Merge pull request github#6691 from bmuskalla/moreStringMethods

Java: Support String#getChars and #translateEscapes

Author: aschackmull

java/ql/lib/semmle/code/java/frameworks/Strings.qll

@@ -18,6 +18,7 @@ private class StringSummaryCsv extends SummaryModelCsv {
         "java.lang;String;false;format;(String,Object[]);;ArrayElement of Argument[1];ReturnValue;taint",
         "java.lang;String;false;formatted;(Object[]);;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;formatted;(Object[]);;ArrayElement of Argument[0];ReturnValue;taint",
+        "java.lang;String;false;getChars;;;Argument[-1];Argument[2];taint",
         "java.lang;String;false;getBytes;;;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;indent;;;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;intern;;;Argument[-1];ReturnValue;taint",
@@ -34,6 +35,7 @@ private class StringSummaryCsv extends SummaryModelCsv {
         "java.lang;String;false;toLowerCase;;;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;toString;;;Argument[-1];ReturnValue;value",
         "java.lang;String;false;toUpperCase;;;Argument[-1];ReturnValue;taint",
+        "java.lang;String;false;translateEscapes;;;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;trim;;;Argument[-1];ReturnValue;taint",
         "java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint",
         "java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint",

java/ql/test/library-tests/dataflow/taint/B.java

@@ -103,6 +103,11 @@ public static void maintest() throws java.io.UnsupportedEncodingException, java.
     sink(replAll);
     String replFirst = "some constant".replaceFirst(" ", s);
     sink(replFirst);
+    char[] chars = new char[10];
+    s.getChars(0, 1, chars, 0);
+    sink(chars);
+    String translated = s.translateEscapes();
+    sink(translated);
 
     ByteArrayOutputStream baos = null;
     ObjectOutput oos = null;

java/ql/test/library-tests/dataflow/taint/test.expected

@@ -30,14 +30,16 @@
 | B.java:15:21:15:27 | taint(...) | B.java:101:10:101:13 | repl |
 | B.java:15:21:15:27 | taint(...) | B.java:103:10:103:16 | replAll |
 | B.java:15:21:15:27 | taint(...) | B.java:105:10:105:18 | replFirst |
-| B.java:15:21:15:27 | taint(...) | B.java:118:12:118:25 | serializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:130:12:130:27 | deserializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:139:10:139:21 | taintedArray |
-| B.java:15:21:15:27 | taint(...) | B.java:141:10:141:22 | taintedArray2 |
-| B.java:15:21:15:27 | taint(...) | B.java:143:10:143:22 | taintedArray3 |
-| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:44 | toURL(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:149:10:149:37 | toPath(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:152:10:152:46 | toFile(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:108:10:108:14 | chars |
+| B.java:15:21:15:27 | taint(...) | B.java:110:10:110:19 | translated |
+| B.java:15:21:15:27 | taint(...) | B.java:123:12:123:25 | serializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:135:12:135:27 | deserializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:144:10:144:21 | taintedArray |
+| B.java:15:21:15:27 | taint(...) | B.java:146:10:146:22 | taintedArray2 |
+| B.java:15:21:15:27 | taint(...) | B.java:148:10:148:22 | taintedArray3 |
+| B.java:15:21:15:27 | taint(...) | B.java:151:10:151:44 | toURL(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:154:10:154:37 | toPath(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:157:10:157:46 | toFile(...) |
 | CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:8:12:8:14 | seq |
 | CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:11:12:11:21 | seqFromSeq |
 | MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |