Java: Add some threat model dataflow tests.

2025-12-22 11:46:32 +01:00 · 2023-09-28 09:37:23 +02:00
parent 537965c0e8
commit 5c700afa27
16 changed files with 387 additions and 0 deletions
--- a/java/ql/test/library-tests/dataflow/threat-models/Test.qll
+++ b/java/ql/test/library-tests/dataflow/threat-models/Test.qll
@@ -0,0 +1,13 @@
 private import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.TaintTracking
 private module ThreatModelConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
  predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
 }
 module ThreatModel = TaintTracking::Global<ThreatModelConfig>;
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
@@ -0,0 +1,28 @@
 edges
 | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] |
 | Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String |
 nodes
 | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |
 | Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] |
 subpaths
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String |
 #select
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... |
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ext.yml
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ext.yml
@@ -0,0 +1,14 @@
 extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: supportedThreatModels
    data: []
  - addsTo:
      pack: codeql/java-all
      extensible: sourceModel
    data:
      - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
      - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"]
      - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"]
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql
@@ -0,0 +1,10 @@
 /**
 * This is a dataflow test using the "default" threat model.
 */
 import Test
 import ThreatModel::PathGraph
 from ThreatModel::PathNode source, ThreatModel::PathNode sink
 where ThreatModel::flowPath(source, sink)
 select source, sink
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
@@ -0,0 +1,35 @@
 edges
 | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] |
 | Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
 nodes
 | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |
 | Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String |
 | Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:36:36:36:41 | result | semmle.label | result |
 subpaths
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String |
 #select
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ext.yml
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ext.yml
@@ -0,0 +1,15 @@
 extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: supportedThreatModels
    data:
      - ["database"]
  - addsTo:
      pack: codeql/java-all
      extensible: sourceModel
    data:
      - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
      - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"]
      - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"]
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql
@@ -0,0 +1,11 @@
 /**
 * This is a dataflow test using the "default" threat model with the
 * addition of "database".
 */
 import Test
 import ThreatModel::PathGraph
 from ThreatModel::PathNode source, ThreatModel::PathNode sink
 where ThreatModel::flowPath(source, sink)
 select source, sink
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected
@@ -0,0 +1,61 @@
 edges
 | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] |
 | Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] |
 | Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) |
 nodes
 | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |
 | Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String |
 | Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:36:36:36:41 | result | semmle.label | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String |
 | Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:47:36:47:41 | result | semmle.label | result |
 | Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream |
 | Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] |
 subpaths
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) |
 #select
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) |
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ext.yml
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ext.yml
@@ -0,0 +1,15 @@
 extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: supportedThreatModels
    data:
      - ["local"]
  - addsTo:
      pack: codeql/java-all
      extensible: sourceModel
    data:
      - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
      - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"]
      - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"]
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql
@@ -0,0 +1,11 @@
 /**
 * This is a dataflow test using the "default" threat model with the
 * addition of the threat model group "local".
 */
 import Test
 import ThreatModel::PathGraph
 from ThreatModel::PathNode source, ThreatModel::PathNode sink
 where ThreatModel::flowPath(source, sink)
 select source, sink
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected
@@ -0,0 +1,68 @@
 edges
 | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] |
 | Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... |
 | Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] |
 | Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) |
 nodes
 | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |
 | Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:30:21:30:61 | executeQuery(...) : String | semmle.label | executeQuery(...) : String |
 | Test.java:33:26:33:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:36:36:36:41 | result | semmle.label | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String |
 | Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:47:36:47:41 | result | semmle.label | result |
 | Test.java:52:21:52:47 | getCustom(...) : String | semmle.label | getCustom(...) : String |
 | Test.java:55:26:55:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:58:36:58:41 | result | semmle.label | result |
 | Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream |
 | Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] |
 subpaths
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) |
 #select
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... |
 | Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... |
 | Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) |
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ext.yml
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ext.yml
@@ -0,0 +1,15 @@
 extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: supportedThreatModels
    data:
      - ["all"]
  - addsTo:
      pack: codeql/java-all
      extensible: sourceModel
    data:
      - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
      - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"]
      - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"]
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql
@@ -0,0 +1,10 @@
 /**
 * This is a dataflow test using "all" threat models.
 */
 import Test
 import ThreatModel::PathGraph
 from ThreatModel::PathNode source, ThreatModel::PathNode sink
 where ThreatModel::flowPath(source, sink)
 select source, sink
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected
@@ -0,0 +1,54 @@
 edges
 | Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] |
 | Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] |
 | Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] |
 | Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] |
 | Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) |
 nodes
 | Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |
 | Test.java:11:23:11:26 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
 | Test.java:19:32:19:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:22:36:22:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:22:49:22:52 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:25:26:25:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:25:56:25:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:25:69:25:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:41:21:41:49 | readEnv(...) : String | semmle.label | readEnv(...) : String |
 | Test.java:44:26:44:68 | ... + ... | semmle.label | ... + ... |
 | Test.java:47:36:47:41 | result | semmle.label | result |
 | Test.java:64:5:64:13 | System.in : InputStream | semmle.label | System.in : InputStream |
 | Test.java:64:20:64:23 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
 | Test.java:67:26:67:80 | ... + ... | semmle.label | ... + ... |
 | Test.java:67:56:67:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | semmle.label | data : byte[] |
 | Test.java:70:36:70:53 | byteToString(...) | semmle.label | byteToString(...) |
 | Test.java:70:49:70:52 | data : byte[] | semmle.label | data : byte[] |
 subpaths
 | Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:25:56:25:73 | byteToString(...) : String |
 | Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:67:56:67:73 | byteToString(...) : String |
 | Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | Test.java:70:36:70:53 | byteToString(...) |
 #select
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:22:36:22:53 | byteToString(...) |
 | Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:25:26:25:80 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... |
 | Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:67:26:67:80 | ... + ... |
 | Test.java:64:5:64:13 | System.in : InputStream | Test.java:70:36:70:53 | byteToString(...) |
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ext.yml
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ext.yml
@@ -0,0 +1,16 @@
 extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: supportedThreatModels
    data:
      - ["environment"]
      - ["cli"]
  - addsTo:
      pack: codeql/java-all
      extensible: sourceModel
    data:
      - ["testlib", "TestSources", False, "executeQuery", "(String)", "", "ReturnValue", "database", "manual"]
      - ["testlib", "TestSources", False, "readEnv", "(String)", "", "ReturnValue", "environment", "manual"]
      - ["testlib", "TestSources", False, "getCustom", "(String)", "", "ReturnValue", "custom", "manual"]
--- a/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql
+++ b/java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql
@@ -0,0 +1,11 @@
 /**
 * This is a dataflow test using the "default" threat model with the
 * addition of "environment" and "cli".
 */
 import Test
 import ThreatModel::PathGraph
 from ThreatModel::PathNode source, ThreatModel::PathNode sink
 where ThreatModel::flowPath(source, sink)
 select source, sink