Java: Add additional flow steps for guava collection methods and more unit tests

Author: joefarebrother

java/ql/src/semmle/code/java/frameworks/guava/Collections.qll

@@ -0,0 +1,122 @@
+package com.google.common.collect;
+
+import java.util.Map;
+import java.util.SortedSet;
+import java.util.SortedMap;
+import java.util.Comparator;
+
+class TestCollect {
+    String taint() { return "tainted"; }
+
+    void sink(Object o) {}
+
+    void test1() {
+        String x = taint();
+
+        ImmutableSet<String> xs = ImmutableSet.of(x, "y", "z");
+        sink(xs.asList());
+
+        ImmutableSet<String> ys = ImmutableSet.of("a", "b", "c");
+
+        sink(Sets.filter(Sets.union(xs, ys), y -> true));
+
+        sink(Sets.newHashSet("a", "b", "c", "d", x));
+    }
+
+    void test2() {
+        sink(ImmutableList.of(taint(), taint(), taint(), taint())); // expect 4 alerts
+        sink(ImmutableMap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
+        sink(ImmutableMultimap.of(taint(), taint(), taint(), taint())); // expect 2 alerts
+        sink(ImmutableTable.of(taint(),taint(), taint())); // expect 1 alert
+    }
+
+    void test3() {
+        String x = taint();
+
+        ImmutableList.Builder<String> b = ImmutableList.builder();
+
+        b.add("a");
+        sink(b);
+        b.add(x);
+        sink(b.build());
+
+        b = ImmutableList.builder();
+
+        b.add("a").add(x);
+        sink(b.build());
+
+        sink(ImmutableList.builder().add("a").add(x).build());
+
+        ImmutableMap.Builder<String, String> b2 = ImmutableMap.builder();
+        b2.put(x,"v");
+        sink(b2);
+        b2.put("k",x);
+        sink(b2.build());
+    }
+
+    void test4(Table<String, String, String> t1, Table<String, String, String> t2, Table<String, String, String> t3) {
+        String x = taint();
+        t1.put(x, "c", "v");
+        sink(t1);
+        t1.put("r", x, "v");
+        sink(t1);
+        t1.put("r", "c", x);
+        sink(t1);
+        sink(t1.row("r"));
+        
+        t2.putAll(t1);
+        for (Table.Cell<String,String,String> c : t2.cellSet()) {
+            sink(c.getValue());
+        }
+
+        sink(t1.remove("r", "c"));
+
+        t3.row("r").put("c", x);
+        sink(t3); // Not detected
+    }
+
+    void test4(Multimap<String, String> m1, Multimap<String, String> m2, Multimap<String, String> m3, 
+           Multimap<String, String> m4, Multimap<String, String> m5){
+        String x = taint();
+        m1.put("k", x);
+        sink(m1);
+        sink(m1.get("k"));
+
+        m2.putAll("k", ImmutableList.of("a", x, "b"));
+        sink(m2);
+
+        m3.putAll(m1);
+        sink(m3);
+
+        m4.replaceValues("k", m1.replaceValues("k", ImmutableList.of("a")));
+        for (Map.Entry<String, String> e : m4.entries()) {
+            sink(e.getValue());
+        }
+
+        m5.asMap().get("k").add(x);
+        sink(m5); // Not detected
+    }
+
+    void test5(Comparator<String> comp, SortedSet<String> sorS, SortedMap<String, String> sorM) {
+        ImmutableSortedSet<String> s = ImmutableSortedSet.of(taint());
+
+        sink(s);
+        sink(ImmutableSortedSet.copyOf(s));
+        sink(ImmutableSortedSet.copyOf(comp, s));
+
+        sorS.add(taint());
+        sink(ImmutableSortedSet.copyOfSorted(sorS));
+
+        sink(ImmutableList.sortedCopyOf(s));
+        sink(ImmutableList.sortedCopyOf(comp, s));
+
+        ImmutableSortedMap<String, String> m = ImmutableSortedMap.of("k", taint());
+
+        sink(m);
+        sink(ImmutableSortedMap.copyOf(m));
+        sink(ImmutableSortedMap.copyOf(m, comp));
+
+        sorM.put("k", taint());
+        sink(ImmutableSortedMap.copyOfSorted(sorM));
+    }
+}

java/ql/test/library-tests/frameworks/guava/TestCollect.java

@@ -6,7 +6,7 @@
 import java.util.Map;
 import java.util.HashMap;
 
-class Test {
+class TestStrings {
     String taint() { return "tainted"; }
 
     void sink(Object o) {}

…library-tests/frameworks/guava/Test.java …-tests/frameworks/guava/TestStrings.javajava/ql/test/library-tests/frameworks/guava/Test.java renamed to java/ql/test/library-tests/frameworks/guava/TestStrings.java java/ql/test/library-tests/frameworks/guava/Test.java renamed to java/ql/test/library-tests/frameworks/guava/TestStrings.java

@@ -1,17 +1,52 @@
-| Test.java:15:20:15:26 | taint(...) | Test.java:17:14:17:41 | padStart(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:18:14:18:39 | padEnd(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:19:14:19:33 | repeat(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:20:14:20:56 | emptyToNull(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:21:14:21:40 | lenientFormat(...) |
-| Test.java:15:20:15:26 | taint(...) | Test.java:24:14:24:51 | lenientFormat(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:32:14:32:23 | split(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:33:14:33:29 | splitToList(...) |
-| Test.java:28:20:28:26 | taint(...) | Test.java:35:14:35:50 | split(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:46:14:46:54 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:47:14:47:26 | toString(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:48:14:48:51 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:49:14:49:26 | toString(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:52:14:52:42 | appendTo(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:57:14:57:56 | join(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:58:14:58:82 | join(...) |
-| Test.java:39:20:39:26 | taint(...) | Test.java:60:14:60:58 | join(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:17:14:17:24 | asList(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:21:14:21:55 | filter(...) |
+| TestCollect.java:14:20:14:26 | taint(...) | TestCollect.java:23:14:23:51 | newHashSet(...) |
+| TestCollect.java:27:31:27:37 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:40:27:46 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:49:27:55 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:27:58:27:64 | taint(...) | TestCollect.java:27:14:27:65 | of(...) |
+| TestCollect.java:28:39:28:45 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
+| TestCollect.java:28:57:28:63 | taint(...) | TestCollect.java:28:14:28:64 | of(...) |
+| TestCollect.java:29:44:29:50 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
+| TestCollect.java:29:62:29:68 | taint(...) | TestCollect.java:29:14:29:69 | of(...) |
+| TestCollect.java:30:49:30:55 | taint(...) | TestCollect.java:30:14:30:56 | of(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:41:14:41:22 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:46:14:46:22 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:48:14:48:60 | build(...) |
+| TestCollect.java:34:20:34:26 | taint(...) | TestCollect.java:54:14:54:23 | build(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:64:14:64:15 | t1 |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:65:14:65:24 | row(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:69:18:69:29 | getValue(...) |
+| TestCollect.java:58:20:58:26 | taint(...) | TestCollect.java:72:14:72:32 | remove(...) |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:82:14:82:15 | m1 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:83:14:83:24 | get(...) |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:86:14:86:15 | m2 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:89:14:89:15 | m3 |
+| TestCollect.java:80:20:80:26 | taint(...) | TestCollect.java:93:18:93:29 | getValue(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:103:14:103:14 | s |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:104:14:104:41 | copyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:105:14:105:47 | copyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:110:14:110:42 | sortedCopyOf(...) |
+| TestCollect.java:101:62:101:68 | taint(...) | TestCollect.java:111:14:111:48 | sortedCopyOf(...) |
+| TestCollect.java:107:18:107:24 | taint(...) | TestCollect.java:108:14:108:50 | copyOfSorted(...) |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:115:14:115:14 | m |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:116:14:116:41 | copyOf(...) |
+| TestCollect.java:113:75:113:81 | taint(...) | TestCollect.java:117:14:117:47 | copyOf(...) |
+| TestCollect.java:119:23:119:29 | taint(...) | TestCollect.java:120:14:120:50 | copyOfSorted(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:17:14:17:41 | padStart(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:18:14:18:39 | padEnd(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:19:14:19:33 | repeat(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:20:14:20:56 | emptyToNull(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:21:14:21:40 | lenientFormat(...) |
+| TestStrings.java:15:20:15:26 | taint(...) | TestStrings.java:24:14:24:51 | lenientFormat(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:32:14:32:23 | split(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:33:14:33:29 | splitToList(...) |
+| TestStrings.java:28:20:28:26 | taint(...) | TestStrings.java:35:14:35:50 | split(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:46:14:46:54 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:47:14:47:26 | toString(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:48:14:48:51 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:49:14:49:26 | toString(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:52:14:52:42 | appendTo(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:57:14:57:56 | join(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:58:14:58:82 | join(...) |
+| TestStrings.java:39:20:39:26 | taint(...) | TestStrings.java:60:14:60:58 | join(...) |

java/ql/test/library-tests/frameworks/guava/flow.expected

@@ -25,7 +25,7 @@ public static Splitter on(final String separator) {
   }
 
   public Splitter omitEmptyStrings() {
-    return null;;
+    return null;
   }
 
   public Iterable<String> split(final CharSequence sequence) {

java/ql/test/stubs/guava-30.0/com/google/common/base/Splitter.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2012 The Guava Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.common.collect;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+abstract class AbstractMultimap<K, V> implements Multimap<K, V> {
+  @Override
+  public boolean isEmpty() {
+    return false;
+  }
+
+  @Override
+  public boolean containsValue(Object value) {
+    return false;
+  }
+
+  @Override
+  public boolean containsEntry(Object key, Object value) {
+    return false;
+  }
+
+  @Override
+  public boolean remove(Object key, Object value) {
+    return false;
+  }
+
+  @Override
+  public boolean put(K key, V value) {
+    return false;
+  }
+
+  @Override
+  public boolean putAll(K key, Iterable<? extends V> values) {
+    return false;
+  }
+
+  @Override
+  public boolean putAll(Multimap<? extends K, ? extends V> multimap) {
+    return false;
+  }
+
+  @Override
+  public Collection<V> replaceValues(K key, Iterable<? extends V> values) {
+    return null;
+  }
+
+  @Override
+  public Collection<Entry<K, V>> entries() {
+    return null;
+  }
+
+  @Override
+  public Set<K> keySet() {
+    return null;
+  }
+
+  @Override
+  public Multiset<K> keys() {
+    return null;
+  }
+
+  @Override
+  public Collection<V> values() {
+    return null;
+  }
+
+  @Override
+  public Map<K, Collection<V>> asMap() {
+    return null;
+  }
+
+}

java/ql/test/stubs/guava-30.0/com/google/common/collect/AbstractMultimap.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2013 The Guava Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.common.collect;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+
+abstract class AbstractTable<R, C, V> implements Table<R, C, V> {
+  @Override
+  public boolean containsRow(Object rowKey) {
+    return false;
+  }
+
+  @Override
+  public boolean containsColumn(Object columnKey) {
+    return false;
+  }
+
+  @Override
+  public Set<R> rowKeySet() {
+    return null;
+  }
+
+  @Override
+  public Set<C> columnKeySet() {
+    return null;
+  }
+
+  @Override
+  public boolean containsValue(Object value) {
+    return false;
+  }
+
+  @Override
+  public boolean contains(Object rowKey, Object columnKey) {
+    return false;
+  }
+
+  @Override
+  public V get(Object rowKey, Object columnKey) {
+    return null;
+  }
+
+  @Override
+  public boolean isEmpty() {
+    return false;
+  }
+
+  @Override
+  public void clear() {
+  }
+
+  @Override
+  public V remove(Object rowKey, Object columnKey) {
+    return null;
+  }
+
+  @Override
+  public V put(R rowKey, C columnKey, V value) {
+    return null;
+  }
+
+  @Override
+  public void putAll(Table<? extends R, ? extends C, ? extends V> table) {
+  }
+
+  @Override
+  public Set<Cell<R, C, V>> cellSet() {
+    return null;
+  }
+
+  @Override
+  public Collection<V> values() {
+    return null;
+  }
+
+}