Java: Adjust some tests.

Author: aschackmull

java/ql/test/library-tests/dataflow/external-models/steps.expected

@@ -1,10 +1,10 @@
 invalidModelRow
 #select
-| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) | qltest |
-| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] | qltest |
-| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] | qltest |
-| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] | qltest |
-| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] | qltest |
-| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) | qltest |
-| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) | qltest |
-| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] | qltest |
+| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) |
+| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] |
+| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] |
+| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] |
+| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] |
+| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) |
+| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) |
+| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] |

java/ql/test/library-tests/dataflow/external-models/steps.ql

@@ -1,22 +1,23 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.ExternalFlow
+import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import CsvValidation
 
 class SummaryModelTest extends SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
         //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
-        "my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;qltest",
-        "my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];qltest",
-        "my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];qltest",
-        "my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;qltest",
-        "my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];qltest"
+        "my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;taint",
+        "my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];taint",
+        "my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];taint",
+        "my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;taint",
+        "my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];taint"
       ]
   }
 }
 
-from DataFlow::Node node1, DataFlow::Node node2, string kind
-where summaryStep(node1, node2, kind)
-select node1, node2, kind
+from DataFlow::Node node1, DataFlow::Node node2
+where FlowSummaryImpl::Private::Steps::summaryThroughStep(node1, node2, false)
+select node1, node2

java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql

@@ -1,8 +1,12 @@
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.internal.TaintTrackingUtil
+import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 
 from DataFlow::Node src, DataFlow::Node sink
 where
-  localAdditionalTaintStep(src, sink) and
-  src.getLocation().getFile().getExtension() = "java"
+  (
+    localAdditionalTaintStep(src, sink) or
+    FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
+  ) and
+  not FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
 select src, sink

java/ql/test/library-tests/frameworks/apache-commons-lang3/ObjectUtilsTest.java

@@ -17,22 +17,22 @@ void test() throws Exception {
     sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasValueFlow
     sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasValueFlow
     sink(ObjectUtils.defaultIfNull(null, taint())); // $hasValueFlow
-    sink(ObjectUtils.firstNonNull(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.firstNonNull(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.firstNonNull(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
+    sink(ObjectUtils.firstNonNull(taint(), null, null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.firstNonNull(null, taint(), null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.firstNonNull(null, null, taint())); // $ MISSING:hasValueFlow
     sink(ObjectUtils.getIfNull(taint(), null)); // $hasValueFlow
-    sink(ObjectUtils.max(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.max(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.max(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.median(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.median((String)null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.median((String)null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.min(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.min(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.min(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.mode(taint(), null, null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.mode(null, taint(), null)); // $hasTaintFlow $MISSING:hasValueFlow
-    sink(ObjectUtils.mode(null, null, taint())); // $hasTaintFlow $MISSING:hasValueFlow
+    sink(ObjectUtils.max(taint(), null, null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.max(null, taint(), null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.max(null, null, taint())); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.median(taint(), null, null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.median((String)null, taint(), null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.median((String)null, null, taint())); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.min(taint(), null, null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.min(null, taint(), null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.min(null, null, taint())); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.mode(taint(), null, null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.mode(null, taint(), null)); // $ MISSING:hasValueFlow
+    sink(ObjectUtils.mode(null, null, taint())); // $ MISSING:hasValueFlow
     sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasValueFlow
     sink(ObjectUtils.requireNonEmpty("not null", taint())); // GOOD (message doesn't propagate to the return)
     sink(ObjectUtils.toString(taint(), "default string")); // GOOD (first argument is stringified)

java/ql/test/library-tests/frameworks/guava/TestBase.java

@@ -18,7 +18,7 @@ void test1() {
         sink(Strings.lenientFormat(x, 3)); // $numTaintFlow=1
         sink(Strings.commonPrefix(x, "abc")); 
         sink(Strings.commonSuffix(x, "cde")); 
-        sink(Strings.lenientFormat("%s = %s", x, 3)); // $numTaintFlow=1
+        sink(Strings.lenientFormat("%s = %s", x, 3)); // $ MISSING:numTaintFlow=1
     }
 
     void test2() {
@@ -60,4 +60,4 @@ void test3() {
     void test4() {
         sink(Preconditions.checkNotNull(taint())); // $numTaintFlow=1
     }
-}
+}