Add test for missing WhenExpr flow

atorralba · igfoo · commit 59799811994e · 2022-05-10T19:51:22.000+01:00
diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/WhenExpr.kt b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/WhenExpr.kt
@@ -0,0 +1,14 @@
+class WhenExpr {
+  fun taint() = Uri()
+
+  fun sink(s: String) { }
+
+  fun bad() {
+    val s0 = taint()
+    sink(s0?.getQueryParameter())
+  }
+}
+
+class Uri {
+    fun getQueryParameter() = "tainted"
+}
diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.expected b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.expected
@@ -0,0 +1 @@
+| NotNullExpr.kt:7:14:7:20 | taint(...) | NotNullExpr.kt:8:15:8:33 | getQueryParameter(...) |
diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ql
@@ -0,0 +1,25 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.ExternalFlow
+
+class Step extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = ";Uri;false;getQueryParameter;;;Argument[-1];ReturnValue;taint"
+  }
+}
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "qltest:notNullExprFlow" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod().hasName("taint")
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().hasName("sink")
+  }
+}
+
+from DataFlow::Node src, DataFlow::Node sink, Conf conf
+where conf.hasFlow(src, sink)
+select src, sink

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| NotNullExpr.kt:7:14:7:20 \| taint(...) \| NotNullExpr.kt:8:15:8:33 \| getQueryParameter(...) \|`