hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add models for Commons-Lang's RegExUtils class

Browse Source
This commit is contained in:
Chris Smowton
2021-03-05 14:39:16 +00:00
parent 19b74e6e01
commit 9163893879
3 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
java/ql/test/library-tests/frameworks/apache-commons-lang3/RegExUtilsTest.java Normal file
View File

@@ -0,0 +1,45 @@
import org.apache.commons.lang3.RegExUtils;
import java.util.regex.Pattern;
public class RegExUtilsTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
Pattern cleanPattern = Pattern.compile("clean");
Pattern taintedPattern = Pattern.compile(taint());
sink(RegExUtils.removeAll(taint(), cleanPattern)); // $hasTaintFlow=y
sink(RegExUtils.removeAll(taint(), "clean")); // $hasTaintFlow=y
sink(RegExUtils.removeFirst(taint(), cleanPattern)); // $hasTaintFlow=y
sink(RegExUtils.removeFirst(taint(), "clean")); // $hasTaintFlow=y
sink(RegExUtils.removePattern(taint(), "clean")); // $hasTaintFlow=y
sink(RegExUtils.replaceAll(taint(), cleanPattern, "replacement")); // $hasTaintFlow=y
sink(RegExUtils.replaceAll(taint(), "clean", "replacement")); // $hasTaintFlow=y
sink(RegExUtils.replaceFirst(taint(), cleanPattern, "replacement")); // $hasTaintFlow=y
sink(RegExUtils.replaceFirst(taint(), "clean", "replacement")); // $hasTaintFlow=y
sink(RegExUtils.replacePattern(taint(), "clean", "replacement")); // $hasTaintFlow=y
sink(RegExUtils.replaceAll("original", cleanPattern, taint())); // $hasTaintFlow=y
sink(RegExUtils.replaceAll("original", "clean", taint())); // $hasTaintFlow=y
sink(RegExUtils.replaceFirst("original", cleanPattern, taint())); // $hasTaintFlow=y
sink(RegExUtils.replaceFirst("original", "clean", taint())); // $hasTaintFlow=y
sink(RegExUtils.replacePattern("original", "clean", taint())); // $hasTaintFlow=y
// Subsequent calls don't propagate taint, as regex search patterns don't propagate to the return value.
sink(RegExUtils.removeAll("original", taintedPattern));
sink(RegExUtils.removeAll("original", taint()));
sink(RegExUtils.removeFirst("original", taintedPattern));
sink(RegExUtils.removeFirst("original", taint()));
sink(RegExUtils.removePattern("original", taint()));
sink(RegExUtils.replaceAll("original", taintedPattern, "replacement"));
sink(RegExUtils.replaceAll("original", taint(), "replacement"));
sink(RegExUtils.replaceFirst("original", taintedPattern, "replacement"));
sink(RegExUtils.replaceFirst("original", taint(), "replacement"));
sink(RegExUtils.replacePattern("original", taint(), "replacement"));
sink(RegExUtils.replaceAll("original", taintedPattern, "replacement"));
sink(RegExUtils.replaceAll("original", taint(), "replacement"));
sink(RegExUtils.replaceFirst("original", taintedPattern, "replacement"));
sink(RegExUtils.replaceFirst("original", taint(), "replacement"));
sink(RegExUtils.replacePattern("original", taint(), "replacement"));
}
}