Java: Add test.

github · Nov 4, 2024 · e5cd0a4 · e5cd0a4
1 parent 146553f
commit e5cd0a4
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/java/ql/test/library-tests/listofconstants/A.java b/java/ql/test/library-tests/listofconstants/A.java
@@ -0,0 +1,35 @@
+import java.util.*;
+
+public class A {
+  private static final Set<String> SEPARATORS =
+      Collections.unmodifiableSet(
+          new HashSet<>(Arrays.asList("\t", "\n", ";")));
+
+  public static void sink(String s) { }
+
+  private void checkSeparator(String separator) {
+    if (SEPARATORS.contains(separator)) {
+      sink(separator);
+    }
+  }
+
+  public static final String URI1 = "yarn.io/gpu";
+  public static final String URI2 = "yarn.io/fpga";
+
+  public static final Set<String> SCHEMAS = Set.of(URI1, URI2, "s3a", "wasb");
+
+  private void checkSchema(String schema) {
+    if (SCHEMAS.contains(schema)) {
+      sink(schema);
+    }
+  }
+
+  private void testAdd(String inp) {
+    Set<String> s = new HashSet<>();
+    s.add("AA");
+    s.add("BB");
+    if (s.contains(inp.toUpperCase())) {
+      sink(inp);
+    }
+  }
+}
diff --git a/java/ql/test/library-tests/listofconstants/test.expected b/java/ql/test/library-tests/listofconstants/test.expected
@@ -0,0 +1,3 @@
+| A.java:12:12:12:20 | separator |
+| A.java:23:12:23:17 | schema |
+| A.java:32:12:32:14 | inp |
diff --git a/java/ql/test/library-tests/listofconstants/test.ql b/java/ql/test/library-tests/listofconstants/test.ql
@@ -0,0 +1,6 @@
+import java
+import semmle.code.java.dataflow.FlowSteps
+// import semmle.code.java.security.ListOfConstantsSanitizer
+
+from DefaultTaintSanitizer e
+select e