Java: add test for Guice framework support

java/ql/test/library-tests/frameworks/guice/GuiceRequestParameters.java

@@ -0,0 +1,20 @@
+import java.util.Map;
+
+import com.google.inject.Provider;
+import com.google.inject.servlet.RequestParameters;
+
+public class GuiceRequestParameters {
+	@RequestParameters
+	private Map<String,String> paramMap;
+	@RequestParameters
+	private Provider<Map<String,String>> providerMap;
+
+	void test(String key) {
+		String s = paramMap.get(key);
+		sink(s);
+		String value = providerMap.get().get(key);
+		sink(value);
+	}
+
+	private void sink(String s) {}
+}

java/ql/test/library-tests/frameworks/guice/flow.expected

@@ -0,0 +1,2 @@
+| GuiceRequestParameters.java:13:14:13:21 | paramMap | GuiceRequestParameters.java:14:8:14:8 | s |
+| GuiceRequestParameters.java:15:18:15:28 | providerMap | GuiceRequestParameters.java:16:8:16:12 | value |

java/ql/test/library-tests/frameworks/guice/flow.ql

@@ -0,0 +1,23 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.dataflow.TaintTracking
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "conf" }
+
+  override predicate isSource(DataFlow::Node src) {
+    src instanceof RemoteUserInput
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodAccess ma |
+      sink.asExpr() = ma.getAnArgument() and
+      ma.getMethod().hasName("sink")
+    ) and
+    sink.asExpr().getFile().getStem() = "GuiceRequestParameters"
+  }
+}
+
+from Conf c, DataFlow::Node src, DataFlow::Node sink
+where c.hasFlow(src, sink)
+select src, sink

java/ql/test/library-tests/frameworks/guice/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/guice-servlet-4.2.2/:${testdir}/../../../stubs/guice-4.2.2/

java/ql/test/stubs/guice-4.2.2/com/google/inject/Provider.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2006 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Adapted from Guice version 4.2.2 as available at
+ *   https://search.maven.org/classic/remotecontent?filepath=com/google/inject/guice/4.2.2/guice-4.2.2-sources.jar
+ * Only relevant stubs of this file have been retained for test purposes.
+ */
+
+package com.google.inject;
+
+/**
+ * An object capable of providing instances of type {@code T}. Providers are used in numerous ways
+ * by Guice:
+ *
+ * <ul>
+ * <li>When the default means for obtaining instances (an injectable or parameterless constructor)
+ *     is insufficient for a particular binding, the module can specify a custom {@code Provider}
+ *     instead, to control exactly how Guice creates or obtains instances for the binding.
+ * <li>An implementation class may always choose to have a {@code Provider<T>} instance injected,
+ *     rather than having a {@code T} injected directly. This may give you access to multiple
+ *     instances, instances you wish to safely mutate and discard, instances which are out of scope
+ *     (e.g. using a {@code @RequestScoped} object from within a {@code @SessionScoped} object), or
+ *     instances that will be initialized lazily.
+ * <li>A custom {@link Scope} is implemented as a decorator of {@code Provider<T>}, which decides
+ *     when to delegate to the backing provider and when to provide the instance some other way.
+ * <li>The {@link Injector} offers access to the {@code Provider<T>} it uses to fulfill requests for
+ *     a given key, via the {@link Injector#getProvider} methods.
+ * </ul>
+ *
+ * @param <T> the type of object this provides
+ * @author crazybob@google.com (Bob Lee)
+ */
+public interface Provider<T> {
+
+  /**
+   * Provides an instance of {@code T}.
+   *
+   * @throws OutOfScopeException when an attempt is made to access a scoped object while the scope
+   *     in question is not currently active
+   * @throws ProvisionException if an instance cannot be provided. Such exceptions include messages
+   *     and throwables to describe why provision failed.
+   */
+  T get();
+}

java/ql/test/stubs/guice-servlet-4.2.2/com/google/inject/servlet/RequestParameters.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2006 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Adapted from Guice Servlet version 4.2.2 as available at
+ *   https://search.maven.org/classic/remotecontent?filepath=com/google/inject/extensions/guice-servlet/4.2.2/guice-servlet-4.2.2-sources.jar
+ * Only relevant stubs of this file have been retained for test purposes.
+ */
+
+package com.google.inject.servlet;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Apply this to field or parameters of type {@code Map<String, String[]>} when you want the HTTP
+ * request parameter map to be injected.
+ *
+ * @author crazybob@google.com (Bob Lee)
+ */
+@Retention(RUNTIME)
+@Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
+public @interface RequestParameters {}