Skip to content

Commit dfe961c

Browse files
owen-mcowen-mc
committed
java: Inline expectation should have space before $
1 parent 3b26ed6 commit dfe961c

8 files changed

Lines changed: 287 additions & 287 deletions

File tree

java/ql/test/library-tests/dataflow/taint-jackson/Test.java

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -34,67 +34,67 @@ public static void jacksonObjectMapper() throws Exception {
3434
ObjectMapper om = new ObjectMapper();
3535
File file = new File("testFile");
3636
om.writeValue(file, s);
37-
sink(file); //$hasTaintFlow
37+
sink(file); // $ hasTaintFlow
3838
OutputStream out = new FileOutputStream(file);
3939
om.writeValue(out, s);
40-
sink(file); //$hasTaintFlow
40+
sink(file); // $ hasTaintFlow
4141
Writer writer = new StringWriter();
4242
om.writeValue(writer, s);
43-
sink(writer); //$hasTaintFlow
43+
sink(writer); // $ hasTaintFlow
4444
JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter());
4545
om.writeValue(generator, s);
46-
sink(generator); //$hasTaintFlow
46+
sink(generator); // $ hasTaintFlow
4747
String t = om.writeValueAsString(s);
48-
sink(t); //$hasTaintFlow
48+
sink(t); // $ hasTaintFlow
4949
byte[] bs = om.writeValueAsBytes(s);
5050
String reconstructed = new String(bs, "utf-8");
51-
sink(bs); //$hasTaintFlow
52-
sink(reconstructed); //$hasTaintFlow
51+
sink(bs); // $ hasTaintFlow
52+
sink(reconstructed); // $ hasTaintFlow
5353
}
5454

5555
public static void jacksonObjectWriter() throws Exception {
5656
String s = taint();
5757
ObjectWriter ow = new ObjectWriter();
5858
File file = new File("testFile");
5959
ow.writeValue(file, s);
60-
sink(file); //$hasTaintFlow
60+
sink(file); // $ hasTaintFlow
6161
OutputStream out = new FileOutputStream(file);
6262
ow.writeValue(out, s);
63-
sink(out); //$hasTaintFlow
63+
sink(out); // $ hasTaintFlow
6464
Writer writer = new StringWriter();
6565
ow.writeValue(writer, s);
66-
sink(writer); //$hasTaintFlow
66+
sink(writer); // $ hasTaintFlow
6767
JsonGenerator generator = new JsonFactory().createGenerator(new StringWriter());
6868
ow.writeValue(generator, s);
69-
sink(generator); //$hasTaintFlow
69+
sink(generator); // $ hasTaintFlow
7070
String t = ow.writeValueAsString(s);
71-
sink(t); //$hasTaintFlow
71+
sink(t); // $ hasTaintFlow
7272
byte[] bs = ow.writeValueAsBytes(s);
7373
String reconstructed = new String(bs, "utf-8");
74-
sink(bs); //$hasTaintFlow
75-
sink(reconstructed); //$hasTaintFlow
74+
sink(bs); // $ hasTaintFlow
75+
sink(reconstructed); // $ hasTaintFlow
7676
}
7777

7878
public static void jacksonObjectReader() throws java.io.IOException {
7979
String s = taint();
8080
ObjectMapper om = new ObjectMapper();
8181
ObjectReader reader = om.readerFor(Potato.class);
82-
sink(reader.readValue(s)); //$hasTaintFlow
83-
sink(reader.readValue(s, Potato.class).name); //$hasTaintFlow
84-
sink(reader.readValue(s, Potato.class).getName()); //$hasTaintFlow
82+
sink(reader.readValue(s)); // $ hasTaintFlow
83+
sink(reader.readValue(s, Potato.class).name); // $ hasTaintFlow
84+
sink(reader.readValue(s, Potato.class).getName()); // $ hasTaintFlow
8585
}
8686

8787
public static void jacksonObjectReaderIterable() throws java.io.IOException {
8888
String s = taint();
8989
ObjectMapper om = new ObjectMapper();
9090
ObjectReader reader = om.readerFor(Potato.class);
91-
sink(reader.readValues(s)); //$hasTaintFlow
91+
sink(reader.readValues(s)); // $ hasTaintFlow
9292
Iterator<Potato> pIterator = reader.readValues(s);
9393
while(pIterator.hasNext()) {
9494
Potato p = pIterator.next();
95-
sink(p); //$hasTaintFlow
96-
sink(p.name); //$hasTaintFlow
97-
sink(p.getName()); //$hasTaintFlow
95+
sink(p); // $ hasTaintFlow
96+
sink(p.name); // $ hasTaintFlow
97+
sink(p.getName()); // $ hasTaintFlow
9898
}
9999
}
100100

@@ -104,9 +104,9 @@ public static void jacksonTwoStepDeserialization() throws java.io.IOException {
104104
taintedParams.put("name", s);
105105
ObjectMapper om = new ObjectMapper();
106106
JsonNode jn = om.valueToTree(taintedParams);
107-
sink(jn); //$hasTaintFlow
107+
sink(jn); // $ hasTaintFlow
108108
Potato p = om.convertValue(jn, Potato.class);
109-
sink(p); //$hasTaintFlow
110-
sink(p.getName()); //$hasTaintFlow
109+
sink(p); // $ hasTaintFlow
110+
sink(p.getName()); // $ hasTaintFlow
111111
}
112112
}

java/ql/test/library-tests/frameworks/apache-http/A.java

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -12,54 +12,54 @@ static void sink(Object o) { }
1212

1313
class Test1 implements HttpRequestHandler {
1414
public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) throws IOException {
15-
A.sink(req.getRequestLine()); //$hasTaintFlow
16-
A.sink(req.getRequestLine().getUri()); //$hasTaintFlow
17-
A.sink(req.getRequestLine().getMethod()); //$hasTaintFlow
18-
A.sink(req.getAllHeaders()); //$hasTaintFlow
15+
A.sink(req.getRequestLine()); // $ hasTaintFlow
16+
A.sink(req.getRequestLine().getUri()); // $ hasTaintFlow
17+
A.sink(req.getRequestLine().getMethod()); // $ hasTaintFlow
18+
A.sink(req.getAllHeaders()); // $ hasTaintFlow
1919
HeaderIterator it = req.headerIterator();
20-
A.sink(it.next()); //$hasTaintFlow
21-
A.sink(it.nextHeader()); //$hasTaintFlow
20+
A.sink(it.next()); // $ hasTaintFlow
21+
A.sink(it.nextHeader()); // $ hasTaintFlow
2222
Header h = req.getHeaders("abc")[3];
23-
A.sink(h.getName()); //$hasTaintFlow
24-
A.sink(h.getValue()); //$hasTaintFlow
23+
A.sink(h.getName()); // $ hasTaintFlow
24+
A.sink(h.getValue()); // $ hasTaintFlow
2525
HeaderElement el = h.getElements()[0];
26-
A.sink(el.getName()); //$hasTaintFlow
27-
A.sink(el.getValue()); //$hasTaintFlow
28-
A.sink(el.getParameters()); //$hasTaintFlow
29-
A.sink(el.getParameterByName("abc").getValue()); //$hasTaintFlow
30-
A.sink(el.getParameter(0).getName()); //$hasTaintFlow
26+
A.sink(el.getName()); // $ hasTaintFlow
27+
A.sink(el.getValue()); // $ hasTaintFlow
28+
A.sink(el.getParameters()); // $ hasTaintFlow
29+
A.sink(el.getParameterByName("abc").getValue()); // $ hasTaintFlow
30+
A.sink(el.getParameter(0).getName()); // $ hasTaintFlow
3131
HttpEntity ent = ((HttpEntityEnclosingRequest)req).getEntity();
32-
A.sink(ent.getContent()); //$hasTaintFlow
33-
A.sink(ent.getContentEncoding()); //$hasTaintFlow
34-
A.sink(ent.getContentType()); //$hasTaintFlow
35-
A.sink(EntityUtils.toString(ent)); //$hasTaintFlow
36-
A.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow
37-
A.sink(EntityUtils.getContentCharSet(ent)); //$hasTaintFlow
38-
A.sink(EntityUtils.getContentMimeType(ent)); //$hasTaintFlow
39-
res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>")); //$hasTaintFlow
40-
EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); //$hasTaintFlow
41-
res.setHeader("Location", req.getRequestLine().getUri()); //$hasTaintFlow
42-
res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); //$hasTaintFlow
32+
A.sink(ent.getContent()); // $ hasTaintFlow
33+
A.sink(ent.getContentEncoding()); // $ hasTaintFlow
34+
A.sink(ent.getContentType()); // $ hasTaintFlow
35+
A.sink(EntityUtils.toString(ent)); // $ hasTaintFlow
36+
A.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow
37+
A.sink(EntityUtils.getContentCharSet(ent)); // $ hasTaintFlow
38+
A.sink(EntityUtils.getContentMimeType(ent)); // $ hasTaintFlow
39+
res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>")); // $ hasTaintFlow
40+
EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent))); // $ hasTaintFlow
41+
res.setHeader("Location", req.getRequestLine().getUri()); // $ hasTaintFlow
42+
res.setHeader(new BasicHeader("Location", req.getRequestLine().getUri())); // $ hasTaintFlow
4343
}
4444
}
4545

4646
void test2() {
4747
ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
4848
bbuf.append((byte[]) taint(), 0, 3);
49-
sink(bbuf.buffer()); //$hasTaintFlow
50-
sink(bbuf.toByteArray()); //$hasTaintFlow
49+
sink(bbuf.buffer()); // $ hasTaintFlow
50+
sink(bbuf.toByteArray()); // $ hasTaintFlow
5151

5252
CharArrayBuffer cbuf = new CharArrayBuffer(42);
5353
cbuf.append(bbuf.toByteArray(), 0, 3);
54-
sink(cbuf.toCharArray()); //$hasTaintFlow
55-
sink(cbuf.toString()); //$hasTaintFlow
56-
sink(cbuf.subSequence(0, 3)); //$hasTaintFlow
57-
sink(cbuf.substring(0, 3)); //$hasTaintFlow
58-
sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow
54+
sink(cbuf.toCharArray()); // $ hasTaintFlow
55+
sink(cbuf.toString()); // $ hasTaintFlow
56+
sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow
57+
sink(cbuf.substring(0, 3)); // $ hasTaintFlow
58+
sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow
5959

60-
sink(Args.notNull(taint(), "x")); //$hasTaintFlow
61-
sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow
62-
sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow
60+
sink(Args.notNull(taint(), "x")); // $ hasTaintFlow
61+
sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow
62+
sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow
6363
sink(Args.notNull("x", (String) taint())); // Good
6464
}
65-
}
65+
}

java/ql/test/library-tests/frameworks/apache-http/B.java

Lines changed: 43 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -14,63 +14,63 @@ static void sink(Object o) { }
1414

1515
class Test1 implements HttpRequestHandler {
1616
public void handle(ClassicHttpRequest req, ClassicHttpResponse res, HttpContext ctx) throws IOException, ParseException {
17-
B.sink(req.getAuthority().getHostName()); //$hasTaintFlow
18-
B.sink(req.getAuthority().toString()); //$hasTaintFlow
19-
B.sink(req.getMethod()); //$hasTaintFlow
20-
B.sink(req.getPath()); //$hasTaintFlow
21-
B.sink(req.getScheme());
22-
B.sink(req.getRequestUri()); //$hasTaintFlow
17+
B.sink(req.getAuthority().getHostName()); // $ hasTaintFlow
18+
B.sink(req.getAuthority().toString()); // $ hasTaintFlow
19+
B.sink(req.getMethod()); // $ hasTaintFlow
20+
B.sink(req.getPath()); // $ hasTaintFlow
21+
B.sink(req.getScheme());
22+
B.sink(req.getRequestUri()); // $ hasTaintFlow
2323
RequestLine line = new RequestLine(req);
24-
B.sink(line.getUri()); //$hasTaintFlow
25-
B.sink(line.getMethod()); //$hasTaintFlow
26-
B.sink(req.getHeaders()); //$hasTaintFlow
27-
B.sink(req.headerIterator()); //$hasTaintFlow
24+
B.sink(line.getUri()); // $ hasTaintFlow
25+
B.sink(line.getMethod()); // $ hasTaintFlow
26+
B.sink(req.getHeaders()); // $ hasTaintFlow
27+
B.sink(req.headerIterator()); // $ hasTaintFlow
2828
Header h = req.getHeaders("abc")[3];
29-
B.sink(h.getName()); //$hasTaintFlow
30-
B.sink(h.getValue()); //$hasTaintFlow
31-
B.sink(req.getFirstHeader("abc")); //$hasTaintFlow
32-
B.sink(req.getLastHeader("abc")); //$hasTaintFlow
29+
B.sink(h.getName()); // $ hasTaintFlow
30+
B.sink(h.getValue()); // $ hasTaintFlow
31+
B.sink(req.getFirstHeader("abc")); // $ hasTaintFlow
32+
B.sink(req.getLastHeader("abc")); // $ hasTaintFlow
3333
HttpEntity ent = req.getEntity();
34-
B.sink(ent.getContent()); //$hasTaintFlow
35-
B.sink(ent.getContentEncoding()); //$hasTaintFlow
36-
B.sink(ent.getContentType()); //$hasTaintFlow
37-
B.sink(ent.getTrailerNames()); //$hasTaintFlow
38-
B.sink(ent.getTrailers().get()); //$hasTaintFlow
39-
B.sink(EntityUtils.toString(ent)); //$hasTaintFlow
40-
B.sink(EntityUtils.toByteArray(ent)); //$hasTaintFlow
41-
B.sink(EntityUtils.parse(ent)); //$hasTaintFlow
42-
res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>")); //$hasTaintFlow
43-
res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); //$hasTaintFlow
44-
res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>")); //$hasTaintFlow
45-
res.setHeader("Location", req.getRequestUri()); //$hasTaintFlow
46-
res.setHeader(new BasicHeader("Location", req.getRequestUri())); //$hasTaintFlow
34+
B.sink(ent.getContent()); // $ hasTaintFlow
35+
B.sink(ent.getContentEncoding()); // $ hasTaintFlow
36+
B.sink(ent.getContentType()); // $ hasTaintFlow
37+
B.sink(ent.getTrailerNames()); // $ hasTaintFlow
38+
B.sink(ent.getTrailers().get()); // $ hasTaintFlow
39+
B.sink(EntityUtils.toString(ent)); // $ hasTaintFlow
40+
B.sink(EntityUtils.toByteArray(ent)); // $ hasTaintFlow
41+
B.sink(EntityUtils.parse(ent)); // $ hasTaintFlow
42+
res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>")); // $ hasTaintFlow
43+
res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML)); // $ hasTaintFlow
44+
res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>")); // $ hasTaintFlow
45+
res.setHeader("Location", req.getRequestUri()); // $ hasTaintFlow
46+
res.setHeader(new BasicHeader("Location", req.getRequestUri())); // $ hasTaintFlow
4747
}
4848
}
4949

5050
void test2() {
5151
ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
52-
bbuf.append((byte[]) taint(), 0, 3);
53-
sink(bbuf.array()); //$hasTaintFlow
54-
sink(bbuf.toByteArray()); //$hasTaintFlow
55-
sink(bbuf.toString());
52+
bbuf.append((byte[]) taint(), 0, 3);
53+
sink(bbuf.array()); // $ hasTaintFlow
54+
sink(bbuf.toByteArray()); // $ hasTaintFlow
55+
sink(bbuf.toString());
5656

5757
CharArrayBuffer cbuf = new CharArrayBuffer(42);
58-
cbuf.append(bbuf.toByteArray(), 0, 3);
59-
sink(cbuf.toCharArray()); //$hasTaintFlow
60-
sink(cbuf.toString()); //$hasTaintFlow
61-
sink(cbuf.subSequence(0, 3)); //$hasTaintFlow
62-
sink(cbuf.substring(0, 3)); //$hasTaintFlow
63-
sink(cbuf.substringTrimmed(0, 3)); //$hasTaintFlow
58+
cbuf.append(bbuf.toByteArray(), 0, 3);
59+
sink(cbuf.toCharArray()); // $ hasTaintFlow
60+
sink(cbuf.toString()); // $ hasTaintFlow
61+
sink(cbuf.subSequence(0, 3)); // $ hasTaintFlow
62+
sink(cbuf.substring(0, 3)); // $ hasTaintFlow
63+
sink(cbuf.substringTrimmed(0, 3)); // $ hasTaintFlow
6464

65-
sink(Args.notNull(taint(), "x")); //$hasTaintFlow
66-
sink(Args.notEmpty((String) taint(), "x")); //$hasTaintFlow
67-
sink(Args.notBlank((String) taint(), "x")); //$hasTaintFlow
68-
sink(Args.notNull("x", (String) taint()));
65+
sink(Args.notNull(taint(), "x")); // $ hasTaintFlow
66+
sink(Args.notEmpty((String) taint(), "x")); // $ hasTaintFlow
67+
sink(Args.notBlank((String) taint(), "x")); // $ hasTaintFlow
68+
sink(Args.notNull("x", (String) taint()));
6969
}
7070

7171
class Test3 implements HttpServerRequestHandler {
7272
public void handle(ClassicHttpRequest req, HttpServerRequestHandler.ResponseTrigger restr, HttpContext ctx) throws HttpException, IOException {
73-
B.sink(req.getEntity()); //$hasTaintFlow
73+
B.sink(req.getEntity()); // $ hasTaintFlow
7474
}
7575
}
76-
}
76+
}

java/ql/test/library-tests/frameworks/ratpack/resources/CollectionPassingTest.java

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,11 @@ void test_1(Context ctx) {
2929
Map<String, Object> pojoMap = new HashMap<>();
3030
merge(form.asMultimap().asMap(), pojoMap);
3131
// Then
32-
sink(pojoMap.get("value")); //$hasTaintFlow
32+
sink(pojoMap.get("value")); // $ hasTaintFlow
3333
pojoMap.forEach((key, value) -> {
34-
sink(value); //$hasTaintFlow
34+
sink(value); // $ hasTaintFlow
3535
List<Object> values = (List<Object>) value;
36-
sink(values.get(0)); //$hasTaintFlow
36+
sink(values.get(0)); // $ hasTaintFlow
3737
});
3838
});
3939
}
@@ -46,11 +46,11 @@ void test_2() {
4646
// When
4747
merge(taintedMap, pojoMap);
4848
// Then
49-
sink(pojoMap.get("value")); //$hasTaintFlow
49+
sink(pojoMap.get("value")); // $ hasTaintFlow
5050
pojoMap.forEach((key, value) -> {
51-
sink(value); //$hasTaintFlow
51+
sink(value); // $ hasTaintFlow
5252
List<Object> values = (List<Object>) value;
53-
sink(values.get(0)); //$hasTaintFlow
53+
sink(values.get(0)); // $ hasTaintFlow
5454
});
5555
}
5656

@@ -66,5 +66,5 @@ private static void merge(Map<String, Collection<String>> params, Map<String, Ob
6666
private static Object extractSingleValueIfPossible(Collection<String> values) {
6767
return values.size() == 1 ? values.iterator().next() : ImmutableList.copyOf(values);
6868
}
69-
69+
7070
}

0 commit comments

Comments
 (0)