Add tests for writer models

Benjamin Muskalla · Benjamin Muskalla · commit a4429d01a34c · 2022-01-14T11:12:35.000+01:00
diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll b/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll
@@ -3,14 +3,15 @@
 import java
 private import semmle.code.java.dataflow.ExternalFlow
 
-private class ObjectsSummaryCsv extends SummaryModelCsv {
+private class JavaIoSummaryCsv extends SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
         //`namespace; type; subtypes; name; signature; ext; input; output; kind`
-        "java.lang;Appendable;false;append;;;Argument[0];Argument[-1];value",
-        "java.lang;Appendable;false;append;;;Argument[-1];ReturnValue;value",
-        "java.io;Writer;false;write;;;Argument[0];Argument[-1];value"
+        "java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint",
+        "java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;taint",
+        "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint",
+        "java.io;StringWriter;false;toString;;;Argument[-1];ReturnValue;taint"
       ]
   }
 }
diff --git a/java/ql/test/library-tests/dataflow/taint/JavaIo.java b/java/ql/test/library-tests/dataflow/taint/JavaIo.java
@@ -0,0 +1,25 @@
+import java.io.*;
+
+public class JavaIo {
+  public static String taint() { return "tainted"; }
+  
+  public static void sink(Object o) { }
+
+  void testWritingChars() throws IOException {
+    StringWriter w = new StringWriter();
+    char[] chars = taint().toCharArray();
+    sink(w.toString());
+    w.write(chars);
+    sink(w.toString());
+    sink(w.getBuffer().toString());
+  }
+
+  void testAppendingToWriter() throws IOException {
+    StringWriter w = new StringWriter();
+    CharSequence seq = taint();
+    sink(w.toString());
+    w.append(seq);
+    sink(w.toString());
+  }
+
+}
diff --git a/java/ql/test/library-tests/dataflow/taint/test.expected b/java/ql/test/library-tests/dataflow/taint/test.expected
@@ -44,6 +44,9 @@
 | CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:8:12:8:14 | seq |
 | CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:11:12:11:21 | seqFromSeq |
 | CharSeq.java:7:26:7:32 | taint(...) | CharSeq.java:14:12:14:24 | stringFromSeq |
+| JavaIo.java:10:20:10:26 | taint(...) | JavaIo.java:13:10:13:21 | toString(...) |
+| JavaIo.java:10:20:10:26 | taint(...) | JavaIo.java:14:10:14:33 | toString(...) |
+| JavaIo.java:19:24:19:30 | taint(...) | JavaIo.java:22:10:22:21 | toString(...) |
 | MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |
 | MethodFlow.java:9:31:9:37 | taint(...) | MethodFlow.java:10:10:10:17 | tainted2 |
 | MethodFlow.java:11:35:11:41 | taint(...) | MethodFlow.java:12:10:12:17 | tainted3 |

Original file line number	Diff line number	Diff line change
`@@ -3,14 +3,15 @@`
`3`	`3`	`import java`
`4`	`4`	`private import semmle.code.java.dataflow.ExternalFlow`
`5`	`5`
`6`		`-private class ObjectsSummaryCsv extends SummaryModelCsv {`
	`6`	`+private class JavaIoSummaryCsv extends SummaryModelCsv {`
`7`	`7`	`override predicate row(string row) {`
`8`	`8`	`row =`
`9`	`9`	`[`
`10`	`10`	//`namespace; type; subtypes; name; signature; ext; input; output; kind`
`11`		`- "java.lang;Appendable;false;append;;;Argument[0];Argument[-1];value",`
`12`		`- "java.lang;Appendable;false;append;;;Argument[-1];ReturnValue;value",`
`13`		`- "java.io;Writer;false;write;;;Argument[0];Argument[-1];value"`
	`11`	`+ "java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint",`
	`12`	`+ "java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;taint",`
	`13`	`+ "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint",`
	`14`	`+ "java.io;StringWriter;false;toString;;;Argument[-1];ReturnValue;taint"`
`14`	`15`	`]`
`15`	`16`	`}`
`16`	`17`	`}`