Add CopyTo

joefarebrother · joefarebrother · commit 470a2ca336be · 2021-03-05T11:19:55.000Z
diff --git a/java/ql/src/semmle/code/java/frameworks/guava/IO.qll b/java/ql/src/semmle/code/java/frameworks/guava/IO.qll
@@ -25,6 +25,7 @@ private class GuavaIoCsv extends SummaryModelCsv {
         "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint",
         "com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint",
         "com.google.common.io;ByteSource;true;concat;;;Argument[0];ReturnValue;taint",
+        "com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint",
         "com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint",
         "com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint",
         "com.google.common.io;ByteSource;true;read;();;Argument[-1];ReturnValue;taint",
diff --git a/java/ql/test/library-tests/frameworks/guava/TestIO.java b/java/ql/test/library-tests/frameworks/guava/TestIO.java
@@ -5,6 +5,7 @@
 import java.io.Reader;
 import java.lang.StringBuffer;
 import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.Closeable;
 import java.nio.file.Path;
@@ -40,6 +41,9 @@ void test2() throws IOException {
         sink(ByteSource.concat(ByteSource.empty(), ByteSource.empty(), b)); // $numTaintFlow=1
         sink(ByteSource.concat(ImmutableList.of(ByteSource.empty(), ByteSource.empty(), b))); // $numTaintFlow=1
         sink(b.read(new MyByteProcessor())); // $ MISSING:numTaintFlow=1
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        b.copyTo(out);
+        sink(out.toByteArray()); // $numTaintFlow=1
 
         CharSource c = CharSource.wrap(staint());
         sink(c.openStream()); // $numTaintFlow=1
