Add test for missing WhenExpr flow

2026-04-29 18:55:14 +02:00 · 2022-03-03 11:20:02 +01:00
parent d4701d72d9
commit 5979981199
3 changed files with 40 additions and 0 deletions
--- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/WhenExpr.kt
+++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/WhenExpr.kt
@@ -0,0 +1,14 @@
+class WhenExpr {
+  fun taint() = Uri()
+
+  fun sink(s: String) { }
+
+  fun bad() {
+    val s0 = taint()
+    sink(s0?.getQueryParameter())
+  }
+}
+
+class Uri {
+    fun getQueryParameter() = "tainted"
+}
--- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.expected
+++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.expected
@@ -0,0 +1 @@
+| NotNullExpr.kt:7:14:7:20 | taint(...) | NotNullExpr.kt:8:15:8:33 | getQueryParameter(...) |
--- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
@@ -0,0 +1,25 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.ExternalFlow
+
+class Step extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = ";Uri;false;getQueryParameter;;;Argument[-1];ReturnValue;taint"
+  }
+}
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "qltest:notNullExprFlow" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod().hasName("taint")
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
+  }
+}
+
+from DataFlow::Node src, DataFlow::Node sink, Conf conf
+where conf.hasFlow(src, sink)
+select src, sink
				`@@ -0,0 +1 @@`
				`\| NotNullExpr.kt:7:14:7:20 \| taint(...) \| NotNullExpr.kt:8:15:8:33 \| getQueryParameter(...) \|`