hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

java: Inline expectation should have space before $

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-03-04 12:09:06 +00:00
parent ddebdad9e1
commit f41c30e335
11 changed files with 301 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
java/ql/test/library-tests/dataflow/taint-jackson/Test.java
View File

@@ -34,22 +34,22 @@ class Test {
ObjectMapper om = new ObjectMapper();
File file = new File("testFile");
om.writeValue(file, s);
sink(file); //$hasTaintFlow
sink(file); // $ hasTaintFlow
OutputStream out = new FileOutputStream(file);
om.writeValue(out, s);
sink(file); //$hasTaintFlow
sink(file); // $ hasTaintFlow
Writer writer = new StringWriter();
om.writeValue(writer, s);
sink(writer); //$hasTaintFlow
sink(writer); // $ hasTaintFlow
JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter());
om.writeValue(generator, s);
sink(generator); //$hasTaintFlow
sink(generator); // $ hasTaintFlow
String t = om.writeValueAsString(s);
sink(t); //$hasTaintFlow
sink(t); // $ hasTaintFlow
byte[] bs = om.writeValueAsBytes(s);
String reconstructed = new String(bs, "utf-8");
sink(bs); //$hasTaintFlow
sink(reconstructed); //$hasTaintFlow
sink(bs); // $ hasTaintFlow
sink(reconstructed); // $ hasTaintFlow
}
public static void jacksonObjectWriter() throws Exception {
@@ -57,44 +57,44 @@ class Test {
ObjectWriter ow = new ObjectWriter();
File file = new File("testFile");
ow.writeValue(file, s);
sink(file); //$hasTaintFlow
sink(file); // $ hasTaintFlow
OutputStream out = new FileOutputStream(file);
ow.writeValue(out, s);
sink(out); //$hasTaintFlow
sink(out); // $ hasTaintFlow
Writer writer = new StringWriter();
ow.writeValue(writer, s);
sink(writer); //$hasTaintFlow
sink(writer); // $ hasTaintFlow
JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter());
ow.writeValue(generator, s);
sink(generator); //$hasTaintFlow
sink(generator); // $ hasTaintFlow
String t = ow.writeValueAsString(s);
sink(t); //$hasTaintFlow
sink(t); // $ hasTaintFlow
byte[] bs = ow.writeValueAsBytes(s);
String reconstructed = new String(bs, "utf-8");
sink(bs); //$hasTaintFlow
sink(reconstructed); //$hasTaintFlow
sink(bs); // $ hasTaintFlow
sink(reconstructed); // $ hasTaintFlow
}
public static void jacksonObjectReader() throws java.io.IOException {
String s = taint();
ObjectMapper om = new ObjectMapper();
ObjectReader reader = om.readerFor(Potato.class);
sink(reader.readValue(s)); //$hasTaintFlow
sink(reader.readValue(s, Potato.class).name); //$hasTaintFlow
sink(reader.readValue(s, Potato.class).getName()); //$hasTaintFlow
sink(reader.readValue(s)); // $ hasTaintFlow
sink(reader.readValue(s, Potato.class).name); // $ hasTaintFlow
sink(reader.readValue(s, Potato.class).getName()); // $ hasTaintFlow
}
public static void jacksonObjectReaderIterable() throws java.io.IOException {
String s = taint();
ObjectMapper om = new ObjectMapper();
ObjectReader reader = om.readerFor(Potato.class);
sink(reader.readValues(s)); //$hasTaintFlow
sink(reader.readValues(s)); // $ hasTaintFlow
Iterator<Potato> pIterator = reader.readValues(s);
while(pIterator.hasNext()) {
Potato p = pIterator.next();
sink(p); //$hasTaintFlow
sink(p.name); //$hasTaintFlow
sink(p.getName()); //$hasTaintFlow
sink(p); // $ hasTaintFlow
sink(p.name); // $ hasTaintFlow
sink(p.getName()); // $ hasTaintFlow
}
}
@@ -104,9 +104,9 @@ class Test {
taintedParams.put("name", s);
ObjectMapper om = new ObjectMapper();
JsonNode jn = om.valueToTree(taintedParams);
sink(jn); //$hasTaintFlow
sink(jn); // $ hasTaintFlow
Potato p = om.convertValue(jn, Potato.class);
sink(p); //$hasTaintFlow
sink(p.getName()); //$hasTaintFlow
sink(p); // $ hasTaintFlow
sink(p.getName()); // $ hasTaintFlow
}
}

70
java/ql/test/library-tests/frameworks/apache-http/A.java
View File

@@ -12,54 +12,54 @@ class A {
class Test1 implements HttpRequestHandler {
public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) throws IOException {
A.sink(req.getRequestLine()); //$hasTaintFlow
A.sink(req.getRequestLine().getUri()); //$hasTaintFlow
A.sink(req.getRequestLine().getMethod()); //$hasTaintFlow
A.sink(req.getAllHeaders()); //$hasTaintFlow
A.sink(req.getRequestLine()); // $ hasTaintFlow
A.sink(req.getRequestLine().getUri()); // $ hasTaintFlow
A.sink(req.getRequestLine().getMethod()); // $ hasTaintFlow
A.sink(req.getAllHeaders()); // $ hasTaintFlow
HeaderIterator it = req.headerIterator();
A.sink(it.next()); //$hasTaintFlow
A.sink(it.nextHeader()); //$hasTaintFlow
A.sink(it.next()); // $ hasTaintFlow
A.sink(it.nextHeader()); // $ hasTaintFlow
Header h = req.getHeaders("abc")[3];
A.sink(h.getName()); //$hasTaintFlow
A.sink(h.getValue()); //$hasTaintFlow
A.sink(h.getName()); // $ hasTaintFlow
A.sink(h.getValue()); // $ hasTaintFlow
HeaderElement el = h.getElements()[0];
A.sink(el.getName()); //$hasTaintFlow
A.sink(el.getValue()); //$hasTaintFlow
A.sink(el.getParameters()); //$hasTaintFlow
A.sink(el.getParameterByName("abc").getValue()); //$hasTaintFlow
A.sink(el.getParameter(0).getName()); //$hasTaintFlow
A.sink(el.getName()); // $ hasTaintFlow
A.sink(el.getValue()); // $ hasTaintFlow
A.sink(el.getParameters()); // $ hasTaintFlow
A.sink(el.getParameterByName("abc").getValue()); // $ hasTaintFlow
A.sink(el.getParameter(0).getName()); // $ hasTaintFlow
HttpEntity ent = ((HttpEntityEnclosingRequest)req).getEntity();
A.sink(ent.getContent()); //$hasTaintFlow
A.sink(ent.getContentEncoding()); //$hasTaintFlow
A.sink(ent.getContentType()); //$hasTaintFlow
A.sink(EntityUtils.toString(ent)); //$hasTaintFlow
A.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow
A.sink(EntityUtils.getContentCharSet(ent)); //$hasTaintFlow
A.sink(EntityUtils.getContentMimeType(ent)); //$hasTaintFlow
res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>")); //$hasTaintFlow
EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); //$hasTaintFlow
res.setHeader("Location", req.getRequestLine().getUri()); //$hasTaintFlow
res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); //$hasTaintFlow
A.sink(ent.getContent()); // $ hasTaintFlow
A.sink(ent.getContentEncoding()); // $ hasTaintFlow
A.sink(ent.getContentType()); // $ hasTaintFlow
A.sink(EntityUtils.toString(ent)); // $ hasTaintFlow
A.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow
A.sink(EntityUtils.getContentCharSet(ent)); // $ hasTaintFlow
A.sink(EntityUtils.getContentMimeType(ent)); // $ hasTaintFlow
res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>")); // $ hasTaintFlow
EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); // $ hasTaintFlow
res.setHeader("Location", req.getRequestLine().getUri()); // $ hasTaintFlow
res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); // $ hasTaintFlow
}
}
void test2() {
ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
bbuf.append((byte[]) taint(), 0, 3);
sink(bbuf.buffer()); //$hasTaintFlow
sink(bbuf.toByteArray()); //$hasTaintFlow
sink(bbuf.buffer()); // $ hasTaintFlow
sink(bbuf.toByteArray()); // $ hasTaintFlow
CharArrayBuffer cbuf = new CharArrayBuffer(42);
cbuf.append(bbuf.toByteArray(), 0, 3);
sink(cbuf.toCharArray()); //$hasTaintFlow
sink(cbuf.toString()); //$hasTaintFlow
sink(cbuf.subSequence(0, 3)); //$hasTaintFlow
sink(cbuf.substring(0, 3)); //$hasTaintFlow
sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow
sink(cbuf.toCharArray()); // $ hasTaintFlow
sink(cbuf.toString()); // $ hasTaintFlow
sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow
sink(cbuf.substring(0, 3)); // $ hasTaintFlow
sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow
sink(Args.notNull(taint(), "x")); //$hasTaintFlow
sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow
sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow
sink(Args.notNull(taint(), "x")); // $ hasTaintFlow
sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow
sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow
sink(Args.notNull("x", (String) taint())); // Good
}
}
}

86
java/ql/test/library-tests/frameworks/apache-http/B.java
View File

@@ -14,63 +14,63 @@ class B {
class Test1 implements HttpRequestHandler {
public void handle(ClassicHttpRequest req, ClassicHttpResponse res, HttpContext ctx) throws IOException, ParseException {
B.sink(req.getAuthority().getHostName()); //$hasTaintFlow
B.sink(req.getAuthority().toString()); //$hasTaintFlow
B.sink(req.getMethod()); //$hasTaintFlow
B.sink(req.getPath()); //$hasTaintFlow
B.sink(req.getScheme());
B.sink(req.getRequestUri()); //$hasTaintFlow
B.sink(req.getAuthority().getHostName()); // $ hasTaintFlow
B.sink(req.getAuthority().toString()); // $ hasTaintFlow
B.sink(req.getMethod()); // $ hasTaintFlow
B.sink(req.getPath()); // $ hasTaintFlow
B.sink(req.getScheme());
B.sink(req.getRequestUri()); // $ hasTaintFlow
RequestLine line = new RequestLine(req);
B.sink(line.getUri()); //$hasTaintFlow
B.sink(line.getMethod()); //$hasTaintFlow
B.sink(req.getHeaders()); //$hasTaintFlow
B.sink(req.headerIterator()); //$hasTaintFlow
B.sink(line.getUri()); // $ hasTaintFlow
B.sink(line.getMethod()); // $ hasTaintFlow
B.sink(req.getHeaders()); // $ hasTaintFlow
B.sink(req.headerIterator()); // $ hasTaintFlow
Header h = req.getHeaders("abc")[3];
B.sink(h.getName()); //$hasTaintFlow
B.sink(h.getValue()); //$hasTaintFlow
B.sink(req.getFirstHeader("abc")); //$hasTaintFlow
B.sink(req.getLastHeader("abc")); //$hasTaintFlow
B.sink(h.getName()); // $ hasTaintFlow
B.sink(h.getValue()); // $ hasTaintFlow
B.sink(req.getFirstHeader("abc")); // $ hasTaintFlow
B.sink(req.getLastHeader("abc")); // $ hasTaintFlow
HttpEntity ent = req.getEntity();
B.sink(ent.getContent()); //$hasTaintFlow
B.sink(ent.getContentEncoding()); //$hasTaintFlow
B.sink(ent.getContentType()); //$hasTaintFlow
B.sink(ent.getTrailerNames()); //$hasTaintFlow
B.sink(ent.getTrailers().get()); //$hasTaintFlow
B.sink(EntityUtils.toString(ent)); //$hasTaintFlow
B.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow
B.sink(EntityUtils.parse(ent)); //$hasTaintFlow
res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>")); //$hasTaintFlow
res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); //$hasTaintFlow
res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>")); //$hasTaintFlow
res.setHeader("Location", req.getRequestUri()); //$hasTaintFlow
res.setHeader(new BasicHeader("Location", req.getRequestUri())); //$hasTaintFlow
B.sink(ent.getContent()); // $ hasTaintFlow
B.sink(ent.getContentEncoding()); // $ hasTaintFlow
B.sink(ent.getContentType()); // $ hasTaintFlow
B.sink(ent.getTrailerNames()); // $ hasTaintFlow
B.sink(ent.getTrailers().get()); // $ hasTaintFlow
B.sink(EntityUtils.toString(ent)); // $ hasTaintFlow
B.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow
B.sink(EntityUtils.parse(ent)); // $ hasTaintFlow
res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>")); // $ hasTaintFlow
res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); // $ hasTaintFlow
res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>")); // $ hasTaintFlow
res.setHeader("Location", req.getRequestUri()); // $ hasTaintFlow
res.setHeader(new BasicHeader("Location", req.getRequestUri())); // $ hasTaintFlow
}
}
void test2() {
ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
bbuf.append((byte[]) taint(), 0, 3);
sink(bbuf.array()); //$hasTaintFlow
sink(bbuf.toByteArray()); //$hasTaintFlow
sink(bbuf.toString());
bbuf.append((byte[]) taint(), 0, 3);
sink(bbuf.array()); // $ hasTaintFlow
sink(bbuf.toByteArray()); // $ hasTaintFlow
sink(bbuf.toString());
CharArrayBuffer cbuf = new CharArrayBuffer(42);
cbuf.append(bbuf.toByteArray(), 0, 3);
sink(cbuf.toCharArray()); //$hasTaintFlow
sink(cbuf.toString()); //$hasTaintFlow
sink(cbuf.subSequence(0, 3)); //$hasTaintFlow
sink(cbuf.substring(0, 3)); //$hasTaintFlow
sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow
cbuf.append(bbuf.toByteArray(), 0, 3);
sink(cbuf.toCharArray()); // $ hasTaintFlow
sink(cbuf.toString()); // $ hasTaintFlow
sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow
sink(cbuf.substring(0, 3)); // $ hasTaintFlow
sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow
sink(Args.notNull(taint(), "x")); //$hasTaintFlow
sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow
sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow
sink(Args.notNull("x", (String) taint()));
sink(Args.notNull(taint(), "x")); // $ hasTaintFlow
sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow
sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow
sink(Args.notNull("x", (String) taint()));
}
class Test3 implements HttpServerRequestHandler {
public void handle(ClassicHttpRequest req, HttpServerRequestHandler.ResponseTrigger restr, HttpContext ctx) throws HttpException, IOException {
B.sink(req.getEntity()); //$hasTaintFlow
B.sink(req.getEntity()); // $ hasTaintFlow
}
}
}
}

14
java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java
View File

@@ -29,11 +29,11 @@ public class CollectionPassingTest {
Map<String, Object> pojoMap = new HashMap<>();
merge(form.asMultimap().asMap(), pojoMap);
// Then
sink(pojoMap.get("value")); //$hasTaintFlow
sink(pojoMap.get("value")); // $ hasTaintFlow
pojoMap.forEach((key, value) -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
List<Object> values = (List<Object>) value;
sink(values.get(0)); //$hasTaintFlow
sink(values.get(0)); // $ hasTaintFlow
});
});
}
@@ -46,11 +46,11 @@ public class CollectionPassingTest {
// When
merge(taintedMap, pojoMap);
// Then
sink(pojoMap.get("value")); //$hasTaintFlow
sink(pojoMap.get("value")); // $ hasTaintFlow
pojoMap.forEach((key, value) -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
List<Object> values = (List<Object>) value;
sink(values.get(0)); //$hasTaintFlow
sink(values.get(0)); // $ hasTaintFlow
});
}
@@ -66,5 +66,5 @@ public class CollectionPassingTest {
private static Object extractSingleValueIfPossible(Collection<String> values) {
return values.size() == 1 ? values.iterator().next() : ImmutableList.copyOf(values);
}
}

44
java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java
View File

@@ -53,32 +53,32 @@ class IntegrationTest {
void test1(Context ctx) {
bindJson(ctx, Pojo.class)
.then(pojo ->{
sink(pojo); //$hasTaintFlow
sink(pojo.value); //$hasTaintFlow
sink(pojo.getValue()); //$hasTaintFlow
sink(pojo); // $ hasTaintFlow
sink(pojo.value); // $ hasTaintFlow
sink(pojo.getValue()); // $ hasTaintFlow
});
}
void test2(Context ctx) {
bindForm(ctx, Pojo.class, defaults -> defaults.put("another", "potato"))
.then(pojo ->{
sink(pojo); //$hasTaintFlow
sink(pojo.value); //$hasTaintFlow
sink(pojo.getValue()); //$hasTaintFlow
sink(pojo); // $ hasTaintFlow
sink(pojo.value); // $ hasTaintFlow
sink(pojo.getValue()); // $ hasTaintFlow
});
}
void test3() {
Object value = extractSingleValueIfPossible(ImmutableList.of("a", taint()));
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
List<Object> values = (List<Object>) value;
sink(values.get(1)); //$hasTaintFlow
sink(values.get(1)); // $ hasTaintFlow
Map<String, Object> weirdMap = new HashMap<>();
weirdMap.put("a", value);
weirdMap.forEach((key, mapValue) -> {
sink(mapValue); //$hasTaintFlow
sink(mapValue); // $ hasTaintFlow
List<Object> values2 = (List<Object>) mapValue;
sink(values2.get(0)); //$hasTaintFlow
sink(values2.get(0)); // $ hasTaintFlow
});
}
@@ -89,13 +89,13 @@ class IntegrationTest {
filterAndMerge(pojoForm, mergedParams, name -> false);
return mergedParams;
}).then(pojoMap -> {
sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow
sink(pojoMap.get("value")); //$hasTaintFlow
sink(pojoMap.keySet().iterator().next()); // $ hasTaintFlow
sink(pojoMap.get("value")); // $ hasTaintFlow
pojoMap.forEach((key, value) -> {
sink(key); //$hasTaintFlow
sink(value); //$hasTaintFlow
sink(key); // $ hasTaintFlow
sink(value); // $ hasTaintFlow
List<Object> values = (List<Object>) value;
sink(values.get(0)); //$hasTaintFlow
sink(values.get(0)); // $ hasTaintFlow
});
});
}
@@ -107,13 +107,13 @@ class IntegrationTest {
filterAndMerge_2(pojoForm, mergedParams, name -> false);
return mergedParams;
}).then(pojoMap -> {
sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow
sink(pojoMap.get("value")); //$hasTaintFlow
sink(pojoMap.keySet().iterator().next()); // $ hasTaintFlow
sink(pojoMap.get("value")); // $ hasTaintFlow
pojoMap.forEach((key, value) -> {
sink(key); //$hasTaintFlow
sink(value); //$hasTaintFlow
sink(key); // $ hasTaintFlow
sink(value); // $ hasTaintFlow
List<Object> values = (List<Object>) value;
sink(values.get(0)); //$hasTaintFlow
sink(values.get(0)); // $ hasTaintFlow
});
});
}
@@ -121,8 +121,8 @@ class IntegrationTest {
void test6(Context ctx) {
bindQuery(ctx, Pojo.class)
.then(pojo -> {
sink(pojo.getValue()); //$hasTaintFlow
sink(pojo.getValues()); //$hasTaintFlow
sink(pojo.getValue()); // $ hasTaintFlow
sink(pojo.getValues()); // $ hasTaintFlow
});
}

126
java/ql/test/library-tests/frameworks/ratpack/resources/PairTest.java
View File

@@ -21,9 +21,9 @@ public class PairTest {
sink(pair.right()); // no taint flow
sink(pair.getRight()); // no taint flow
Pair<String, String> updatedLeftPair = pair.left(taint());
sink(updatedLeftPair.left); //$hasTaintFlow
sink(updatedLeftPair.left()); //$hasTaintFlow
sink(updatedLeftPair.getLeft()); //$hasTaintFlow
sink(updatedLeftPair.left); // $ hasTaintFlow
sink(updatedLeftPair.left()); // $ hasTaintFlow
sink(updatedLeftPair.getLeft()); // $ hasTaintFlow
sink(updatedLeftPair.right); // no taint flow
sink(updatedLeftPair.right()); // no taint flow
sink(updatedLeftPair.getRight()); // no taint flow
@@ -31,33 +31,33 @@ public class PairTest {
sink(updatedRightPair.left); // no taint flow
sink(updatedRightPair.left()); // no taint flow
sink(updatedRightPair.getLeft()); // no taint flow
sink(updatedRightPair.right); //$hasTaintFlow
sink(updatedRightPair.right()); //$hasTaintFlow
sink(updatedRightPair.getRight()); //$hasTaintFlow
sink(updatedRightPair.right); // $ hasTaintFlow
sink(updatedRightPair.right()); // $ hasTaintFlow
sink(updatedRightPair.getRight()); // $ hasTaintFlow
Pair<String, String> updatedBothPair = pair.left(taint()).right(taint());
sink(updatedBothPair.left); //$hasTaintFlow
sink(updatedBothPair.left()); //$hasTaintFlow
sink(updatedBothPair.getLeft()); //$hasTaintFlow
sink(updatedBothPair.right); //$hasTaintFlow
sink(updatedBothPair.right()); //$hasTaintFlow
sink(updatedBothPair.getRight()); //$hasTaintFlow
sink(updatedBothPair.left); // $ hasTaintFlow
sink(updatedBothPair.left()); // $ hasTaintFlow
sink(updatedBothPair.getLeft()); // $ hasTaintFlow
sink(updatedBothPair.right); // $ hasTaintFlow
sink(updatedBothPair.right()); // $ hasTaintFlow
sink(updatedBothPair.getRight()); // $ hasTaintFlow
}
void test2() {
Pair<String, String> pair = Pair.of(taint(), taint());
sink(pair.left); //$hasTaintFlow
sink(pair.left()); //$hasTaintFlow
sink(pair.getLeft()); //$hasTaintFlow
sink(pair.right); //$hasTaintFlow
sink(pair.right()); //$hasTaintFlow
sink(pair.getRight()); //$hasTaintFlow
sink(pair.left); // $ hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.getLeft()); // $ hasTaintFlow
sink(pair.right); // $ hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
sink(pair.getRight()); // $ hasTaintFlow
Pair<String, Pair<String, String>> pushedLeftPair = pair.pushLeft("safe");
sink(pushedLeftPair.left()); // no taint flow
sink(pushedLeftPair.right().left()); //$hasTaintFlow
sink(pushedLeftPair.right().right()); //$hasTaintFlow
sink(pushedLeftPair.right().left()); // $ hasTaintFlow
sink(pushedLeftPair.right().right()); // $ hasTaintFlow
Pair<Pair<String, String>, String> pushedRightPair = pair.pushRight("safe");
sink(pushedRightPair.left().left()); //$hasTaintFlow
sink(pushedRightPair.left().right()); //$hasTaintFlow
sink(pushedRightPair.left().left()); // $ hasTaintFlow
sink(pushedRightPair.left().right()); // $ hasTaintFlow
sink(pushedRightPair.right()); // no taint flow
}
@@ -70,39 +70,39 @@ public class PairTest {
sink(pair.right()); // no taint flow
sink(pair.getRight()); // no taint flow
Pair<String, Pair<String, String>> pushedLeftPair = pair.pushLeft(taint());
sink(pushedLeftPair.left()); //$hasTaintFlow
sink(pushedLeftPair.left()); // $ hasTaintFlow
sink(pushedLeftPair.right().left()); // no taint flow
sink(pushedLeftPair.right().right()); // no taint flow
Pair<Pair<String, String>, String> pushedRightPair = pair.pushRight(taint());
sink(pushedRightPair.left().left()); // no taint flow
sink(pushedRightPair.left().right()); // no taint flow
sink(pushedRightPair.right()); //$hasTaintFlow
sink(pushedRightPair.right()); // $ hasTaintFlow
}
void test4() {
Pair<String, String> pair = Pair.of(taint(), taint());
sink(pair.left()); //$hasTaintFlow
sink(pair.right()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
Pair<Pair<String, String>, String> nestLeftPair = pair.nestLeft("safe");
sink(nestLeftPair.left().left()); // no taint flow
sink(nestLeftPair.left().right()); //$hasTaintFlow
sink(nestLeftPair.right()); //$hasTaintFlow
sink(nestLeftPair.left().right()); // $ hasTaintFlow
sink(nestLeftPair.right()); // $ hasTaintFlow
Pair<String, Pair<String, String>> nestRightPair = pair.nestRight("safe");
sink(nestRightPair.left()); //$hasTaintFlow
sink(nestRightPair.left()); // $ hasTaintFlow
sink(nestRightPair.right().left()); // no taint flow
sink(nestRightPair.right().right()); //$hasTaintFlow
sink(nestRightPair.right().right()); // $ hasTaintFlow
}
void test5() {
Pair<String, String> pair = Pair.of(taint(), "safe");
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
Pair<Pair<String, String>, String> nestLeftPair = pair.nestLeft("safe");
sink(nestLeftPair.left().left()); // no taint flow
sink(nestLeftPair.left().right()); //$hasTaintFlow
sink(nestLeftPair.left().right()); // $ hasTaintFlow
sink(nestLeftPair.right()); // no taint flow
Pair<String, Pair<String, String>> nestRightPair = pair.nestRight("safe");
sink(nestRightPair.left()); //$hasTaintFlow
sink(nestRightPair.left()); // $ hasTaintFlow
sink(nestRightPair.right().left()); // no taint flow
sink(nestRightPair.right().right()); // no taint flow
}
@@ -110,15 +110,15 @@ public class PairTest {
void test6() {
Pair<String, String> pair = Pair.of("safe", taint());
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
Pair<Pair<String, String>, String> nestLeftPair = pair.nestLeft("safe");
sink(nestLeftPair.left().left()); // no taint flow
sink(nestLeftPair.left().right()); // no taint flow
sink(nestLeftPair.right()); //$hasTaintFlow
sink(nestLeftPair.right()); // $ hasTaintFlow
Pair<String, Pair<String, String>> nestRightPair = pair.nestRight("safe");
sink(nestRightPair.left()); // no taint flow
sink(nestRightPair.right().left()); // no taint flow
sink(nestRightPair.right().right()); //$hasTaintFlow
sink(nestRightPair.right().right()); // $ hasTaintFlow
}
void test7() {
@@ -141,7 +141,7 @@ public class PairTest {
sink(left); // no taint flow
return taint();
});
sink(taintLeft.left()); //$hasTaintFlow
sink(taintLeft.left()); // $ hasTaintFlow
sink(taintLeft.right()); // no taint flow
}
@@ -152,43 +152,43 @@ public class PairTest {
return taint();
});
sink(taintRight.left()); // no taint flow
sink(taintRight.right()); //$hasTaintFlow
sink(taintRight.right()); // $ hasTaintFlow
}
void test10() throws Exception {
Pair<String, String> pair = Pair.of(taint(), taint());
Pair<String, String> taintLeft = pair.mapLeft(left -> {
sink(left); //$hasTaintFlow
sink(left); // $ hasTaintFlow
return "safe";
});
sink(taintLeft.left()); // no taint flow
sink(taintLeft.right()); //$hasTaintFlow
sink(taintLeft.right()); // $ hasTaintFlow
}
void test11() throws Exception {
Pair<String, String> pair = Pair.of(taint(), taint());
Pair<String, String> taintRight = pair.mapRight(right -> {
sink(right); //$hasTaintFlow
sink(right); // $ hasTaintFlow
return "safe";
});
sink(taintRight.left()); //$hasTaintFlow
sink(taintRight.left()); // $ hasTaintFlow
sink(taintRight.right()); // no taint flow
}
void test12() throws Exception {
Pair<String, String> pair = Pair.of(taint(), taint());
String safe = pair.map(p -> {
sink(p.left()); //$hasTaintFlow
sink(p.right()); //$hasTaintFlow
sink(p.left()); // $ hasTaintFlow
sink(p.right()); // $ hasTaintFlow
return "safe";
});
sink(safe); // no taint flow
String unsafe = pair.map(p -> {
sink(p.left()); //$hasTaintFlow
sink(p.right()); //$hasTaintFlow
sink(p.left()); // $ hasTaintFlow
sink(p.right()); // $ hasTaintFlow
return taint();
});
sink(unsafe); //$hasTaintFlow
sink(unsafe); // $ hasTaintFlow
}
void test13() {
@@ -197,20 +197,20 @@ public class PairTest {
.left(Promise.value("safe"))
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
Promise
.value(taint())
.right(Promise.value("safe"))
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
.value("safe")
.left(Promise.value(taint()))
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
@@ -218,7 +218,7 @@ public class PairTest {
.right(Promise.value(taint()))
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
}
@@ -226,21 +226,21 @@ public class PairTest {
Promise
.value(taint())
.left(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return "safe";
})
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
Promise
.value(taint())
.right(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return "safe";
})
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
@@ -250,7 +250,7 @@ public class PairTest {
return taint();
})
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
@@ -261,7 +261,7 @@ public class PairTest {
})
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
}
@@ -269,21 +269,21 @@ public class PairTest {
Promise
.value(taint())
.flatLeft(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return Promise.value("safe");
})
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
Promise
.value(taint())
.flatRight(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return Promise.value("safe");
})
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
@@ -292,7 +292,7 @@ public class PairTest {
return Promise.value(taint());
})
.then(pair -> {
sink(pair.left()); //$hasTaintFlow
sink(pair.left()); // $ hasTaintFlow
sink(pair.right()); // no taint flow
});
Promise
@@ -302,7 +302,7 @@ public class PairTest {
})
.then(pair -> {
sink(pair.left()); // no taint flow
sink(pair.right()); //$hasTaintFlow
sink(pair.right()); // $ hasTaintFlow
});
}
}

184
java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java
View File

@@ -19,59 +19,59 @@ class Resource {
}
void test1(Context ctx) {
sink(ctx.getRequest().getContentLength()); //$hasTaintFlow
sink(ctx.getRequest().getCookies()); //$hasTaintFlow
sink(ctx.getRequest().oneCookie("Magic-Cookie")); //$hasTaintFlow
sink(ctx.getRequest().getHeaders()); //$hasTaintFlow
sink(ctx.getRequest().getHeaders().get("questionable_header")); //$hasTaintFlow
sink(ctx.getRequest().getHeaders().getAll("questionable_header")); //$hasTaintFlow
sink(ctx.getRequest().getHeaders().getNames()); //$hasTaintFlow
sink(ctx.getRequest().getHeaders().asMultiValueMap()); //$hasTaintFlow
sink(ctx.getRequest().getHeaders().asMultiValueMap().get("questionable_header")); //$hasTaintFlow
sink(ctx.getRequest().getPath()); //$hasTaintFlow
sink(ctx.getRequest().getQuery()); //$hasTaintFlow
sink(ctx.getRequest().getQueryParams()); //$hasTaintFlow
sink(ctx.getRequest().getQueryParams().get("questionable_parameter")); //$hasTaintFlow
sink(ctx.getRequest().getRawUri()); //$hasTaintFlow
sink(ctx.getRequest().getUri()); //$hasTaintFlow
sink(ctx.getRequest().getContentLength()); // $ hasTaintFlow
sink(ctx.getRequest().getCookies()); // $ hasTaintFlow
sink(ctx.getRequest().oneCookie("Magic-Cookie")); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders()); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders().get("questionable_header")); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders().getAll("questionable_header")); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders().getNames()); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders().asMultiValueMap()); // $ hasTaintFlow
sink(ctx.getRequest().getHeaders().asMultiValueMap().get("questionable_header")); // $ hasTaintFlow
sink(ctx.getRequest().getPath()); // $ hasTaintFlow
sink(ctx.getRequest().getQuery()); // $ hasTaintFlow
sink(ctx.getRequest().getQueryParams()); // $ hasTaintFlow
sink(ctx.getRequest().getQueryParams().get("questionable_parameter")); // $ hasTaintFlow
sink(ctx.getRequest().getRawUri()); // $ hasTaintFlow
sink(ctx.getRequest().getUri()); // $ hasTaintFlow
}
void test2(Context ctx, OutputStream os) {
ctx.getRequest().getBody().then(td -> {
sink(td); //$hasTaintFlow
sink(td.getText()); //$hasTaintFlow
sink(td.getBuffer()); //$hasTaintFlow
sink(td.getBytes()); //$hasTaintFlow
sink(td.getContentType()); //$hasTaintFlow
sink(td.getInputStream()); //$hasTaintFlow
sink(td); // $ hasTaintFlow
sink(td.getText()); // $ hasTaintFlow
sink(td.getBuffer()); // $ hasTaintFlow
sink(td.getBytes()); // $ hasTaintFlow
sink(td.getContentType()); // $ hasTaintFlow
sink(td.getInputStream()); // $ hasTaintFlow
sink(os);
td.writeTo(os);
sink(os); //$hasTaintFlow
sink(os); // $ hasTaintFlow
if (td instanceof UploadedFile) {
UploadedFile uf = (UploadedFile) td;
sink(uf.getFileName()); //$hasTaintFlow
sink(uf.getFileName()); // $ hasTaintFlow
}
});
}
void test3(Context ctx) {
ctx.getRequest().getBody().map(TypedData::getText).then(s -> {
sink(s); //$hasTaintFlow
sink(s); // $ hasTaintFlow
});
ctx.getRequest().getBody().map(b -> {
sink(b); //$hasTaintFlow
sink(b.getText()); //$hasTaintFlow
sink(b); // $ hasTaintFlow
sink(b.getText()); // $ hasTaintFlow
return b.getText();
}).then(t -> {
sink(t); //$hasTaintFlow
sink(t); // $ hasTaintFlow
});
ctx.getRequest().getBody().map(TypedData::getText).then(this::sink); //$hasTaintFlow
ctx.getRequest().getBody().map(TypedData::getText).then(this::sink); // $ hasTaintFlow
ctx
.getRequest()
.getBody()
.map(TypedData::getText)
.next(this::sink) //$hasTaintFlow
.then(this::sink); //$hasTaintFlow
.next(this::sink) // $ hasTaintFlow
.then(this::sink); // $ hasTaintFlow
}
void test4() {
@@ -79,11 +79,11 @@ class Resource {
Promise.value(tainted);
Promise
.value(tainted)
.then(this::sink); //$hasTaintFlow
.then(this::sink); // $ hasTaintFlow
Promise
.value(tainted)
.map(a -> a)
.then(this::sink); //$hasTaintFlow
.then(this::sink); // $ hasTaintFlow
}
void test5(Context ctx) {
@@ -92,22 +92,22 @@ class Resource {
.getBody()
.map(data -> {
Form form = ctx.parse(data, Form.form());
sink(form); //$hasTaintFlow
sink(form); // $ hasTaintFlow
return form;
})
.then(form -> {
sink(form.file("questionable_file")); //$hasTaintFlow
sink(form.file("questionable_file").getFileName()); //$hasTaintFlow
sink(form.files("questionable_files")); //$hasTaintFlow
sink(form.files()); //$hasTaintFlow
sink(form.get("questionable_parameter")); //$hasTaintFlow
sink(form.getAll().get("questionable_parameter").get(0)); //$hasTaintFlow
sink(form.getAll("questionable_parameter").get(0)); //$hasTaintFlow
sink(form.asMultimap().get("questionable_parameter")); //$hasTaintFlow
sink(form.asMultimap().asMap()); //$hasTaintFlow
sink(form.file("questionable_file")); // $ hasTaintFlow
sink(form.file("questionable_file").getFileName()); // $ hasTaintFlow
sink(form.files("questionable_files")); // $ hasTaintFlow
sink(form.files()); // $ hasTaintFlow
sink(form.get("questionable_parameter")); // $ hasTaintFlow
sink(form.getAll().get("questionable_parameter").get(0)); // $ hasTaintFlow
sink(form.getAll("questionable_parameter").get(0)); // $ hasTaintFlow
sink(form.asMultimap().get("questionable_parameter")); // $ hasTaintFlow
sink(form.asMultimap().asMap()); // $ hasTaintFlow
form.asMultimap().asMap().forEach((name, values) -> {
sink(name); //$hasTaintFlow
sink(values); //$hasTaintFlow
sink(name); // $ hasTaintFlow
sink(values); // $ hasTaintFlow
});
});
}
@@ -116,17 +116,17 @@ class Resource {
ctx
.parse(Parse.of(Form.class))
.then(form -> {
sink(form); //$hasTaintFlow
sink(form); // $ hasTaintFlow
});
ctx
.parse(Form.class)
.then(form -> {
sink(form); //$hasTaintFlow
sink(form); // $ hasTaintFlow
});
ctx
.parse(Form.class, "Some Object")
.then(form -> {
sink(form); //$hasTaintFlow
sink(form); // $ hasTaintFlow
});
}
@@ -135,50 +135,50 @@ class Resource {
Promise
.flatten(() -> Promise.value(tainted))
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.onError(Action.noop())
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.cache()
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.fork()
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.route(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return false;
}, value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.cacheIf(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return true;
})
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.onError(RuntimeException.class, Action.noop())
.next(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.map(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return value;
})
.blockingMap(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return value;
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -191,7 +191,7 @@ class Resource {
return "potato";
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value("potato")
@@ -199,7 +199,7 @@ class Resource {
return taint();
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value(tainted)
@@ -208,7 +208,7 @@ class Resource {
return Promise.value("potato");
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value("potato")
@@ -216,7 +216,7 @@ class Resource {
return Promise.value(taint());
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -226,7 +226,7 @@ class Resource {
.value(tainted)
.map(Resource::identity)
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value("potato")
@@ -238,7 +238,7 @@ class Resource {
.value(tainted)
.flatMap(v -> Promise.value(v))
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -252,7 +252,7 @@ class Resource {
.value(tainted)
.apply(Resource::promiseIdentity)
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value("potato")
@@ -261,7 +261,7 @@ class Resource {
sink(value); // no taints flow
});
}
public static Promise<String> promiseIdentity(Promise<String> input) {
return input.map(i -> i);
}
@@ -272,7 +272,7 @@ class Resource {
.value(tainted)
.map(a -> a)
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.value("potato")
@@ -287,40 +287,40 @@ class Resource {
Promise
.sync(() -> tainted)
.mapIf(v -> {
sink(v); //$hasTaintFlow
sink(v); // $ hasTaintFlow
return true;
}, v -> {
sink(v); //$hasTaintFlow
sink(v); // $ hasTaintFlow
return v;
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.sync(() -> tainted)
.mapIf(v -> {
sink(v); //$hasTaintFlow
sink(v); // $ hasTaintFlow
return true;
}, vTrue -> {
sink(vTrue); //$hasTaintFlow
sink(vTrue); // $ hasTaintFlow
return vTrue;
}, vFalse -> {
sink(vFalse); //$hasTaintFlow
sink(vFalse); // $ hasTaintFlow
return vFalse;
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
Promise
.sync(() -> tainted)
.mapIf(v -> {
sink(v); //$hasTaintFlow
sink(v); // $ hasTaintFlow
return true;
}, vTrue -> {
sink(vTrue); //$hasTaintFlow
sink(vTrue); // $ hasTaintFlow
return "potato";
}, vFalse -> {
sink(vFalse); //$hasTaintFlow
sink(vFalse); // $ hasTaintFlow
return "potato";
})
.then(value -> {
@@ -340,7 +340,7 @@ class Resource {
.value("safe")
.replace(Promise.value(tainted))
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -349,10 +349,10 @@ class Resource {
Promise
.value(tainted)
.blockingOp(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -361,16 +361,16 @@ class Resource {
Promise
.value(tainted)
.nextOp(value -> Operation.of(() -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
}))
.nextOpIf(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
return true;
}, value -> Operation.of(() -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
}))
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}
@@ -379,23 +379,23 @@ class Resource {
Promise
.value(tainted)
.flatOp(value -> Operation.of(() -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
}));
}
void test17() throws Exception {
String tainted = taint();
Result<String> result = Result.success(tainted);
sink(result.getValue()); //$hasTaintFlow
sink(result.getValueOrThrow()); //$hasTaintFlow
sink(result.getValue()); // $ hasTaintFlow
sink(result.getValueOrThrow()); // $ hasTaintFlow
Promise
.value(tainted)
.wiretap(r -> {
sink(r.getValue()); //$hasTaintFlow
sink(r.getValueOrThrow()); //$hasTaintFlow
sink(r.getValue()); // $ hasTaintFlow
sink(r.getValueOrThrow()); // $ hasTaintFlow
})
.then(value -> {
sink(value); //$hasTaintFlow
sink(value); // $ hasTaintFlow
});
}

2
java/ql/test/library-tests/frameworks/spring/data/Test.java
View File

@@ -14,6 +14,6 @@ public class Test {
void testCrudRepository(CrudRepository<Struct, Integer> cr) {
Struct s = new Struct(source());
s = cr.save(s);
sink(s.field); //$hasValueFlow
sink(s.field); // $ hasValueFlow
}
}

8
java/ql/test/query-tests/Escaping/Escaping.java
View File

@@ -1,12 +1,12 @@
@ThreadSafe
public class Escaping {
int x; //$ Alert
public int y = 0; //$ Alert
int x; // $ Alert
public int y = 0; // $ Alert
private int z = 3;
final int w = 0;
public final int u = 4;
private final long a = 5;
protected long b = 0; //$ Alert
protected long b = 0; // $ Alert
protected final long c = 0L;
volatile long d = 3;
protected volatile long e = 3L;
@@ -14,4 +14,4 @@ public class Escaping {
public void methodLocal() {
int i;
}
}
}

16
java/ql/test/query-tests/SafePublication/SafePublication.java
View File

@@ -2,19 +2,19 @@
public class SafePublication {
int x;
int y = 0;
int z = 3; //$ Alert
int w; //$ Alert
int u; //$ Alert
int z = 3; // $ Alert
int w; // $ Alert
int u; // $ Alert
long a;
long b = 0;
long c = 0L;
long d = 3; //$ Alert
long e = 3L; //$ Alert
long d = 3; // $ Alert
long e = 3L; // $ Alert
int[] arr = new int[3]; //$ Alert
int[] arr = new int[3]; // $ Alert
float f = 0.0f;
double dd = 00.0d;
char cc = 'a'; //$ Alert
char cc = 'a'; // $ Alert
char ok = '\u0000';
public SafePublication(int a) {
@@ -26,4 +26,4 @@ public class SafePublication {
public void methodLocal() {
int i;
}
}
}

4
java/ql/test/query-tests/ThreadSafe/examples/Test3Super.java
View File

@@ -8,10 +8,10 @@ public class Test3Super extends Test2 { // We might want an alert here for the
}
public void y() {
super.x = 0; //$ MISSING: Alert
super.x = 0; // $ MISSING: Alert
}
public void yLst() {
super.lst.add("Hello!"); //$ MISSING: Alert
super.lst.add("Hello!"); // $ MISSING: Alert
}
}