Merge pull request github#6580 from smowton/smowton/admin/guava-models-mistakes

Fix minor mistakes in old Guava models

Author: smowton

java/ql/lib/semmle/code/java/frameworks/guava/Base.qll

@@ -62,7 +62,7 @@ private class GuavaBaseCsv extends SummaryModelCsv {
         "com.google.common.base;Converter;true;apply;(Object);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Converter;true;convert;(Object);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Converter;true;convertAll;(Iterable);;Element of Argument[0];Element of ReturnValue;taint",
-        "com.google.common.base;Supplier;true;get;();;Argument[0];ReturnValue;taint",
+        "com.google.common.base;Supplier;true;get;();;Argument[-1];ReturnValue;taint",
         "com.google.common.base;Suppliers;false;ofInstance;(Object);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Suppliers;false;memoize;(Supplier);;Argument[0];ReturnValue;taint",
         "com.google.common.base;Suppliers;false;memoizeWithExpiration;(Supplier,long,TimeUnit);;Argument[0];ReturnValue;taint",

java/ql/lib/semmle/code/java/frameworks/guava/IO.qll

@@ -34,7 +34,7 @@ private class GuavaIoCsv extends SummaryModelCsv {
         "com.google.common.io;ByteSource;true;slice;(long,long);;Argument[-1];ReturnValue;taint",
         "com.google.common.io;ByteSource;true;wrap;(byte[]);;Argument[0];ReturnValue;taint",
         "com.google.common.io;ByteStreams;false;copy;(InputStream,OutputStream);;Argument[0];Argument[1];taint",
-        "com.google.common.io;ByteStreams;false;copy;(ReadablyByteChannel,WritableByteChannel);;Argument[0];Argument[1];taint",
+        "com.google.common.io;ByteStreams;false;copy;(ReadableByteChannel,WritableByteChannel);;Argument[0];Argument[1];taint",
         "com.google.common.io;ByteStreams;false;limit;(InputStream,long);;Argument[0];ReturnValue;taint",
         "com.google.common.io;ByteStreams;false;newDataInput;(byte[]);;Argument[0];ReturnValue;taint",
         "com.google.common.io;ByteStreams;false;newDataInput;(byte[],int);;Argument[0];ReturnValue;taint",

java/ql/test/library-tests/frameworks/guava/TestBase.java

@@ -75,7 +75,7 @@ void test5() {
     }
 
     void test6() {
-        sink(Suppliers.memoize(Suppliers.memoizeWithExpiration(Suppliers.synchronizedSupplier(Suppliers.ofInstance(taint())), 3, TimeUnit.HOURS))); // $numTaintFlow=1
+        sink(Suppliers.memoize(Suppliers.memoizeWithExpiration(Suppliers.synchronizedSupplier(Suppliers.ofInstance(taint())), 3, TimeUnit.HOURS)).get()); // $numTaintFlow=1
     }
 
     void test7() {

java/ql/test/library-tests/frameworks/guava/TestIO.java

@@ -8,14 +8,19 @@
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.Closeable;
+import java.nio.channels.FileChannel;
+import java.nio.channels.ReadableByteChannel;
+import java.nio.channels.WritableByteChannel;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.io.IOException;
 
 class TestIO {
     Object taint() { return null; }
     String staint(){ return (String) taint(); }
     byte[] btaint() { return (byte[]) taint(); }
     InputStream itaint() { return (InputStream) taint(); }
+    ReadableByteChannel rbctaint() { return (ReadableByteChannel) taint(); }
     Reader rtaint() { return new InputStreamReader(itaint()); }
     Path ptaint() { return (Path) taint(); }
 
@@ -75,6 +80,16 @@ class MyLineProcessor implements LineProcessor<String> {
     }
 
     void test3() throws IOException {
+        {
+            ByteArrayOutputStream out = new ByteArrayOutputStream();
+            ByteStreams.copy(itaint(), out);
+            sink(out); // $numTaintFlow=1
+        }
+        {
+            WritableByteChannel out = FileChannel.open(Paths.get("/tmp/xyz"));
+            ByteStreams.copy(rbctaint(), out);
+            sink(out); // $numTaintFlow=1
+        }
         sink(ByteStreams.limit(itaint(), 1337)); // $numTaintFlow=1
         sink(ByteStreams.newDataInput(btaint())); // $numTaintFlow=1
         sink(ByteStreams.newDataInput(btaint(), 0)); // $numTaintFlow=1