hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't consider subtypes of fields

Browse Source
This commit is contained in:
Tony Torralba
2021-07-01 17:34:09 +02:00
parent 47002a3bd7
commit a3b25f0eb5
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java
View File

@@ -33,6 +33,14 @@ public class EntryPointTypesTest {
}
}
static class ChildObject extends ParameterizedTestObject<TestObject, Object> {
public Object field9;
}
class UnrelatedObject {
public String safeField;
}
private static void sink(String sink) {}
public static void test(TestObject source) {
@@ -50,4 +58,16 @@ public class EntryPointTypesTest {
sink(source.getField8().field4); // $hasTaintFlow
sink(source.getField8().getField5()); // $hasTaintFlow
}
public static void testSubtype(ParameterizedTestObject<?, ?> source) {
ChildObject subtypeSource = (ChildObject) source;
sink(subtypeSource.field6); // $hasTaintFlow
sink(subtypeSource.field7.field1); // $hasTaintFlow
sink(subtypeSource.field7.getField2()); // $hasTaintFlow
sink((String) subtypeSource.getField8()); // $hasTaintFlow
sink((String) subtypeSource.field9); // $hasTaintFlow
// Ensure that we are not tainting every subclass of Object
UnrelatedObject unrelated = (UnrelatedObject) subtypeSource.getField8();
sink(unrelated.safeField); // Safe
}
}