Convert spring to InlineFlowTest

Author: Benjamin Muskalla

java/ql/test/library-tests/frameworks/spring/beans/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.ExternalFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/cache/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/http/flow.ql

@@ -1,53 +1,4 @@
 import java
-import semmle.code.java.frameworks.spring.Spring
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:frameworks:spring-taint-flow" }
-
-  override predicate isSource(DataFlow::Node n) {
-    exists(string name | name.matches("taint%") |
-      n.asExpr().(MethodAccess).getMethod().hasName(name)
-    )
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
-  }
-}
-
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:frameworks:spring-value-flow" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("taint")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasTaintFlow", "hasValueFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | conf.hasFlow(src, sink) |
-      not any(ValueFlowConf vconf).hasFlow(src, sink) and
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/ui/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/util/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/validation/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }

java/ql/test/library-tests/frameworks/spring/webmultipart/test.ql

@@ -1,52 +1,4 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
-import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
 
-class ValueFlowConf extends DataFlow::Configuration {
-  ValueFlowConf() { this = "qltest:valueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class TaintFlowConf extends TaintTracking::Configuration {
-  TaintFlowConf() { this = "qltest:taintFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr().(MethodAccess).getMethod().hasName("source")
-  }
-
-  override predicate isSink(DataFlow::Node n) {
-    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
-  }
-}
-
-class HasFlowTest extends InlineExpectationsTest {
-  HasFlowTest() { this = "HasFlowTest" }
-
-  override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
-
-  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-    or
-    tag = "hasTaintFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
-      conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
-    |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
+class HasFlowTest extends InlineFlowTest { }