Merge pull request #10131 from atorralba/atorralba/path-steps

atorralba · web-flow · commit a3f27d4abe86 · 2022-08-23T09:47:34.000+02:00
Java: Add new java.nio.Path{,s} summary models
diff --git a/java/ql/lib/change-notes/2022-08-22-path-summaries.md b/java/ql/lib/change-notes/2022-08-22-path-summaries.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added new flow steps for the classes `java.io.Path` and `java.nio.Paths`.
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -317,7 +317,12 @@ private predicate summaryModelCsv(string row) {
       "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual",
       "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual",
       "java.nio;ByteBuffer;false;array;();;Argument[-1];ReturnValue;taint;manual",
+      "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual",
+      "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual",
       "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual",
+      "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual",
+      "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual",
+      "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual",
       "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual",
       "java.io;Reader;true;read;();;Argument[-1];ReturnValue;taint;manual",
       // arg to return
diff --git a/java/ql/test/library-tests/paths/Test.java b/java/ql/test/library-tests/paths/Test.java
@@ -0,0 +1,98 @@
+package generatedtest;
+
+import java.io.File;
+import java.net.URI;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() { return null; }
+	void sink(Object o) { }
+
+	public void test() throws Exception {
+
+		{
+			// "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual"
+			Path out = null;
+			Path in = (Path)source();
+			out = in.normalize();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual"
+			Path out = null;
+			Path in = (Path)source();
+			Path instance = null;
+			out = instance.resolve(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual"
+			Path out = null;
+			Path in = (Path)source();
+			out = in.resolve((Path)null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual"
+			Path out = null;
+			Path in = (Path)source();
+			out = in.resolve((String)null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual"
+			Path out = null;
+			String in = (String)source();
+			Path instance = null;
+			out = instance.resolve(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;toFile;;;Argument[-1];ReturnValue;taint;manual"
+			File out = null;
+			Path in = (Path)source();
+			out = in.toFile();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual"
+			String out = null;
+			Path in = (Path)source();
+			out = in.toString();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual"
+			URI out = null;
+			Path in = (Path)source();
+			out = in.toUri();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
+			Path out = null;
+			String in = (String)source();
+			out = Paths.get(in, (String[])null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
+			Path out = null;
+			String[] in = (String[])source();
+			out = Paths.get((String)null, in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint;manual"
+			Path out = null;
+			URI in = (URI)source();
+			out = Paths.get(in);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}
diff --git a/java/ql/test/library-tests/paths/test.expected b/java/ql/test/library-tests/paths/test.expected
diff --git a/java/ql/test/library-tests/paths/test.ql b/java/ql/test/library-tests/paths/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added new flow steps for the classes `java.io.Path` and `java.nio.Paths`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+import java`
	`2`	`+import TestUtilities.InlineFlowTest`