diff --git a/java/ql/test/library-tests/frameworks/jdk/java.io/Test.java b/java/ql/test/library-tests/frameworks/jdk/java.io/Test.java new file mode 100644 index 00000000000..19c85b0e09d --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jdk/java.io/Test.java @@ -0,0 +1,792 @@ +package generatedtest; + +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.CharArrayReader; +import java.io.CharArrayWriter; +import java.io.DataInput; +import java.io.DataInputStream; +import java.io.File; +import java.io.FilterInputStream; +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.ObjectInput; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.OutputStream; +import java.io.PrintStream; +import java.io.PrintWriter; +import java.io.Reader; +import java.io.StringReader; +import java.io.Writer; +import java.net.URI; +import java.nio.CharBuffer; +import java.nio.charset.Charset; +import java.nio.charset.CharsetDecoder; +import java.nio.file.Path; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object getThrowable_messageDefault(Object container) { + return null; + } + + Object source() { + return null; + } + + void sink(Object o) {} + + public void test() throws Exception { + + { + // "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual" + BufferedInputStream out = null; + InputStream in = (InputStream) source(); + out = new BufferedInputStream(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual" + BufferedInputStream out = null; + InputStream in = (InputStream) source(); + out = new BufferedInputStream(in, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual" + BufferedReader out = null; + Reader in = (Reader) source(); + out = new BufferedReader(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual" + BufferedReader out = null; + Reader in = (Reader) source(); + out = new BufferedReader(in, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + BufferedReader in = (BufferedReader) source(); + out = in.readLine(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual" + ByteArrayInputStream out = null; + byte[] in = (byte[]) source(); + out = new ByteArrayInputStream(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual" + ByteArrayInputStream out = null; + byte[] in = (byte[]) source(); + out = new ByteArrayInputStream(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual" + byte[] out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + out = in.toByteArray(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + out = in.toString((Charset) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + out = in.toString((String) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + out = in.toString(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + out = in.toString(0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual" + OutputStream out = null; + ByteArrayOutputStream in = (ByteArrayOutputStream) source(); + in.writeTo(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual" + CharArrayReader out = null; + char[] in = (char[]) source(); + out = new CharArrayReader(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual" + CharArrayReader out = null; + char[] in = (char[]) source(); + out = new CharArrayReader(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint;manual" + char[] out = null; + CharArrayWriter in = (CharArrayWriter) source(); + out = in.toCharArray(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInput in = (DataInput) source(); + in.readFully(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInput in = (DataInput) source(); + in.readFully(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInputStream in = (DataInputStream) source(); + in.readFully(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInputStream in = (DataInputStream) source(); + in.readFully(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInputStream in = (ObjectInputStream) source(); + in.readFully(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInputStream in = (ObjectInputStream) source(); + in.readFully(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + DataInput in = (DataInput) source(); + out = in.readLine(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + DataInputStream in = (DataInputStream) source(); + out = in.readLine(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + ObjectInputStream in = (ObjectInputStream) source(); + out = in.readLine(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + DataInput in = (DataInput) source(); + out = in.readUTF(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + DataInputStream in = (DataInputStream) source(); + out = in.readUTF(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + ObjectInputStream in = (ObjectInputStream) source(); + out = in.readUTF(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint;manual" + DataInputStream out = null; + InputStream in = (InputStream) source(); + out = new DataInputStream(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual" + File out = null; + File in = (File) source(); + out = new File(in, (String) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual" + File out = null; + String in = (String) source(); + out = new File(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual" + File out = null; + String in = (String) source(); + out = new File(in, (String) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual" + File out = null; + URI in = (URI) source(); + out = new File(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual" + File out = null; + String in = (String) source(); + out = new File((File) null, in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual" + File out = null; + String in = (String) source(); + out = new File((String) null, in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual" + File out = null; + File in = (File) source(); + out = in.getAbsoluteFile(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + File in = (File) source(); + out = in.getAbsolutePath(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual" + File out = null; + File in = (File) source(); + out = in.getCanonicalFile(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + File in = (File) source(); + out = in.getCanonicalPath(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;getName;();;Argument[-1];ReturnValue;taint;manual" + String out = null; + File in = (File) source(); + out = in.getName(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual" + Path out = null; + File in = (File) source(); + out = in.toPath(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual" + String out = null; + File in = (File) source(); + out = in.toString(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual" + URI out = null; + File in = (File) source(); + out = in.toURI(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;manual" + FilterOutputStream out = null; + OutputStream in = (OutputStream) source(); + out = new FilterOutputStream(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;IOException;false;IOException;(String);;Argument[0];Argument[-1].SyntheticField[java.lang.Throwable.message];value;manual" + IOException out = null; + String in = (String) source(); + out = new IOException(in); + sink(getThrowable_messageDefault(out)); // $ hasValueFlow + } + { + // "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInputStream in = (DataInputStream) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + FilterInputStream in = (FilterInputStream) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + InputStream in = (InputStream) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + BufferedInputStream in = (BufferedInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ByteArrayInputStream in = (ByteArrayInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + DataInputStream in = (DataInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + FilterInputStream in = (FilterInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + InputStream in = (InputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInputStream in = (ObjectInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual" + byte[] out = null; + ByteArrayInputStream in = (ByteArrayInputStream) source(); + out = in.readAllBytes(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual" + byte[] out = null; + InputStream in = (InputStream) source(); + out = in.readAllBytes(); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ByteArrayInputStream in = (ByteArrayInputStream) source(); + in.readNBytes(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + InputStream in = (InputStream) source(); + in.readNBytes(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;readNBytes;(int);;Argument[-1];ReturnValue;taint;manual" + byte[] out = null; + InputStream in = (InputStream) source(); + out = in.readNBytes(0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual" + OutputStream out = null; + ByteArrayInputStream in = (ByteArrayInputStream) source(); + in.transferTo(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual" + OutputStream out = null; + InputStream in = (InputStream) source(); + in.transferTo(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual" + InputStreamReader out = null; + InputStream in = (InputStream) source(); + out = new InputStreamReader(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual" + InputStreamReader out = null; + InputStream in = (InputStream) source(); + out = new InputStreamReader(in, (Charset) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual" + InputStreamReader out = null; + InputStream in = (InputStream) source(); + out = new InputStreamReader(in, (CharsetDecoder) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual" + InputStreamReader out = null; + InputStream in = (InputStream) source(); + out = new InputStreamReader(in, (String) null); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInput in = (ObjectInput) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInput in = (ObjectInput) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual" + byte[] out = null; + ObjectInputStream in = (ObjectInputStream) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint;manual" + ObjectInputStream out = null; + InputStream in = (InputStream) source(); + out = new ObjectInputStream(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual" + FilterOutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual" + ObjectOutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual" + OutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual" + PrintStream out = null; + byte[] in = (byte[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual" + ByteArrayOutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual" + FilterOutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual" + ObjectOutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual" + OutputStream out = null; + byte[] in = (byte[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual" + PrintStream out = null; + byte[] in = (byte[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual" + ByteArrayOutputStream out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual" + FilterOutputStream out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual" + ObjectOutputStream out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual" + OutputStream out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual" + PrintStream out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + CharBuffer out = null; + CharArrayReader in = (CharArrayReader) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + CharBuffer out = null; + InputStreamReader in = (InputStreamReader) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + CharBuffer out = null; + Reader in = (Reader) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + BufferedReader in = (BufferedReader) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + CharArrayReader in = (CharArrayReader) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + InputStreamReader in = (InputStreamReader) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + Reader in = (Reader) source(); + in.read(out); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + Reader in = (Reader) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual" + char[] out = null; + StringReader in = (StringReader) source(); + in.read(out, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint;manual" + StringReader out = null; + String in = (String) source(); + out = new StringReader(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + CharArrayWriter out = null; + String in = (String) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + CharArrayWriter out = null; + char[] in = (char[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + CharArrayWriter out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + PrintWriter out = null; + String in = (String) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + PrintWriter out = null; + String in = (String) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + PrintWriter out = null; + char[] in = (char[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + PrintWriter out = null; + char[] in = (char[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + PrintWriter out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + Writer out = null; + String in = (String) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + Writer out = null; + String in = (String) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + Writer out = null; + char[] in = (char[]) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + Writer out = null; + char[] in = (char[]) source(); + out.write(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual" + Writer out = null; + int in = (int) source(); + out.write(in); + sink(out); // $ hasTaintFlow + } + + } + +} diff --git a/java/ql/test/library-tests/frameworks/jdk/java.io/test.expected b/java/ql/test/library-tests/frameworks/jdk/java.io/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml new file mode 100644 index 00000000000..35050f48ec0 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-tests + extensible: summaryModel + data: + - ["generatedtest", "Test", False, "getThrowable_messageDefault", "(Object)", "", "Argument[0].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/jdk/java.io/test.ql b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ql new file mode 100644 index 00000000000..5d91e4e8e26 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ql @@ -0,0 +1,2 @@ +import java +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected index ef2ef71363f..70bfe06b3ee 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected @@ -16,6 +16,8 @@ edges | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:17:61:17:72 | source(...) : String | | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:19:41:19:52 | source(...) : String | +| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:21:56:21:67 | source(...) : String | +| mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:23:46:23:57 | source(...) : String | | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:25:38:25:49 | source(...) : String | | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:27:36:27:47 | source(...) : String | | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:29:31:29:42 | source(...) : String | @@ -24,6 +26,8 @@ edges | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:35:54:35:65 | source(...) : String | | mad/Test.java:17:61:17:72 | source(...) : String | mad/Test.java:17:52:17:72 | (...)... | | mad/Test.java:19:41:19:52 | source(...) : String | mad/Test.java:19:32:19:52 | (...)... | +| mad/Test.java:21:56:21:67 | source(...) : String | mad/Test.java:21:47:21:67 | (...)... | +| mad/Test.java:23:46:23:57 | source(...) : String | mad/Test.java:23:39:23:57 | (...)... | | mad/Test.java:25:38:25:49 | source(...) : String | mad/Test.java:25:31:25:49 | (...)... | | mad/Test.java:27:36:27:47 | source(...) : String | mad/Test.java:27:29:27:47 | (...)... | | mad/Test.java:29:31:29:42 | source(...) : String | mad/Test.java:29:24:29:42 | (...)... | @@ -55,6 +59,10 @@ nodes | mad/Test.java:17:61:17:72 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:19:32:19:52 | (...)... | semmle.label | (...)... | | mad/Test.java:19:41:19:52 | source(...) : String | semmle.label | source(...) : String | +| mad/Test.java:21:47:21:67 | (...)... | semmle.label | (...)... | +| mad/Test.java:21:56:21:67 | source(...) : String | semmle.label | source(...) : String | +| mad/Test.java:23:39:23:57 | (...)... | semmle.label | (...)... | +| mad/Test.java:23:46:23:57 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:25:31:25:49 | (...)... | semmle.label | (...)... | | mad/Test.java:25:38:25:49 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:27:29:27:47 | (...)... | semmle.label | (...)... | @@ -82,6 +90,8 @@ subpaths | Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value | | mad/Test.java:17:52:17:72 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:17:52:17:72 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | | mad/Test.java:19:32:19:52 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:19:32:19:52 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | +| mad/Test.java:21:47:21:67 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:21:47:21:67 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | +| mad/Test.java:23:39:23:57 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:23:39:23:57 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | | mad/Test.java:25:31:25:49 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:25:31:25:49 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | | mad/Test.java:27:29:27:47 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:27:29:27:47 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | | mad/Test.java:29:24:29:42 | (...)... | mad/Test.java:12:16:12:36 | getHostName(...) : String | mad/Test.java:29:24:29:42 | (...)... | This path depends on a $@. | mad/Test.java:12:16:12:36 | getHostName(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java index ff7c4673914..71efb42863e 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java @@ -12,15 +12,15 @@ public class Test { return address.getHostName(); } - void test(InetAddress address) throws IOException { + void test() throws IOException { // "java.lang;Module;true;getResourceAsStream;(String);;Argument[0];read-file;ai-generated" getClass().getModule().getResourceAsStream((String) source(null)); // "java.lang;Class;false;getResource;(String);;Argument[0];read-file;ai-generated" getClass().getResource((String) source(null)); // "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated" - ClassLoader.getSystemResource((String) source(null)); + ClassLoader.getSystemResourceAsStream((String) source(null)); // "java.io;File;true;createTempFile;(String,String,File);;Argument[2];create-file;ai-generated" - File.createTempFile(";", (String) source(null)); + File.createTempFile(";", ";", (File) source(null)); // "java.io;File;true;renameTo;(File);;Argument[0];create-file;ai-generated" new File("").renameTo((File) source(null)); // "java.io;FileInputStream;true;FileInputStream;(File);;Argument[0];read-file;ai-generated"