Skip to content

Commit 776322b

Browse files
tamasvajksmowton
tamasvajk
authored and
smowton
committed
Add foreach dataflow tests
1 parent 7e17074 commit 776322b

File tree

4 files changed

+66
-0
lines changed

4 files changed

+66
-0
lines changed

java/ql/test/kotlin/library-tests/dataflow/foreach/C1.java

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
public final class C1 {
2+
public final String taint(String t) {
3+
return t;
4+
}
5+
6+
public final void sink(Object a) {
7+
}
8+
9+
public final void test() {
10+
String[] l = new String[]{this.taint("a"), ""};
11+
this.sink(l);
12+
this.sink(l[0]);
13+
14+
for(int i = 0; i < l.length; i++) {
15+
this.sink(l[i]);
16+
}
17+
18+
for (String s : l) {
19+
this.sink(s);
20+
}
21+
}
22+
}

java/ql/test/kotlin/library-tests/dataflow/foreach/C2.kt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
class C2 {
2+
fun taint(t: String): String {
3+
return t
4+
}
5+
6+
fun sink(a: Any?) {}
7+
fun test() {
8+
val l = arrayOf(taint("a"), "")
9+
sink(l)
10+
sink(l[0])
11+
for (i in l.indices) {
12+
sink(l[i])
13+
}
14+
for (s in l) {
15+
sink(s)
16+
}
17+
}
18+
}

java/ql/test/kotlin/library-tests/dataflow/foreach/test.expected

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
| C1.java:10:44:10:46 | "a" | C1.java:11:17:11:17 | l |
2+
| C1.java:10:44:10:46 | "a" | C1.java:12:17:12:20 | ...[...] |
3+
| C1.java:10:44:10:46 | "a" | C1.java:15:20:15:23 | ...[...] |
4+
| C1.java:10:44:10:46 | "a" | C1.java:19:20:19:20 | s |
5+
| C2.kt:8:32:8:32 | a | C2.kt:9:14:9:14 | l |
6+
| C2.kt:8:32:8:32 | a | C2.kt:10:14:10:17 | ...[...] |
7+
| C2.kt:8:32:8:32 | a | C2.kt:12:18:12:21 | ...[...] |

java/ql/test/kotlin/library-tests/dataflow/foreach/test.ql

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
import java
2+
import semmle.code.java.dataflow.TaintTracking
3+
import semmle.code.java.dataflow.ExternalFlow
4+
5+
class Conf extends TaintTracking::Configuration {
6+
Conf() { this = "qltest:foreach-array-iterator" }
7+
8+
override predicate isSource(DataFlow::Node n) {
9+
n.asExpr().(Argument).getCall().getCallee().hasName("taint")
10+
}
11+
12+
override predicate isSink(DataFlow::Node n) {
13+
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
14+
}
15+
}
16+
17+
from DataFlow::Node src, DataFlow::Node sink, Conf conf
18+
where conf.hasFlow(src, sink)
19+
select src, sink

0 commit comments

Comments
 (0)