Skip to content

Commit b01e6d4

Browse files
author
Sauyon Lee
committed
Add generated tests
1 parent b807757 commit b01e6d4

File tree

3 files changed

+185
-0
lines changed

3 files changed

+185
-0
lines changed

java/ql/test/library-tests/frameworks/spring/webmultipart/Test.java

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
package generatedtest;
2+
3+
import java.io.InputStream;
4+
import java.util.Iterator;
5+
import java.util.List;
6+
import java.util.Map;
7+
import javax.servlet.http.HttpServletRequest;
8+
import org.springframework.core.io.Resource;
9+
import org.springframework.http.HttpHeaders;
10+
import org.springframework.util.MultiValueMap;
11+
import org.springframework.web.multipart.MultipartFile;
12+
import org.springframework.web.multipart.MultipartHttpServletRequest;
13+
import org.springframework.web.multipart.MultipartRequest;
14+
import org.springframework.web.multipart.MultipartResolver;
15+
16+
// Test case generated by GenerateFlowTestCase.ql
17+
public class Test {
18+
19+
Object getElement(Object container) { return null; }
20+
Object getMapValue(Object container) { return null; }
21+
Object source() { return null; }
22+
void sink(Object o) { }
23+
24+
public void test() {
25+
26+
{
27+
// "org.springframework.web.multipart;MultipartFile;true;getBytes;;;Argument[-1];ReturnValue;taint"
28+
byte[] out = null;
29+
MultipartFile in = (MultipartFile)source();
30+
out = in.getBytes();
31+
sink(out); // $hasTaintFlow
32+
}
33+
{
34+
// "org.springframework.web.multipart;MultipartFile;true;getInputStream;;;Argument[-1];ReturnValue;taint"
35+
InputStream out = null;
36+
MultipartFile in = (MultipartFile)source();
37+
out = in.getInputStream();
38+
sink(out); // $hasTaintFlow
39+
}
40+
{
41+
// "org.springframework.web.multipart;MultipartFile;true;getName;;;Argument[-1];ReturnValue;taint"
42+
String out = null;
43+
MultipartFile in = (MultipartFile)source();
44+
out = in.getName();
45+
sink(out); // $hasTaintFlow
46+
}
47+
{
48+
// "org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;;;Argument[-1];ReturnValue;taint"
49+
String out = null;
50+
MultipartFile in = (MultipartFile)source();
51+
out = in.getOriginalFilename();
52+
sink(out); // $hasTaintFlow
53+
}
54+
{
55+
// "org.springframework.web.multipart;MultipartFile;true;getResource;;;Argument[-1];ReturnValue;taint"
56+
Resource out = null;
57+
MultipartFile in = (MultipartFile)source();
58+
out = in.getResource();
59+
sink(out); // $hasTaintFlow
60+
}
61+
{
62+
// "org.springframework.web.multipart;MultipartHttpServletRequest;true;getMultipartHeaders;;;Argument[-1];ReturnValue;taint"
63+
HttpHeaders out = null;
64+
MultipartHttpServletRequest in = (MultipartHttpServletRequest)source();
65+
out = in.getMultipartHeaders(null);
66+
sink(out); // $hasTaintFlow
67+
}
68+
{
69+
// "org.springframework.web.multipart;MultipartHttpServletRequest;true;getRequestHeaders;;;Argument[-1];ReturnValue;taint"
70+
HttpHeaders out = null;
71+
MultipartHttpServletRequest in = (MultipartHttpServletRequest)source();
72+
out = in.getRequestHeaders();
73+
sink(out); // $hasTaintFlow
74+
}
75+
{
76+
// "org.springframework.web.multipart;MultipartRequest;true;getFile;;;Argument[-1];ReturnValue;taint"
77+
MultipartFile out = null;
78+
MultipartRequest in = (MultipartRequest)source();
79+
out = in.getFile(null);
80+
sink(out); // $hasTaintFlow
81+
}
82+
{
83+
// "org.springframework.web.multipart;MultipartRequest;true;getFileMap;;;Argument[-1];MapValue of ReturnValue;taint"
84+
Map out = null;
85+
MultipartRequest in = (MultipartRequest)source();
86+
out = in.getFileMap();
87+
sink(getMapValue(out)); // $hasTaintFlow
88+
}
89+
{
90+
// "org.springframework.web.multipart;MultipartRequest;true;getFileNames;;;Argument[-1];Element of ReturnValue;taint"
91+
Iterator out = null;
92+
MultipartRequest in = (MultipartRequest)source();
93+
out = in.getFileNames();
94+
sink(getElement(out)); // $hasTaintFlow
95+
}
96+
{
97+
// "org.springframework.web.multipart;MultipartRequest;true;getFiles;;;Argument[-1];Element of ReturnValue;taint"
98+
List out = null;
99+
MultipartRequest in = (MultipartRequest)source();
100+
out = in.getFiles(null);
101+
sink(getElement(out)); // $hasTaintFlow
102+
}
103+
{
104+
// "org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;;;Argument[-1];MapValue of ReturnValue;taint"
105+
MultiValueMap out = null;
106+
MultipartRequest in = (MultipartRequest)source();
107+
out = in.getMultiFileMap();
108+
sink(getMapValue(out)); // $hasTaintFlow
109+
}
110+
{
111+
// "org.springframework.web.multipart;MultipartResolver;true;resolveMultipart;;;Argument[0];ReturnValue;taint"
112+
MultipartHttpServletRequest out = null;
113+
HttpServletRequest in = (HttpServletRequest)source();
114+
MultipartResolver instance = null;
115+
out = instance.resolveMultipart(in);
116+
sink(out); // $hasTaintFlow
117+
}
118+
119+
}
120+
121+
}

java/ql/test/library-tests/frameworks/spring/webmultipart/test.expected

Whitespace-only changes.

java/ql/test/library-tests/frameworks/spring/webmultipart/test.ql

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
import java
2+
import semmle.code.java.dataflow.DataFlow
3+
import semmle.code.java.dataflow.ExternalFlow
4+
import semmle.code.java.dataflow.TaintTracking
5+
import TestUtilities.InlineExpectationsTest
6+
7+
class SummaryModelTest extends SummaryModelCsv {
8+
override predicate row(string row) {
9+
row =
10+
[
11+
//"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
12+
"generatedtest;Test;false;getElement;;;Element of Argument[0];ReturnValue;value",
13+
"generatedtest;Test;false;getMapValue;;;MapValue of Argument[0];ReturnValue;value"
14+
]
15+
}
16+
}
17+
18+
class ValueFlowConf extends DataFlow::Configuration {
19+
ValueFlowConf() { this = "qltest:valueFlowConf" }
20+
21+
override predicate isSource(DataFlow::Node n) {
22+
n.asExpr().(MethodAccess).getMethod().hasName("source")
23+
}
24+
25+
override predicate isSink(DataFlow::Node n) {
26+
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
27+
}
28+
}
29+
30+
class TaintFlowConf extends TaintTracking::Configuration {
31+
TaintFlowConf() { this = "qltest:taintFlowConf" }
32+
33+
override predicate isSource(DataFlow::Node n) {
34+
n.asExpr().(MethodAccess).getMethod().hasName("source")
35+
}
36+
37+
override predicate isSink(DataFlow::Node n) {
38+
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
39+
}
40+
}
41+
42+
class HasFlowTest extends InlineExpectationsTest {
43+
HasFlowTest() { this = "HasFlowTest" }
44+
45+
override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
46+
47+
override predicate hasActualResult(Location location, string element, string tag, string value) {
48+
tag = "hasValueFlow" and
49+
exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
50+
sink.getLocation() = location and
51+
element = sink.toString() and
52+
value = ""
53+
)
54+
or
55+
tag = "hasTaintFlow" and
56+
exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
57+
conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
58+
|
59+
sink.getLocation() = location and
60+
element = sink.toString() and
61+
value = ""
62+
)
63+
}
64+
}

0 commit comments

Comments
 (0)