Add tests for html escape functions

Sauyon Lee · Sauyon Lee · commit 814004e63da0 · 2021-08-12T11:20:49.000-07:00
diff --git a/java/ql/test/library-tests/frameworks/spring/webutil/Test.java b/java/ql/test/library-tests/frameworks/spring/webutil/Test.java
@@ -2579,6 +2579,48 @@ public void test() throws Exception {
 			out = WebUtils.parseMatrixVariables(in);
 			sink(getMapValue(out)); // $hasTaintFlow
 		}
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscape(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscape(in);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeDecimal(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeDecimal(in);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeHex(in, null);
+      sink(out); // $ hasTaintFlow
+    }
+    {
+      // "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint"
+      String out = null;
+      String in = (String)source();
+      out = HtmlUtils.htmlEscapeHex(in);
+      sink(out); // $ hasTaintFlow
+    }
 
 	}
 
