Add tests for Spring web.method

Author: Sauyon Lee

java/ql/test/library-tests/frameworks/spring/web/MethodTest.java

@@ -0,0 +1,136 @@
+package generatedtest;
+
+import java.util.Map;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import org.springframework.web.method.support.UriComponentsContributor;
+import org.springframework.web.util.UriComponentsBuilder;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class MethodTest {
+
+	Object getMapKey(Map container) { return container.keySet().iterator().next(); }
+	Object getMapValue(Map container) { return container.get(null); }
+	ModelMap getModelAndViewContainer_Model(ModelAndViewContainer container) { return container.getModel(); }
+	Object getModelAndViewContainer_View(ModelAndViewContainer container) { return container.getView(); }
+	ModelAndViewContainer newWithModelAndViewContainer_Model(Object element) { ModelAndViewContainer ret = new ModelAndViewContainer(); ret.setRedirectModel((ModelMap)element); return ret;  }
+	ModelAndViewContainer newWithModelAndViewContainer_View(Object element) { ModelAndViewContainer ret = new ModelAndViewContainer(); ret.setView(element); return ret; }
+	Object source() { return null; }
+	void sink(Object o) { }
+
+	public void test() throws Exception {
+
+		{
+			// "org.springframework.web.method.support;HandlerMethodArgumentResolver;true;resolveArgument;;;Argument[2];ReturnValue;taint"
+			Object out = null;
+			NativeWebRequest in = (NativeWebRequest)source();
+			HandlerMethodArgumentResolver instance = null;
+			out = instance.resolveArgument(null, null, in, null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;addAllAttributes;;;MapKey of Argument[0];MapKey of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Map in = Map.of(source(), null);
+			out.addAllAttributes(in);
+			sink(getMapKey(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;addAllAttributes;;;MapValue of Argument[0];MapValue of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Map in = Map.of(null, source());
+			out.addAllAttributes(in);
+			sink(getMapValue(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;addAttribute;;;Argument[0];MapKey of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			String in = (String)source();
+			out.addAttribute(in, null);
+			sink(getMapKey(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;addAttribute;;;Argument[0];MapKey of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Object in = (Object)source();
+			out.addAttribute(in);
+			sink(getMapKey(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;addAttribute;;;Argument[1];MapValue of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Object in = (Object)source();
+			out.addAttribute(null, in);
+			sink(getMapValue(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;getDefaultModel;;;SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];ReturnValue;value"
+			ModelMap out = null;
+			ModelAndViewContainer in = (ModelAndViewContainer)newWithModelAndViewContainer_Model(source());
+			out = in.getDefaultModel();
+			sink(out); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;getModel;;;SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];ReturnValue;value"
+			ModelMap out = null;
+			ModelAndViewContainer in = (ModelAndViewContainer)newWithModelAndViewContainer_Model(source());
+			out = in.getModel();
+			sink(out); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;getView;;;SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.View] of Argument[-1];ReturnValue;value"
+			Object out = null;
+			ModelAndViewContainer in = (ModelAndViewContainer)newWithModelAndViewContainer_View(source());
+			out = in.getView();
+			sink(out); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;mergeAttributes;;;MapKey of Argument[0];MapKey of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Map in = Map.of(source(), null);
+			out.mergeAttributes(in);
+			sink(getMapKey(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;mergeAttributes;;;MapValue of Argument[0];MapValue of SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Map in = Map.of(null, source());
+			out.mergeAttributes(in);
+			sink(getMapValue(getModelAndViewContainer_Model(out))); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;setRedirectModel;;;Argument[0];SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.Model] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			ModelMap in = (ModelMap)source();
+			out.setRedirectModel(in);
+			sink(getModelAndViewContainer_Model(out)); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;ModelAndViewContainer;false;setView;;;Argument[0];SyntheticField[org.springframework.web.method.support.ModelAndViewContainer.View] of Argument[-1];value"
+			ModelAndViewContainer out = null;
+			Object in = (Object)source();
+			out.setView(in);
+			sink(getModelAndViewContainer_View(out)); // $ hasValueFlow
+		}
+		{
+			// "org.springframework.web.method.support;UriComponentsContributor;true;contributeMethodArgument;;;Argument[1];Argument[2];taint"
+			UriComponentsBuilder out = null;
+			Object in = (Object)source();
+			UriComponentsContributor instance = null;
+			instance.contributeMethodArgument(null, in, out, null, null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.springframework.web.method.support;UriComponentsContributor;true;contributeMethodArgument;;;Argument[1];Argument[3];taint"
+			Map out = null;
+			Object in = (Object)source();
+			UriComponentsContributor instance = null;
+			instance.contributeMethodArgument(null, in, null, out, null);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}

java/ql/test/library-tests/frameworks/spring/web/test.ql

@@ -25,6 +25,8 @@ class TaintFlowConf extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node n) {
     n.asExpr().(Argument).getCall().getCallee().hasName("sink")
   }
+
+  override int fieldFlowBranchLimit() { result = 10 }
 }
 
 class HasFlowTest extends InlineExpectationsTest {