Skip to content

Commit 8e6a156

Browse files
author
Benjamin Muskalla
committed
Model basic channel APIs
1 parent a4429d0 commit 8e6a156

File tree

3 files changed

+29
-6
lines changed

3 files changed

+29
-6
lines changed

java/ql/lib/semmle/code/java/frameworks/JavaIo.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,10 @@ private class JavaIoSummaryCsv extends SummaryModelCsv {
1111
"java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint",
1212
"java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;taint",
1313
"java.io;Writer;true;write;;;Argument[0];Argument[-1];taint",
14-
"java.io;StringWriter;false;toString;;;Argument[-1];ReturnValue;taint"
14+
"java.io;Writer;true;toString;;;Argument[-1];ReturnValue;taint",
15+
"java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint",
16+
"java.nio.channels;ReadableByteChannel;true;read;(ByteBuffer);;Argument[-1];Argument[0];taint",
17+
"java.nio.channels;Channels;false;newChannel;(InputStream);;Argument[0];ReturnValue;taint"
1518
]
1619
}
1720
}

java/ql/test/library-tests/dataflow/taint/JavaIo.java

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
import java.io.*;
2+
import java.nio.ByteBuffer;
3+
import java.nio.channels.Channels;
4+
import java.nio.channels.ReadableByteChannel;
25

36
public class JavaIo {
47
public static String taint() { return "tainted"; }
@@ -15,11 +18,27 @@ void testWritingChars() throws IOException {
1518
}
1619

1720
void testAppendingToWriter() throws IOException {
18-
StringWriter w = new StringWriter();
21+
Writer w = new StringWriter();
1922
CharSequence seq = taint();
2023
sink(w.toString());
21-
w.append(seq);
24+
w.append("harmless").append(seq);
2225
sink(w.toString());
2326
}
27+
28+
void testCharArrayWriter() throws IOException {
29+
CharArrayWriter w = new CharArrayWriter();
30+
CharSequence seq = taint();
31+
sink(w.toCharArray());
32+
w.append("harmless").append(seq);
33+
sink(w.toCharArray());
34+
}
35+
36+
void testByteChannelToBuffer() throws IOException {
37+
ReadableByteChannel c = Channels.newChannel(new ByteArrayInputStream(taint().getBytes()));
38+
ByteBuffer buf = ByteBuffer.allocate(10);
39+
sink(buf);
40+
c.read(buf);
41+
sink(buf);
42+
}
2443

2544
}

java/ql/test/library-tests/dataflow/taint/test.expected

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,10 @@
4444
| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:8:12:8:14 | seq |
4545
| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:11:12:11:21 | seqFromSeq |
4646
| CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:14:12:14:24 | stringFromSeq |
47-
| JavaIo.java:10:20:10:26 | taint(...) | JavaIo.java:13:10:13:21 | toString(...) |
48-
| JavaIo.java:10:20:10:26 | taint(...) | JavaIo.java:14:10:14:33 | toString(...) |
49-
| JavaIo.java:19:24:19:30 | taint(...) | JavaIo.java:22:10:22:21 | toString(...) |
47+
| JavaIo.java:13:20:13:26 | taint(...) | JavaIo.java:16:10:16:21 | toString(...) |
48+
| JavaIo.java:13:20:13:26 | taint(...) | JavaIo.java:17:10:17:33 | toString(...) |
49+
| JavaIo.java:30:24:30:30 | taint(...) | JavaIo.java:33:10:33:24 | toCharArray(...) |
50+
| JavaIo.java:37:74:37:80 | taint(...) | JavaIo.java:41:10:41:12 | buf |
5051
| MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |
5152
| MethodFlow.java:9:31:9:37 | taint(...) | MethodFlow.java:10:10:10:17 | tainted2 |
5253
| MethodFlow.java:11:35:11:41 | taint(...) | MethodFlow.java:12:10:12:17 | tainted3 |

0 commit comments

Comments
 (0)