Java: Convert remaining tests to inline flow tests.

2026-04-24 00:05:14 +02:00 · 2024-05-06 13:56:36 +02:00
parent 95ddd6ec74
commit a8549d2e23
21 changed files with 108 additions and 73 deletions
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.expected
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.expected
@@ -1,25 +1,2 @@
-| p;Factory;getIntValue;();summary;df-generated |
-| p;FinalClass;returnsConstant;();summary;df-generated |
-| p;FluentAPI$Inner;notThis;(String);summary;df-generated |
-| p;ImmutablePojo;getX;();summary;df-generated |
-| p;Joiner;length;();summary;df-generated |
-| p;ParamFlow;ignorePrimitiveReturnValue;(String);summary;df-generated |
-| p;ParamFlow;mapType;(Class);summary;df-generated |
-| p;Pojo;doNotSetValue;(String);summary;df-generated |
-| p;Pojo;getBigDecimal;();summary;df-generated |
-| p;Pojo;getBigInt;();summary;df-generated |
-| p;Pojo;getBoxedArray;();summary;df-generated |
-| p;Pojo;getBoxedCollection;();summary;df-generated |
-| p;Pojo;getBoxedValue;();summary;df-generated |
-| p;Pojo;getFloatArray;();summary;df-generated |
-| p;Pojo;getIntValue;();summary;df-generated |
-| p;Pojo;getPrimitiveArray;();summary;df-generated |
-| p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated |
-| p;PrivateFlowViaPublicInterface;createAnSPIWithoutTrackingFile;(File);summary;df-generated |
-| p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated |
-| p;Sinks;propagate;(String);summary;df-generated |
-| p;Sinks;readUrl;(URL,Charset);summary;df-generated |
-| p;Sources;readUrl;(URL);summary;df-generated |
-| p;Sources;socketStream;();summary;df-generated |
-| p;Sources;sourceToParameter;(InputStream[],List);summary;df-generated |
-| p;Sources;wrappedSocketStream;();summary;df-generated |
+unexpectedModel
+expectedModel
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.ql
@@ -0,0 +1,11 @@
+import java
+import utils.modelgenerator.internal.CaptureSummaryFlowQuery
+import TestUtilities.InlineMadTest
+
+module InlineMadTestConfig implements InlineMadTestConfigSig {
+  string getCapturedModel() { result = captureNoFlow(_) }
+
+  string getKind() { result = "neutral" }
+}
+
+import InlineMadTest<InlineMadTestConfig>
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.qlref
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureNeutralModels.qlref
@@ -1 +0,0 @@
-utils/modelgenerator/CaptureNeutralModels.ql
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected
@@ -1,5 +1,2 @@
-| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated |
-| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated |
-| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated |
-| p;Sinks;true;readUrl;(URL,Charset);;Argument[0];request-forgery;df-generated |
-| p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated |
+unexpectedModel
+expectedModel
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ql
@@ -0,0 +1,11 @@
+import java
+import utils.modelgenerator.internal.CaptureModels
+import TestUtilities.InlineMadTest
+
+module InlineMadTestConfig implements InlineMadTestConfigSig {
+  string getCapturedModel() { result = captureSink(_) }
+
+  string getKind() { result = "sink" }
+}
+
+import InlineMadTest<InlineMadTestConfig>
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.qlref
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.qlref
@@ -1 +0,0 @@
-utils/modelgenerator/CaptureSinkModels.ql
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.expected
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.expected
@@ -1,5 +1,2 @@
-| p;Sources;true;readUrl;(URL);;ReturnValue;remote;df-generated |
-| p;Sources;true;socketStream;();;ReturnValue;remote;df-generated |
-| p;Sources;true;sourceToParameter;(InputStream[],List);;Argument[0].ArrayElement;remote;df-generated |
-| p;Sources;true;sourceToParameter;(InputStream[],List);;Argument[1].Element;remote;df-generated |
-| p;Sources;true;wrappedSocketStream;();;ReturnValue;remote;df-generated |
+unexpectedModel
+expectedModel
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ql
@@ -0,0 +1,11 @@
+import java
+import utils.modelgenerator.internal.CaptureModels
+import TestUtilities.InlineMadTest
+
+module InlineMadTestConfig implements InlineMadTestConfigSig {
+  string getCapturedModel() { result = captureSource(_) }
+
+  string getKind() { result = "source" }
+}
+
+import InlineMadTest<InlineMadTestConfig>
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.qlref
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.qlref
@@ -1 +0,0 @@
-utils/modelgenerator/CaptureSourceModels.ql
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.expected
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSummaryModels.ql
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Factory.java
@@ -26,6 +26,7 @@ public final class Factory {
    return value;
  }

+  // neutral=p;Factory;getIntValue;();summary;df-generated
  public int getIntValue() {
    return intValue;
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/FinalClass.java
@@ -9,6 +9,7 @@ public final class FinalClass {
    return input;
  }

+  // neutral=p;FinalClass;returnsConstant;();summary;df-generated
  public String returnsConstant() {
    return C;
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/FluentAPI.java
@@ -8,6 +8,7 @@ public final class FluentAPI {
  }

  public class Inner {
+    // neutral=p;FluentAPI$Inner;notThis;(String);summary;df-generated
    public FluentAPI notThis(String input) {
      return FluentAPI.this;
    }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/ImmutablePojo.java
@@ -17,6 +17,7 @@ public final class ImmutablePojo {
    return value;
  }

+  // neutral=p;ImmutablePojo;getX;();summary;df-generated
  public long getX() {
    return x;
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Joiner.java
@@ -117,6 +117,7 @@ public final class Joiner {
    }
  }

+  // neutral=p;Joiner;length;();summary;df-generated
  public int length() {
    return (size == 0 && emptyValue != null)
        ? emptyValue.length()
--- a/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/ParamFlow.java
@@ -12,6 +12,7 @@ public class ParamFlow {
    return input;
  }

+  // neutral=p;ParamFlow;ignorePrimitiveReturnValue;(String);summary;df-generated
  public int ignorePrimitiveReturnValue(String input) {
    return input.length();
  }
@@ -50,6 +51,7 @@ public class ParamFlow {
    return input.iterator().next();
  }

+  // neutral=p;ParamFlow;mapType;(Class);summary;df-generated
  public Class<?> mapType(Class<?> input) {
    return input;
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Pojo.java
@@ -40,19 +40,23 @@ public final class Pojo {
    this.value = value;
  }

+  // neutral=p;Pojo;doNotSetValue;(String);summary;df-generated
  public int doNotSetValue(String value) {
    Holder h = new Holder(value);
    return h.length();
  }

+  // neutral=p;Pojo;getIntValue;();summary;df-generated
  public int getIntValue() {
    return intValue;
  }

+  // neutral=p;Pojo;getBoxedValue;();summary;df-generated
  public Integer getBoxedValue() {
    return Integer.valueOf(intValue);
  }

+  // neutral=p;Pojo;getPrimitiveArray;();summary;df-generated
  public int[] getPrimitiveArray() {
    return new int[] {intValue};
  }
@@ -67,14 +71,17 @@ public final class Pojo {
    return byteArray;
  }

+  // neutral=p;Pojo;getFloatArray;();summary;df-generated
  public float[] getFloatArray() {
    return floatArray;
  }

+  // neutral=p;Pojo;getBoxedArray;();summary;df-generated
  public Integer[] getBoxedArray() {
    return new Integer[] {Integer.valueOf(intValue)};
  }

+  // neutral=p;Pojo;getBoxedCollection;();summary;df-generated
  public Collection<Integer> getBoxedCollection() {
    return List.of(Integer.valueOf(intValue));
  }
@@ -89,10 +96,12 @@ public final class Pojo {
    return byteObjectArray;
  }

+  // neutral=p;Pojo;getBigInt;();summary;df-generated
  public BigInteger getBigInt() {
    return BigInteger.valueOf(intValue);
  }

+  // neutral=p;Pojo;getBigDecimal;();summary;df-generated
  public BigDecimal getBigDecimal() {
    return new BigDecimal(value);
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/PrivateFlowViaPublicInterface.java
@@ -13,8 +13,10 @@ public class PrivateFlowViaPublicInterface {

  public static interface SPI {
    // summary=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];ReturnValue;taint;df-generated
+    // sink=p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated
    OutputStream openStream() throws IOException;

+    // neutral=p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated
    default OutputStream openStreamNone() throws IOException {
      return null;
    }
@@ -55,6 +57,7 @@ public class PrivateFlowViaPublicInterface {
    return new PrivateImplWithSink(file);
  }

+  // neutral=p;PrivateFlowViaPublicInterface;createAnSPIWithoutTrackingFile;(File);summary;df-generated
  public static SPI createAnSPIWithoutTrackingFile(File file) {
    return new PrivateImplWithRandomField(file);
  }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
@@ -3,32 +3,39 @@ package p;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.nio.file.CopyOption;
 import java.nio.charset.Charset;
+import java.nio.file.CopyOption;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.logging.Logger;

 public class Sinks {
-    
-    public Path copyFileToDirectory(final Path sourceFile, final Path targetFile, final CopyOption... copyOptions) throws IOException {
-        return Files.copy(sourceFile, targetFile, copyOptions);
-    }

-    public String readUrl(final URL url, Charset encoding) throws IOException {
-        try (InputStream in = url.openStream()) {
-            byte[] bytes = in.readAllBytes();
-            return new String(bytes, encoding);
-        }
-    }
+  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated
+  // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated
+  // neutral=p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated
+  public Path copyFileToDirectory(
+      final Path sourceFile, final Path targetFile, final CopyOption... copyOptions)
+      throws IOException {
+    return Files.copy(sourceFile, targetFile, copyOptions);
+  }

-    public static void main(String[] args) throws IOException {
-        String foo = new Sinks().readUrl(new URL(args[0]), Charset.defaultCharset());
+  // sink=p;Sinks;true;readUrl;(URL,Charset);;Argument[0];request-forgery;df-generated
+  // neutral=p;Sinks;readUrl;(URL,Charset);summary;df-generated
+  public String readUrl(final URL url, Charset encoding) throws IOException {
+    try (InputStream in = url.openStream()) {
+      byte[] bytes = in.readAllBytes();
+      return new String(bytes, encoding);
    }
+  }

-    public void propagate(String s) {
-        Logger logger = Logger.getLogger(Sinks.class.getSimpleName());
-        logger.warning(s);
-    }
+  public static void main(String[] args) throws IOException {
+    String foo = new Sinks().readUrl(new URL(args[0]), Charset.defaultCharset());
+  }

+  // neutral=p;Sinks;propagate;(String);summary;df-generated
+  public void propagate(String s) {
+    Logger logger = Logger.getLogger(Sinks.class.getSimpleName());
+    logger.warning(s);
+  }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
@@ -4,29 +4,37 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.ServerSocket;
 import java.net.URL;
-import java.util.function.Consumer;
 import java.util.List;

-
 public class Sources {
-    
-    public InputStream readUrl(final URL url) throws IOException {
-        return url.openConnection().getInputStream();
-    }

-    public InputStream socketStream() throws IOException {
-        ServerSocket socket = new ServerSocket(123);
-        return socket.accept().getInputStream();
-    }
+  // source=p;Sources;true;readUrl;(URL);;ReturnValue;remote;df-generated
+  // sink=p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated
+  // neutral=p;Sources;readUrl;(URL);summary;df-generated
+  public InputStream readUrl(final URL url) throws IOException {
+    return url.openConnection().getInputStream();
+  }

-    public InputStream wrappedSocketStream() throws IOException {
-        return socketStream();
-    }
+  // source=p;Sources;true;socketStream;();;ReturnValue;remote;df-generated
+  // neutral=p;Sources;socketStream;();summary;df-generated
+  public InputStream socketStream() throws IOException {
+    ServerSocket socket = new ServerSocket(123);
+    return socket.accept().getInputStream();
+  }

-    public void sourceToParameter(InputStream[] streams, List<InputStream> otherStreams) throws IOException {
-        ServerSocket socket = new ServerSocket(123);
-        streams[0] = socket.accept().getInputStream();
-        otherStreams.add(socket.accept().getInputStream());
-    }
+  // source=p;Sources;true;wrappedSocketStream;();;ReturnValue;remote;df-generated
+  // neutral=p;Sources;wrappedSocketStream;();summary;df-generated
+  public InputStream wrappedSocketStream() throws IOException {
+    return socketStream();
+  }

+  // source=p;Sources;true;sourceToParameter;(InputStream[],List);;Argument[0].ArrayElement;remote;df-generated
+  // source=p;Sources;true;sourceToParameter;(InputStream[],List);;Argument[1].Element;remote;df-generated
+  // neutral=p;Sources;sourceToParameter;(InputStream[],List);summary;df-generated
+  public void sourceToParameter(InputStream[] streams, List<InputStream> otherStreams)
+      throws IOException {
+    ServerSocket socket = new ServerSocket(123);
+    streams[0] = socket.accept().getInputStream();
+    otherStreams.add(socket.accept().getInputStream());
+  }
 }
				`@@ -1 +0,0 @@`
				`utils/modelgenerator/CaptureNeutralModels.ql`
				`@@ -1 +0,0 @@`
				`utils/modelgenerator/CaptureSourceModels.ql`