Java: update test cases

Author: Jami Cogswell

java/ql/lib/ext/java.lang.model.yml

@@ -103,7 +103,6 @@ extensions:
       - ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
-      - ["java.lang", "System", False, "getProperty", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"]
       - ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
       - ["java.lang", "Throwable", True, "getCause", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
       - ["java.lang", "Throwable", True, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
@@ -137,6 +136,7 @@ extensions:
       - ["java.lang", "String", "length", "()", "manual"]
       - ["java.lang", "String", "startsWith", "(String)", "manual"]
       - ["java.lang", "System", "currentTimeMillis", "()", "manual"]
+      - ["java.lang", "System", "getProperty", "(String)", "manual"]
       - ["java.lang", "System", "nanoTime", "()", "manual"]
       - ["java.lang", "Thread", "currentThread", "()", "manual"]
       - ["java.lang", "Thread", "sleep", "(long)", "manual"]

java/ql/lib/ext/java.sql.model.yml

@@ -19,8 +19,8 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
-      - ["java.sql", "PreparedStatement", True, "setInt", "(int,int)", "", "Argument[1]", "Argument[-1].Parameter[Argument[0]]", "value", "manual"]       # ! fix output
-      - ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[-1].Parameter[Argument[0]]", "value", "manual"] # ! fix output
+      - ["java.sql", "PreparedStatement", True, "setInt", "(int,int)", "", "Argument[1]", "Argument[-1]", "value", "manual"]
+      - ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[-1]", "value", "manual"]
       - ["java.sql", "ResultSet", True, "getInt", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
 

java/ql/lib/ext/java.util.concurrent.atomic.model.yml

@@ -3,5 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
+      - ["java.util.concurrent.atomic", "AtomicInteger", False, "AtomicInteger", "(int)", "", "Argument[0]", "Argument[-1].SyntheticField[java.util.concurrent.atomic.AtomicInteger.value]", "value", "manual"]
       - ["java.util.concurrent.atomic", "AtomicInteger", False, "get", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.atomic.AtomicInteger.value]", "ReturnValue", "value", "manual"]
+      - ["java.util.concurrent.atomic", "AtomicReference", False, "AtomicReference", "(Object)", "", "Argument[0]", "Argument[-1].SyntheticField[java.util.concurrent.atomic.AtomicReference.value]", "value", "manual"]
       - ["java.util.concurrent.atomic", "AtomicReference", False, "get", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.atomic.AtomicReference.value]", "ReturnValue", "value", "manual"]

java/ql/lib/ext/java.util.model.yml

@@ -335,7 +335,8 @@ extensions:
       - ["java.util", "Stack", True, "peek", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
       - ["java.util", "Stack", True, "pop", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"]
       - ["java.util", "Stack", True, "push", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
-      - ["java.util", "StringJoiner", False, "add", "(CharSequence)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
+      - ["java.util", "StringJoiner", False, "add", "(CharSequence)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.util", "StringJoiner", False, "add", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.util", "StringTokenizer", False, "StringTokenizer", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.util", "StringTokenizer", False, "nextElement", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.util", "StringTokenizer", False, "nextToken", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]

java/ql/test/ext/TestModels/Test.java

@@ -92,9 +92,6 @@ public void test() throws Exception {
             long l3 = (long)source();
             sink(String.valueOf(l3)); // $hasTaintFlow
 
-            // System sys = (System)source();
-            // sink(sys.getProperty("")); // $hasValueFlow
-
             // java.math
             long l4 = (long)source();
             sink(BigDecimal.valueOf(l4)); // $hasTaintFlow
@@ -107,36 +104,44 @@ public void test() throws Exception {
             sink(Math.min(i4, i5)); // $hasValueFlow
 
             // java.sql
-            // Connection con = DriverManager.getConnection("");
-            // PreparedStatement ps = con.prepareStatement("UPDATE EMPLOYEES SET NAME = ? WHERE ID = ?");
-            // ps.setString(1, "testName"); // $hasValueFlow
-            // ps.setInt(2, 110592);        // $hasValueFlow
+            Connection con = DriverManager.getConnection("");
+            PreparedStatement ps1 = con.prepareStatement("UPDATE EMPLOYEES SET NAME = ? WHERE ID = ?");
+            ps1.setString(1, (String)source());
+            sink(ps1); // $hasValueFlow
+            PreparedStatement ps2 = con.prepareStatement("UPDATE EMPLOYEES SET NAME = ? WHERE ID = ?");
+            ps2.setInt(2, (int)source());
+            sink(ps2); // $hasValueFlow
 
             ResultSet rs = (ResultSet)source();
             sink(rs.getInt("")); // $hasTaintFlow
 
             // java.util.concurrent.atomic
-            // AtomicInteger ai = new AtomicInteger((int)source());
-            // sink((int)ai.get());  // $hasValueFlow
+            AtomicInteger ai = new AtomicInteger((int)source());
+            sink(ai.get());  // $hasValueFlow
 
-            // AtomicReference ar = new AtomicReference(source());
-            // sink(ar.get());  // $hasValueFlow
+            AtomicReference ar = new AtomicReference(source());
+            sink(ar.get());  // $hasValueFlow
 
             // java.util.concurrent
             CountDownLatch cdl = new CountDownLatch((int)source());
             sink(cdl.getCount()); // $hasValueFlow
 
             // java.util.function
-            // Function<Object, Object> func = a -> a + "";
-            // sink(func.apply(source()));  // $hasTaintFlow
+            Function<Object, Object> func = a -> a + "";
+            sink(func.apply(source()));  // $hasTaintFlow
+
+            Function<Integer, Double> half = a -> a / 2.0;
+            sink(half.apply((Integer)source())); // $hasTaintFlow
 
             Supplier<Double> sup = (Supplier)source();
             sink(sup.get()); // $hasValueFlow
 
             // java.util
-            // StringJoiner sj = new StringJoiner(",");
-            // sink(sj.add((CharSequence)source())); // $hasTaintFlow
-        }
+            StringJoiner sj1 = new StringJoiner(",");
+            sink(sj1.add((CharSequence)source())); // $hasTaintFlow
 
+            StringJoiner sj2 = (StringJoiner)source();
+            sink(sj2.add("test")); // $hasTaintFlow
+        }
     }
 }