Java: Taint flow through org.springframework.data.repository.CrudRepository.save().

2026-04-30 11:15:13 +02:00 · 2022-08-19 19:50:37 +07:00
parent ba1ad00d2a
commit a486a89cee
7 changed files with 43 additions and 0 deletions
--- a/java/ql/test/library-tests/frameworks/spring/data/Test.java
+++ b/java/ql/test/library-tests/frameworks/spring/data/Test.java
@@ -0,0 +1,19 @@
+import org.springframework.data.repository.CrudRepository;
+
+class Struct {
+  public String field;
+  public Struct(String f){
+    this.field = f;
+  }
+}
+
+public class Test {
+  String source() { return null; }
+  void sink(Object o) {}
+
+  void testCrudRepository(CrudRepository<Struct, Integer> cr) {
+    Struct s = new Struct(source());
+    s = cr.save(s);
+    sink(s.field); //$hasValueFlow
+  }
+}
--- a/java/ql/test/library-tests/frameworks/spring/data/options
+++ b/java/ql/test/library-tests/frameworks/spring/data/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1
--- a/java/ql/test/library-tests/frameworks/spring/data/test.expected
+++ b/java/ql/test/library-tests/frameworks/spring/data/test.expected
--- a/java/ql/test/library-tests/frameworks/spring/data/test.ql
+++ b/java/ql/test/library-tests/frameworks/spring/data/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/spring-data-commons-2.5.1`