Skip to content

Commit edc8f6f

Browse files
atorralbaatorralba
authored
Merge pull request #9894 from atorralba/atorralba/scanner_models
Java: Add CSV models for java.util.Scanner
2 parents 43ae5d4 + 33f5620 commit edc8f6f

File tree

5 files changed

+354
-2
lines changed

5 files changed

+354
-2
lines changed

java/ql/lib/change-notes/2022-07-26-scanner-models.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Added data flow models for `java.util.Scanner`.

java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -244,8 +244,26 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
244244
"java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
245245
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
246246
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
247-
"java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint;manual",
248-
"java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint;manual",
247+
"java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
248+
"java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
249+
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
250+
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
251+
"java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual",
252+
"java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
253+
"java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual",
254+
"java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual",
255+
"java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual",
256+
"java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual",
257+
"java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual",
258+
"java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual",
259+
"java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual",
260+
"java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual",
261+
"java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual",
262+
"java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual",
263+
"java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual",
264+
"java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual",
265+
"java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual",
266+
"java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual",
249267
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
250268
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
251269
"java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",

java/ql/test/library-tests/scanner/Test.java

Lines changed: 328 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,328 @@
1+
package generatedtest;
2+
3+
import java.io.File;
4+
import java.io.InputStream;
5+
import java.math.BigDecimal;
6+
import java.math.BigInteger;
7+
import java.nio.channels.ReadableByteChannel;
8+
import java.nio.charset.Charset;
9+
import java.nio.file.Path;
10+
import java.util.Scanner;
11+
import java.util.regex.Pattern;
12+
13+
// Test case generated by GenerateFlowTestCase.ql
14+
public class Test {
15+
16+
Object source() {
17+
return null;
18+
}
19+
20+
void sink(Object o) {}
21+
22+
public void test() throws Exception {
23+
24+
{
25+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
26+
Scanner out = null;
27+
File in = (File) source();
28+
out = new Scanner(in);
29+
sink(out); // $ hasTaintFlow
30+
}
31+
{
32+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
33+
Scanner out = null;
34+
File in = (File) source();
35+
out = new Scanner(in, (Charset) null);
36+
sink(out); // $ hasTaintFlow
37+
}
38+
{
39+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
40+
Scanner out = null;
41+
File in = (File) source();
42+
out = new Scanner(in, (String) null);
43+
sink(out); // $ hasTaintFlow
44+
}
45+
{
46+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
47+
Scanner out = null;
48+
InputStream in = (InputStream) source();
49+
out = new Scanner(in);
50+
sink(out); // $ hasTaintFlow
51+
}
52+
{
53+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
54+
Scanner out = null;
55+
InputStream in = (InputStream) source();
56+
out = new Scanner(in, (Charset) null);
57+
sink(out); // $ hasTaintFlow
58+
}
59+
{
60+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
61+
Scanner out = null;
62+
InputStream in = (InputStream) source();
63+
out = new Scanner(in, (String) null);
64+
sink(out); // $ hasTaintFlow
65+
}
66+
{
67+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
68+
Scanner out = null;
69+
Path in = (Path) source();
70+
out = new Scanner(in);
71+
sink(out); // $ hasTaintFlow
72+
}
73+
{
74+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
75+
Scanner out = null;
76+
Path in = (Path) source();
77+
out = new Scanner(in, (Charset) null);
78+
sink(out); // $ hasTaintFlow
79+
}
80+
{
81+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
82+
Scanner out = null;
83+
Path in = (Path) source();
84+
out = new Scanner(in, (String) null);
85+
sink(out); // $ hasTaintFlow
86+
}
87+
{
88+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
89+
Scanner out = null;
90+
Readable in = (Readable) source();
91+
out = new Scanner(in);
92+
sink(out); // $ hasTaintFlow
93+
}
94+
{
95+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
96+
Scanner out = null;
97+
ReadableByteChannel in = (ReadableByteChannel) source();
98+
out = new Scanner(in);
99+
sink(out); // $ hasTaintFlow
100+
}
101+
{
102+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
103+
Scanner out = null;
104+
ReadableByteChannel in = (ReadableByteChannel) source();
105+
out = new Scanner(in, (Charset) null);
106+
sink(out); // $ hasTaintFlow
107+
}
108+
{
109+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
110+
Scanner out = null;
111+
ReadableByteChannel in = (ReadableByteChannel) source();
112+
out = new Scanner(in, (String) null);
113+
sink(out); // $ hasTaintFlow
114+
}
115+
{
116+
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
117+
Scanner out = null;
118+
String in = (String) source();
119+
out = new Scanner(in);
120+
sink(out); // $ hasTaintFlow
121+
}
122+
{
123+
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
124+
String out = null;
125+
Scanner in = (Scanner) source();
126+
out = in.findInLine((Pattern) null);
127+
sink(out); // $ hasTaintFlow
128+
}
129+
{
130+
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
131+
String out = null;
132+
Scanner in = (Scanner) source();
133+
out = in.findInLine((String) null);
134+
sink(out); // $ hasTaintFlow
135+
}
136+
{
137+
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
138+
String out = null;
139+
Scanner in = (Scanner) source();
140+
out = in.findWithinHorizon((Pattern) null, 0);
141+
sink(out); // $ hasTaintFlow
142+
}
143+
{
144+
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
145+
String out = null;
146+
Scanner in = (Scanner) source();
147+
out = in.findWithinHorizon((String) null, 0);
148+
sink(out); // $ hasTaintFlow
149+
}
150+
{
151+
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
152+
String out = null;
153+
Scanner in = (Scanner) source();
154+
out = in.next((Pattern) null);
155+
sink(out); // $ hasTaintFlow
156+
}
157+
{
158+
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
159+
String out = null;
160+
Scanner in = (Scanner) source();
161+
out = in.next((String) null);
162+
sink(out); // $ hasTaintFlow
163+
}
164+
{
165+
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
166+
String out = null;
167+
Scanner in = (Scanner) source();
168+
out = in.next();
169+
sink(out); // $ hasTaintFlow
170+
}
171+
{
172+
// "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual"
173+
BigDecimal out = null;
174+
Scanner in = (Scanner) source();
175+
out = in.nextBigDecimal();
176+
sink(out); // $ hasTaintFlow
177+
}
178+
{
179+
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
180+
BigInteger out = null;
181+
Scanner in = (Scanner) source();
182+
out = in.nextBigInteger();
183+
sink(out); // $ hasTaintFlow
184+
}
185+
{
186+
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
187+
BigInteger out = null;
188+
Scanner in = (Scanner) source();
189+
out = in.nextBigInteger(0);
190+
sink(out); // $ hasTaintFlow
191+
}
192+
{
193+
// "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual"
194+
boolean out = false;
195+
Scanner in = (Scanner) source();
196+
out = in.nextBoolean();
197+
sink(out); // $ hasTaintFlow
198+
}
199+
{
200+
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
201+
byte out = 0;
202+
Scanner in = (Scanner) source();
203+
out = in.nextByte();
204+
sink(out); // $ hasTaintFlow
205+
}
206+
{
207+
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
208+
byte out = 0;
209+
Scanner in = (Scanner) source();
210+
out = in.nextByte(0);
211+
sink(out); // $ hasTaintFlow
212+
}
213+
{
214+
// "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual"
215+
double out = 0;
216+
Scanner in = (Scanner) source();
217+
out = in.nextDouble();
218+
sink(out); // $ hasTaintFlow
219+
}
220+
{
221+
// "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual"
222+
float out = 0;
223+
Scanner in = (Scanner) source();
224+
out = in.nextFloat();
225+
sink(out); // $ hasTaintFlow
226+
}
227+
{
228+
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
229+
int out = 0;
230+
Scanner in = (Scanner) source();
231+
out = in.nextInt();
232+
sink(out); // $ hasTaintFlow
233+
}
234+
{
235+
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
236+
int out = 0;
237+
Scanner in = (Scanner) source();
238+
out = in.nextInt(0);
239+
sink(out); // $ hasTaintFlow
240+
}
241+
{
242+
// "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual"
243+
String out = null;
244+
Scanner in = (Scanner) source();
245+
out = in.nextLine();
246+
sink(out); // $ hasTaintFlow
247+
}
248+
{
249+
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
250+
long out = 0;
251+
Scanner in = (Scanner) source();
252+
out = in.nextLong();
253+
sink(out); // $ hasTaintFlow
254+
}
255+
{
256+
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
257+
long out = 0;
258+
Scanner in = (Scanner) source();
259+
out = in.nextLong(0);
260+
sink(out); // $ hasTaintFlow
261+
}
262+
{
263+
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
264+
short out = 0;
265+
Scanner in = (Scanner) source();
266+
out = in.nextShort();
267+
sink(out); // $ hasTaintFlow
268+
}
269+
{
270+
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
271+
short out = 0;
272+
Scanner in = (Scanner) source();
273+
out = in.nextShort(0);
274+
sink(out); // $ hasTaintFlow
275+
}
276+
{
277+
// "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual"
278+
Scanner out = null;
279+
Scanner in = (Scanner) source();
280+
out = in.reset();
281+
sink(out); // $ hasValueFlow
282+
}
283+
{
284+
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
285+
Scanner out = null;
286+
Scanner in = (Scanner) source();
287+
out = in.skip((Pattern) null);
288+
sink(out); // $ hasValueFlow
289+
}
290+
{
291+
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
292+
Scanner out = null;
293+
Scanner in = (Scanner) source();
294+
out = in.skip((String) null);
295+
sink(out); // $ hasValueFlow
296+
}
297+
{
298+
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
299+
Scanner out = null;
300+
Scanner in = (Scanner) source();
301+
out = in.useDelimiter((Pattern) null);
302+
sink(out); // $ hasValueFlow
303+
}
304+
{
305+
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
306+
Scanner out = null;
307+
Scanner in = (Scanner) source();
308+
out = in.useDelimiter((String) null);
309+
sink(out); // $ hasValueFlow
310+
}
311+
{
312+
// "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual"
313+
Scanner out = null;
314+
Scanner in = (Scanner) source();
315+
out = in.useLocale(null);
316+
sink(out); // $ hasValueFlow
317+
}
318+
{
319+
// "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual"
320+
Scanner out = null;
321+
Scanner in = (Scanner) source();
322+
out = in.useRadix(0);
323+
sink(out); // $ hasValueFlow
324+
}
325+
326+
}
327+
328+
}

java/ql/test/library-tests/scanner/test.expected

Whitespace-only changes.

java/ql/test/library-tests/scanner/test.ql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
import java
2+
import TestUtilities.InlineFlowTest

0 commit comments

Comments
 (0)