Kotlin: add missing dataflow test for List::iterator

2026-04-27 17:55:19 +02:00 · 2022-05-20 11:26:25 +02:00
parent ab920d31dc
commit b0c6db4cfc
3 changed files with 44 additions and 0 deletions
--- a/java/ql/test/kotlin/library-tests/dataflow/summaries/list.kt
+++ b/java/ql/test/kotlin/library-tests/dataflow/summaries/list.kt
@@ -0,0 +1,20 @@
+class ListFlowTest {
+    fun <T> taint(t: T) = t
+    fun sink(a: Any) {}
+
+    fun test(l: MutableList<String>) {
+        l[0] = taint("a")
+        sink(l)
+        sink(l[0])
+        for (s in l) {
+            sink(s)
+        }
+
+        val a = arrayOf(taint("a"), "b")
+        sink(a)
+        sink(a[0])
+        for (s in a) {
+            sink(s)
+        }
+    }
+}
--- a/java/ql/test/kotlin/library-tests/dataflow/summaries/test.expected
+++ b/java/ql/test/kotlin/library-tests/dataflow/summaries/test.expected
@@ -0,0 +1,5 @@
+| list.kt:6:23:6:23 | a | list.kt:7:14:7:14 | l |
+| list.kt:6:23:6:23 | a | list.kt:8:14:8:17 | get(...) |
+| list.kt:13:32:13:32 | a | list.kt:14:14:14:14 | a |
+| list.kt:13:32:13:32 | a | list.kt:15:14:15:17 | ...[...] |
+| list.kt:13:32:13:32 | a | list.kt:17:18:17:18 | s |
--- a/java/ql/test/kotlin/library-tests/dataflow/summaries/test.ql
+++ b/java/ql/test/kotlin/library-tests/dataflow/summaries/test.ql
@@ -0,0 +1,19 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.ExternalFlow
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "qltest:mad-summaries" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().hasName("taint")
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
+  }
+}
+
+from DataFlow::Node src, DataFlow::Node sink, Conf conf
+where conf.hasFlow(src, sink)
+select src, sink