Update CSV rows for collection flow

Author: joefarebrother

java/ql/src/semmle/code/java/frameworks/guava/Base.qll

@@ -22,8 +22,17 @@ private class GuavaBaseCsv extends SummaryModelCsv {
         "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[-1];ReturnValue;taint",
         "com.google.common.base;Joiner;false;withKeyValueSeparator;(char);;Argument[-1];ReturnValue;taint",
-        // Note: The signatures of some of the appendTo methods involve collection flow
-        "com.google.common.base;Joiner;false;appendTo;;;Argument[-1..3];Argument[0];taint",
+        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;Argument[1..2];Argument[0];taint",
+        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;ArrayElement of Argument[3];Argument[0];taint",
+        "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterable);;Element of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;(Appendable,Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterator);;Element of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;Argument[1..2];Argument[0];taint",
+        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;ArrayElement of Argument[3];Argument[0];taint",
+        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterable);;Element of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterator);;Element of Argument[1];Argument[-1];taint",
+        "com.google.common.base;Joiner;false;appendTo;;;Argument[-1];Argument[0];taint",
         "com.google.common.base;Joiner;false;appendTo;;;Argument[0];ReturnValue;value",
         "com.google.common.base;Joiner;false;join;;;Argument[-1..2];ReturnValue;taint",
         "com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[0];ReturnValue;taint",
@@ -42,7 +51,6 @@ private class GuavaBaseCsv extends SummaryModelCsv {
         "com.google.common.base;Splitter;false;splitToStream;(CharSequence);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Splitter$MapSplitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Preconditions;false;checkNotNull;;;Argument[0];ReturnValue;value",
-        "com.google.common.base;MoreObjects;false;firstNonNull;;;Argument[0..1];ReturnValue;value",
         "com.google.common.base;Verify;false;verifyNotNull;;;Argument[0];ReturnValue;taint",
         "com.google.common.base;Ascii;false;toLowerCase;(CharSequence);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Ascii;false;toLowerCase;(String);;Argument[0];ReturnValue;taint",
@@ -51,26 +59,28 @@ private class GuavaBaseCsv extends SummaryModelCsv {
         "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[2];ReturnValue;taint",
         "com.google.common.base;CaseFormat;true;to;(CaseFormat,String);;Argument[1];ReturnValue;taint",
-        "com.google.common.base;Converter;true;apply;;;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Converter;true;convert;;;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Converter;true;convertAll;;;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Converter;true;apply;(Object);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Converter;true;convert;(Object);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Converter;true;convertAll;(Iterable);;Element of Argument[0];Element of ReturnValue;taint",
         "com.google.common.base;Supplier;true;get;();;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Suppliers;false;ofInstance;(T);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Suppliers;false;memoize;(Supplier<T>);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Suppliers;false;memoizeWithExpiration;(Supplier<T>,long,TimeUnit);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Suppliers;false;synchronizedSupplier;(Supplier<T>);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;fromJavaUtil;(Optional<T>);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;fromNullable;(T);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;get;();;Argument[-1];ReturnValue;taint",
-        "com.google.common.base;Optional;true;asSet;();;Argument[-1];ReturnValue;taint",
-        "com.google.common.base;Optional;true;of;(T);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;or;;;Argument[-1];ReturnValue;taint",
-        "com.google.common.base;Optional;true;or;;;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;orNull;();;Argument[-1];ReturnValue;taint",
-        "com.google.common.base;Optional;true;presentInstances;;;Argument[0];ReturnValue;taint",
-        "com.google.common.base;Optional;true;toJavaUtil;();;Argument[-1];ReturnValue;taint",
-        "com.google.common.base;Optional;true;toJavaUtil;(Optional<T>);;Argument[0];ReturnValue;taint",
-        "com.google.common.base;MoreObjects;false;firstNonNull;(T,T);;Argument;ReturnValue;value",
+        "com.google.common.base;Suppliers;false;ofInstance;(Object);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Suppliers;false;memoize;(Supplier);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Suppliers;false;memoizeWithExpiration;(Supplier,long,TimeUnit);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Suppliers;false;synchronizedSupplier;(Supplier);;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Optional;true;fromJavaUtil;(Optional);;Element of Argument[0];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;fromNullable;(Object);;Argument[0];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;get;();;Element of Argument[-1];ReturnValue;value",
+        "com.google.common.base;Optional;true;asSet;();;Element of Argument[-1];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;of;(Object);;Argument[0];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;or;;;Element of Argument[-1];ReturnValue;value",
+        "com.google.common.base;Optional;true;or;(Optional);;Element of Argument[0];ReturnValue;value",
+        "com.google.common.base;Optional;true;or;(Supplier);;Argument[0];ReturnValue;value",
+        "com.google.common.base;Optional;true;or;(Object);;Argument[0];ReturnValue;value",
+        "com.google.common.base;Optional;true;orNull;();;Element of Argument[-1];ReturnValue;value",
+        "com.google.common.base;Optional;true;presentInstances;(Iterable);;Element of Element of Argument[0];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;toJavaUtil;();;Element of Argument[-1];Element of ReturnValue;value",
+        "com.google.common.base;Optional;true;toJavaUtil;(Optional);;Element of Argument[0];Element of ReturnValue;value",
+        "com.google.common.base;MoreObjects;false;firstNonNull;(Object,Object);;Argument[0..1];ReturnValue;value",
         "com.google.common.base;MoreObjects;false;toStringHelper;(String);;Argument[0];ReturnValue;taint",
         "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];ReturnValue;taint",
         "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];Argument[-1];taint",

java/ql/test/library-tests/frameworks/guava/TestBase.java

@@ -78,8 +78,9 @@ void test6() {
     }
 
     void test7() {
-        sink(MoreObjects.firstNonNull(taint(), "abc")); // $numTaintFlow=1
+        sink(MoreObjects.firstNonNull(taint(), taint())); // $numTaintFlow=2
         sink(MoreObjects.firstNonNull(null, taint())); // $numTaintFlow=1
+        sink(MoreObjects.firstNonNull(taint(), null)); // $numTaintFlow=1
         sink(MoreObjects.toStringHelper(taint()).add("x", 3).omitNullValues().toString()); // $numTaintFlow=1
         sink(MoreObjects.toStringHelper((Object) taint()).toString());
         sink(MoreObjects.toStringHelper("a").add("x", 3).add(taint(), 4).toString()); // $numTaintFlow=1
@@ -105,10 +106,4 @@ void test8() {
         sink(Optional.absent().or(taint())); // $numTaintFlow=1
         sink(Optional.presentInstances(Optional.of(x).asSet())); // $numTaintFlow=1
     }
-
-    void test5() {
-        sink(MoreObjects.firstNonNull(taint(), taint())); // $numTaintFlow=2
-        sink(MoreObjects.firstNonNull(null, taint())); // $numTaintFlow=1
-        sink(MoreObjects.firstNonNull(taint(), null)); // $numTaintFlow=1
-    }
 }