mirror of
https://github.com/github/codeql.git
synced 2026-05-05 21:55:19 +02:00
Java: Adjust some tests.
This commit is contained in:
Anders Schack-Mulligen
@@ -1,10 +1,10 @@
|
||||
invalidModelRow
|
||||
#select
|
||||
| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) | qltest |
|
||||
| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] | qltest |
|
||||
| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] | qltest |
|
||||
| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] | qltest |
|
||||
| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] | qltest |
|
||||
| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) | qltest |
|
||||
| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) | qltest |
|
||||
| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] | qltest |
|
||||
| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) |
|
||||
| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] |
|
||||
| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] |
|
||||
| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] |
|
||||
| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] |
|
||||
| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) |
|
||||
| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) |
|
||||
| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] |
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.ExternalFlow
|
||||
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
||||
import CsvValidation
|
||||
|
||||
class SummaryModelTest extends SummaryModelCsv {
|
||||
@@ -8,15 +9,15 @@ class SummaryModelTest extends SummaryModelCsv {
|
||||
row =
|
||||
[
|
||||
//"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
|
||||
"my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;qltest",
|
||||
"my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];qltest",
|
||||
"my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];qltest",
|
||||
"my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;qltest",
|
||||
"my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];qltest"
|
||||
"my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;taint",
|
||||
"my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];taint",
|
||||
"my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];taint",
|
||||
"my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;taint",
|
||||
"my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];taint"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
from DataFlow::Node node1, DataFlow::Node node2, string kind
|
||||
where summaryStep(node1, node2, kind)
|
||||
select node1, node2, kind
|
||||
from DataFlow::Node node1, DataFlow::Node node2
|
||||
where FlowSummaryImpl::Private::Steps::summaryThroughStep(node1, node2, false)
|
||||
select node1, node2
|
||||
|
||||
@@ -1,8 +1,12 @@
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.internal.TaintTrackingUtil
|
||||
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
||||
|
||||
from DataFlow::Node src, DataFlow::Node sink
|
||||
where
|
||||
localAdditionalTaintStep(src, sink) and
|
||||
src.getLocation().getFile().getExtension() = "java"
|
||||
(
|
||||
localAdditionalTaintStep(src, sink) or
|
||||
FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
|
||||
) and
|
||||
not FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
|
||||
select src, sink
|
||||
|
||||
@@ -17,22 +17,22 @@ public class ObjectUtilsTest {
|
||||
sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasValueFlow
|
||||
sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasValueFlow
|
||||
sink(ObjectUtils.defaultIfNull(null, taint())); // $hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(taint(), null, null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(null, taint(), null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.firstNonNull(null, null, taint())); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.getIfNull(taint(), null)); // $hasValueFlow
|
||||
sink(ObjectUtils.max(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.max(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.max(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median((String)null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median((String)null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
|
||||
sink(ObjectUtils.max(taint(), null, null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.max(null, taint(), null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.max(null, null, taint())); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median(taint(), null, null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median((String)null, taint(), null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.median((String)null, null, taint())); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(taint(), null, null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(null, taint(), null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.min(null, null, taint())); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(taint(), null, null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(null, taint(), null)); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.mode(null, null, taint())); // $ MISSING:hasValueFlow
|
||||
sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasValueFlow
|
||||
sink(ObjectUtils.requireNonEmpty("not null", taint())); // GOOD (message doesn't propagate to the return)
|
||||
sink(ObjectUtils.toString(taint(), "default string")); // GOOD (first argument is stringified)
|
||||
|
||||
@@ -18,7 +18,7 @@ class TestBase {
|
||||
sink(Strings.lenientFormat(x, 3)); // $numTaintFlow=1
|
||||
sink(Strings.commonPrefix(x, "abc"));
|
||||
sink(Strings.commonSuffix(x, "cde"));
|
||||
sink(Strings.lenientFormat("%s = %s", x, 3)); // $numTaintFlow=1
|
||||
sink(Strings.lenientFormat("%s = %s", x, 3)); // $ MISSING:numTaintFlow=1
|
||||
}
|
||||
|
||||
void test2() {
|
||||
@@ -60,4 +60,4 @@ class TestBase {
|
||||
void test4() {
|
||||
sink(Preconditions.checkNotNull(taint())); // $numTaintFlow=1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user