File tree Expand file tree Collapse file tree
java/ql/test/kotlin/library-tests/dataflow/extensionMethod Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ | test.kt:20:29:20:31 | new C(...) | test.kt:23:22:23:28 | self1(...) |
2+ | test.kt:20:29:20:31 | new C(...) | test.kt:29:18:29:29 | fn1(...) |
Original file line number Diff line number Diff line change 1+ class C {
2+ fun self1 () = this
3+ fun fn1 (o : C ) = o
4+
5+ fun Int.fn3 (o : C ) = o
6+ fun Int.fn4 () = this @C
7+
8+ fun call1 (o : C ) = 1 .fn3(o)
9+ fun call2 () = 1 .fn4()
10+ }
11+
12+ fun C.self2 () = this
13+ fun C.fn2 (o : C ) = o
14+
15+ class Test {
16+ fun <T > taint (t : T ) = t
17+ fun sink (a : Any ) {}
18+
19+ fun test (s1 : String ) {
20+ val tainted = taint(C ())
21+
22+ sink(C ().self1())
23+ sink(tainted.self1())
24+
25+ sink(C ().self2())
26+ sink(tainted.self2())
27+
28+ sink(C ().fn1(C ()))
29+ sink(C ().fn1(tainted))
30+
31+ sink(C ().fn2(C ()))
32+ sink(C ().fn2(tainted))
33+
34+ sink(C ().call1(C ()))
35+ sink(C ().call1(tainted))
36+
37+ sink(C ().call2())
38+ sink(tainted.call2())
39+ }
40+ }
Original file line number Diff line number Diff line change 1+ import java
2+ import semmle.code.java.dataflow.TaintTracking
3+ import semmle.code.java.dataflow.ExternalFlow
4+
5+ class Conf extends TaintTracking:: Configuration {
6+ Conf ( ) { this = "qltest:extension-method" }
7+
8+ override predicate isSource ( DataFlow:: Node n ) {
9+ n .asExpr ( ) .( Argument ) .getCall ( ) .getCallee ( ) .hasName ( "taint" )
10+ }
11+
12+ override predicate isSink ( DataFlow:: Node n ) {
13+ n .asExpr ( ) .( Argument ) .getCall ( ) .getCallee ( ) .hasName ( "sink" )
14+ }
15+ }
16+
17+ from DataFlow:: Node src , DataFlow:: Node sink , Conf conf
18+ where conf .hasFlow ( src , sink )
19+ select src , sink
You can’t perform that action at this time.
0 commit comments