Add tests for html escape functions

2026-04-29 18:55:14 +02:00 · 2021-08-08 14:40:00 -07:00
parent ed1d855025
commit 814004e63d
1 changed files with 42 additions and 0 deletions
--- a/java/ql/test/library-tests/frameworks/spring/webutil/Test.java
+++ b/java/ql/test/library-tests/frameworks/spring/webutil/Test.java
@@ -2579,6 +2579,48 @@ public class Test {
 			out = WebUtils.parseMatrixVariables(in);
 			sink(getMapValue(out)); // $hasTaintFlow
 		}
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscape(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscape(in);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeDecimal(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeDecimal(in);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeHex(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeHex(in);
+      sink(out); // $ hasTaintFlow
+    }

 	}