||||
return target;
|
||||
}
|
||||
|
||||
public static SQLiteQueryBuilder setTables(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
String inTables = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
String inTables = taint(); // $taintReachesReturn
|
||||
target.setTables(inTables);
|
||||
return target;
|
||||
}
|
||||
|
||||
public static SQLiteQueryBuilder appendWhere(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
CharSequence inWhere = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
CharSequence inWhere = taint(); // $taintReachesReturn
|
||||
target.appendWhere(inWhere);
|
||||
return target;
|
||||
}
|
||||
|
||||
public static SQLiteQueryBuilder appendWhereStandalone(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowStep
|
||||
CharSequence inWhere = taint(); // $hasTaintFlowStep
|
||||
target = taint(); // $taintReachesReturn
|
||||
CharSequence inWhere = taint(); // $taintReachesReturn
|
||||
target.appendWhereStandalone(inWhere);
|
||||
return target;
|
||||
}
|
||||
|
||||
@@ -25,58 +25,58 @@ public class Sinks {
|
||||
}
|
||||
|
||||
public static void compileStatement(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
target.compileStatement(sql);
|
||||
}
|
||||
|
||||
public static void delete1(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.delete(db, selection, selectionArgs);
|
||||
}
|
||||
|
||||
public static void delete(SQLiteDatabase target) {
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String whereClause = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String whereClause = taint(); // $taintReachesSink
|
||||
String[] whereArgs = {taint()};
|
||||
target.delete(table, whereClause, whereArgs);
|
||||
}
|
||||
|
||||
public static void delete(MyContentResolver target) {
|
||||
Uri uri = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.delete(uri, selection, selectionArgs);
|
||||
}
|
||||
|
||||
public static void delete(MyContentProvider target) {
|
||||
Uri uri = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.delete(uri, selection, selectionArgs);
|
||||
}
|
||||
|
||||
public static void execPerConnectionSQL(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
Object[] bindArgs = {taint()};
|
||||
target.execPerConnectionSQL(sql, bindArgs);
|
||||
}
|
||||
|
||||
public static void execSQL(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
target.execSQL(sql);
|
||||
}
|
||||
|
||||
public static void execSQL2(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
Object[] bindArgs = {taint()};
|
||||
target.execSQL(sql, bindArgs);
|
||||
}
|
||||
|
||||
public static void insert(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
ContentValues values = taint();
|
||||
target.insert(db, values);
|
||||
@@ -84,90 +84,90 @@ public class Sinks {
|
||||
|
||||
public static void query(SQLiteDatabase target) {
|
||||
boolean distinct = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
target.query(distinct, table, columns, selection, selectionArgs, groupBy, having, orderBy, limit);
|
||||
}
|
||||
|
||||
public static void query2(SQLiteDatabase target) {
|
||||
boolean distinct = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
target.query(distinct, table, columns, selection, selectionArgs, groupBy, having, orderBy, limit,
|
||||
cancellationSignal);
|
||||
}
|
||||
|
||||
public static void query3(SQLiteDatabase target) {
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
target.query(table, columns, selection, selectionArgs, groupBy, having, orderBy);
|
||||
}
|
||||
|
||||
public static void query4(SQLiteDatabase target) {
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
target.query(table, columns, selection, selectionArgs, groupBy, having, orderBy, limit);
|
||||
}
|
||||
|
||||
public static void query(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
String[] projectionIn = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String sortOrder = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String sortOrder = taint(); // $taintReachesSink
|
||||
target.query(db, projectionIn, selection, selectionArgs, groupBy, having, sortOrder);
|
||||
}
|
||||
|
||||
public static void query2(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
String[] projectionIn = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String sortOrder = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String sortOrder = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
target.query(db, projectionIn, selection, selectionArgs, groupBy, having, sortOrder, limit);
|
||||
}
|
||||
|
||||
public static void query3(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
String[] projectionIn = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String[] projectionIn = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String sortOrder = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String sortOrder = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
target.query(db, projectionIn, selection, selectionArgs, groupBy, having, sortOrder, limit, cancellationSignal);
|
||||
}
|
||||
@@ -175,7 +175,7 @@ public class Sinks {
|
||||
public static void query3(MyContentProvider target) {
|
||||
Uri uri = taint();
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
target.query(uri, projection, selection, selectionArgs, sortOrder);
|
||||
@@ -184,7 +184,7 @@ public class Sinks {
|
||||
public static void query(MyContentProvider target) {
|
||||
Uri uri = taint();
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
@@ -194,7 +194,7 @@ public class Sinks {
|
||||
public static void query3(MyContentResolver target) {
|
||||
Uri uri = taint();
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
target.query(uri, projection, selection, selectionArgs, sortOrder);
|
||||
@@ -203,7 +203,7 @@ public class Sinks {
|
||||
public static void query(MyContentResolver target) {
|
||||
Uri uri = taint();
|
||||
String[] projection = {taint()};
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String sortOrder = taint();
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
@@ -213,14 +213,14 @@ public class Sinks {
|
||||
public static void queryWithFactory(SQLiteDatabase target) {
|
||||
SQLiteDatabase.CursorFactory cursorFactory = taint();
|
||||
boolean distinct = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
target.queryWithFactory(cursorFactory, distinct, table, columns, selection, selectionArgs, groupBy, having,
|
||||
orderBy, limit);
|
||||
}
|
||||
@@ -228,27 +228,27 @@ public class Sinks {
|
||||
public static void queryWithFactory2(SQLiteDatabase target) {
|
||||
SQLiteDatabase.CursorFactory cursorFactory = taint();
|
||||
boolean distinct = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String[] columns = {taint()}; // $ MISSING: hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String[] columns = {taint()}; // $ MISSING: taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String groupBy = taint(); // $hasTaintFlowSink
|
||||
String having = taint(); // $hasTaintFlowSink
|
||||
String orderBy = taint(); // $hasTaintFlowSink
|
||||
String limit = taint(); // $hasTaintFlowSink
|
||||
String groupBy = taint(); // $taintReachesSink
|
||||
String having = taint(); // $taintReachesSink
|
||||
String orderBy = taint(); // $taintReachesSink
|
||||
String limit = taint(); // $taintReachesSink
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
target.queryWithFactory(cursorFactory, distinct, table, columns, selection, selectionArgs, groupBy, having,
|
||||
orderBy, limit, cancellationSignal);
|
||||
}
|
||||
|
||||
public static void rawQuery(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.rawQuery(sql, selectionArgs);
|
||||
}
|
||||
|
||||
public static void rawQuery2(SQLiteDatabase target) {
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
target.rawQuery(sql, selectionArgs, cancellationSignal);
|
||||
@@ -256,7 +256,7 @@ public class Sinks {
|
||||
|
||||
public static void rawQueryWithFactory(SQLiteDatabase target) {
|
||||
SQLiteDatabase.CursorFactory cursorFactory = taint();
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String editTable = taint();
|
||||
target.rawQueryWithFactory(cursorFactory, sql, selectionArgs, editTable);
|
||||
@@ -264,7 +264,7 @@ public class Sinks {
|
||||
|
||||
public static void rawQueryWithFactory2(SQLiteDatabase target) {
|
||||
SQLiteDatabase.CursorFactory cursorFactory = taint();
|
||||
String sql = taint(); // $hasTaintFlowSink
|
||||
String sql = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
String editTable = taint();
|
||||
CancellationSignal cancellationSignal = taint();
|
||||
@@ -272,18 +272,18 @@ public class Sinks {
|
||||
}
|
||||
|
||||
public static void update(MySQLiteQueryBuilder target) {
|
||||
target = taint(); // $hasTaintFlowSink
|
||||
target = taint(); // $taintReachesSink
|
||||
SQLiteDatabase db = taint();
|
||||
ContentValues values = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.update(db, values, selection, selectionArgs);
|
||||
}
|
||||
|
||||
public static void update(SQLiteDatabase target) {
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
ContentValues values = taint();
|
||||
String whereClause = taint(); // $hasTaintFlowSink
|
||||
String whereClause = taint(); // $taintReachesSink
|
||||
String[] whereArgs = {taint()};
|
||||
target.update(table, values, whereClause, whereArgs);
|
||||
}
|
||||
@@ -291,7 +291,7 @@ public class Sinks {
|
||||
public static void update(MyContentResolver target) {
|
||||
Uri uri = taint();
|
||||
ContentValues values = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.update(uri, values, selection, selectionArgs);
|
||||
}
|
||||
@@ -299,15 +299,15 @@ public class Sinks {
|
||||
public static void update(MyContentProvider target) {
|
||||
Uri uri = taint();
|
||||
ContentValues values = taint();
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
target.update(uri, values, selection, selectionArgs);
|
||||
}
|
||||
|
||||
public static void updateWithOnConflict(SQLiteDatabase target) {
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
ContentValues values = taint();
|
||||
String whereClause = taint(); // $hasTaintFlowSink
|
||||
String whereClause = taint(); // $taintReachesSink
|
||||
String[] whereArgs = {taint()};
|
||||
int conflictAlgorithm = taint();
|
||||
target.updateWithOnConflict(table, values, whereClause, whereArgs, conflictAlgorithm);
|
||||
@@ -315,15 +315,15 @@ public class Sinks {
|
||||
|
||||
public static void queryNumEntries() {
|
||||
SQLiteDatabase db = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
DatabaseUtils.queryNumEntries(db, table, selection);
|
||||
}
|
||||
|
||||
public static void queryNumEntries2() {
|
||||
SQLiteDatabase db = taint();
|
||||
String table = taint(); // $hasTaintFlowSink
|
||||
String selection = taint(); // $hasTaintFlowSink
|
||||
String table = taint(); // $taintReachesSink
|
||||
String selection = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
DatabaseUtils.queryNumEntries(db, table, selection, selectionArgs);
|
||||
}
|
||||
@@ -332,27 +332,27 @@ public class Sinks {
|
||||
Context context = taint();
|
||||
String dbName = taint();
|
||||
int dbVersion = taint();
|
||||
String sqlStatements = taint(); // $hasTaintFlowSink
|
||||
String sqlStatements = taint(); // $taintReachesSink
|
||||
DatabaseUtils.createDbFromSqlStatements(context, dbName, dbVersion, sqlStatements);
|
||||
}
|
||||
|
||||
public static void blobFileDescriptorForQuery() {
|
||||
SQLiteDatabase db = taint();
|
||||
String query = taint(); // $hasTaintFlowSink
|
||||
String query = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
DatabaseUtils.blobFileDescriptorForQuery(db, query, selectionArgs);
|
||||
}
|
||||
|
||||
public static void longForQuery() {
|
||||
SQLiteDatabase db = taint();
|
||||
String query = taint(); // $hasTaintFlowSink
|
||||
String query = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
DatabaseUtils.longForQuery(db, query, selectionArgs);
|
||||
}
|
||||
|
||||
public static void stringForQuery() {
|
||||
SQLiteDatabase db = taint();
|
||||
String query = taint(); // $hasTaintFlowSink
|
||||
String query = taint(); // $taintReachesSink
|
||||
String[] selectionArgs = {taint()};
|
||||
DatabaseUtils.stringForQuery(db, query, selectionArgs);
|
||||
}
|
||||
|
||||
@@ -17,10 +17,10 @@ class Conf extends TaintTracking::Configuration {
|
||||
class FlowStepTest extends InlineExpectationsTest {
|
||||
FlowStepTest() { this = "FlowStepTest" }
|
||||
|
||||
override string getARelevantTag() { result = "hasTaintFlowStep" }
|
||||
override string getARelevantTag() { result = "taintReachesReturn" }
|
||||
|
||||
override predicate hasActualResult(Location l, string element, string tag, string value) {
|
||||
tag = "hasTaintFlowStep" and
|
||||
tag = "taintReachesReturn" and
|
||||
value = "" and
|
||||
exists(Conf conf, DataFlow::Node source, DataFlow::Node sink |
|
||||
conf.hasFlow(source, sink) and
|
||||
|
||||
@@ -17,10 +17,10 @@ class Conf extends TaintTracking::Configuration {
|
||||
class SinkTest extends InlineExpectationsTest {
|
||||
SinkTest() { this = "SinkTest" }
|
||||
|
||||
override string getARelevantTag() { result = "hasTaintFlowSink" }
|
||||
override string getARelevantTag() { result = "taintReachesSink" }
|
||||
|
||||
override predicate hasActualResult(Location l, string element, string tag, string value) {
|
||||
tag = "hasTaintFlowSink" and
|
||||
tag = "taintReachesSink" and
|
||||
value = "" and
|
||||
exists(Conf conf, DataFlow::Node source, DataFlow::Node sink |
|
||||
conf.hasFlow(source, sink) and
|
||||
|
||||
Reference in New Issue
Block a user