Add unit tests for version 5.x

java/ql/test/library-tests/frameworks/apache-http/A.java

@@ -3,6 +3,7 @@ import org.apache.http.protocol.*;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.util.*;
 import org.apache.http.entity.*;
+import java.io.IOException;
 
 class A {
     static Object taint() { return null; }
@@ -10,7 +11,7 @@ class A {
     static void sink(Object o) { }
 
     class Test1 implements HttpRequestHandler {
-        public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) {
+        public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) throws IOException {
             A.sink(req.getRequestLine());
             A.sink(req.getRequestLine().getUri());
             A.sink(req.getRequestLine().getMethod());

java/ql/test/library-tests/frameworks/apache-http/B.java

@@ -0,0 +1,68 @@
+import org.apache.hc.core5.http.*;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import org.apache.hc.core5.http.io.HttpRequestHandler;
+import org.apache.hc.core5.http.message.*;
+import org.apache.hc.core5.http.io.entity.*;
+import org.apache.hc.core5.util.*;
+import java.io.IOException;
+
+class B {
+    static Object taint() { return null; }
+
+    static void sink(Object o) { }
+
+    class Test1 implements HttpRequestHandler {
+        public void handle(ClassicHttpRequest req, ClassicHttpResponse res, HttpContext ctx) throws IOException, ParseException {
+            B.sink(req.getAuthority().getHostName());
+            B.sink(req.getAuthority().toString());
+            B.sink(req.getMethod());
+            B.sink(req.getPath());
+            B.sink(req.getScheme());
+            B.sink(req.getRequestUri());
+            RequestLine line = new RequestLine(req);
+            B.sink(line.getUri());
+            B.sink(line.getMethod());
+            B.sink(req.getHeaders());
+            B.sink(req.headerIterator());
+            Header h = req.getHeaders("abc")[3];
+            B.sink(h.getName());
+            B.sink(h.getValue());
+            B.sink(req.getFirstHeader("abc"));
+            B.sink(req.getLastHeader("abc"));
+            HttpEntity ent = req.getEntity();
+            B.sink(ent.getContent());
+            B.sink(ent.getContentEncoding());
+            B.sink(ent.getContentType());
+            B.sink(ent.getTrailerNames());
+            B.sink(ent.getTrailers().get());
+            B.sink(EntityUtils.toString(ent));
+            B.sink(EntityUtils.toByteArray(ent));
+            B.sink(EntityUtils.parse(ent));
+            res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>"));
+            res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML));
+            res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>"));
+            res.setHeader("Location", req.getRequestUri());
+            res.setHeader(new BasicHeader("Location", req.getRequestUri()));
+        }
+    }
+
+    void test2() {
+        ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
+        bbuf.append((byte[]) taint(), 0, 3);
+        sink(bbuf.array());
+        sink(bbuf.toByteArray());
+
+        CharArrayBuffer cbuf = new CharArrayBuffer(42);
+        cbuf.append(bbuf.toByteArray(), 0, 3);
+        sink(cbuf.toCharArray());
+        sink(cbuf.toString());
+        sink(cbuf.subSequence(0, 3));
+        sink(cbuf.substring(0, 3));
+        sink(cbuf.substringTrimmed(0, 3));
+
+        sink(Args.notNull(taint(), "x"));
+        sink(Args.notEmpty((String) taint(), "x"));
+        sink(Args.notBlank((String) taint(), "x"));
+        sink(Args.notNull("x", (String) taint())); // Good
+    }
+}

java/ql/test/library-tests/frameworks/apache-http/flow.expected

@@ -1,35 +1,59 @@
-| A.java:13:28:13:42 | req | A.java:14:20:14:39 | getRequestLine(...) |
-| A.java:13:28:13:42 | req | A.java:15:20:15:48 | getUri(...) |
-| A.java:13:28:13:42 | req | A.java:16:20:16:51 | getMethod(...) |
-| A.java:13:28:13:42 | req | A.java:17:20:17:38 | getAllHeaders(...) |
-| A.java:13:28:13:42 | req | A.java:19:20:19:28 | next(...) |
-| A.java:13:28:13:42 | req | A.java:20:20:20:34 | nextHeader(...) |
-| A.java:13:28:13:42 | req | A.java:22:20:22:30 | getName(...) |
-| A.java:13:28:13:42 | req | A.java:23:20:23:31 | getValue(...) |
-| A.java:13:28:13:42 | req | A.java:25:20:25:31 | getName(...) |
-| A.java:13:28:13:42 | req | A.java:26:20:26:32 | getValue(...) |
-| A.java:13:28:13:42 | req | A.java:27:20:27:37 | getParameters(...) |
-| A.java:13:28:13:42 | req | A.java:28:20:28:58 | getValue(...) |
-| A.java:13:28:13:42 | req | A.java:29:20:29:47 | getName(...) |
-| A.java:13:28:13:42 | req | A.java:31:20:31:35 | getContent(...) |
-| A.java:13:28:13:42 | req | A.java:32:20:32:43 | getContentEncoding(...) |
-| A.java:13:28:13:42 | req | A.java:33:20:33:39 | getContentType(...) |
-| A.java:13:28:13:42 | req | A.java:34:20:34:44 | toString(...) |
-| A.java:13:28:13:42 | req | A.java:35:20:35:47 | toByteArray(...) |
-| A.java:13:28:13:42 | req | A.java:36:20:36:53 | getContentCharSet(...) |
-| A.java:13:28:13:42 | req | A.java:37:20:37:54 | getContentMimeType(...) |
-| A.java:13:28:13:42 | req | A.java:38:27:38:99 | new StringEntity(...) |
-| A.java:13:28:13:42 | req | A.java:39:43:39:91 | new ByteArrayEntity(...) |
-| A.java:13:28:13:42 | req | A.java:40:39:40:67 | getUri(...) |
-| A.java:13:28:13:42 | req | A.java:41:55:41:83 | getUri(...) |
-| A.java:31:20:31:35 | getContent(...) | A.java:31:20:31:35 | getContent(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:48:14:48:26 | buffer(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:49:14:49:31 | toByteArray(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:53:14:53:31 | toCharArray(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:54:14:54:28 | toString(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:55:14:55:35 | subSequence(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:56:14:56:33 | substring(...) |
-| A.java:47:30:47:36 | taint(...) | A.java:57:14:57:40 | substringTrimmed(...) |
-| A.java:59:27:59:33 | taint(...) | A.java:59:14:59:39 | notNull(...) |
-| A.java:60:37:60:43 | taint(...) | A.java:60:14:60:49 | notEmpty(...) |
-| A.java:61:37:61:43 | taint(...) | A.java:61:14:61:49 | notBlank(...) |
+| A.java:14:28:14:42 | req | A.java:15:20:15:39 | getRequestLine(...) |
+| A.java:14:28:14:42 | req | A.java:16:20:16:48 | getUri(...) |
+| A.java:14:28:14:42 | req | A.java:17:20:17:51 | getMethod(...) |
+| A.java:14:28:14:42 | req | A.java:18:20:18:38 | getAllHeaders(...) |
+| A.java:14:28:14:42 | req | A.java:20:20:20:28 | next(...) |
+| A.java:14:28:14:42 | req | A.java:21:20:21:34 | nextHeader(...) |
+| A.java:14:28:14:42 | req | A.java:23:20:23:30 | getName(...) |
+| A.java:14:28:14:42 | req | A.java:24:20:24:31 | getValue(...) |
+| A.java:14:28:14:42 | req | A.java:26:20:26:31 | getName(...) |
+| A.java:14:28:14:42 | req | A.java:27:20:27:32 | getValue(...) |
+| A.java:14:28:14:42 | req | A.java:28:20:28:37 | getParameters(...) |
+| A.java:14:28:14:42 | req | A.java:29:20:29:58 | getValue(...) |
+| A.java:14:28:14:42 | req | A.java:30:20:30:47 | getName(...) |
+| A.java:14:28:14:42 | req | A.java:32:20:32:35 | getContent(...) |
+| A.java:14:28:14:42 | req | A.java:33:20:33:43 | getContentEncoding(...) |
+| A.java:14:28:14:42 | req | A.java:34:20:34:39 | getContentType(...) |
+| A.java:14:28:14:42 | req | A.java:35:20:35:44 | toString(...) |
+| A.java:14:28:14:42 | req | A.java:36:20:36:47 | toByteArray(...) |
+| A.java:14:28:14:42 | req | A.java:37:20:37:53 | getContentCharSet(...) |
+| A.java:14:28:14:42 | req | A.java:38:20:38:54 | getContentMimeType(...) |
+| A.java:14:28:14:42 | req | A.java:39:27:39:99 | new StringEntity(...) |
+| A.java:14:28:14:42 | req | A.java:40:43:40:91 | new ByteArrayEntity(...) |
+| A.java:14:28:14:42 | req | A.java:41:39:41:67 | getUri(...) |
+| A.java:14:28:14:42 | req | A.java:42:55:42:83 | getUri(...) |
+| A.java:32:20:32:35 | getContent(...) | A.java:32:20:32:35 | getContent(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:49:14:49:26 | buffer(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:50:14:50:31 | toByteArray(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:54:14:54:31 | toCharArray(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:55:14:55:28 | toString(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:56:14:56:35 | subSequence(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:57:14:57:33 | substring(...) |
+| A.java:48:30:48:36 | taint(...) | A.java:58:14:58:40 | substringTrimmed(...) |
+| A.java:60:27:60:33 | taint(...) | A.java:60:14:60:39 | notNull(...) |
+| A.java:61:37:61:43 | taint(...) | A.java:61:14:61:49 | notEmpty(...) |
+| A.java:62:37:62:43 | taint(...) | A.java:62:14:62:49 | notBlank(...) |
+| B.java:15:28:15:49 | req | B.java:19:20:19:32 | getPath(...) |
+| B.java:15:28:15:49 | req | B.java:20:20:20:34 | getScheme(...) |
+| B.java:15:28:15:49 | req | B.java:21:20:21:38 | getRequestUri(...) |
+| B.java:15:28:15:49 | req | B.java:25:20:25:35 | getHeaders(...) |
+| B.java:15:28:15:49 | req | B.java:26:20:26:39 | headerIterator(...) |
+| B.java:15:28:15:49 | req | B.java:28:20:28:30 | getName(...) |
+| B.java:15:28:15:49 | req | B.java:29:20:29:31 | getValue(...) |
+| B.java:15:28:15:49 | req | B.java:30:20:30:44 | getFirstHeader(...) |
+| B.java:15:28:15:49 | req | B.java:31:20:31:43 | getLastHeader(...) |
+| B.java:15:28:15:49 | req | B.java:33:20:33:35 | getContent(...) |
+| B.java:15:28:15:49 | req | B.java:35:20:35:39 | getContentType(...) |
+| B.java:15:28:15:49 | req | B.java:36:20:36:40 | getTrailerNames(...) |
+| B.java:15:28:15:49 | req | B.java:44:39:44:57 | getRequestUri(...) |
+| B.java:15:28:15:49 | req | B.java:45:55:45:73 | getRequestUri(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:52:14:52:25 | array(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:53:14:53:31 | toByteArray(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:57:14:57:31 | toCharArray(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:58:14:58:28 | toString(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:59:14:59:35 | subSequence(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:60:14:60:33 | substring(...) |
+| B.java:51:30:51:36 | taint(...) | B.java:61:14:61:40 | substringTrimmed(...) |
+| B.java:63:27:63:33 | taint(...) | B.java:63:14:63:39 | notNull(...) |
+| B.java:64:37:64:43 | taint(...) | B.java:64:14:64:49 | notEmpty(...) |
+| B.java:65:37:65:43 | taint(...) | B.java:65:14:65:49 | notBlank(...) |

java/ql/test/library-tests/frameworks/apache-http/options

@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13:${testdir}/../../../stubs/apache-http-5