mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
Java: Add models for collection constructors
This commit is contained in:
Sauyon Lee
@@ -0,0 +1,2 @@
|
||||
lgtm,codescanning
|
||||
* Added additional taint steps modeling constructors for collections in `java.util`.
|
||||
@@ -368,7 +368,44 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
|
||||
"java.util;Collections;false;copy;(List,List);;Element of Argument[1];Element of Argument[0];value",
|
||||
"java.util;Collections;false;fill;(List,Object);;Argument[1];Element of Argument[0];value",
|
||||
"java.util;Arrays;false;asList;;;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||
"java.util;Collections;false;addAll;(Collection,Object[]);;ArrayElement of Argument[1];Element of Argument[0];value"
|
||||
"java.util;Collections;false;addAll;(Collection,Object[]);;ArrayElement of Argument[1];Element of Argument[0];value",
|
||||
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;ArrayDeque;false;ArrayDeque;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;ArrayList;false;ArrayList;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;EnumMap;false;EnumMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;EnumMap;false;EnumMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;EnumMap;false;EnumMap;(EnumMap);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;EnumMap;false;EnumMap;(EnumMap);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;HashMap;false;HashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;HashMap;false;HashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;HashSet;false;HashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;Hashtable;false;Hashtable;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;Hashtable;false;Hashtable;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;LinkedList;false;LinkedList;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;PriorityQueue;false;PriorityQueue;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;TreeMap;false;TreeMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;TreeMap;false;TreeMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;TreeMap;false;TreeMap;(SortedMap);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;TreeMap;false;TreeMap;(SortedMap);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||
"java.util;TreeSet;false;TreeSet;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;TreeSet;false;TreeSet;(SortedSet);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;Vector;false;Vector;(Collection);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"java.util;WeakHashMap;false;WeakHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"java.util;WeakHashMap;false;WeakHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,286 @@
|
||||
package generatedtest;
|
||||
|
||||
import java.util.AbstractMap;
|
||||
import java.util.ArrayDeque;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.EnumMap;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
import java.util.IdentityHashMap;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.PriorityQueue;
|
||||
import java.util.SortedMap;
|
||||
import java.util.SortedSet;
|
||||
import java.util.TreeMap;
|
||||
import java.util.TreeSet;
|
||||
import java.util.Vector;
|
||||
import java.util.WeakHashMap;
|
||||
|
||||
// Test case generated by GenerateFlowTestCase.ql
|
||||
public class Constructors {
|
||||
|
||||
Object getElement(Collection container) { return container.iterator().next(); }
|
||||
Object getMapKey(Map container) { return container.keySet().iterator().next(); }
|
||||
Object getMapValue(Map container) { return container.get(null); }
|
||||
Object getMapKey(Map.Entry container) { return container.getKey(); }
|
||||
Object getMapValue(Map.Entry container) { return container.getValue(); }
|
||||
Object source() { return null; }
|
||||
void sink(Object o) { }
|
||||
|
||||
public void test() {
|
||||
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
AbstractMap.SimpleEntry out = null;
|
||||
Map.Entry in = new AbstractMap.SimpleEntry(source(), null);
|
||||
out = new AbstractMap.SimpleEntry(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
AbstractMap.SimpleEntry out = null;
|
||||
Map.Entry in = new AbstractMap.SimpleEntry(null, source());;
|
||||
out = new AbstractMap.SimpleEntry(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];MapKey of Argument[-1];value"
|
||||
AbstractMap.SimpleEntry out = null;
|
||||
Object in = source();
|
||||
out = new AbstractMap.SimpleEntry(in, null);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];MapValue of Argument[-1];value"
|
||||
AbstractMap.SimpleEntry out = null;
|
||||
Object in = source();
|
||||
out = new AbstractMap.SimpleEntry(null, in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
AbstractMap.SimpleImmutableEntry out = null;
|
||||
Map.Entry in = new AbstractMap.SimpleEntry(source(), null);
|
||||
out = new AbstractMap.SimpleImmutableEntry(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
AbstractMap.SimpleImmutableEntry out = null;
|
||||
Map.Entry in = new AbstractMap.SimpleEntry(null, source());
|
||||
out = new AbstractMap.SimpleImmutableEntry(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;ArrayDeque;false;ArrayDeque;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
ArrayDeque out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new ArrayDeque(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;ArrayList;false;ArrayList;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
ArrayList out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new ArrayList(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;EnumMap;false;EnumMap;(EnumMap);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
EnumMap out = null;
|
||||
EnumMap in = new EnumMap(Map.of(source(), null));
|
||||
out = new EnumMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;EnumMap;false;EnumMap;(EnumMap);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
EnumMap out = null;
|
||||
EnumMap in = new EnumMap(Map.of(null, source()));
|
||||
out = new EnumMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;EnumMap;false;EnumMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
EnumMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new EnumMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;EnumMap;false;EnumMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
EnumMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new EnumMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;HashMap;false;HashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
HashMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new HashMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;HashMap;false;HashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
HashMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new HashMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;HashSet;false;HashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
HashSet out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new HashSet(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;Hashtable;false;Hashtable;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
Hashtable out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new Hashtable(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;Hashtable;false;Hashtable;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
Hashtable out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new Hashtable(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
IdentityHashMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new IdentityHashMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
IdentityHashMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new IdentityHashMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
LinkedHashMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new LinkedHashMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
LinkedHashMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new LinkedHashMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
LinkedHashSet out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new LinkedHashSet(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;LinkedList;false;LinkedList;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
LinkedList out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new LinkedList(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;PriorityQueue;false;PriorityQueue;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
PriorityQueue out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new PriorityQueue(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Element of Argument[0];Element of Argument[-1];value"
|
||||
PriorityQueue out = null;
|
||||
PriorityQueue in = new PriorityQueue(List.of(source()));
|
||||
out = new PriorityQueue(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Element of Argument[0];Element of Argument[-1];value"
|
||||
PriorityQueue out = null;
|
||||
SortedSet in = new TreeSet(List.of(source()));
|
||||
out = new PriorityQueue(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeMap;false;TreeMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
TreeMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new TreeMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeMap;false;TreeMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
TreeMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new TreeMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeMap;false;TreeMap;(SortedMap);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
TreeMap out = null;
|
||||
SortedMap in = new TreeMap(Map.of(source(), null));
|
||||
out = new TreeMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeMap;false;TreeMap;(SortedMap);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
TreeMap out = null;
|
||||
SortedMap in = new TreeMap(Map.of(null, source()));
|
||||
out = new TreeMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeSet;false;TreeSet;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
TreeSet out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new TreeSet(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;TreeSet;false;TreeSet;(SortedSet);;Element of Argument[0];Element of Argument[-1];value"
|
||||
TreeSet out = null;
|
||||
SortedSet in = new TreeSet(List.of(source()));
|
||||
out = new TreeSet(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;Vector;false;Vector;(Collection);;Element of Argument[0];Element of Argument[-1];value"
|
||||
Vector out = null;
|
||||
Collection in = List.of(source());
|
||||
out = new Vector(in);
|
||||
sink(getElement(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;WeakHashMap;false;WeakHashMap;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value"
|
||||
WeakHashMap out = null;
|
||||
Map in = Map.of(source(), null);
|
||||
out = new WeakHashMap(in);
|
||||
sink(getMapKey(out)); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "java.util;WeakHashMap;false;WeakHashMap;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value"
|
||||
WeakHashMap out = null;
|
||||
Map in = Map.of(null, source());
|
||||
out = new WeakHashMap(in);
|
||||
sink(getMapValue(out)); // $ hasValueFlow
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user