Java: Update some tests.

Author: aschackmull

java/ql/test/TestUtilities/InlineFlowTest.qll

@@ -47,7 +47,7 @@ private predicate defaultSource(DataFlow::Node src) {
   src.asExpr().(MethodAccess).getMethod().getName() = ["source", "taint"]
 }
 
-private module DefaultFlowConf implements DataFlow::ConfigSig {
+module DefaultFlowConf implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node n) { defaultSource(n) }
 
   predicate isSink(DataFlow::Node n) {
@@ -98,42 +98,35 @@ class InlineFlowTest extends InlineExpectationsTest {
   override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
-    if exists(EnableLegacyConfiguration e)
-    then
-      tag = "hasValueFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink | getValueFlowConfig().hasFlow(src, sink) |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-      or
-      tag = "hasTaintFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink |
-        getTaintFlowConfig().hasFlow(src, sink) and not getValueFlowConfig().hasFlow(src, sink)
-      |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-    else (
-      tag = "hasValueFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink | DefaultValueFlow::hasFlow(src, sink) |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
-      or
-      tag = "hasTaintFlow" and
-      exists(DataFlow::Node src, DataFlow::Node sink |
-        DefaultTaintFlow::hasFlow(src, sink) and not DefaultValueFlow::hasFlow(src, sink)
-      |
-        sink.getLocation() = location and
-        element = sink.toString() and
-        if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
-      )
+    tag = "hasValueFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink | hasValueFlow(src, sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
+    )
+    or
+    tag = "hasTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      hasTaintFlow(src, sink) and not hasValueFlow(src, sink)
+    |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
     )
   }
 
+  predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) {
+    if exists(EnableLegacyConfiguration e)
+    then getValueFlowConfig().hasFlow(src, sink)
+    else DefaultValueFlow::hasFlow(src, sink)
+  }
+
+  predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
+    if exists(EnableLegacyConfiguration e)
+    then getTaintFlowConfig().hasFlow(src, sink)
+    else DefaultTaintFlow::hasFlow(src, sink)
+  }
+
   DataFlow::Configuration getValueFlowConfig() { result = any(DefaultValueFlowConf config) }
 
   DataFlow::Configuration getTaintFlowConfig() { result = any(DefaultTaintFlowConf config) }

java/ql/test/library-tests/dataflow/fluent-methods/Test.java

@@ -42,31 +42,31 @@ public static void sink(String s) {}
   public static void test1() {
     Test t = new Test();
     t.fluentNoop().fluentSet(source()).fluentNoop();
-    sink(t.get()); // $hasTaintFlow
+    sink(t.get()); // $hasValueFlow
   }
 
   public static void test2() {
     Test t = new Test();
     Test.identity(t).fluentNoop().fluentSet(source()).fluentNoop();
-    sink(t.get()); // $hasTaintFlow
+    sink(t.get()); // $hasValueFlow
   }
 
   public static void test3() {
     Test t = new Test();
     t.indirectlyFluentNoop().fluentSet(source()).fluentNoop();
-    sink(t.get()); // $hasTaintFlow
+    sink(t.get()); // $hasValueFlow
   }
 
   public static void testModel1() {
     Test t = new Test();
     t.indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
-    sink(t.get()); // $hasTaintFlow
+    sink(t.get()); // $hasValueFlow
   }
 
   public static void testModel2() {
     Test t = new Test();
     Test.modelledIdentity(t).indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
-    sink(t.get()); // $hasTaintFlow
+    sink(t.get()); // $hasValueFlow
   }
 
 }

java/ql/test/library-tests/dataflow/fluent-methods/flow.ql

@@ -12,7 +12,3 @@ class IdentityModel extends ValuePreservingMethod {
 
   override predicate returnsValue(int arg) { arg = 0 }
 }
-
-class HasFlowTest extends InlineFlowTest {
-  override DataFlow::Configuration getValueFlowConfig() { none() }
-}

java/ql/test/library-tests/dataflow/inoutbarriers/test.ql

@@ -14,54 +14,46 @@ predicate sink0(Node n) {
   )
 }
 
-class Conf1 extends Configuration {
-  Conf1() { this = "inoutbarriers1" }
+module Conf1 implements ConfigSig {
+  predicate isSource(Node n) { src0(n) }
 
-  override predicate isSource(Node n) { src0(n) }
-
-  override predicate isSink(Node n) { sink0(n) }
+  predicate isSink(Node n) { sink0(n) }
 }
 
-class Conf2 extends Configuration {
-  Conf2() { this = "inoutbarriers2" }
-
-  override predicate isSource(Node n) { src0(n) }
+module Conf2 implements ConfigSig {
+  predicate isSource(Node n) { src0(n) }
 
-  override predicate isSink(Node n) { sink0(n) }
+  predicate isSink(Node n) { sink0(n) }
 
-  override predicate isBarrierIn(Node n) { src0(n) }
+  predicate isBarrierIn(Node n) { src0(n) }
 }
 
-class Conf3 extends Configuration {
-  Conf3() { this = "inoutbarriers3" }
+module Conf3 implements ConfigSig {
+  predicate isSource(Node n) { src0(n) }
 
-  override predicate isSource(Node n) { src0(n) }
+  predicate isSink(Node n) { sink0(n) }
 
-  override predicate isSink(Node n) { sink0(n) }
-
-  override predicate isBarrierOut(Node n) { sink0(n) }
+  predicate isBarrierOut(Node n) { sink0(n) }
 }
 
-class Conf4 extends Configuration {
-  Conf4() { this = "inoutbarriers4" }
-
-  override predicate isSource(Node n) { src0(n) }
+module Conf4 implements ConfigSig {
+  predicate isSource(Node n) { src0(n) }
 
-  override predicate isSink(Node n) { sink0(n) }
+  predicate isSink(Node n) { sink0(n) }
 
-  override predicate isBarrierIn(Node n) { src0(n) }
+  predicate isBarrierIn(Node n) { src0(n) }
 
-  override predicate isBarrierOut(Node n) { sink0(n) }
+  predicate isBarrierOut(Node n) { sink0(n) }
 }
 
 predicate flow(Node src, Node sink, string s) {
-  any(Conf1 c).hasFlow(src, sink) and s = "nobarrier"
+  Make<Conf1>::hasFlow(src, sink) and s = "nobarrier"
   or
-  any(Conf2 c).hasFlow(src, sink) and s = "srcbarrier"
+  Make<Conf2>::hasFlow(src, sink) and s = "srcbarrier"
   or
-  any(Conf3 c).hasFlow(src, sink) and s = "sinkbarrier"
+  Make<Conf3>::hasFlow(src, sink) and s = "sinkbarrier"
   or
-  any(Conf4 c).hasFlow(src, sink) and s = "both"
+  Make<Conf4>::hasFlow(src, sink) and s = "both"
 }
 
 from Node src, Node sink, string s

java/ql/test/library-tests/dataflow/taint-format/A.java

@@ -6,42 +6,44 @@ public static String source() {
         return "tainted";
     }
 
+    public static void sink(Object o) { }
+
     public static void test1() {
-        String bad = source(); // $ hasTaintFlow
+        String bad = source();
         String good = "hi";
 
-        bad.formatted(good); // $ hasTaintFlow
-        good.formatted("a", bad, "b", good); // $ hasTaintFlow
-        String.format("%s%s", bad, good); // $ hasTaintFlow
-        String.format("%s", good);
-        String.format("%s %s %s %s %s %s %s %s %s %s ", "a", "a", "a", "a", "a", "a", "a", "a", "a", bad); // $ hasTaintFlow
+        sink(bad.formatted(good)); // $ hasTaintFlow
+        sink(good.formatted("a", bad, "b", good)); // $ hasTaintFlow
+        sink(String.format("%s%s", bad, good)); // $ hasTaintFlow
+        sink(String.format("%s", good));
+        sink(String.format("%s %s %s %s %s %s %s %s %s %s ", "a", "a", "a", "a", "a", "a", "a", "a", "a", bad)); // $ hasTaintFlow
     }
 
     public static void test2() {
-        String bad = source();  // $ hasTaintFlow
+        String bad = source();
         Formatter f = new Formatter();
 
-        f.toString();
-        f.format("%s", bad);  // $ hasTaintFlow
-        f.toString(); // $ hasTaintFlow
+        sink(f.toString());
+        sink(f.format("%s", bad));  // $ hasTaintFlow
+        sink(f.toString()); // $ hasTaintFlow
     }
 
     public static void test3() {
-        String bad = source();  // $ hasTaintFlow
+        String bad = source();
         StringBuilder sb = new StringBuilder();
         Formatter f = new Formatter(sb);
 
-        sb.toString(); // $ hasTaintFlow false positive 
-        f.format("%s", bad);  // $ hasTaintFlow
-        sb.toString(); // $ hasTaintFlow
+        sink(sb.toString()); // $ SPURIOUS: hasTaintFlow
+        sink(f.format("%s", bad));  // $ hasTaintFlow
+        sink(sb.toString()); // $ hasTaintFlow
     }
 
     public static void test4() {
-        String bad = source();  // $ hasTaintFlow
+        String bad = source();
         StringBuilder sb = new StringBuilder();
 
-        sb.append(bad);  // $ hasTaintFlow
+        sink(sb.append(bad));  // $ hasTaintFlow
 
-        new Formatter(sb).format("ok").toString();  // $ hasTaintFlow
+        sink(new Formatter(sb).format("ok").toString());  // $ hasTaintFlow
     }
-}
+}

java/ql/test/library-tests/dataflow/taint-format/test.ql

@@ -1,8 +1,2 @@
 import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.TaintTracking
 import TestUtilities.InlineFlowTest
-
-class TaintFlowConf extends DefaultTaintFlowConf {
-  override predicate isSink(DataFlow::Node n) { n instanceof DataFlow::ExprNode }
-}

java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.ql

@@ -3,6 +3,10 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest
 
+class EnableLegacy extends EnableLegacyConfiguration {
+  EnableLegacy() { exists(this) }
+}
+
 class TaintFlowConf extends DefaultTaintFlowConf {
   override predicate isSource(DataFlow::Node n) {
     super.isSource(n)

java/ql/test/library-tests/frameworks/android/content-provider/test.ql

@@ -2,6 +2,10 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest
 
+class EnableLegacy extends EnableLegacyConfiguration {
+  EnableLegacy() { exists(this) }
+}
+
 class ProviderTaintFlowConf extends DefaultTaintFlowConf {
   override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
 }

java/ql/test/library-tests/frameworks/android/slice/test.ql

@@ -2,6 +2,10 @@ import java
 import TestUtilities.InlineFlowTest
 import semmle.code.java.dataflow.FlowSources
 
+class EnableLegacy extends EnableLegacyConfiguration {
+  EnableLegacy() { exists(this) }
+}
+
 class SliceValueFlowConf extends DefaultValueFlowConf {
   override predicate isSource(DataFlow::Node source) {
     super.isSource(source) or source instanceof RemoteFlowSource

java/ql/test/library-tests/frameworks/android/sources/OnActivityResultSourceTest.ql

@@ -2,6 +2,10 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineFlowTest
 
+class EnableLegacy extends EnableLegacyConfiguration {
+  EnableLegacy() { exists(this) }
+}
+
 class SourceValueFlowConf extends DefaultValueFlowConf {
   override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
 }