From 9a4de208ef9c4e6dfe9de1b152c97bf5c1d251ce Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 19 Jun 2023 09:36:45 +0200 Subject: [PATCH] Java: Fix qltests. --- java/ql/src/Metrics/Summaries/TopJdkApis.qll | 1 + java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected | 1 + .../frameworks/ratpack/resources/IntegrationTest.java | 10 +++++----- .../frameworks/ratpack/resources/Resource.java | 6 +++--- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Metrics/Summaries/TopJdkApis.qll b/java/ql/src/Metrics/Summaries/TopJdkApis.qll index 420c231c003..20540f4f619 100644 --- a/java/ql/src/Metrics/Summaries/TopJdkApis.qll +++ b/java/ql/src/Metrics/Summaries/TopJdkApis.qll @@ -307,6 +307,7 @@ class TopJdkApi extends SummarizedCallableBase { predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() } /* * Note: the following top JDK APIs are not modeled with MaD: + * `java.lang.Runnable#run()`: specialised lambda flow * `java.lang.String#valueOf(Object)`: a complex case; an alias for `Object.toString`, except the dispatch is hidden * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs * `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs diff --git a/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected b/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected index 2e0ace91209..7bdac8e59ce 100644 --- a/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected +++ b/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected @@ -1,3 +1,4 @@ +| java.lang.Runnable#run() | no manual model | | java.lang.String#valueOf(Object) | no manual model | | java.lang.System#getProperty(String) | no manual model | | java.lang.System#setProperty(String,String) | no manual model | diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java b/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java index 83ca80fc37f..da87794eb56 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java @@ -107,13 +107,13 @@ class IntegrationTest { filterAndMerge_2(pojoForm, mergedParams, name -> false); return mergedParams; }).then(pojoMap -> { - sink(pojoMap.keySet().iterator().next()); //TODO:$hasTaintFlow - sink(pojoMap.get("value")); //TODO:$hasTaintFlow + sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow + sink(pojoMap.get("value")); //$hasTaintFlow pojoMap.forEach((key, value) -> { - sink(key); //TODO:$hasTaintFlow - sink(value); //TODO:$hasTaintFlow + sink(key); //$hasTaintFlow + sink(value); //$hasTaintFlow List values = (List) value; - sink(values.get(0)); //TODO:$hasTaintFlow + sink(values.get(0)); //$hasTaintFlow }); }); } diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java b/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java index 695ad907d1f..acac15fd30a 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java @@ -361,13 +361,13 @@ class Resource { Promise .value(tainted) .nextOp(value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // MISSING: $hasTaintFlow })) .nextOpIf(value -> { sink(value); //$hasTaintFlow return true; }, value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // MISSING: $hasTaintFlow })) .then(value -> { sink(value); //$hasTaintFlow @@ -379,7 +379,7 @@ class Resource { Promise .value(tainted) .flatOp(value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // MISSING: $hasTaintFlow })); }