Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis

Java: model top JDK APIs
2026-05-04 13:15:21 +02:00 · 2023-01-17 10:20:32 -05:00
parent 6b43ff45a4 10f0975812
commit babdee36aa
25 changed files with 306 additions and 86 deletions
--- a/java/ql/test/library-tests/dataflow/taint/B.java
+++ b/java/ql/test/library-tests/dataflow/taint/B.java
@@ -58,19 +58,19 @@ public class B {
    // non-whitelisted constructors don't pass taint
    StringWrapper herring = new StringWrapper(complex);
    sink(herring);
-    // toString does not pass taint yet 
+    // toString does not pass taint yet
    String valueOfObject = String.valueOf(args);
    sink(valueOfObject);

-    
+
    // tainted equality check with constant
    boolean cond = "foo" == s;
    sink(cond);
    // tainted logic with tainted operand
    boolean logic = cond && safe();
    sink(logic);
-    // tainted condition
-    sink(concat.endsWith("I'm tainted"));
+
+
    // tainted
    logic = safe() || cond;
    sink(logic);
--- a/java/ql/test/library-tests/dataflow/taint/test.expected
+++ b/java/ql/test/library-tests/dataflow/taint/test.expected
@@ -18,7 +18,6 @@
 | B.java:15:21:15:27 | taint(...) | B.java:51:10:51:21 | fluentConcat |
 | B.java:15:21:15:27 | taint(...) | B.java:68:10:68:13 | cond |
 | B.java:15:21:15:27 | taint(...) | B.java:71:10:71:14 | logic |
-| B.java:15:21:15:27 | taint(...) | B.java:73:10:73:39 | endsWith(...) |
 | B.java:15:21:15:27 | taint(...) | B.java:76:10:76:14 | logic |
 | B.java:15:21:15:27 | taint(...) | B.java:79:10:79:14 | logic |
 | B.java:15:21:15:27 | taint(...) | B.java:87:10:87:16 | trimmed |