Add missing tests for AntPathMatcher's protected methods; fix models accordingly

smowton · smowton · commit f7a4614f56e7 · 2021-06-29T11:35:25.000+01:00
diff --git a/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll b/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll
@@ -10,11 +10,11 @@ private class FlowSummaries extends SummaryModelCsv {
     row =
       [
         "org.springframework.util;AntPathMatcher;false;combine;;;Argument[0..1];ReturnValue;taint",
-        "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[0];MapValue of Argument[2];taint",
+        "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[1];MapValue of Argument[3];taint",
         "org.springframework.util;AntPathMatcher;false;extractPathWithinPattern;;;Argument[1];ReturnValue;taint",
         "org.springframework.util;AntPathMatcher;false;extractUriTemplateVariables;;;Argument[1];MapValue of ReturnValue;taint",
-        "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ArrayValue of ReturnValue;taint",
-        "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ArrayValue of ReturnValue;taint",
+        "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ArrayElement of ReturnValue;taint",
+        "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ArrayElement of ReturnValue;taint",
         "org.springframework.util.AntPathMatcher;AntPathStringMatcher;false;matchStrings;;;Argument[0];MapValue of Argument[1];taint",
         "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory);;Element of Argument[0];Element of Argument[-1];value",
         "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,java.lang.Class);;Element of Argument[0];Element of Argument[-1];value",
diff --git a/java/ql/test/library-tests/frameworks/spring/util/Test.java b/java/ql/test/library-tests/frameworks/spring/util/Test.java
@@ -12,6 +12,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -54,8 +55,37 @@ public class Test {
   Properties newPropertiesWithMapKey(Object element) { Properties p = new Properties(); p.put(element, null); return p; }
 	// Object newWithMapValue(Object element) { return null; }
   Properties newPropertiesWithMapValue(Object element) { Properties p = new Properties(); p.put(null, element); return p; }
-	Object source() { return null; }
-	void sink(Object o) { }
+	static Object source() { return null; }
+	static void sink(Object o) { }
+
+	// Test AntPathMatcher's protected methods:
+	private static class AntPathMatcherTest extends AntPathMatcher {
+
+		public void test() throws Exception {
+			{
+				// "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[1];MapValue of Argument[3];taint"
+				Map<String, String> out = new HashMap<>();
+				String in = (String)source();
+				this.doMatch("somePattern", in, true, out);
+				sink(out.get("someKey")); // $hasTaintFlow
+			}
+			{
+        // "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ArrayValue of ReturnValue;taint",
+				String[] out = null;
+				String in = (String)source();
+				out = this.tokenizePath(in);
+				sink(out[0]); // $hasTaintFlow
+			}
+			{
+        // "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ArrayValue of ReturnValue;taint",
+				String[] out = null;
+				String in = (String)source();
+				out = this.tokenizePattern(in);
+				sink(out[0]); // $hasTaintFlow
+			}
+		}
+
+	}
 
 	public void test() throws Exception {
 
