Skip to content

Commit c1d03ac

Browse files
aschackmullaschackmull
authored
Merge pull request #17221 from aschackmull/dataflow/qltest-missing-subpath
Dataflow: Add test highlighting missing subpath.
2 parents 27e9cb5 + 79dec72 commit c1d03ac

File tree

3 files changed

+70
-0
lines changed

3 files changed

+70
-0
lines changed

java/ql/test/library-tests/dataflow/subpaths/A.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
import java.util.function.*;
2+
3+
class A {
4+
Object source(String label) { return null; }
5+
6+
void sink(Object o) { }
7+
8+
<T> T propagateTaint(Object arg) {
9+
return (T)arg;
10+
}
11+
12+
void test() {
13+
// test type strengthening on outgoing through-flow edge
14+
String s = this.<String>propagateTaint(source("A"));
15+
sink(s); // $ hasValueFlow=A
16+
17+
// no strengthening
18+
Object o = this.<Object>propagateTaint(source("B"));
19+
sink(o); // $ hasValueFlow=B
20+
21+
// test type strengthening on ingoing through-flow edge
22+
String s2 = apply((String arg) -> arg, source("C"));
23+
sink(s2); // $ hasValueFlow=C
24+
}
25+
26+
<T1, T2> T2 apply(Function<T1, T2> f, Object x) {
27+
return f.apply((T1)x);
28+
}
29+
}

java/ql/test/library-tests/dataflow/subpaths/flow.expected

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
models
2+
edges
3+
| A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | provenance | |
4+
| A.java:14:16:14:55 | propagateTaint(...) : String | A.java:15:10:15:10 | s | provenance | |
5+
| A.java:14:44:14:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | provenance | |
6+
| A.java:14:44:14:54 | source(...) : Object | A.java:14:16:14:55 | propagateTaint(...) : String | provenance | |
7+
| A.java:18:16:18:55 | propagateTaint(...) : Object | A.java:19:10:19:10 | o | provenance | |
8+
| A.java:18:44:18:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | provenance | |
9+
| A.java:18:44:18:54 | source(...) : Object | A.java:18:16:18:55 | propagateTaint(...) : Object | provenance | |
10+
| A.java:22:17:22:55 | apply(...) : String | A.java:23:10:23:11 | s2 | provenance | |
11+
| A.java:22:24:22:33 | arg : String | A.java:22:39:22:41 | arg : String | provenance | |
12+
| A.java:22:44:22:54 | source(...) : Object | A.java:22:17:22:55 | apply(...) : String | provenance | |
13+
| A.java:22:44:22:54 | source(...) : Object | A.java:26:41:26:48 | x : Object | provenance | |
14+
| A.java:26:41:26:48 | x : Object | A.java:27:20:27:24 | (...)... : Object | provenance | |
15+
| A.java:27:20:27:24 | (...)... : Object | A.java:22:24:22:33 | arg : String | provenance | |
16+
| A.java:27:20:27:24 | (...)... : Object | A.java:27:12:27:25 | apply(...) : String | provenance | |
17+
nodes
18+
| A.java:8:24:8:33 | arg : Object | semmle.label | arg : Object |
19+
| A.java:9:12:9:17 | (...)... : Object | semmle.label | (...)... : Object |
20+
| A.java:14:16:14:55 | propagateTaint(...) : String | semmle.label | propagateTaint(...) : String |
21+
| A.java:14:44:14:54 | source(...) : Object | semmle.label | source(...) : Object |
22+
| A.java:15:10:15:10 | s | semmle.label | s |
23+
| A.java:18:16:18:55 | propagateTaint(...) : Object | semmle.label | propagateTaint(...) : Object |
24+
| A.java:18:44:18:54 | source(...) : Object | semmle.label | source(...) : Object |
25+
| A.java:19:10:19:10 | o | semmle.label | o |
26+
| A.java:22:17:22:55 | apply(...) : String | semmle.label | apply(...) : String |
27+
| A.java:22:24:22:33 | arg : String | semmle.label | arg : String |
28+
| A.java:22:39:22:41 | arg : String | semmle.label | arg : String |
29+
| A.java:22:44:22:54 | source(...) : Object | semmle.label | source(...) : Object |
30+
| A.java:23:10:23:11 | s2 | semmle.label | s2 |
31+
| A.java:26:41:26:48 | x : Object | semmle.label | x : Object |
32+
| A.java:27:12:27:25 | apply(...) : String | semmle.label | apply(...) : String |
33+
| A.java:27:20:27:24 | (...)... : Object | semmle.label | (...)... : Object |
34+
subpaths
35+
| A.java:18:44:18:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | A.java:18:16:18:55 | propagateTaint(...) : Object |
36+
| A.java:22:44:22:54 | source(...) : Object | A.java:26:41:26:48 | x : Object | A.java:27:12:27:25 | apply(...) : String | A.java:22:17:22:55 | apply(...) : String |
37+
| A.java:27:20:27:24 | (...)... : Object | A.java:22:24:22:33 | arg : String | A.java:22:39:22:41 | arg : String | A.java:27:12:27:25 | apply(...) : String |
38+
testFailures

java/ql/test/library-tests/dataflow/subpaths/flow.ql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
import TestUtilities.InlineFlowTest
2+
import DefaultFlowTest
3+
import TaintFlow::PathGraph

0 commit comments

Comments
 (0)