Add unit tests for utility methods

java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll

@@ -48,7 +48,7 @@ class ApacheHttpRequestHandlerParameter extends Parameter {
   ApacheHttpRequestHandlerParameter() {
     exists(Method m, Interface i |
       i.hasQualifiedName(["org.apache.http.protocol", "org.apache.hc.core5.http.io"],
-        "HttpRequestHandler") and
+        ["HttpRequestHandler", "HttpServerRequestHandler"]) and
       m.getDeclaringType().extendsOrImplements+(i) and
       m.hasName("handle") and
       this = m.getParameter(0)
@@ -264,7 +264,7 @@ private class BufferMethod extends TaintPreservingCallable {
           .hasQualifiedName(["org.apache.http.util", "org.apache.hc.core5.util"],
             ["ByteArrayBuffer", "CharArrayBuffer"]) and
       m.hasName([
-          "append", "buffer", "subSequence", "substring", "substringTrimmed", "toByteAray",
+          "append", "buffer", "subSequence", "substring", "substringTrimmed", "toByteArray",
           "toCharArray", "toString"
         ])
     )

java/ql/test/library-tests/frameworks/apache-http/A.java

@@ -1,5 +1,6 @@
 import org.apache.http.*;
 import org.apache.http.protocol.*;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.util.*;
 import org.apache.http.entity.*;
 
@@ -36,6 +37,28 @@ class A {
             A.sink(EntityUtils.getContentMimeType(ent));
             res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>"));
             EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent)));
+            res.setHeader("Location", req.getRequestLine().getUri());
+            res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri()));
         }
     }
+
+    void test2() {
+        ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
+        bbuf.append((byte[]) taint(), 0, 3);
+        sink(bbuf.buffer());
+        sink(bbuf.toByteArray());
+
+        CharArrayBuffer cbuf = new CharArrayBuffer(42);
+        cbuf.append(bbuf.toByteArray(), 0, 3);
+        sink(cbuf.toCharArray());
+        sink(cbuf.toString());
+        sink(cbuf.subSequence(0, 3));
+        sink(cbuf.substring(0, 3));
+        sink(cbuf.substringTrimmed(0, 3));
+
+        sink(Args.notNull(taint(), "x"));
+        sink(Args.notEmpty((String) taint(), "x"));
+        sink(Args.notBlank((String) taint(), "x"));
+        sink(Args.notNull("x", (String) taint())); // Good
+    }
 }

java/ql/test/library-tests/frameworks/apache-http/flow.expected

@@ -1,23 +1,35 @@
-| A.java:12:28:12:42 | req | A.java:13:20:13:39 | getRequestLine(...) |
-| A.java:12:28:12:42 | req | A.java:14:20:14:48 | getUri(...) |
-| A.java:12:28:12:42 | req | A.java:15:20:15:51 | getMethod(...) |
-| A.java:12:28:12:42 | req | A.java:16:20:16:38 | getAllHeaders(...) |
-| A.java:12:28:12:42 | req | A.java:18:20:18:28 | next(...) |
-| A.java:12:28:12:42 | req | A.java:19:20:19:34 | nextHeader(...) |
-| A.java:12:28:12:42 | req | A.java:21:20:21:30 | getName(...) |
-| A.java:12:28:12:42 | req | A.java:22:20:22:31 | getValue(...) |
-| A.java:12:28:12:42 | req | A.java:24:20:24:31 | getName(...) |
-| A.java:12:28:12:42 | req | A.java:25:20:25:32 | getValue(...) |
-| A.java:12:28:12:42 | req | A.java:26:20:26:37 | getParameters(...) |
-| A.java:12:28:12:42 | req | A.java:27:20:27:58 | getValue(...) |
-| A.java:12:28:12:42 | req | A.java:28:20:28:47 | getName(...) |
-| A.java:12:28:12:42 | req | A.java:30:20:30:35 | getContent(...) |
-| A.java:12:28:12:42 | req | A.java:31:20:31:43 | getContentEncoding(...) |
-| A.java:12:28:12:42 | req | A.java:32:20:32:39 | getContentType(...) |
-| A.java:12:28:12:42 | req | A.java:33:20:33:44 | toString(...) |
-| A.java:12:28:12:42 | req | A.java:34:20:34:47 | toByteArray(...) |
-| A.java:12:28:12:42 | req | A.java:35:20:35:53 | getContentCharSet(...) |
-| A.java:12:28:12:42 | req | A.java:36:20:36:54 | getContentMimeType(...) |
-| A.java:12:28:12:42 | req | A.java:37:27:37:99 | new StringEntity(...) |
-| A.java:12:28:12:42 | req | A.java:38:43:38:91 | new ByteArrayEntity(...) |
-| A.java:30:20:30:35 | getContent(...) | A.java:30:20:30:35 | getContent(...) |
+| A.java:13:28:13:42 | req | A.java:14:20:14:39 | getRequestLine(...) |
+| A.java:13:28:13:42 | req | A.java:15:20:15:48 | getUri(...) |
+| A.java:13:28:13:42 | req | A.java:16:20:16:51 | getMethod(...) |
+| A.java:13:28:13:42 | req | A.java:17:20:17:38 | getAllHeaders(...) |
+| A.java:13:28:13:42 | req | A.java:19:20:19:28 | next(...) |
+| A.java:13:28:13:42 | req | A.java:20:20:20:34 | nextHeader(...) |
+| A.java:13:28:13:42 | req | A.java:22:20:22:30 | getName(...) |
+| A.java:13:28:13:42 | req | A.java:23:20:23:31 | getValue(...) |
+| A.java:13:28:13:42 | req | A.java:25:20:25:31 | getName(...) |
+| A.java:13:28:13:42 | req | A.java:26:20:26:32 | getValue(...) |
+| A.java:13:28:13:42 | req | A.java:27:20:27:37 | getParameters(...) |
+| A.java:13:28:13:42 | req | A.java:28:20:28:58 | getValue(...) |
+| A.java:13:28:13:42 | req | A.java:29:20:29:47 | getName(...) |
+| A.java:13:28:13:42 | req | A.java:31:20:31:35 | getContent(...) |
+| A.java:13:28:13:42 | req | A.java:32:20:32:43 | getContentEncoding(...) |
+| A.java:13:28:13:42 | req | A.java:33:20:33:39 | getContentType(...) |
+| A.java:13:28:13:42 | req | A.java:34:20:34:44 | toString(...) |
+| A.java:13:28:13:42 | req | A.java:35:20:35:47 | toByteArray(...) |
+| A.java:13:28:13:42 | req | A.java:36:20:36:53 | getContentCharSet(...) |
+| A.java:13:28:13:42 | req | A.java:37:20:37:54 | getContentMimeType(...) |
+| A.java:13:28:13:42 | req | A.java:38:27:38:99 | new StringEntity(...) |
+| A.java:13:28:13:42 | req | A.java:39:43:39:91 | new ByteArrayEntity(...) |
+| A.java:13:28:13:42 | req | A.java:40:39:40:67 | getUri(...) |
+| A.java:13:28:13:42 | req | A.java:41:55:41:83 | getUri(...) |
+| A.java:31:20:31:35 | getContent(...) | A.java:31:20:31:35 | getContent(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:48:14:48:26 | buffer(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:49:14:49:31 | toByteArray(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:53:14:53:31 | toCharArray(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:54:14:54:28 | toString(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:55:14:55:35 | subSequence(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:56:14:56:33 | substring(...) |
+| A.java:47:30:47:36 | taint(...) | A.java:57:14:57:40 | substringTrimmed(...) |
+| A.java:59:27:59:33 | taint(...) | A.java:59:14:59:39 | notNull(...) |
+| A.java:60:37:60:43 | taint(...) | A.java:60:14:60:49 | notEmpty(...) |
+| A.java:61:37:61:43 | taint(...) | A.java:61:14:61:49 | notBlank(...) |

java/ql/test/library-tests/frameworks/apache-http/flow.ql

@@ -2,6 +2,7 @@ import java
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.XSS
+import semmle.code.java.security.UrlRedirect
 
 class Conf extends TaintTracking::Configuration {
   Conf() { this = "qltest:frameworks:apache-http" }
@@ -16,6 +17,8 @@ class Conf extends TaintTracking::Configuration {
     exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
     or
     n instanceof XssSink
+    or
+    n instanceof UrlRedirectSink
   }
 }
 

java/ql/test/stubs/apache-http-4.4.13/org/apache/http/message/BasicHeader.java

@@ -0,0 +1,65 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.message;
+
+import java.io.Serializable;
+
+import org.apache.http.Header;
+import org.apache.http.HeaderElement;
+import org.apache.http.ParseException;
+
+public class BasicHeader implements Header, Cloneable, Serializable {
+    public BasicHeader(final String name, final String value) {
+    }
+
+    @Override
+    public Object clone() throws CloneNotSupportedException {
+      return null;
+    }
+
+    @Override
+    public HeaderElement[] getElements() throws ParseException {
+      return null;
+    }
+
+    @Override
+    public String getName() {
+      return null;
+    }
+
+    @Override
+    public String getValue() {
+      return null;
+    }
+
+    @Override
+    public String toString() {
+      return null;
+    }
+
+}

java/ql/test/stubs/apache-http-4.4.13/org/apache/http/util/Args.java

@@ -0,0 +1,78 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.util;
+
+import java.util.Collection;
+
+public class Args {
+    public static void check(final boolean expression, final String message) {
+    }
+
+    public static void check(final boolean expression, final String message, final Object... args) {
+    }
+
+    public static void check(final boolean expression, final String message, final Object arg) {
+    }
+
+    public static <T> T notNull(final T argument, final String name) {
+      return null;
+    }
+
+    public static <T extends CharSequence> T notEmpty(final T argument, final String name) {
+      return null;
+    }
+
+    public static <T extends CharSequence> T notBlank(final T argument, final String name) {
+      return null;
+    }
+
+    public static <T extends CharSequence> T containsNoBlanks(final T argument, final String name) {
+      return null;
+    }
+
+    public static <E, T extends Collection<E>> T notEmpty(final T argument, final String name) {
+      return null;
+    }
+
+    public static int positive(final int n, final String name) {
+      return 0;
+    }
+
+    public static long positive(final long n, final String name) {
+      return 0;
+    }
+
+    public static int notNegative(final int n, final String name) {
+      return 0;
+    }
+
+    public static long notNegative(final long n, final String name) {
+      return 0;
+    }
+
+}

java/ql/test/stubs/apache-http-4.4.13/org/apache/http/util/ByteArrayBuffer.java

@@ -0,0 +1,93 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.util;
+
+import java.io.Serializable;
+
+public final class ByteArrayBuffer implements Serializable {
+    public ByteArrayBuffer(final int capacity) {
+    }
+
+    public void append(final byte[] b, final int off, final int len) {
+    }
+
+    public void append(final int b) {
+    }
+
+    public void append(final char[] b, final int off, final int len) {
+    }
+
+    public void append(final CharArrayBuffer b, final int off, final int len) {
+    }
+
+    public void clear() {
+    }
+
+    public byte[] toByteArray() {
+      return null;
+    }
+
+    public int byteAt(final int i) {
+      return 0;
+    }
+
+    public int capacity() {
+      return 0;
+    }
+
+    public int length() {
+      return 0;
+    }
+
+    public void ensureCapacity(final int required) {
+    }
+
+    public byte[] buffer() {
+      return null;
+    }
+
+    public void setLength(final int len) {
+    }
+
+    public boolean isEmpty() {
+      return false;
+    }
+
+    public boolean isFull() {
+      return false;
+    }
+
+    public int indexOf(final byte b, final int from, final int to) {
+      return 0;
+    }
+
+    public int indexOf(final byte b) {
+      return 0;
+    }
+
+}

java/ql/test/stubs/apache-http-4.4.13/org/apache/http/util/CharArrayBuffer.java

@@ -0,0 +1,127 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.util;
+
+import java.io.Serializable;
+import java.nio.CharBuffer;
+
+
+public final class CharArrayBuffer implements CharSequence, Serializable {
+    public CharArrayBuffer(final int capacity) {
+    }
+
+    public void append(final char[] b, final int off, final int len) {
+    }
+
+    public void append(final String str) {
+    }
+
+    public void append(final CharArrayBuffer b, final int off, final int len) {
+    }
+
+    public void append(final CharArrayBuffer b) {
+    }
+
+    public void append(final char ch) {
+    }
+
+    public void append(final byte[] b, final int off, final int len) {
+    }
+
+    public void append(final ByteArrayBuffer b, final int off, final int len) {
+    }
+
+    public void append(final Object obj) {
+    }
+
+    public void clear() {
+    }
+
+    public char[] toCharArray() {
+      return null;
+    }
+
+    @Override
+    public char charAt(final int i) {
+      return 0;
+    }
+
+    public char[] buffer() {
+      return null;
+    }
+
+    public int capacity() {
+      return 0;
+    }
+
+    @Override
+    public int length() {
+      return 0;
+    }
+
+    public void ensureCapacity(final int required) {
+    }
+
+    public void setLength(final int len) {
+    }
+
+    public boolean isEmpty() {
+      return false;
+    }
+
+    public boolean isFull() {
+      return false;
+    }
+
+    public int indexOf(final int ch, final int from, final int to) {
+      return 0;
+    }
+
+    public int indexOf(final int ch) {
+      return 0;
+    }
+
+    public String substring(final int beginIndex, final int endIndex) {
+      return null;
+    }
+
+    public String substringTrimmed(final int beginIndex, final int endIndex) {
+      return null;
+    }
+
+    @Override
+    public CharSequence subSequence(final int beginIndex, final int endIndex) {
+      return null;
+    }
+
+    @Override
+    public String toString() {
+      return null;
+    }
+
+}