Ratpack tests all passing

Signed-off-by: Jonathan Leitschuh <[email protected]>

Author: JLLeitschuh

java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll

@@ -69,15 +69,19 @@ private class RatpackModel extends SummaryModelCsv {
       ["ratpack.handling;", "ratpack.core.handling;"] +
         [
           "Context;true;parse;(ratpack.http.TypedData,ratpack.parse.Parse);;Argument[0];ReturnValue;taint",
-          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue;taint"
+          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue;taint",
+          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];MapKey of ReturnValue;taint",
+          "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];MapValue of ReturnValue;taint"
         ]
     or
     row =
       ["ratpack.util;", "ratpack.func;"] +
         [
           "MultiValueMap;true;getAll;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
-          "MultiValueMap;true;getAll;;;MapValue of Argument[-1];Element of MapValue of ReturnValue;value",
-          "MultiValueMap;true;asMultimap;;;Element of Argument[-1];Element of ReturnValue;value"
+          "MultiValueMap;true;getAll;();;MapValue of Argument[-1];Element of MapValue of ReturnValue;value",
+          "MultiValueMap;true;getAll;(Object);;MapValue of Argument[-1];Element of ReturnValue;value",
+          "MultiValueMap;true;asMultimap;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
+          "MultiValueMap;true;asMultimap;;;MapValue of Argument[-1];Element of MapValue of ReturnValue;value"
         ]
   }
 }

java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll

@@ -1,10 +1,14 @@
+/**
+ * Provides classes and predicates related to `ratpack.exec.*`.
+ */
+
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.FlowSteps
 private import semmle.code.java.dataflow.ExternalFlow
 
 /**
- * Ratpack methods that propagate user-supplied data as tainted.
+ * Model for Ratpack `Promise` methods.
  */
 private class RatpackExecModel extends SummaryModelCsv {
   override predicate row(string row) {
@@ -21,7 +25,7 @@ private class RatpackExecModel extends SummaryModelCsv {
           "map;;;ReturnValue of Argument[0];Element of ReturnValue;value",
           "blockingMap;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
           "blockingMap;;;ReturnValue of Argument[0];Element of ReturnValue;value",
-          "mapError;;;ReturnValue of Argument[0];Element of ReturnValue;value",
+          "mapError;;;ReturnValue of Argument[1];Element of ReturnValue;value",
           // `apply` passes the qualifier to the function as the first argument
           "apply;;;Element of Argument[-1];Element of Parameter[0] of Argument[0];value",
           "apply;;;Element of ReturnValue of Argument[0];Element of ReturnValue;value",
@@ -41,7 +45,7 @@ private class RatpackExecModel extends SummaryModelCsv {
           // `flatMap` type methods return their returned `Promise`
           "flatMap;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
           "flatMap;;;Element of ReturnValue of Argument[0];Element of ReturnValue;value",
-          "flatMapError;;;Element of ReturnValue of Argument[0];Element of ReturnValue;value",
+          "flatMapError;;;Element of ReturnValue of Argument[1];Element of ReturnValue;value",
           // `mapIf` methods conditionally map their values, or return themselves
           "mapIf;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
           "mapIf;;;Element of Argument[-1];Parameter[0] of Argument[1];value",

java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java

@@ -98,8 +98,11 @@ void test5(Context ctx) {
                 sink(form.file("questionable_file").getFileName()); //$hasTaintFlow
                 sink(form.files("questionable_files")); //$hasTaintFlow
                 sink(form.files()); //$hasTaintFlow
-                sink(form.asMultimap()); //$hasTaintFlow
-                sink(form.asMultimap().asMap()); //$hasTaintFlow
+                sink(form.get("questionable_parameter")); //$hasTaintFlow
+                sink(form.getAll().get("questionable_parameter").get(0)); //$hasTaintFlow
+                sink(form.getAll("questionable_parameter").get(0)); //$hasTaintFlow
+                sink(form.asMultimap().get("questionable_parameter")); //$hasTaintFlow // fails!
+                sink(form.asMultimap().asMap()); //$hasTaintFlow // fails!
             });
     }