Fixed but errors still

Author: Kwstubbs

java/ql/lib/ext/javax.servlet.http.model.yml

@@ -25,7 +25,7 @@ extensions:
       - ["javax.servlet.http", "Part", False, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
       - ["javax.servlet.http", "Part", False, "getSubmittedFileName", "()", "", "ReturnValue", "remote", "manual"]
       - ["javax.servlet.http", "Part", False, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
-      - ["javax.servlet.http", "Part", False, "getHeadersNames", "()", "", "ReturnValue", "remote", "manual"]
+      - ["javax.servlet.http", "Part", False, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]
 
 
   - addsTo:

java/ql/lib/ext/org.apache.commons.fileupload.yml

@@ -0,0 +1,39 @@
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Part;
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemStream;
+
+public class FileUpload {
+
+    private HttpServletRequest request;
+    private HttpServletResponse response;
+    private Part filePart;
+    private FileItem fileItem;
+    private FileItemStream fileItemStream;
+
+    private static void sink(Object o) {}
+
+    public void test() throws Exception {
+        sink(filePart.getContentType());  // $ hasRemoteValueFlow
+        sink(filePart.getHeader("test")); // $ hasRemoteValueFlow
+        sink(filePart.getInputStream()); // $ hasRemoteValueFlow
+        sink(filePart.getHeaders("test")); // $ hasRemoteValueFlow
+        sink(filePart.getHeaderNames()); // $ hasRemoteValueFlow
+        sink(filePart.getSubmittedFileName()); // $ hasRemoteValueFlow
+        sink(filePart.getName()); // $ hasRemoteValueFlow
+
+        sink(fileItem.getName());        // $ hasRemoteValueFlow
+        sink(fileItem.get());            // $ hasRemoteValueFlow
+        sink(fileItem.getString());      // $ hasRemoteValueFlow
+        sink(fileItem.getContentType()); // $ hasRemoteValueFlow
+        sink(fileItem.getName());        // $ hasRemoteValueFlow
+
+        //These result in a compiler error when uncommented
+        //sink(fileItemStream) // $ hasRemoteValueFlow
+        //sink(fileItemStream.getFieldName()) // $ hasRemoteValueFlow
+        //sink(fileItemStream.getName()) // $ hasRemoteValueFlow
+        //sink(fileItemStream.openStream()) // $ hasRemoteValueFlow
+
+    }
+}

java/ql/test/library-tests/dataflow/taintsources/FileUpload.java

@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263