Merge pull request #19997 from hvitved/java/use-mad-in-log-injection-test

hvitved · web-flow · commit 52abf3ba0224 · 2025-07-08T11:02:51.000+02:00
Java: Use MaD in log injection test
diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["loginjection", "LogInjectionTest", False, "source", "()", "", "ReturnValue", "remote", "manual"]
diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java
@@ -1,3 +1,5 @@
+package loginjection;
+
 import java.util.ResourceBundle;
 import java.util.logging.LogRecord;
 import java.util.regex.Pattern;
diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql
@@ -1,11 +1,4 @@
 import java
 import semmle.code.java.security.LogInjectionQuery
 import utils.test.InlineFlowTest
-
-private class TestSource extends RemoteFlowSource {
-  TestSource() { this.asExpr().(MethodCall).getMethod().hasName("source") }
-
-  override string getSourceType() { result = "test source" }
-}
-
 import TaintFlowTest<LogInjectionConfig>

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+package loginjection;`
	`2`	`+`
`1`	`3`	`import java.util.ResourceBundle;`
`2`	`4`	`import java.util.logging.LogRecord;`
`3`	`5`	`import java.util.regex.Pattern;`