Add review suggestions

atorralba · atorralba · commit 389e8c4fe8f8 · 2023-04-26T10:08:16.000+02:00
diff --git a/java/ql/lib/change-notes/2022-09-22-stringjoiner-summaries.md b/java/ql/lib/change-notes/2022-09-22-stringjoiner-summaries.md
@@ -2,4 +2,3 @@
 category: minorAnalysis
 ---
 * Added new flow steps for `java.util.StringJoiner`.
-  
diff --git a/java/ql/test/library-tests/dataflow/taint/StringJoinerTests.java b/java/ql/test/library-tests/dataflow/taint/StringJoinerTests.java
@@ -16,22 +16,22 @@ public void test() throws Exception {
 			out = new StringJoiner(in);
 			sink(out);
 		}
-		// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[-1];taint;manual"
 		{
+			// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[-1];taint;manual"
 			StringJoiner out = null;
 			CharSequence in = (CharSequence) taint();
 			out = new StringJoiner(in, null, null);
 			sink(out);
 		}
-		// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[-1];taint;manual"
 		{
+			// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[-1];taint;manual"
 			StringJoiner out = null;
 			CharSequence in = (CharSequence) taint();
 			out = new StringJoiner(null, in, null);
 			sink(out);
 		}
-		// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[-1];taint;manual"
 		{
+			// "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[-1];taint;manual"
 			StringJoiner out = null;
 			CharSequence in = (CharSequence) taint();
 			out = new StringJoiner(null, null, in);
@@ -72,6 +72,13 @@ public void test() throws Exception {
 			out = in.setEmptyValue(null);
 			sink(out);
 		}
+		{
+			// "java.util;StringJoiner;true;setEmptyValue;;;Argument[0];Argument[-1];taint;manual"
+			StringJoiner out = null;
+			CharSequence in = (CharSequence) taint();
+			out.setEmptyValue(in);
+			sink(out);
+		}
 		{
 			// "java.util;StringJoiner;true;toString;;;Argument[-1];ReturnValue;taint;manual"
 			String out = null;
diff --git a/java/ql/test/library-tests/dataflow/taint/test.expected b/java/ql/test/library-tests/dataflow/taint/test.expected
@@ -81,6 +81,7 @@
 | StringJoinerTests.java:64:37:64:43 | taint(...) | StringJoinerTests.java:66:9:66:11 | out |
 | StringJoinerTests.java:71:37:71:43 | taint(...) | StringJoinerTests.java:73:9:73:11 | out |
 | StringJoinerTests.java:78:37:78:43 | taint(...) | StringJoinerTests.java:80:9:80:11 | out |
+| StringJoinerTests.java:85:37:85:43 | taint(...) | StringJoinerTests.java:87:9:87:11 | out |
 | Varargs.java:7:8:7:14 | taint(...) | Varargs.java:14:10:14:10 | s |
 | Varargs.java:8:8:8:14 | taint(...) | Varargs.java:19:10:19:10 | s |
 | Varargs.java:8:17:8:23 | taint(...) | Varargs.java:19:10:19:10 | s |

Original file line number	Diff line number	Diff line change
`@@ -16,22 +16,22 @@ public void test() throws Exception {`
`16`	`16`	`out = new StringJoiner(in);`
`17`	`17`	`sink(out);`
`18`	`18`	`}`
`19`		`- // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[-1];taint;manual"`
`20`	`19`	`{`
	`20`	`+ // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[0];Argument[-1];taint;manual"`
`21`	`21`	`StringJoiner out = null;`
`22`	`22`	`CharSequence in = (CharSequence) taint();`
`23`	`23`	`out = new StringJoiner(in, null, null);`
`24`	`24`	`sink(out);`
`25`	`25`	`}`
`26`		`- // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[-1];taint;manual"`
`27`	`26`	`{`
	`27`	`+ // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[1];Argument[-1];taint;manual"`
`28`	`28`	`StringJoiner out = null;`
`29`	`29`	`CharSequence in = (CharSequence) taint();`
`30`	`30`	`out = new StringJoiner(null, in, null);`
`31`	`31`	`sink(out);`
`32`	`32`	`}`
`33`		`- // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[-1];taint;manual"`
`34`	`33`	`{`
	`34`	`+ // "java.util;StringJoiner;true;StringJoiner;(CharSequence,CharSequence,CharSequence);;Argument[2];Argument[-1];taint;manual"`
`35`	`35`	`StringJoiner out = null;`
`36`	`36`	`CharSequence in = (CharSequence) taint();`
`37`	`37`	`out = new StringJoiner(null, null, in);`
`@@ -72,6 +72,13 @@ public void test() throws Exception {`
`72`	`72`	`out = in.setEmptyValue(null);`
`73`	`73`	`sink(out);`
`74`	`74`	`}`
	`75`	`+ {`
	`76`	`+ // "java.util;StringJoiner;true;setEmptyValue;;;Argument[0];Argument[-1];taint;manual"`
	`77`	`+ StringJoiner out = null;`
	`78`	`+ CharSequence in = (CharSequence) taint();`
	`79`	`+ out.setEmptyValue(in);`
	`80`	`+ sink(out);`
	`81`	`+ }`
`75`	`82`	`{`
`76`	`83`	`// "java.util;StringJoiner;true;toString;;;Argument[-1];ReturnValue;taint;manual"`
`77`	`84`	`String out = null;`