Java: Fix qltests.

aschackmull · aschackmull · commit 9a4de208ef9c · 2023-08-03T10:04:05.000+02:00
diff --git a/java/ql/src/Metrics/Summaries/TopJdkApis.qll b/java/ql/src/Metrics/Summaries/TopJdkApis.qll
@@ -307,6 +307,7 @@ class TopJdkApi extends SummarizedCallableBase {
   predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() }
   /*
    * Note: the following top JDK APIs are not modeled with MaD:
+   * `java.lang.Runnable#run()`: specialised lambda flow
    * `java.lang.String#valueOf(Object)`: a complex case; an alias for `Object.toString`, except the dispatch is hidden
    * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
    * `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
diff --git a/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected b/java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected
@@ -1,3 +1,4 @@
+| java.lang.Runnable#run() | no manual model |
 | java.lang.String#valueOf(Object) | no manual model |
 | java.lang.System#getProperty(String) | no manual model |
 | java.lang.System#setProperty(String,String) | no manual model |
diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java b/java/ql/test/library-tests/frameworks/ratpack/resources/IntegrationTest.java
@@ -107,13 +107,13 @@ void test5(Context ctx) {
                 filterAndMerge_2(pojoForm, mergedParams, name -> false);
                 return mergedParams;
             }).then(pojoMap -> {
-                sink(pojoMap.keySet().iterator().next()); //TODO:$hasTaintFlow
-                sink(pojoMap.get("value")); //TODO:$hasTaintFlow
+                sink(pojoMap.keySet().iterator().next()); //$hasTaintFlow
+                sink(pojoMap.get("value")); //$hasTaintFlow
                 pojoMap.forEach((key, value) -> {
-                    sink(key); //TODO:$hasTaintFlow
-                    sink(value); //TODO:$hasTaintFlow
+                    sink(key); //$hasTaintFlow
+                    sink(value); //$hasTaintFlow
                     List<Object> values = (List<Object>) value;
-                    sink(values.get(0)); //TODO:$hasTaintFlow
+                    sink(values.get(0)); //$hasTaintFlow
                 });
             });
     }
diff --git a/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java b/java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java
@@ -361,13 +361,13 @@ void test15() {
         Promise
             .value(tainted)
             .nextOp(value -> Operation.of(() -> {
-                sink(value); //$hasTaintFlow
+                sink(value); // MISSING: $hasTaintFlow
             }))
             .nextOpIf(value -> {
                 sink(value); //$hasTaintFlow
                 return true;
             }, value -> Operation.of(() -> {
-                sink(value); //$hasTaintFlow
+                sink(value); // MISSING: $hasTaintFlow
             }))
             .then(value -> {
                 sink(value); //$hasTaintFlow
@@ -379,7 +379,7 @@ void test16() {
         Promise
             .value(tainted)
             .flatOp(value ->  Operation.of(() -> {
-                sink(value); //$hasTaintFlow
+                sink(value); // MISSING: $hasTaintFlow
             }));
     }
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+\| java.lang.Runnable#run() \| no manual model \|`
`1`	`2`	`\| java.lang.String#valueOf(Object) \| no manual model \|`
`2`	`3`	`\| java.lang.System#getProperty(String) \| no manual model \|`
`3`	`4`	`\| java.lang.System#setProperty(String,String) \| no manual model \|`