Abbreviate redundant value-flow / taint-flow tests

2026-05-01 19:55:15 +02:00 · 2021-03-12 10:53:27 +00:00
parent 82a000bcca
commit 58d5c2c32d
2 changed files with 11 additions and 10 deletions
--- a/java/ql/test/library-tests/frameworks/apache-commons-lang3/ObjectUtilsTest.java
+++ b/java/ql/test/library-tests/frameworks/apache-commons-lang3/ObjectUtilsTest.java
@@ -10,17 +10,17 @@ public class ObjectUtilsTest {
  void sink(Object o) {}

  void test() throws Exception {
-    sink(ObjectUtils.clone(taint())); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.cloneIfPossible(taint())); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.CONST(taint())); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.CONST_SHORT(IntSource.taint())); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasTaintFlow $hasValueFlow
-    sink(ObjectUtils.defaultIfNull(null, taint())); // $hasTaintFlow $hasValueFlow
+    sink(ObjectUtils.clone(taint())); // $hasValueFlow
+    sink(ObjectUtils.cloneIfPossible(taint())); // $hasValueFlow
+    sink(ObjectUtils.CONST(taint())); // $hasValueFlow
+    sink(ObjectUtils.CONST_SHORT(IntSource.taint())); // $hasValueFlow
+    sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasValueFlow
+    sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasValueFlow
+    sink(ObjectUtils.defaultIfNull(null, taint())); // $hasValueFlow
    sink(ObjectUtils.firstNonNull(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.firstNonNull(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.firstNonNull(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.getIfNull(taint(), null)); // $hasTaintFlow $hasValueFlow
+    sink(ObjectUtils.getIfNull(taint(), null)); // $hasValueFlow
    sink(ObjectUtils.max(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.max(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.max(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
@@ -33,9 +33,9 @@ public class ObjectUtilsTest {
    sink(ObjectUtils.mode(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.mode(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
    sink(ObjectUtils.mode(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasTaintFlow $hasValueFlow
+    sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasValueFlow
    sink(ObjectUtils.requireNonEmpty("not null", taint())); // GOOD (message doesn't propagate to the return)
    sink(ObjectUtils.toString(taint(), "default string")); // GOOD (first argument is stringified)
-    sink(ObjectUtils.toString(null, taint())); // $hasTaintFlow $hasValueFlow
+    sink(ObjectUtils.toString(null, taint())); // $hasValueFlow
  }
 }
--- a/java/ql/test/library-tests/frameworks/apache-commons-lang3/flow.ql
+++ b/java/ql/test/library-tests/frameworks/apache-commons-lang3/flow.ql
@@ -34,6 +34,7 @@ class HasFlowTest extends InlineExpectationsTest {
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasTaintFlow" and
    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | conf.hasFlow(src, sink) |
+      not any(ValueFlowConf vconf).hasFlow(src, sink) and
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""