Java: Add additional flow steps for guava collection methods and more unit tests

java/ql/test/library-tests/frameworks/guava/TestCollect.java

@@ -0,0 +1,122 @@
+package com.google.common.collect;
+
+import java.util.Map;
+import java.util.SortedSet;
+import java.util.SortedMap;
+import java.util.Comparator;
+
+class TestCollect {
+    String taint() { return "tainted"; }
+
+    void sink(Object o) {}
+
+    void test1() {
+        String x = taint();
+
+        ImmutableSet<String> xs = ImmutableSet.of(x, "y", "z");
+        sink(xs.asList());
+
+        ImmutableSet<String> ys = ImmutableSet.of("a", "b", "c");
+
+        sink(Sets.filter(Sets.union(xs, ys), y -> true));
+
+        sink(Sets.newHashSet("a", "b", "c", "d", x));
+    }
+
+    void test2() {
+        sink(ImmutableList.of(taint(), taint(), taint(), taint())); // expect 4 alerts
+        sink(ImmutableMap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
+        sink(ImmutableMultimap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
+        sink(ImmutableTable.of(taint(),taint(), taint())); // expect 1 alert
+    }
+
+    void test3() {
+        String x = taint();
+
+        ImmutableList.Builder<String> b = ImmutableList.builder();
+
+        b.add("a");
+        sink(b);
+        b.add(x);
+        sink(b.build());
+
+        b = ImmutableList.builder();
+
+        b.add("a").add(x);
+        sink(b.build());
+
+        sink(ImmutableList.builder().add("a").add(x).build());
+
+        ImmutableMap.Builder<String, String> b2 = ImmutableMap.builder();
+        b2.put(x,"v");
+        sink(b2);
+        b2.put("k",x);
+        sink(b2.build());
+    }
+
+    void test4(Table<String, String, String> t1, Table<String, String, String> t2, Table<String, String, String> t3) {
+        String x = taint();
+        t1.put(x, "c", "v");
+        sink(t1);
+        t1.put("r", x, "v");
+        sink(t1);
+        t1.put("r", "c", x);
+        sink(t1);
+        sink(t1.row("r"));
+        
+        t2.putAll(t1);
+        for (Table.Cell<String,String,String> c : t2.cellSet()) {
+            sink(c.getValue());
+        }
+
+        sink(t1.remove("r", "c"));
+
+        t3.row("r").put("c", x);
+        sink(t3); // Not detected
+    }
+
+    void test4(Multimap<String, String> m1, Multimap<String, String> m2, Multimap<String, String> m3, 
+           Multimap<String, String> m4, Multimap<String, String> m5){
+        String x = taint();
+        m1.put("k", x);
+        sink(m1);
+        sink(m1.get("k"));
+
+        m2.putAll("k", ImmutableList.of("a", x, "b"));
+        sink(m2);
+
+        m3.putAll(m1);
+        sink(m3);
+
+        m4.replaceValues("k", m1.replaceValues("k", ImmutableList.of("a")));
+        for (Map.Entry<String, String> e : m4.entries()) {
+            sink(e.getValue());
+        }
+
+        m5.asMap().get("k").add(x);
+        sink(m5); // Not detected
+    }
+
+    void test5(Comparator<String> comp, SortedSet<String> sorS, SortedMap<String, String> sorM) {
+        ImmutableSortedSet<String> s = ImmutableSortedSet.of(taint());
+
+        sink(s);
+        sink(ImmutableSortedSet.copyOf(s));
+        sink(ImmutableSortedSet.copyOf(comp, s));
+
+        sorS.add(taint());
+        sink(ImmutableSortedSet.copyOfSorted(sorS));
+
+        sink(ImmutableList.sortedCopyOf(s));
+        sink(ImmutableList.sortedCopyOf(comp, s));
+
+        ImmutableSortedMap<String, String> m = ImmutableSortedMap.of("k", taint());
+
+        sink(m);
+        sink(ImmutableSortedMap.copyOf(m));
+        sink(ImmutableSortedMap.copyOf(m, comp));
+
+        sorM.put("k", taint());
+        sink(ImmutableSortedMap.copyOfSorted(sorM));
+    }
+}

java/ql/test/library-tests/frameworks/guava/TestStrings.java

@@ -6,7 +6,7 @@ import com.google.common.base.Joiner;
 import java.util.Map;
 import java.util.HashMap;
 
-class Test {
+class TestStrings {
     String taint() { return "tainted"; }
 
     void sink(Object o) {}

java/ql/test/library-tests/frameworks/guava/flow.expected

@@ -1,17 +1,52 @@
-| Test.java:15:20:15:26 | taint(...) | Test.java:17:14:17:41 | padStart(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:18:14:18:39 | padEnd(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:19:14:19:33 | repeat(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:20:14:20:56 | emptyToNull(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:21:14:21:40 | lenientFormat(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:24:14:24:51 | lenientFormat(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:32:14:32:23 | split(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:33:14:33:29 | splitToList(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:35:14:35:50 | split(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:46:14:46:54 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:47:14:47:26 | toString(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:48:14:48:51 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:49:14:49:26 | toString(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:52:14:52:42 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:57:14:57:56 | join(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:58:14:58:82 | join(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:60:14:60:58 | join(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:17:14:17:24 | asList(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:21:14:21:55 | filter(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:23:14:23:51 | newHashSet(...) |
+| TestCollect.java:27:31:27:37 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:40:27:46 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:49:27:55 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:58:27:64 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:28:39:28:45 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
+| TestCollect.java:28:57:28:63 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
+| TestCollect.java:29:44:29:50 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
+| TestCollect.java:29:62:29:68 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
+| TestCollect.java:30:49:30:55 | taint(...) | TestCollect.java:30:14:30:56 | of(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:41:14:41:22 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:46:14:46:22 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:48:14:48:60 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:54:14:54:23 | build(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:64:14:64:15 | t1 |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:65:14:65:24 | row(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:69:18:69:29 | getValue(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:72:14:72:32 | remove(...) |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:82:14:82:15 | m1 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:83:14:83:24 | get(...) |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:86:14:86:15 | m2 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:89:14:89:15 | m3 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:93:18:93:29 | getValue(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:103:14:103:14 | s |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:104:14:104:41 | copyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:105:14:105:47 | copyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:110:14:110:42 | sortedCopyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:111:14:111:48 | sortedCopyOf(...) |
+| TestCollect.java:107:18:107:24 | taint(...) | TestCollect.java:108:14:108:50 | copyOfSorted(...) |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:115:14:115:14 | m |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:116:14:116:41 | copyOf(...) |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:117:14:117:47 | copyOf(...) |
+| TestCollect.java:119:23:119:29 | taint(...) | TestCollect.java:120:14:120:50 | copyOfSorted(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:17:14:17:41 | padStart(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:18:14:18:39 | padEnd(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:19:14:19:33 | repeat(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:20:14:20:56 | emptyToNull(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:21:14:21:40 | lenientFormat(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:24:14:24:51 | lenientFormat(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:32:14:32:23 | split(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:33:14:33:29 | splitToList(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:35:14:35:50 | split(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:46:14:46:54 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:47:14:47:26 | toString(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:48:14:48:51 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:49:14:49:26 | toString(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:52:14:52:42 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:57:14:57:56 | join(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:58:14:58:82 | join(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:60:14:60:58 | join(...) |