Add local dataflow test for string templates

tamasvajk · igfoo · commit 2965e780cc35 · 2022-05-10T19:51:16.000+01:00
diff --git a/java/ql/test/kotlin/library-tests/dataflow/taint/StringTemplate.kt b/java/ql/test/kotlin/library-tests/dataflow/taint/StringTemplate.kt
@@ -0,0 +1,11 @@
+class StringTemplateTests {
+  fun taint() = "tainted"
+
+  fun  sink(s: String) { }
+
+  fun bad() {
+    val s0 = taint()
+    val s1 = "test $s0"
+    sink(s1)
+  }
+}
diff --git a/java/ql/test/kotlin/library-tests/dataflow/taint/test.expected b/java/ql/test/kotlin/library-tests/dataflow/taint/test.expected
@@ -0,0 +1 @@
+| StringTemplate.kt:7:14:7:20 | taint(...) | StringTemplate.kt:9:10:9:11 | s1 |
diff --git a/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql b/java/ql/test/kotlin/library-tests/dataflow/taint/test.ql
@@ -0,0 +1,18 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "kttaintconf" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod().hasName("taint")
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
+  }
+}
+
+from DataFlow::Node src, DataFlow::Node sink, Conf conf
+where conf.hasFlow(src, sink)
+select src, sink

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| StringTemplate.kt:7:14:7:20 \| taint(...) \| StringTemplate.kt:9:10:9:11 \| s1 \|`