From f41c30e335fa9560254e943a63c7953260211722 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 4 Mar 2026 12:09:06 +0000 Subject: [PATCH] java: Inline expectation should have space before $ --- .../dataflow/taint-jackson/Test.java | 48 ++--- .../frameworks/apache-http/A.java | 70 +++---- .../frameworks/apache-http/B.java | 86 ++++---- .../resources/CollectionPassingTest.java | 14 +- .../ratpack/resources/IntegrationTest.java | 44 ++--- .../ratpack/resources/PairTest.java | 126 ++++++------ .../ratpack/resources/Resource.java | 184 +++++++++--------- .../frameworks/spring/data/Test.java | 2 +- .../test/query-tests/Escaping/Escaping.java | 8 +- .../SafePublication/SafePublication.java | 16 +- .../ThreadSafe/examples/Test3Super.java | 4 +- 11 files changed, 301 insertions(+), 301 deletions(-) diff --git a/java/ql/test/library-tests/dataflow/taint-jackson/Test.java b/java/ql/test/library-tests/dataflow/taint-jackson/Test.java index d3f8766de70..96be33ae0b2 100644 --- a/java/ql/test/library-tests/dataflow/taint-jackson/Test.java +++ b/java/ql/test/library-tests/dataflow/taint-jackson/Test.java @@ -34,22 +34,22 @@ class Test { ObjectMapper om = new ObjectMapper(); File file = new File("testFile"); om.writeValue(file, s); - sink(file); //$hasTaintFlow + sink(file); // $ hasTaintFlow OutputStream out = new FileOutputStream(file); om.writeValue(out, s); - sink(file); //$hasTaintFlow + sink(file); // $ hasTaintFlow Writer writer = new StringWriter(); om.writeValue(writer, s); - sink(writer); //$hasTaintFlow + sink(writer); // $ hasTaintFlow JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter()); om.writeValue(generator, s); - sink(generator); //$hasTaintFlow + sink(generator); // $ hasTaintFlow String t = om.writeValueAsString(s); - sink(t); //$hasTaintFlow + sink(t); // $ hasTaintFlow byte[] bs = om.writeValueAsBytes(s); String reconstructed = new String(bs, "utf-8"); - sink(bs); //$hasTaintFlow - sink(reconstructed); //$hasTaintFlow + sink(bs); // $ hasTaintFlow + sink(reconstructed); // $ hasTaintFlow } public static void jacksonObjectWriter() throws Exception { @@ -57,44 +57,44 @@ class Test { ObjectWriter ow = new ObjectWriter(); File file = new File("testFile"); ow.writeValue(file, s); - sink(file); //$hasTaintFlow + sink(file); // $ hasTaintFlow OutputStream out = new FileOutputStream(file); ow.writeValue(out, s); - sink(out); //$hasTaintFlow + sink(out); // $ hasTaintFlow Writer writer = new StringWriter(); ow.writeValue(writer, s); - sink(writer); //$hasTaintFlow + sink(writer); // $ hasTaintFlow JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter()); ow.writeValue(generator, s); - sink(generator); //$hasTaintFlow + sink(generator); // $ hasTaintFlow String t = ow.writeValueAsString(s); - sink(t); //$hasTaintFlow + sink(t); // $ hasTaintFlow byte[] bs = ow.writeValueAsBytes(s); String reconstructed = new String(bs, "utf-8"); - sink(bs); //$hasTaintFlow - sink(reconstructed); //$hasTaintFlow + sink(bs); // $ hasTaintFlow + sink(reconstructed); // $ hasTaintFlow } public static void jacksonObjectReader() throws java.io.IOException { String s = taint(); ObjectMapper om = new ObjectMapper(); ObjectReader reader = om.readerFor(Potato.class); - sink(reader.readValue(s)); //$hasTaintFlow - sink(reader.readValue(s, Potato.class).name); //$hasTaintFlow - sink(reader.readValue(s, Potato.class).getName()); //$hasTaintFlow + sink(reader.readValue(s)); // $ hasTaintFlow + sink(reader.readValue(s, Potato.class).name); // $ hasTaintFlow + sink(reader.readValue(s, Potato.class).getName()); // $ hasTaintFlow } public static void jacksonObjectReaderIterable() throws java.io.IOException { String s = taint(); ObjectMapper om = new ObjectMapper(); ObjectReader reader = om.readerFor(Potato.class); - sink(reader.readValues(s)); //$hasTaintFlow + sink(reader.readValues(s)); // $ hasTaintFlow Iterator pIterator = reader.readValues(s); while(pIterator.hasNext()) { Potato p = pIterator.next(); - sink(p); //$hasTaintFlow - sink(p.name); //$hasTaintFlow - sink(p.getName()); //$hasTaintFlow + sink(p); // $ hasTaintFlow + sink(p.name); // $ hasTaintFlow + sink(p.getName()); // $ hasTaintFlow } } @@ -104,9 +104,9 @@ class Test { taintedParams.put("name", s); ObjectMapper om = new ObjectMapper(); JsonNode jn = om.valueToTree(taintedParams); - sink(jn); //$hasTaintFlow + sink(jn); // $ hasTaintFlow Potato p = om.convertValue(jn, Potato.class); - sink(p); //$hasTaintFlow - sink(p.getName()); //$hasTaintFlow + sink(p); // $ hasTaintFlow + sink(p.getName()); // $ hasTaintFlow } } diff --git a/java/ql/test/library-tests/frameworks/apache-http/A.java b/java/ql/test/library-tests/frameworks/apache-http/A.java index e33bf391590..c9ac2bde3a2 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/A.java +++ b/java/ql/test/library-tests/frameworks/apache-http/A.java @@ -12,54 +12,54 @@ class A { class Test1 implements HttpRequestHandler { public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) throws IOException { - A.sink(req.getRequestLine()); //$hasTaintFlow - A.sink(req.getRequestLine().getUri()); //$hasTaintFlow - A.sink(req.getRequestLine().getMethod()); //$hasTaintFlow - A.sink(req.getAllHeaders()); //$hasTaintFlow + A.sink(req.getRequestLine()); // $ hasTaintFlow + A.sink(req.getRequestLine().getUri()); // $ hasTaintFlow + A.sink(req.getRequestLine().getMethod()); // $ hasTaintFlow + A.sink(req.getAllHeaders()); // $ hasTaintFlow HeaderIterator it = req.headerIterator(); - A.sink(it.next()); //$hasTaintFlow - A.sink(it.nextHeader()); //$hasTaintFlow + A.sink(it.next()); // $ hasTaintFlow + A.sink(it.nextHeader()); // $ hasTaintFlow Header h = req.getHeaders("abc")[3]; - A.sink(h.getName()); //$hasTaintFlow - A.sink(h.getValue()); //$hasTaintFlow + A.sink(h.getName()); // $ hasTaintFlow + A.sink(h.getValue()); // $ hasTaintFlow HeaderElement el = h.getElements()[0]; - A.sink(el.getName()); //$hasTaintFlow - A.sink(el.getValue()); //$hasTaintFlow - A.sink(el.getParameters()); //$hasTaintFlow - A.sink(el.getParameterByName("abc").getValue()); //$hasTaintFlow - A.sink(el.getParameter(0).getName()); //$hasTaintFlow + A.sink(el.getName()); // $ hasTaintFlow + A.sink(el.getValue()); // $ hasTaintFlow + A.sink(el.getParameters()); // $ hasTaintFlow + A.sink(el.getParameterByName("abc").getValue()); // $ hasTaintFlow + A.sink(el.getParameter(0).getName()); // $ hasTaintFlow HttpEntity ent = ((HttpEntityEnclosingRequest)req).getEntity(); - A.sink(ent.getContent()); //$hasTaintFlow - A.sink(ent.getContentEncoding()); //$hasTaintFlow - A.sink(ent.getContentType()); //$hasTaintFlow - A.sink(EntityUtils.toString(ent)); //$hasTaintFlow - A.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow - A.sink(EntityUtils.getContentCharSet(ent)); //$hasTaintFlow - A.sink(EntityUtils.getContentMimeType(ent)); //$hasTaintFlow - res.setEntity(new StringEntity("a")); //$hasTaintFlow - EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); //$hasTaintFlow - res.setHeader("Location", req.getRequestLine().getUri()); //$hasTaintFlow - res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); //$hasTaintFlow + A.sink(ent.getContent()); // $ hasTaintFlow + A.sink(ent.getContentEncoding()); // $ hasTaintFlow + A.sink(ent.getContentType()); // $ hasTaintFlow + A.sink(EntityUtils.toString(ent)); // $ hasTaintFlow + A.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow + A.sink(EntityUtils.getContentCharSet(ent)); // $ hasTaintFlow + A.sink(EntityUtils.getContentMimeType(ent)); // $ hasTaintFlow + res.setEntity(new StringEntity("a")); // $ hasTaintFlow + EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); // $ hasTaintFlow + res.setHeader("Location", req.getRequestLine().getUri()); // $ hasTaintFlow + res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); // $ hasTaintFlow } } void test2() { ByteArrayBuffer bbuf = new ByteArrayBuffer(42); bbuf.append((byte[]) taint(), 0, 3); - sink(bbuf.buffer()); //$hasTaintFlow - sink(bbuf.toByteArray()); //$hasTaintFlow + sink(bbuf.buffer()); // $ hasTaintFlow + sink(bbuf.toByteArray()); // $ hasTaintFlow CharArrayBuffer cbuf = new CharArrayBuffer(42); cbuf.append(bbuf.toByteArray(), 0, 3); - sink(cbuf.toCharArray()); //$hasTaintFlow - sink(cbuf.toString()); //$hasTaintFlow - sink(cbuf.subSequence(0, 3)); //$hasTaintFlow - sink(cbuf.substring(0, 3)); //$hasTaintFlow - sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow + sink(cbuf.toCharArray()); // $ hasTaintFlow + sink(cbuf.toString()); // $ hasTaintFlow + sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow + sink(cbuf.substring(0, 3)); // $ hasTaintFlow + sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow - sink(Args.notNull(taint(), "x")); //$hasTaintFlow - sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow - sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow + sink(Args.notNull(taint(), "x")); // $ hasTaintFlow + sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow + sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow sink(Args.notNull("x", (String) taint())); // Good } -} \ No newline at end of file +} diff --git a/java/ql/test/library-tests/frameworks/apache-http/B.java b/java/ql/test/library-tests/frameworks/apache-http/B.java index 493aaadd8e3..d1bca8462d3 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/B.java +++ b/java/ql/test/library-tests/frameworks/apache-http/B.java @@ -14,63 +14,63 @@ class B { class Test1 implements HttpRequestHandler { public void handle(ClassicHttpRequest req, ClassicHttpResponse res, HttpContext ctx) throws IOException, ParseException { - B.sink(req.getAuthority().getHostName()); //$hasTaintFlow - B.sink(req.getAuthority().toString()); //$hasTaintFlow - B.sink(req.getMethod()); //$hasTaintFlow - B.sink(req.getPath()); //$hasTaintFlow - B.sink(req.getScheme()); - B.sink(req.getRequestUri()); //$hasTaintFlow + B.sink(req.getAuthority().getHostName()); // $ hasTaintFlow + B.sink(req.getAuthority().toString()); // $ hasTaintFlow + B.sink(req.getMethod()); // $ hasTaintFlow + B.sink(req.getPath()); // $ hasTaintFlow + B.sink(req.getScheme()); + B.sink(req.getRequestUri()); // $ hasTaintFlow RequestLine line = new RequestLine(req); - B.sink(line.getUri()); //$hasTaintFlow - B.sink(line.getMethod()); //$hasTaintFlow - B.sink(req.getHeaders()); //$hasTaintFlow - B.sink(req.headerIterator()); //$hasTaintFlow + B.sink(line.getUri()); // $ hasTaintFlow + B.sink(line.getMethod()); // $ hasTaintFlow + B.sink(req.getHeaders()); // $ hasTaintFlow + B.sink(req.headerIterator()); // $ hasTaintFlow Header h = req.getHeaders("abc")[3]; - B.sink(h.getName()); //$hasTaintFlow - B.sink(h.getValue()); //$hasTaintFlow - B.sink(req.getFirstHeader("abc")); //$hasTaintFlow - B.sink(req.getLastHeader("abc")); //$hasTaintFlow + B.sink(h.getName()); // $ hasTaintFlow + B.sink(h.getValue()); // $ hasTaintFlow + B.sink(req.getFirstHeader("abc")); // $ hasTaintFlow + B.sink(req.getLastHeader("abc")); // $ hasTaintFlow HttpEntity ent = req.getEntity(); - B.sink(ent.getContent()); //$hasTaintFlow - B.sink(ent.getContentEncoding()); //$hasTaintFlow - B.sink(ent.getContentType()); //$hasTaintFlow - B.sink(ent.getTrailerNames()); //$hasTaintFlow - B.sink(ent.getTrailers().get()); //$hasTaintFlow - B.sink(EntityUtils.toString(ent)); //$hasTaintFlow - B.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow - B.sink(EntityUtils.parse(ent)); //$hasTaintFlow - res.setEntity(new StringEntity("a")); //$hasTaintFlow - res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); //$hasTaintFlow - res.setEntity(HttpEntities.create("a")); //$hasTaintFlow - res.setHeader("Location", req.getRequestUri()); //$hasTaintFlow - res.setHeader(new BasicHeader("Location", req.getRequestUri())); //$hasTaintFlow + B.sink(ent.getContent()); // $ hasTaintFlow + B.sink(ent.getContentEncoding()); // $ hasTaintFlow + B.sink(ent.getContentType()); // $ hasTaintFlow + B.sink(ent.getTrailerNames()); // $ hasTaintFlow + B.sink(ent.getTrailers().get()); // $ hasTaintFlow + B.sink(EntityUtils.toString(ent)); // $ hasTaintFlow + B.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow + B.sink(EntityUtils.parse(ent)); // $ hasTaintFlow + res.setEntity(new StringEntity("a")); // $ hasTaintFlow + res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); // $ hasTaintFlow + res.setEntity(HttpEntities.create("a")); // $ hasTaintFlow + res.setHeader("Location", req.getRequestUri()); // $ hasTaintFlow + res.setHeader(new BasicHeader("Location", req.getRequestUri())); // $ hasTaintFlow } } void test2() { ByteArrayBuffer bbuf = new ByteArrayBuffer(42); - bbuf.append((byte[]) taint(), 0, 3); - sink(bbuf.array()); //$hasTaintFlow - sink(bbuf.toByteArray()); //$hasTaintFlow - sink(bbuf.toString()); + bbuf.append((byte[]) taint(), 0, 3); + sink(bbuf.array()); // $ hasTaintFlow + sink(bbuf.toByteArray()); // $ hasTaintFlow + sink(bbuf.toString()); CharArrayBuffer cbuf = new CharArrayBuffer(42); - cbuf.append(bbuf.toByteArray(), 0, 3); - sink(cbuf.toCharArray()); //$hasTaintFlow - sink(cbuf.toString()); //$hasTaintFlow - sink(cbuf.subSequence(0, 3)); //$hasTaintFlow - sink(cbuf.substring(0, 3)); //$hasTaintFlow - sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow + cbuf.append(bbuf.toByteArray(), 0, 3); + sink(cbuf.toCharArray()); // $ hasTaintFlow + sink(cbuf.toString()); // $ hasTaintFlow + sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow + sink(cbuf.substring(0, 3)); // $ hasTaintFlow + sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow - sink(Args.notNull(taint(), "x")); //$hasTaintFlow - sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow - sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow - sink(Args.notNull("x", (String) taint())); + sink(Args.notNull(taint(), "x")); // $ hasTaintFlow + sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow + sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow + sink(Args.notNull("x", (String) taint())); } class Test3 implements HttpServerRequestHandler { public void handle(ClassicHttpRequest req, HttpServerRequestHandler.ResponseTrigger restr, HttpContext ctx) throws HttpException, IOException { - B.sink(req.getEntity()); //$hasTaintFlow + B.sink(req.getEntity()); // $ hasTaintFlow } } -} \ No newline at end of file +} diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java b/java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java index eb0ca9cad92..667cf56aa3a 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java @@ -29,11 +29,11 @@ public class CollectionPassingTest { Map pojoMap = new HashMap<>(); merge(form.asMultimap().asMap(), pojoMap); // Then - sink(pojoMap.get("value")); //$hasTaintFlow + sink(pojoMap.get("value")); // $ hasTaintFlow pojoMap.forEach((key, value) -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow List values = (List) value; - sink(values.get(0)); //$hasTaintFlow + sink(values.get(0)); // $ hasTaintFlow }); }); } @@ -46,11 +46,11 @@ public class CollectionPassingTest { // When merge(taintedMap, pojoMap); // Then - sink(pojoMap.get("value")); //$hasTaintFlow + sink(pojoMap.get("value")); // $ hasTaintFlow pojoMap.forEach((key, value) -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow List values = (List) value; - sink(values.get(0)); //$hasTaintFlow + sink(values.get(0)); // $ hasTaintFlow }); } @@ -66,5 +66,5 @@ public class CollectionPassingTest { private static Object extractSingleValueIfPossible(Collection values) { return values.size() == 1 ? values.iterator().next() : ImmutableList.copyOf(values); } - + } diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java b/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java index da87794eb56..85adece96c0 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java @@ -53,32 +53,32 @@ class IntegrationTest { void test1(Context ctx) { bindJson(ctx, Pojo.class) .then(pojo ->{ - sink(pojo); //$hasTaintFlow - sink(pojo.value); //$hasTaintFlow - sink(pojo.getValue()); //$hasTaintFlow + sink(pojo); // $ hasTaintFlow + sink(pojo.value); // $ hasTaintFlow + sink(pojo.getValue()); // $ hasTaintFlow }); } void test2(Context ctx) { bindForm(ctx, Pojo.class, defaults -> defaults.put("another", "potato")) .then(pojo ->{ - sink(pojo); //$hasTaintFlow - sink(pojo.value); //$hasTaintFlow - sink(pojo.getValue()); //$hasTaintFlow + sink(pojo); // $ hasTaintFlow + sink(pojo.value); // $ hasTaintFlow + sink(pojo.getValue()); // $ hasTaintFlow }); } void test3() { Object value = extractSingleValueIfPossible(ImmutableList.of("a", taint())); - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow List values = (List) value; - sink(values.get(1)); //$hasTaintFlow + sink(values.get(1)); // $ hasTaintFlow Map weirdMap = new HashMap<>(); weirdMap.put("a", value); weirdMap.forEach((key, mapValue) -> { - sink(mapValue); //$hasTaintFlow + sink(mapValue); // $ hasTaintFlow List values2 = (List) mapValue; - sink(values2.get(0)); //$hasTaintFlow + sink(values2.get(0)); // $ hasTaintFlow }); } @@ -89,13 +89,13 @@ class IntegrationTest { filterAndMerge(pojoForm, mergedParams, name -> false); return mergedParams; }).then(pojoMap -> { - sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow - sink(pojoMap.get("value")); //$hasTaintFlow + sink(pojoMap.keySet().iterator().next()); // $ hasTaintFlow + sink(pojoMap.get("value")); // $ hasTaintFlow pojoMap.forEach((key, value) -> { - sink(key); //$hasTaintFlow - sink(value); //$hasTaintFlow + sink(key); // $ hasTaintFlow + sink(value); // $ hasTaintFlow List values = (List) value; - sink(values.get(0)); //$hasTaintFlow + sink(values.get(0)); // $ hasTaintFlow }); }); } @@ -107,13 +107,13 @@ class IntegrationTest { filterAndMerge_2(pojoForm, mergedParams, name -> false); return mergedParams; }).then(pojoMap -> { - sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow - sink(pojoMap.get("value")); //$hasTaintFlow + sink(pojoMap.keySet().iterator().next()); // $ hasTaintFlow + sink(pojoMap.get("value")); // $ hasTaintFlow pojoMap.forEach((key, value) -> { - sink(key); //$hasTaintFlow - sink(value); //$hasTaintFlow + sink(key); // $ hasTaintFlow + sink(value); // $ hasTaintFlow List values = (List) value; - sink(values.get(0)); //$hasTaintFlow + sink(values.get(0)); // $ hasTaintFlow }); }); } @@ -121,8 +121,8 @@ class IntegrationTest { void test6(Context ctx) { bindQuery(ctx, Pojo.class) .then(pojo -> { - sink(pojo.getValue()); //$hasTaintFlow - sink(pojo.getValues()); //$hasTaintFlow + sink(pojo.getValue()); // $ hasTaintFlow + sink(pojo.getValues()); // $ hasTaintFlow }); } diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/PairTest.java b/java/ql/test/library-tests/frameworks/ratpack/resources/PairTest.java index 70a5ca61e1c..6cee6068733 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/PairTest.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/PairTest.java @@ -21,9 +21,9 @@ public class PairTest { sink(pair.right()); // no taint flow sink(pair.getRight()); // no taint flow Pair updatedLeftPair = pair.left(taint()); - sink(updatedLeftPair.left); //$hasTaintFlow - sink(updatedLeftPair.left()); //$hasTaintFlow - sink(updatedLeftPair.getLeft()); //$hasTaintFlow + sink(updatedLeftPair.left); // $ hasTaintFlow + sink(updatedLeftPair.left()); // $ hasTaintFlow + sink(updatedLeftPair.getLeft()); // $ hasTaintFlow sink(updatedLeftPair.right); // no taint flow sink(updatedLeftPair.right()); // no taint flow sink(updatedLeftPair.getRight()); // no taint flow @@ -31,33 +31,33 @@ public class PairTest { sink(updatedRightPair.left); // no taint flow sink(updatedRightPair.left()); // no taint flow sink(updatedRightPair.getLeft()); // no taint flow - sink(updatedRightPair.right); //$hasTaintFlow - sink(updatedRightPair.right()); //$hasTaintFlow - sink(updatedRightPair.getRight()); //$hasTaintFlow + sink(updatedRightPair.right); // $ hasTaintFlow + sink(updatedRightPair.right()); // $ hasTaintFlow + sink(updatedRightPair.getRight()); // $ hasTaintFlow Pair updatedBothPair = pair.left(taint()).right(taint()); - sink(updatedBothPair.left); //$hasTaintFlow - sink(updatedBothPair.left()); //$hasTaintFlow - sink(updatedBothPair.getLeft()); //$hasTaintFlow - sink(updatedBothPair.right); //$hasTaintFlow - sink(updatedBothPair.right()); //$hasTaintFlow - sink(updatedBothPair.getRight()); //$hasTaintFlow + sink(updatedBothPair.left); // $ hasTaintFlow + sink(updatedBothPair.left()); // $ hasTaintFlow + sink(updatedBothPair.getLeft()); // $ hasTaintFlow + sink(updatedBothPair.right); // $ hasTaintFlow + sink(updatedBothPair.right()); // $ hasTaintFlow + sink(updatedBothPair.getRight()); // $ hasTaintFlow } void test2() { Pair pair = Pair.of(taint(), taint()); - sink(pair.left); //$hasTaintFlow - sink(pair.left()); //$hasTaintFlow - sink(pair.getLeft()); //$hasTaintFlow - sink(pair.right); //$hasTaintFlow - sink(pair.right()); //$hasTaintFlow - sink(pair.getRight()); //$hasTaintFlow + sink(pair.left); // $ hasTaintFlow + sink(pair.left()); // $ hasTaintFlow + sink(pair.getLeft()); // $ hasTaintFlow + sink(pair.right); // $ hasTaintFlow + sink(pair.right()); // $ hasTaintFlow + sink(pair.getRight()); // $ hasTaintFlow Pair> pushedLeftPair = pair.pushLeft("safe"); sink(pushedLeftPair.left()); // no taint flow - sink(pushedLeftPair.right().left()); //$hasTaintFlow - sink(pushedLeftPair.right().right()); //$hasTaintFlow + sink(pushedLeftPair.right().left()); // $ hasTaintFlow + sink(pushedLeftPair.right().right()); // $ hasTaintFlow Pair, String> pushedRightPair = pair.pushRight("safe"); - sink(pushedRightPair.left().left()); //$hasTaintFlow - sink(pushedRightPair.left().right()); //$hasTaintFlow + sink(pushedRightPair.left().left()); // $ hasTaintFlow + sink(pushedRightPair.left().right()); // $ hasTaintFlow sink(pushedRightPair.right()); // no taint flow } @@ -70,39 +70,39 @@ public class PairTest { sink(pair.right()); // no taint flow sink(pair.getRight()); // no taint flow Pair> pushedLeftPair = pair.pushLeft(taint()); - sink(pushedLeftPair.left()); //$hasTaintFlow + sink(pushedLeftPair.left()); // $ hasTaintFlow sink(pushedLeftPair.right().left()); // no taint flow sink(pushedLeftPair.right().right()); // no taint flow Pair, String> pushedRightPair = pair.pushRight(taint()); sink(pushedRightPair.left().left()); // no taint flow sink(pushedRightPair.left().right()); // no taint flow - sink(pushedRightPair.right()); //$hasTaintFlow + sink(pushedRightPair.right()); // $ hasTaintFlow } void test4() { Pair pair = Pair.of(taint(), taint()); - sink(pair.left()); //$hasTaintFlow - sink(pair.right()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow + sink(pair.right()); // $ hasTaintFlow Pair, String> nestLeftPair = pair.nestLeft("safe"); sink(nestLeftPair.left().left()); // no taint flow - sink(nestLeftPair.left().right()); //$hasTaintFlow - sink(nestLeftPair.right()); //$hasTaintFlow + sink(nestLeftPair.left().right()); // $ hasTaintFlow + sink(nestLeftPair.right()); // $ hasTaintFlow Pair> nestRightPair = pair.nestRight("safe"); - sink(nestRightPair.left()); //$hasTaintFlow + sink(nestRightPair.left()); // $ hasTaintFlow sink(nestRightPair.right().left()); // no taint flow - sink(nestRightPair.right().right()); //$hasTaintFlow + sink(nestRightPair.right().right()); // $ hasTaintFlow } void test5() { Pair pair = Pair.of(taint(), "safe"); - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow Pair, String> nestLeftPair = pair.nestLeft("safe"); sink(nestLeftPair.left().left()); // no taint flow - sink(nestLeftPair.left().right()); //$hasTaintFlow + sink(nestLeftPair.left().right()); // $ hasTaintFlow sink(nestLeftPair.right()); // no taint flow Pair> nestRightPair = pair.nestRight("safe"); - sink(nestRightPair.left()); //$hasTaintFlow + sink(nestRightPair.left()); // $ hasTaintFlow sink(nestRightPair.right().left()); // no taint flow sink(nestRightPair.right().right()); // no taint flow } @@ -110,15 +110,15 @@ public class PairTest { void test6() { Pair pair = Pair.of("safe", taint()); sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow Pair, String> nestLeftPair = pair.nestLeft("safe"); sink(nestLeftPair.left().left()); // no taint flow sink(nestLeftPair.left().right()); // no taint flow - sink(nestLeftPair.right()); //$hasTaintFlow + sink(nestLeftPair.right()); // $ hasTaintFlow Pair> nestRightPair = pair.nestRight("safe"); sink(nestRightPair.left()); // no taint flow sink(nestRightPair.right().left()); // no taint flow - sink(nestRightPair.right().right()); //$hasTaintFlow + sink(nestRightPair.right().right()); // $ hasTaintFlow } void test7() { @@ -141,7 +141,7 @@ public class PairTest { sink(left); // no taint flow return taint(); }); - sink(taintLeft.left()); //$hasTaintFlow + sink(taintLeft.left()); // $ hasTaintFlow sink(taintLeft.right()); // no taint flow } @@ -152,43 +152,43 @@ public class PairTest { return taint(); }); sink(taintRight.left()); // no taint flow - sink(taintRight.right()); //$hasTaintFlow + sink(taintRight.right()); // $ hasTaintFlow } void test10() throws Exception { Pair pair = Pair.of(taint(), taint()); Pair taintLeft = pair.mapLeft(left -> { - sink(left); //$hasTaintFlow + sink(left); // $ hasTaintFlow return "safe"; }); sink(taintLeft.left()); // no taint flow - sink(taintLeft.right()); //$hasTaintFlow + sink(taintLeft.right()); // $ hasTaintFlow } void test11() throws Exception { Pair pair = Pair.of(taint(), taint()); Pair taintRight = pair.mapRight(right -> { - sink(right); //$hasTaintFlow + sink(right); // $ hasTaintFlow return "safe"; }); - sink(taintRight.left()); //$hasTaintFlow + sink(taintRight.left()); // $ hasTaintFlow sink(taintRight.right()); // no taint flow } void test12() throws Exception { Pair pair = Pair.of(taint(), taint()); String safe = pair.map(p -> { - sink(p.left()); //$hasTaintFlow - sink(p.right()); //$hasTaintFlow + sink(p.left()); // $ hasTaintFlow + sink(p.right()); // $ hasTaintFlow return "safe"; }); sink(safe); // no taint flow String unsafe = pair.map(p -> { - sink(p.left()); //$hasTaintFlow - sink(p.right()); //$hasTaintFlow + sink(p.left()); // $ hasTaintFlow + sink(p.right()); // $ hasTaintFlow return taint(); }); - sink(unsafe); //$hasTaintFlow + sink(unsafe); // $ hasTaintFlow } void test13() { @@ -197,20 +197,20 @@ public class PairTest { .left(Promise.value("safe")) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); Promise .value(taint()) .right(Promise.value("safe")) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise .value("safe") .left(Promise.value(taint())) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise @@ -218,7 +218,7 @@ public class PairTest { .right(Promise.value(taint())) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); } @@ -226,21 +226,21 @@ public class PairTest { Promise .value(taint()) .left(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return "safe"; }) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); Promise .value(taint()) .right(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return "safe"; }) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise @@ -250,7 +250,7 @@ public class PairTest { return taint(); }) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise @@ -261,7 +261,7 @@ public class PairTest { }) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); } @@ -269,21 +269,21 @@ public class PairTest { Promise .value(taint()) .flatLeft(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return Promise.value("safe"); }) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); Promise .value(taint()) .flatRight(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return Promise.value("safe"); }) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise @@ -292,7 +292,7 @@ public class PairTest { return Promise.value(taint()); }) .then(pair -> { - sink(pair.left()); //$hasTaintFlow + sink(pair.left()); // $ hasTaintFlow sink(pair.right()); // no taint flow }); Promise @@ -302,7 +302,7 @@ public class PairTest { }) .then(pair -> { sink(pair.left()); // no taint flow - sink(pair.right()); //$hasTaintFlow + sink(pair.right()); // $ hasTaintFlow }); } } diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java b/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java index 695ad907d1f..19ec14fd236 100644 --- a/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java +++ b/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java @@ -19,59 +19,59 @@ class Resource { } void test1(Context ctx) { - sink(ctx.getRequest().getContentLength()); //$hasTaintFlow - sink(ctx.getRequest().getCookies()); //$hasTaintFlow - sink(ctx.getRequest().oneCookie("Magic-Cookie")); //$hasTaintFlow - sink(ctx.getRequest().getHeaders()); //$hasTaintFlow - sink(ctx.getRequest().getHeaders().get("questionable_header")); //$hasTaintFlow - sink(ctx.getRequest().getHeaders().getAll("questionable_header")); //$hasTaintFlow - sink(ctx.getRequest().getHeaders().getNames()); //$hasTaintFlow - sink(ctx.getRequest().getHeaders().asMultiValueMap()); //$hasTaintFlow - sink(ctx.getRequest().getHeaders().asMultiValueMap().get("questionable_header")); //$hasTaintFlow - sink(ctx.getRequest().getPath()); //$hasTaintFlow - sink(ctx.getRequest().getQuery()); //$hasTaintFlow - sink(ctx.getRequest().getQueryParams()); //$hasTaintFlow - sink(ctx.getRequest().getQueryParams().get("questionable_parameter")); //$hasTaintFlow - sink(ctx.getRequest().getRawUri()); //$hasTaintFlow - sink(ctx.getRequest().getUri()); //$hasTaintFlow + sink(ctx.getRequest().getContentLength()); // $ hasTaintFlow + sink(ctx.getRequest().getCookies()); // $ hasTaintFlow + sink(ctx.getRequest().oneCookie("Magic-Cookie")); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders()); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders().get("questionable_header")); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders().getAll("questionable_header")); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders().getNames()); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders().asMultiValueMap()); // $ hasTaintFlow + sink(ctx.getRequest().getHeaders().asMultiValueMap().get("questionable_header")); // $ hasTaintFlow + sink(ctx.getRequest().getPath()); // $ hasTaintFlow + sink(ctx.getRequest().getQuery()); // $ hasTaintFlow + sink(ctx.getRequest().getQueryParams()); // $ hasTaintFlow + sink(ctx.getRequest().getQueryParams().get("questionable_parameter")); // $ hasTaintFlow + sink(ctx.getRequest().getRawUri()); // $ hasTaintFlow + sink(ctx.getRequest().getUri()); // $ hasTaintFlow } void test2(Context ctx, OutputStream os) { ctx.getRequest().getBody().then(td -> { - sink(td); //$hasTaintFlow - sink(td.getText()); //$hasTaintFlow - sink(td.getBuffer()); //$hasTaintFlow - sink(td.getBytes()); //$hasTaintFlow - sink(td.getContentType()); //$hasTaintFlow - sink(td.getInputStream()); //$hasTaintFlow + sink(td); // $ hasTaintFlow + sink(td.getText()); // $ hasTaintFlow + sink(td.getBuffer()); // $ hasTaintFlow + sink(td.getBytes()); // $ hasTaintFlow + sink(td.getContentType()); // $ hasTaintFlow + sink(td.getInputStream()); // $ hasTaintFlow sink(os); td.writeTo(os); - sink(os); //$hasTaintFlow + sink(os); // $ hasTaintFlow if (td instanceof UploadedFile) { UploadedFile uf = (UploadedFile) td; - sink(uf.getFileName()); //$hasTaintFlow + sink(uf.getFileName()); // $ hasTaintFlow } }); } void test3(Context ctx) { ctx.getRequest().getBody().map(TypedData::getText).then(s -> { - sink(s); //$hasTaintFlow + sink(s); // $ hasTaintFlow }); ctx.getRequest().getBody().map(b -> { - sink(b); //$hasTaintFlow - sink(b.getText()); //$hasTaintFlow + sink(b); // $ hasTaintFlow + sink(b.getText()); // $ hasTaintFlow return b.getText(); }).then(t -> { - sink(t); //$hasTaintFlow + sink(t); // $ hasTaintFlow }); - ctx.getRequest().getBody().map(TypedData::getText).then(this::sink); //$hasTaintFlow + ctx.getRequest().getBody().map(TypedData::getText).then(this::sink); // $ hasTaintFlow ctx .getRequest() .getBody() .map(TypedData::getText) - .next(this::sink) //$hasTaintFlow - .then(this::sink); //$hasTaintFlow + .next(this::sink) // $ hasTaintFlow + .then(this::sink); // $ hasTaintFlow } void test4() { @@ -79,11 +79,11 @@ class Resource { Promise.value(tainted); Promise .value(tainted) - .then(this::sink); //$hasTaintFlow + .then(this::sink); // $ hasTaintFlow Promise .value(tainted) .map(a -> a) - .then(this::sink); //$hasTaintFlow + .then(this::sink); // $ hasTaintFlow } void test5(Context ctx) { @@ -92,22 +92,22 @@ class Resource { .getBody() .map(data -> { Form form = ctx.parse(data, Form.form()); - sink(form); //$hasTaintFlow + sink(form); // $ hasTaintFlow return form; }) .then(form -> { - sink(form.file("questionable_file")); //$hasTaintFlow - sink(form.file("questionable_file").getFileName()); //$hasTaintFlow - sink(form.files("questionable_files")); //$hasTaintFlow - sink(form.files()); //$hasTaintFlow - sink(form.get("questionable_parameter")); //$hasTaintFlow - sink(form.getAll().get("questionable_parameter").get(0)); //$hasTaintFlow - sink(form.getAll("questionable_parameter").get(0)); //$hasTaintFlow - sink(form.asMultimap().get("questionable_parameter")); //$hasTaintFlow - sink(form.asMultimap().asMap()); //$hasTaintFlow + sink(form.file("questionable_file")); // $ hasTaintFlow + sink(form.file("questionable_file").getFileName()); // $ hasTaintFlow + sink(form.files("questionable_files")); // $ hasTaintFlow + sink(form.files()); // $ hasTaintFlow + sink(form.get("questionable_parameter")); // $ hasTaintFlow + sink(form.getAll().get("questionable_parameter").get(0)); // $ hasTaintFlow + sink(form.getAll("questionable_parameter").get(0)); // $ hasTaintFlow + sink(form.asMultimap().get("questionable_parameter")); // $ hasTaintFlow + sink(form.asMultimap().asMap()); // $ hasTaintFlow form.asMultimap().asMap().forEach((name, values) -> { - sink(name); //$hasTaintFlow - sink(values); //$hasTaintFlow + sink(name); // $ hasTaintFlow + sink(values); // $ hasTaintFlow }); }); } @@ -116,17 +116,17 @@ class Resource { ctx .parse(Parse.of(Form.class)) .then(form -> { - sink(form); //$hasTaintFlow + sink(form); // $ hasTaintFlow }); ctx .parse(Form.class) .then(form -> { - sink(form); //$hasTaintFlow + sink(form); // $ hasTaintFlow }); ctx .parse(Form.class, "Some Object") .then(form -> { - sink(form); //$hasTaintFlow + sink(form); // $ hasTaintFlow }); } @@ -135,50 +135,50 @@ class Resource { Promise .flatten(() -> Promise.value(tainted)) .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .onError(Action.noop()) .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .cache() .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .fork() .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .route(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return false; }, value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .cacheIf(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return true; }) .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .onError(RuntimeException.class, Action.noop()) .next(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .map(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return value; }) .blockingMap(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return value; }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -191,7 +191,7 @@ class Resource { return "potato"; }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value("potato") @@ -199,7 +199,7 @@ class Resource { return taint(); }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value(tainted) @@ -208,7 +208,7 @@ class Resource { return Promise.value("potato"); }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value("potato") @@ -216,7 +216,7 @@ class Resource { return Promise.value(taint()); }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -226,7 +226,7 @@ class Resource { .value(tainted) .map(Resource::identity) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value("potato") @@ -238,7 +238,7 @@ class Resource { .value(tainted) .flatMap(v -> Promise.value(v)) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -252,7 +252,7 @@ class Resource { .value(tainted) .apply(Resource::promiseIdentity) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value("potato") @@ -261,7 +261,7 @@ class Resource { sink(value); // no taints flow }); } - + public static Promise promiseIdentity(Promise input) { return input.map(i -> i); } @@ -272,7 +272,7 @@ class Resource { .value(tainted) .map(a -> a) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .value("potato") @@ -287,40 +287,40 @@ class Resource { Promise .sync(() -> tainted) .mapIf(v -> { - sink(v); //$hasTaintFlow + sink(v); // $ hasTaintFlow return true; }, v -> { - sink(v); //$hasTaintFlow + sink(v); // $ hasTaintFlow return v; }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .sync(() -> tainted) .mapIf(v -> { - sink(v); //$hasTaintFlow + sink(v); // $ hasTaintFlow return true; }, vTrue -> { - sink(vTrue); //$hasTaintFlow + sink(vTrue); // $ hasTaintFlow return vTrue; }, vFalse -> { - sink(vFalse); //$hasTaintFlow + sink(vFalse); // $ hasTaintFlow return vFalse; }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); Promise .sync(() -> tainted) .mapIf(v -> { - sink(v); //$hasTaintFlow + sink(v); // $ hasTaintFlow return true; }, vTrue -> { - sink(vTrue); //$hasTaintFlow + sink(vTrue); // $ hasTaintFlow return "potato"; }, vFalse -> { - sink(vFalse); //$hasTaintFlow + sink(vFalse); // $ hasTaintFlow return "potato"; }) .then(value -> { @@ -340,7 +340,7 @@ class Resource { .value("safe") .replace(Promise.value(tainted)) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -349,10 +349,10 @@ class Resource { Promise .value(tainted) .blockingOp(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -361,16 +361,16 @@ class Resource { Promise .value(tainted) .nextOp(value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow })) .nextOpIf(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow return true; }, value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow })) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } @@ -379,23 +379,23 @@ class Resource { Promise .value(tainted) .flatOp(value -> Operation.of(() -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow })); } void test17() throws Exception { String tainted = taint(); Result result = Result.success(tainted); - sink(result.getValue()); //$hasTaintFlow - sink(result.getValueOrThrow()); //$hasTaintFlow + sink(result.getValue()); // $ hasTaintFlow + sink(result.getValueOrThrow()); // $ hasTaintFlow Promise .value(tainted) .wiretap(r -> { - sink(r.getValue()); //$hasTaintFlow - sink(r.getValueOrThrow()); //$hasTaintFlow + sink(r.getValue()); // $ hasTaintFlow + sink(r.getValueOrThrow()); // $ hasTaintFlow }) .then(value -> { - sink(value); //$hasTaintFlow + sink(value); // $ hasTaintFlow }); } diff --git a/java/ql/test/library-tests/frameworks/spring/data/Test.java b/java/ql/test/library-tests/frameworks/spring/data/Test.java index e23fc652692..977fec5f983 100644 --- a/java/ql/test/library-tests/frameworks/spring/data/Test.java +++ b/java/ql/test/library-tests/frameworks/spring/data/Test.java @@ -14,6 +14,6 @@ public class Test { void testCrudRepository(CrudRepository cr) { Struct s = new Struct(source()); s = cr.save(s); - sink(s.field); //$hasValueFlow + sink(s.field); // $ hasValueFlow } } diff --git a/java/ql/test/query-tests/Escaping/Escaping.java b/java/ql/test/query-tests/Escaping/Escaping.java index 9d3b568369a..9896177103d 100644 --- a/java/ql/test/query-tests/Escaping/Escaping.java +++ b/java/ql/test/query-tests/Escaping/Escaping.java @@ -1,12 +1,12 @@ @ThreadSafe public class Escaping { - int x; //$ Alert - public int y = 0; //$ Alert + int x; // $ Alert + public int y = 0; // $ Alert private int z = 3; final int w = 0; public final int u = 4; private final long a = 5; - protected long b = 0; //$ Alert + protected long b = 0; // $ Alert protected final long c = 0L; volatile long d = 3; protected volatile long e = 3L; @@ -14,4 +14,4 @@ public class Escaping { public void methodLocal() { int i; } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/SafePublication/SafePublication.java b/java/ql/test/query-tests/SafePublication/SafePublication.java index 9c1d031987b..c92a816de80 100644 --- a/java/ql/test/query-tests/SafePublication/SafePublication.java +++ b/java/ql/test/query-tests/SafePublication/SafePublication.java @@ -2,19 +2,19 @@ public class SafePublication { int x; int y = 0; - int z = 3; //$ Alert - int w; //$ Alert - int u; //$ Alert + int z = 3; // $ Alert + int w; // $ Alert + int u; // $ Alert long a; long b = 0; long c = 0L; - long d = 3; //$ Alert - long e = 3L; //$ Alert + long d = 3; // $ Alert + long e = 3L; // $ Alert - int[] arr = new int[3]; //$ Alert + int[] arr = new int[3]; // $ Alert float f = 0.0f; double dd = 00.0d; - char cc = 'a'; //$ Alert + char cc = 'a'; // $ Alert char ok = '\u0000'; public SafePublication(int a) { @@ -26,4 +26,4 @@ public class SafePublication { public void methodLocal() { int i; } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/ThreadSafe/examples/Test3Super.java b/java/ql/test/query-tests/ThreadSafe/examples/Test3Super.java index 5a48e20bc05..66327937801 100644 --- a/java/ql/test/query-tests/ThreadSafe/examples/Test3Super.java +++ b/java/ql/test/query-tests/ThreadSafe/examples/Test3Super.java @@ -8,10 +8,10 @@ public class Test3Super extends Test2 { // We might want an alert here for the } public void y() { - super.x = 0; //$ MISSING: Alert + super.x = 0; // $ MISSING: Alert } public void yLst() { - super.lst.add("Hello!"); //$ MISSING: Alert + super.lst.add("Hello!"); // $ MISSING: Alert } }