mirror of
https://github.com/github/codeql.git
synced 2026-05-01 03:35:13 +02:00
Replace hasTaintFlow=y with hasTaintFlow everywhere
This commit is contained in:
Chris Smowton
@@ -60,13 +60,13 @@ public class Test {
|
||||
public static void testModel1() {
|
||||
Test t = new Test();
|
||||
t.indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
|
||||
sink(t.get()); // $hasTaintFlow=y
|
||||
sink(t.get()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
public static void testModel2() {
|
||||
Test t = new Test();
|
||||
Test.modelledIdentity(t).indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
|
||||
sink(t.get()); // $hasTaintFlow=y
|
||||
sink(t.get()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ class StrLookupTest {
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
map.put("key", taint());
|
||||
StrLookup<String> lookup = StrLookup.mapLookup(map);
|
||||
sink(lookup.lookup("key")); // $hasTaintFlow=y
|
||||
sink(lookup.lookup("key")); // $hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,66 +17,66 @@ class StrSubstitutorTest {
|
||||
StrLookup<String> taintedLookup = StrLookup.mapLookup(taintedMap);
|
||||
|
||||
// Test constructors:
|
||||
StrSubstitutor ss1 = new StrSubstitutor(); ss1.setVariableResolver(taintedLookup); sink(ss1.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss2 = new StrSubstitutor(taintedMap); sink(ss2.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss3 = new StrSubstitutor(taintedMap, "{", "}"); sink(ss3.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss4 = new StrSubstitutor(taintedMap, "{", "}", ' '); sink(ss4.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss5 = new StrSubstitutor(taintedMap, "{", "}", ' ', ","); sink(ss5.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss6 = new StrSubstitutor(taintedLookup); sink(ss6.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss7 = new StrSubstitutor(taintedLookup, "{", "}", ' '); sink(ss7.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss8 = new StrSubstitutor(taintedLookup, "{", "}", ' ', ","); sink(ss8.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss9 = new StrSubstitutor(taintedLookup, (StrMatcher)null, null, ' '); sink(ss9.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss10 = new StrSubstitutor(taintedLookup, (StrMatcher)null, null, ' ', null); sink(ss10.replace("input")); // $hasTaintFlow=y
|
||||
StrSubstitutor ss1 = new StrSubstitutor(); ss1.setVariableResolver(taintedLookup); sink(ss1.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss2 = new StrSubstitutor(taintedMap); sink(ss2.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss3 = new StrSubstitutor(taintedMap, "{", "}"); sink(ss3.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss4 = new StrSubstitutor(taintedMap, "{", "}", ' '); sink(ss4.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss5 = new StrSubstitutor(taintedMap, "{", "}", ' ', ","); sink(ss5.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss6 = new StrSubstitutor(taintedLookup); sink(ss6.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss7 = new StrSubstitutor(taintedLookup, "{", "}", ' '); sink(ss7.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss8 = new StrSubstitutor(taintedLookup, "{", "}", ' ', ","); sink(ss8.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss9 = new StrSubstitutor(taintedLookup, (StrMatcher)null, null, ' '); sink(ss9.replace("input")); // $hasTaintFlow
|
||||
StrSubstitutor ss10 = new StrSubstitutor(taintedLookup, (StrMatcher)null, null, ' ', null); sink(ss10.replace("input")); // $hasTaintFlow
|
||||
|
||||
// Test replace overloads (tainted substitution map):
|
||||
StrSubstitutor taintedSubst = ss2;
|
||||
sink(taintedSubst.replace((Object)"input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input", 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input".toCharArray())); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input".toCharArray(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((CharSequence)"input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((CharSequence)"input", 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StrBuilder("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StrBuilder("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuilder("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuilder("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuffer("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuffer("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((Object)"input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input", 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input".toCharArray())); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input".toCharArray(), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace((CharSequence)"input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace((CharSequence)"input", 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StrBuilder("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StrBuilder("input"), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuilder("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuilder("input"), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuffer("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuffer("input"), 0, 0)); // $hasTaintFlow
|
||||
|
||||
// Test replace overloads (tainted input):
|
||||
StrSubstitutor untaintedSubst = ss1;
|
||||
sink(untaintedSubst.replace((Object)taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint().toCharArray())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint().toCharArray(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((CharSequence)taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((CharSequence)taint(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StrBuilder(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StrBuilder(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((Object)taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint().toCharArray())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint().toCharArray(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace((CharSequence)taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace((CharSequence)taint(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StrBuilder(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StrBuilder(taint()), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()), 0, 0)); // $hasTaintFlow
|
||||
|
||||
// Test static replace methods:
|
||||
sink(StrSubstitutor.replace(taint(), new HashMap<String, String>())); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace(taint(), new HashMap<String, String>(), "{", "}")); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace("input", taintedMap)); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace("input", taintedMap, "{", "}")); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace(taint(), new HashMap<String, String>())); // $hasTaintFlow
|
||||
sink(StrSubstitutor.replace(taint(), new HashMap<String, String>(), "{", "}")); // $hasTaintFlow
|
||||
sink(StrSubstitutor.replace("input", taintedMap)); // $hasTaintFlow
|
||||
sink(StrSubstitutor.replace("input", taintedMap, "{", "}")); // $hasTaintFlow
|
||||
Properties taintedProps = new Properties();
|
||||
taintedProps.put("key", taint());
|
||||
sink(StrSubstitutor.replace(taint(), new Properties())); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace("input", taintedProps)); // $hasTaintFlow=y
|
||||
sink(StrSubstitutor.replace(taint(), new Properties())); // $hasTaintFlow
|
||||
sink(StrSubstitutor.replace("input", taintedProps)); // $hasTaintFlow
|
||||
|
||||
// Test replaceIn methods:
|
||||
StrBuilder strBuilder1 = new StrBuilder(); taintedSubst.replaceIn(strBuilder1); sink(strBuilder1.toString()); // $hasTaintFlow=y
|
||||
StrBuilder strBuilder2 = new StrBuilder(); taintedSubst.replaceIn(strBuilder2, 0, 0); sink(strBuilder2.toString()); // $hasTaintFlow=y
|
||||
StringBuilder stringBuilder1 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder1); sink(stringBuilder1.toString()); // $hasTaintFlow=y
|
||||
StringBuilder stringBuilder2 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder2, 0, 0); sink(stringBuilder2.toString()); // $hasTaintFlow=y
|
||||
StringBuffer stringBuffer1 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer1); sink(stringBuffer1.toString()); // $hasTaintFlow=y
|
||||
StringBuffer stringBuffer2 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer2, 0, 0); sink(stringBuffer2.toString()); // $hasTaintFlow=y
|
||||
StrBuilder strBuilder1 = new StrBuilder(); taintedSubst.replaceIn(strBuilder1); sink(strBuilder1.toString()); // $hasTaintFlow
|
||||
StrBuilder strBuilder2 = new StrBuilder(); taintedSubst.replaceIn(strBuilder2, 0, 0); sink(strBuilder2.toString()); // $hasTaintFlow
|
||||
StringBuilder stringBuilder1 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder1); sink(stringBuilder1.toString()); // $hasTaintFlow
|
||||
StringBuilder stringBuilder2 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder2, 0, 0); sink(stringBuilder2.toString()); // $hasTaintFlow
|
||||
StringBuffer stringBuffer1 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer1); sink(stringBuffer1.toString()); // $hasTaintFlow
|
||||
StringBuffer stringBuffer2 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer2, 0, 0); sink(stringBuffer2.toString()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,38 +9,38 @@ public class StrTokenizerTest {
|
||||
void test() throws Exception {
|
||||
|
||||
// Test constructors:
|
||||
sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
|
||||
// Test constructing static methods:
|
||||
sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
// Test accessors:
|
||||
sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).next()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).next()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow
|
||||
|
||||
// Test mutators:
|
||||
sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,38 +9,38 @@ public class StrTokenizerTextTest {
|
||||
void test() throws Exception {
|
||||
|
||||
// Test constructors:
|
||||
sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint().toCharArray(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint(), (StrMatcher)null, (StrMatcher)null)).toString()); // $hasTaintFlow
|
||||
|
||||
// Test constructing static methods:
|
||||
sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StrTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StrTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
// Test accessors:
|
||||
sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).next()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer(taint())).clone()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getContent()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getTokenArray()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).getTokenList()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).next()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).nextToken()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).previous()); // $hasTaintFlow
|
||||
sink((new StrTokenizer(taint())).previousToken()); // $hasTaintFlow
|
||||
|
||||
// Test mutators:
|
||||
sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
|
||||
sink((new StrTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink((new StrTokenizer()).reset(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ class StringLookupTextTest {
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
map.put("key", taint());
|
||||
StringLookup lookup = StringLookupFactory.INSTANCE.mapStringLookup(map);
|
||||
sink(lookup.lookup("key")); // $hasTaintFlow=y
|
||||
sink(lookup.lookup("key")); // $hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,66 +18,66 @@ class StringSubstitutorTextTest {
|
||||
StringLookup taintedLookup = StringLookupFactory.INSTANCE.mapStringLookup(taintedMap);
|
||||
|
||||
// Test constructors:
|
||||
StringSubstitutor ss1 = new StringSubstitutor(); ss1.setVariableResolver(taintedLookup); sink(ss1.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss2 = new StringSubstitutor(taintedMap); sink(ss2.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss3 = new StringSubstitutor(taintedMap, "{", "}"); sink(ss3.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss4 = new StringSubstitutor(taintedMap, "{", "}", ' '); sink(ss4.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss5 = new StringSubstitutor(taintedMap, "{", "}", ' ', ","); sink(ss5.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss6 = new StringSubstitutor(taintedLookup); sink(ss6.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss7 = new StringSubstitutor(taintedLookup, "{", "}", ' '); sink(ss7.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss8 = new StringSubstitutor(taintedLookup, "{", "}", ' ', ","); sink(ss8.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss9 = new StringSubstitutor(taintedLookup, (StringMatcher)null, null, ' '); sink(ss9.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss10 = new StringSubstitutor(taintedLookup, (StringMatcher)null, null, ' ', null); sink(ss10.replace("input")); // $hasTaintFlow=y
|
||||
StringSubstitutor ss1 = new StringSubstitutor(); ss1.setVariableResolver(taintedLookup); sink(ss1.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss2 = new StringSubstitutor(taintedMap); sink(ss2.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss3 = new StringSubstitutor(taintedMap, "{", "}"); sink(ss3.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss4 = new StringSubstitutor(taintedMap, "{", "}", ' '); sink(ss4.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss5 = new StringSubstitutor(taintedMap, "{", "}", ' ', ","); sink(ss5.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss6 = new StringSubstitutor(taintedLookup); sink(ss6.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss7 = new StringSubstitutor(taintedLookup, "{", "}", ' '); sink(ss7.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss8 = new StringSubstitutor(taintedLookup, "{", "}", ' ', ","); sink(ss8.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss9 = new StringSubstitutor(taintedLookup, (StringMatcher)null, null, ' '); sink(ss9.replace("input")); // $hasTaintFlow
|
||||
StringSubstitutor ss10 = new StringSubstitutor(taintedLookup, (StringMatcher)null, null, ' ', null); sink(ss10.replace("input")); // $hasTaintFlow
|
||||
|
||||
// Test replace overloads (tainted substitution map):
|
||||
StringSubstitutor taintedSubst = ss2;
|
||||
sink(taintedSubst.replace((Object)"input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input", 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input".toCharArray())); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace("input".toCharArray(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((CharSequence)"input")); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((CharSequence)"input", 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new TextStringBuilder("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new TextStringBuilder("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuilder("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuilder("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuffer("input"))); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace(new StringBuffer("input"), 0, 0)); // $hasTaintFlow=y
|
||||
sink(taintedSubst.replace((Object)"input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input", 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input".toCharArray())); // $hasTaintFlow
|
||||
sink(taintedSubst.replace("input".toCharArray(), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace((CharSequence)"input")); // $hasTaintFlow
|
||||
sink(taintedSubst.replace((CharSequence)"input", 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new TextStringBuilder("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new TextStringBuilder("input"), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuilder("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuilder("input"), 0, 0)); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuffer("input"))); // $hasTaintFlow
|
||||
sink(taintedSubst.replace(new StringBuffer("input"), 0, 0)); // $hasTaintFlow
|
||||
|
||||
// Test replace overloads (tainted input):
|
||||
StringSubstitutor untaintedSubst = ss1;
|
||||
sink(untaintedSubst.replace((Object)taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint().toCharArray())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(taint().toCharArray(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((CharSequence)taint())); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((CharSequence)taint(), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new TextStringBuilder(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new TextStringBuilder(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()))); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()), 0, 0)); // $hasTaintFlow=y
|
||||
sink(untaintedSubst.replace((Object)taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint().toCharArray())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(taint().toCharArray(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace((CharSequence)taint())); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace((CharSequence)taint(), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new TextStringBuilder(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new TextStringBuilder(taint()), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuilder(taint()), 0, 0)); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()))); // $hasTaintFlow
|
||||
sink(untaintedSubst.replace(new StringBuffer(taint()), 0, 0)); // $hasTaintFlow
|
||||
|
||||
// Test static replace methods:
|
||||
sink(StringSubstitutor.replace(taint(), new HashMap<String, String>())); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace(taint(), new HashMap<String, String>(), "{", "}")); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace("input", taintedMap)); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace("input", taintedMap, "{", "}")); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace(taint(), new HashMap<String, String>())); // $hasTaintFlow
|
||||
sink(StringSubstitutor.replace(taint(), new HashMap<String, String>(), "{", "}")); // $hasTaintFlow
|
||||
sink(StringSubstitutor.replace("input", taintedMap)); // $hasTaintFlow
|
||||
sink(StringSubstitutor.replace("input", taintedMap, "{", "}")); // $hasTaintFlow
|
||||
Properties taintedProps = new Properties();
|
||||
taintedProps.put("key", taint());
|
||||
sink(StringSubstitutor.replace(taint(), new Properties())); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace("input", taintedProps)); // $hasTaintFlow=y
|
||||
sink(StringSubstitutor.replace(taint(), new Properties())); // $hasTaintFlow
|
||||
sink(StringSubstitutor.replace("input", taintedProps)); // $hasTaintFlow
|
||||
|
||||
// Test replaceIn methods:
|
||||
TextStringBuilder strBuilder1 = new TextStringBuilder(); taintedSubst.replaceIn(strBuilder1); sink(strBuilder1.toString()); // $hasTaintFlow=y
|
||||
TextStringBuilder strBuilder2 = new TextStringBuilder(); taintedSubst.replaceIn(strBuilder2, 0, 0); sink(strBuilder2.toString()); // $hasTaintFlow=y
|
||||
StringBuilder stringBuilder1 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder1); sink(stringBuilder1.toString()); // $hasTaintFlow=y
|
||||
StringBuilder stringBuilder2 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder2, 0, 0); sink(stringBuilder2.toString()); // $hasTaintFlow=y
|
||||
StringBuffer stringBuffer1 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer1); sink(stringBuffer1.toString()); // $hasTaintFlow=y
|
||||
StringBuffer stringBuffer2 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer2, 0, 0); sink(stringBuffer2.toString()); // $hasTaintFlow=y
|
||||
TextStringBuilder strBuilder1 = new TextStringBuilder(); taintedSubst.replaceIn(strBuilder1); sink(strBuilder1.toString()); // $hasTaintFlow
|
||||
TextStringBuilder strBuilder2 = new TextStringBuilder(); taintedSubst.replaceIn(strBuilder2, 0, 0); sink(strBuilder2.toString()); // $hasTaintFlow
|
||||
StringBuilder stringBuilder1 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder1); sink(stringBuilder1.toString()); // $hasTaintFlow
|
||||
StringBuilder stringBuilder2 = new StringBuilder(); taintedSubst.replaceIn(stringBuilder2, 0, 0); sink(stringBuilder2.toString()); // $hasTaintFlow
|
||||
StringBuffer stringBuffer1 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer1); sink(stringBuffer1.toString()); // $hasTaintFlow
|
||||
StringBuffer stringBuffer2 = new StringBuffer(); taintedSubst.replaceIn(stringBuffer2, 0, 0); sink(stringBuffer2.toString()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,38 +9,38 @@ public class StringTokenizerTest {
|
||||
void test() throws Exception {
|
||||
|
||||
// Test constructors:
|
||||
sink((new StringTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint(), ',')).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint(), ",")).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint(), (StringMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint().toCharArray())).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint().toCharArray(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint().toCharArray(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint().toCharArray(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint().toCharArray(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint(), ',')).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint(), ',', '"')).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint(), ",")).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint(), (StringMatcher)null)).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint(), (StringMatcher)null, (StringMatcher)null)).toString()); // $hasTaintFlow
|
||||
|
||||
// Test constructing static methods:
|
||||
sink(StringTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StringTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StringTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink(StringTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow=y
|
||||
sink(StringTokenizer.getCSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StringTokenizer.getCSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
sink(StringTokenizer.getTSVInstance(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink(StringTokenizer.getTSVInstance(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
// Test accessors:
|
||||
sink((new StringTokenizer(taint())).clone()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).getContent()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).getTokenArray()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).getTokenList()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).next()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).nextToken()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).previous()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).previousToken()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer(taint())).clone()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).getContent()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).getTokenArray()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).getTokenList()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).next()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).nextToken()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).previous()); // $hasTaintFlow
|
||||
sink((new StringTokenizer(taint())).previousToken()); // $hasTaintFlow
|
||||
|
||||
// Test mutators:
|
||||
sink((new StringTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer()).reset(taint()).toString()); // $hasTaintFlow=y
|
||||
sink((new StringTokenizer()).reset(taint().toCharArray()).toString()); // $hasTaintFlow
|
||||
sink((new StringTokenizer()).reset(taint()).toString()); // $hasTaintFlow
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,21 +6,21 @@ public class WordUtilsTest {
|
||||
void sink(Object o) {}
|
||||
|
||||
void test() throws Exception {
|
||||
sink(WordUtils.capitalize(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.initials(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.swapCase(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalize(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.initials(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.swapCase(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow
|
||||
// GOOD: the wrap-on line terminator does not propagate to the return value
|
||||
sink(WordUtils.wrap("wrap me", 0, "\n", false, taint()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,23 +6,23 @@ public class WordUtilsTextTest {
|
||||
void sink(Object o) {}
|
||||
|
||||
void test() throws Exception {
|
||||
sink(WordUtils.abbreviate(taint(), 0, 0, "append me")); // $hasTaintFlow=y
|
||||
sink(WordUtils.abbreviate("abbreviate me", 0, 0, taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalize(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.initials(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.swapCase(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow=y
|
||||
sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow=y
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow=y
|
||||
sink(WordUtils.abbreviate(taint(), 0, 0, "append me")); // $hasTaintFlow
|
||||
sink(WordUtils.abbreviate("abbreviate me", 0, 0, taint())); // $hasTaintFlow
|
||||
sink(WordUtils.capitalize(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.capitalize(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.capitalizeFully(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.capitalizeFully(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.initials(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.initials(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.swapCase(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.uncapitalize(taint())); // $hasTaintFlow
|
||||
sink(WordUtils.uncapitalize(taint(), ' ', ',')); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false)); // $hasTaintFlow
|
||||
sink(WordUtils.wrap(taint(), 0, "\n", false, "\n")); // $hasTaintFlow
|
||||
sink(WordUtils.wrap("wrap me", 0, taint(), false, "\n")); // $hasTaintFlow
|
||||
// GOOD: the wrap-on line terminator does not propagate to the return value
|
||||
sink(WordUtils.wrap("wrap me", 0, "\n", false, taint()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user