Ratpack: Add support for Promise::apply

Signed-off-by: Jonathan Leitschuh <[email protected]>

Author: JLLeitschuh

java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll

@@ -22,6 +22,9 @@ private class RatpackExecModel extends SummaryModelCsv {
           "blockingMap;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
           "blockingMap;;;ReturnValue of Argument[0];Element of ReturnValue;value",
           "mapError;;;ReturnValue of Argument[0];Element of ReturnValue;value",
+          // `apply` passes the qualifier to the function as the first argument
+          "apply;;;Element of Argument[-1];Element of Parameter[0] of Argument[0];value",
+          "apply;;;Element of ReturnValue of Argument[0];Element of ReturnValue;value",
           // `Promise` termination method
           "then;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
           // 'next' accesses qualfier the 'Promise' value and also returns the qualifier

java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java

@@ -230,6 +230,26 @@ public static String identity(String input) {
     }
 
     void test10() {
+        String tainted = taint();
+        Promise
+            .value(tainted)
+            .apply(Resource::promiseIdentity)
+            .then(value -> {
+                sink(value); //$hasTaintFlow
+            });
+        Promise
+            .value("potato")
+            .apply(Resource::promiseIdentity)
+            .then(value -> {
+                sink(value); // no taints flow
+            });
+    }
+    
+    public static Promise<String> promiseIdentity(Promise<String> input) {
+        return input.map(i -> i);
+    }
+
+    void test11() {
         String tainted = taint();
         Promise
             .value(tainted)
@@ -245,7 +265,7 @@ void test10() {
             });
     }
 
-    void test11() {
+    void test12() {
         String tainted = taint();
         Promise
             .sync(() -> tainted)