hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add collection flow test.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2021-05-12 18:04:20 +02:00
parent 43d1b0ab27
commit 901996f9fd
4 changed files with 1867 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1821
java/ql/test/library-tests/dataflow/collections/B.java Normal file
View File

File diff suppressed because it is too large Load Diff

2
java/ql/test/library-tests/dataflow/collections/ContainterTest.java
View File

@@ -89,7 +89,7 @@ class ContainerTest {
sink(stack.peek());
sink(stack.pop());
sink(stack.push("value")); // not tainted
sink(new Stack().push(source("value")));
sink(new Stack().push(source("value"))); // $ hasValueFlow
mkSink(Stack.class).push(source("value"));
// java.util.Queue

0
java/ql/test/library-tests/dataflow/collections/containerflow.expected Normal file
View File

45
java/ql/test/library-tests/dataflow/collections/containerflow.ql Normal file
View File

@@ -0,0 +1,45 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
import TestUtilities.InlineExpectationsTest
import DataFlow
class SummaryModelTest extends SummaryModelCsv {
override predicate row(string row) {
row =
[
//"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
";B;false;storeArrayElement;(Object);;Argument[0];ArrayElement of ReturnValue;value",
";B;false;storeElement;(Object);;Argument[0];Element of ReturnValue;value",
";B;false;storeMapKey;(Object);;Argument[0];MapKey of ReturnValue;value",
";B;false;storeMapValue;(Object);;Argument[0];MapValue of ReturnValue;value",
";B;false;readArrayElement;(Object);;ArrayElement of Argument[0];ReturnValue;value",
";B;false;readElement;(Object);;Element of Argument[0];ReturnValue;value",
";B;false;readMapKey;(Object);;MapKey of Argument[0];ReturnValue;value",
";B;false;readMapValue;(Object);;MapValue of Argument[0];ReturnValue;value"
]
}
}
class ContainerFlowConf extends Configuration {
ContainerFlowConf() { this = "qltest:ContainerFlowConf" }
override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") }
override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") }
}
class HasFlowTest extends InlineExpectationsTest {
HasFlowTest() { this = "HasFlowTest" }
override string getARelevantTag() { result = "hasValueFlow" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasValueFlow" and
exists(Node src, Node sink, ContainerFlowConf conf | conf.hasFlow(src, sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}