From f73f1a7aa9b1d1b7839169a438d7af2d898b7f7e Mon Sep 17 00:00:00 2001
From: Kevin Stubbings <kwstubbs@github.com>
Date: Mon, 29 Dec 2025 07:09:31 +0000
Subject: [PATCH] Add additional test

---
 .../dataflow/taintsources/FileUpload.java             |  5 ++++-
 .../commons/fileupload/servlet/ServletFileUpload.java | 11 +++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/servlet/ServletFileUpload.java

diff --git a/java/ql/test/library-tests/dataflow/taintsources/FileUpload.java b/java/ql/test/library-tests/dataflow/taintsources/FileUpload.java
index f1d6e7ca569..d463c984d80 100644
--- a/java/ql/test/library-tests/dataflow/taintsources/FileUpload.java
+++ b/java/ql/test/library-tests/dataflow/taintsources/FileUpload.java
@@ -2,7 +2,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.FileItemStream;
-
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
 
 public class FileUpload {
 
@@ -12,6 +12,7 @@ public class FileUpload {
     private FileItem fileItem;
     private FileItemStream fileItemStream;
     private jakarta.servlet.http.Part jakartaPart;
+    private ServletFileUpload servletFileUpload;
 
     private static void sink(Object o) {}
 
@@ -45,5 +46,7 @@ public class FileUpload {
         sink(jakartaPart.getName()); // $ hasRemoteValueFlow
         sink(jakartaPart.getSubmittedFileName()); // $ hasRemoteValueFlow
 
+        FileItem item = servletFileUpload.parseRequest(request).get(0);
+        sink(item.getName()); // $ hasRemoteValueFlow
     }
 }
\ No newline at end of file
diff --git a/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/servlet/ServletFileUpload.java b/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/servlet/ServletFileUpload.java
new file mode 100644
index 00000000000..33e144406be
--- /dev/null
+++ b/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/servlet/ServletFileUpload.java
@@ -0,0 +1,11 @@
+// Generated automatically from org.apache.commons.fileupload.servlet.ServletFileUpload for testing purposes
+
+package org.apache.commons.fileupload.servlet;
+
+import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.fileupload.FileItem;
+
+public class ServletFileUpload {
+    public List<FileItem> parseRequest(HttpServletRequest p0){ return null; }
+}