Convert taint-format test into inline test

Author: Benjamin Muskalla

java/ql/test/library-tests/dataflow/taint-format/A.java

@@ -1,47 +1,47 @@
 import java.util.Formatter;
 import java.lang.StringBuilder;
 
-
-
 class A {
-    public static String taint() { return "tainted"; }
+    public static String taint() {
+        return "tainted";
+    }
 
     public static void test1() {
-        String bad = taint();
+        String bad = taint(); // $ hasTaintFlow
         String good = "hi";
 
-        bad.formatted(good);
-        good.formatted("a", bad, "b", good);
-        String.format("%s%s", bad, good);
+        bad.formatted(good); // $ hasTaintFlow
+        good.formatted("a", bad, "b", good); // $ hasTaintFlow
+        String.format("%s%s", bad, good); // $ hasTaintFlow
         String.format("%s", good);
-        String.format("%s %s %s %s %s %s %s %s %s %s ", "a", "a", "a", "a", "a", "a", "a", "a", "a", bad);
+        String.format("%s %s %s %s %s %s %s %s %s %s ", "a", "a", "a", "a", "a", "a", "a", "a", "a", bad); // $ hasTaintFlow
     }
 
     public static void test2() {
-        String bad = taint();
+        String bad = taint();  // $ hasTaintFlow
         Formatter f = new Formatter();
 
         f.toString();
-        f.format("%s", bad);
-        f.toString();
+        f.format("%s", bad);  // $ hasTaintFlow
+        f.toString(); // $ hasTaintFlow
     }
 
     public static void test3() {
-        String bad = taint();
+        String bad = taint();  // $ hasTaintFlow
         StringBuilder sb = new StringBuilder();
         Formatter f = new Formatter(sb);
 
-        sb.toString(); // false positive
-        f.format("%s", bad);
-        sb.toString();
+        sb.toString(); // $ hasTaintFlow false positive 
+        f.format("%s", bad);  // $ hasTaintFlow
+        sb.toString(); // $ hasTaintFlow
     }
 
     public static void test4() {
-        String bad = taint();
+        String bad = taint();  // $ hasTaintFlow
         StringBuilder sb = new StringBuilder();
 
-        sb.append(bad);
+        sb.append(bad);  // $ hasTaintFlow
 
-        new Formatter(sb).format("ok").toString();
+        new Formatter(sb).format("ok").toString();  // $ hasTaintFlow
     }
 }

java/ql/test/library-tests/dataflow/taint-format/test.expected

@@ -1,36 +0,0 @@
-| A.java:10:22:10:28 | taint(...) | A.java:10:22:10:28 | taint(...) |
-| A.java:10:22:10:28 | taint(...) | A.java:13:9:13:11 | bad |
-| A.java:10:22:10:28 | taint(...) | A.java:13:9:13:27 | formatted(...) |
-| A.java:10:22:10:28 | taint(...) | A.java:14:9:14:43 | formatted(...) |
-| A.java:10:22:10:28 | taint(...) | A.java:14:9:14:43 | new ..[] { .. } |
-| A.java:10:22:10:28 | taint(...) | A.java:14:29:14:31 | bad |
-| A.java:10:22:10:28 | taint(...) | A.java:15:9:15:40 | format(...) |
-| A.java:10:22:10:28 | taint(...) | A.java:15:9:15:40 | new ..[] { .. } |
-| A.java:10:22:10:28 | taint(...) | A.java:15:31:15:33 | bad |
-| A.java:10:22:10:28 | taint(...) | A.java:17:9:17:105 | format(...) |
-| A.java:10:22:10:28 | taint(...) | A.java:17:9:17:105 | new ..[] { .. } |
-| A.java:10:22:10:28 | taint(...) | A.java:17:102:17:104 | bad |
-| A.java:21:22:21:28 | taint(...) | A.java:21:22:21:28 | taint(...) |
-| A.java:21:22:21:28 | taint(...) | A.java:25:9:25:9 | f [post update] |
-| A.java:21:22:21:28 | taint(...) | A.java:25:9:25:27 | format(...) |
-| A.java:21:22:21:28 | taint(...) | A.java:25:9:25:27 | new ..[] { .. } |
-| A.java:21:22:21:28 | taint(...) | A.java:25:24:25:26 | bad |
-| A.java:21:22:21:28 | taint(...) | A.java:26:9:26:9 | f |
-| A.java:21:22:21:28 | taint(...) | A.java:26:9:26:20 | toString(...) |
-| A.java:30:22:30:28 | taint(...) | A.java:30:22:30:28 | taint(...) |
-| A.java:30:22:30:28 | taint(...) | A.java:34:9:34:10 | sb |
-| A.java:30:22:30:28 | taint(...) | A.java:34:9:34:21 | toString(...) |
-| A.java:30:22:30:28 | taint(...) | A.java:35:9:35:9 | f [post update] |
-| A.java:30:22:30:28 | taint(...) | A.java:35:9:35:27 | format(...) |
-| A.java:30:22:30:28 | taint(...) | A.java:35:9:35:27 | new ..[] { .. } |
-| A.java:30:22:30:28 | taint(...) | A.java:35:24:35:26 | bad |
-| A.java:30:22:30:28 | taint(...) | A.java:36:9:36:10 | sb |
-| A.java:30:22:30:28 | taint(...) | A.java:36:9:36:21 | toString(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:40:22:40:28 | taint(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:43:9:43:10 | sb [post update] |
-| A.java:40:22:40:28 | taint(...) | A.java:43:9:43:22 | append(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:43:19:43:21 | bad |
-| A.java:40:22:40:28 | taint(...) | A.java:45:9:45:25 | new Formatter(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:45:9:45:38 | format(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:45:9:45:49 | toString(...) |
-| A.java:40:22:40:28 | taint(...) | A.java:45:23:45:24 | sb |

java/ql/test/library-tests/dataflow/taint-format/test.ql

@@ -1,16 +1,29 @@
 import java
+import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking
+import TestUtilities.InlineExpectationsTest
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "qltest:dataflow:format" }
+class TaintFlowConf extends TaintTracking::Configuration {
+  TaintFlowConf() { this = "qltest:dataflow:format" }
 
   override predicate isSource(DataFlow::Node n) {
     n.asExpr().(MethodAccess).getMethod().hasName("taint")
   }
 
-  override predicate isSink(DataFlow::Node n) { any() }
+  override predicate isSink(DataFlow::Node n) { n instanceof DataFlow::ExprNode }
 }
 
-from DataFlow::Node src, DataFlow::Node sink, Conf conf
-where conf.hasFlow(src, sink)
-select src, sink
+class HasFlowTest extends InlineExpectationsTest {
+  HasFlowTest() { this = "HasFlowTest" }
+
+  override string getARelevantTag() { result = ["hasTaintFlow"] }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | conf.hasFlow(src, sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}