Java: add summary model and test for File.getName

Jami Cogswell · Jami Cogswell · commit 21a018e5c53c · 2023-01-03T13:12:24.000-05:00
diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml
@@ -63,6 +63,7 @@ extensions:
       - ["java.io", "File", True, "getAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "File", True, "getCanonicalFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "File", True, "getCanonicalPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.io", "File", True, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "File", True, "toPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "File", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "File", True, "toURI", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
@@ -91,4 +92,3 @@ extensions:
       extensible: neutralModel
     data:
       - ["java.io", "File", "exists", "()", "manual"]
-      - ["java.io", "File", "getName", "()", "manual"]  # ! unsure if should be neutral model
diff --git a/java/ql/test/ext/TestModels/Test.java b/java/ql/test/ext/TestModels/Test.java
@@ -1,4 +1,5 @@
 import java.io.IOException;
+import java.io.File;
 import java.math.BigDecimal;
 import java.sql.Connection;
 import java.sql.DriverManager;
@@ -60,6 +61,9 @@ public void test() throws Exception {
             Exception e1 = new IOException((String)source());
             sink((String)e1.getMessage()); // $hasValueFlow
 
+            File f = (File)source();
+            sink(f.getName()); // $hasTaintFlow
+
             // java.lang
             Exception e2 = new Exception((String)source());
             sink((String)e2.getMessage()); // $hasValueFlow
