Java: add test for Guice framework support

java/ql/test/library-tests/frameworks/guice/GuiceRequestParameters.java

@@ -0,0 +1,20 @@
+import java.util.Map;
+
+import com.google.inject.Provider;
+import com.google.inject.servlet.RequestParameters;
+
+public class GuiceRequestParameters {
+	@RequestParameters
+	private Map<String,String> paramMap;
+	@RequestParameters
+	private Provider<Map<String,String>> providerMap;
+
+	void test(String key) {
+		String s = paramMap.get(key);
+		sink(s);
+		String value = providerMap.get().get(key);
+		sink(value);
+	}
+
+	private void sink(String s) {}
+}

java/ql/test/library-tests/frameworks/guice/flow.expected

@@ -0,0 +1,2 @@
+| GuiceRequestParameters.java:13:14:13:21 | paramMap | GuiceRequestParameters.java:14:8:14:8 | s |
+| GuiceRequestParameters.java:15:18:15:28 | providerMap | GuiceRequestParameters.java:16:8:16:12 | value |

java/ql/test/library-tests/frameworks/guice/flow.ql

@@ -0,0 +1,23 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.dataflow.TaintTracking
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "conf" }
+
+  override predicate isSource(DataFlow::Node src) {
+    src instanceof RemoteUserInput
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodAccess ma |
+      sink.asExpr() = ma.getAnArgument() and
+      ma.getMethod().hasName("sink")
+    ) and
+    sink.asExpr().getFile().getStem() = "GuiceRequestParameters"
+  }
+}
+
+from Conf c, DataFlow::Node src, DataFlow::Node sink
+where c.hasFlow(src, sink)
+select src, sink

java/ql/test/library-tests/frameworks/guice/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/guice-servlet-4.2.2/:${testdir}/../../../stubs/guice-4.2.2/