MDS/openide
1
0
Fork 0
mirror of https://gitflic.ru/project/openide/openide.git synced 2026-01-04 17:20:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

[uast-inspections] IDEA-335116 - Non-safe string, support qualifier cleaners

Browse Source 
GitOrigin-RevId: 5bd6b1c53c32e096a7a20e7cdd23b2e39bc19fea
This commit is contained in:
Mikhail Pyltsin
2023-10-17 14:42:53 +02:00
committed by intellij-monorepo-bot
parent eb6980f7c3
commit de1dca93d3
5 changed files with 143 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
jvm/jvm-analysis-java-tests/testData/codeInspection/sourceToSinkFlow/context/CleanQualifier.java Normal file
View File

@@ -0,0 +1,26 @@
package com.example.sqlinjection;
import org.checkerframework.checker.tainting.qual.Untainted;
public class CleanQualifier {
public static void test(CleanQualifier mustBeSafe) {
mustBeSafe.setSafe(true);
sink(mustBeSafe);
}
public static void test2(CleanQualifier mustBeSafe) {
mustBeSafe.setSafe(false);
sink(<warning descr="Unknown string is used as safe parameter">mustBeSafe</warning>);
}
public static void test3(CleanQualifier mustBeSafe) {
sink(<warning descr="Unknown string is used as safe parameter">mustBeSafe</warning>);
}
private void setSafe(boolean b) {
}
public static void sink(@Untainted CleanQualifier t) {
}
}

10
jvm/jvm-analysis-java-tests/testSrc/com/intellij/codeInspection/tests/java/sourceToSink/JavaSourceToSinkFlowInspectionContextTest.kt
View File

@@ -17,10 +17,15 @@ class JavaSourceToSinkFlowInspectionContextTest : SourceToSinkFlowInspectionTest
untaintedParameterWithPlacePlaceClass.add("com.example.sqlinjection.Complete.HttpServletResponse")
untaintedParameterWithPlacePlaceMethod.add("getWriter")
checkedTypes.add("java.util.List")
checkedTypes.add("com.example.sqlinjection.CleanQualifier")
depthInside = 10
depthOutsideMethods = 1
getUntaintedMethodMatcher().classNames.add("com.example.sqlinjection.utils.Utils")
getUntaintedMethodMatcher().methodNamePatterns.add("safe")
qualifierCleanerClass.add("com.example.sqlinjection.CleanQualifier")
qualifierCleanerMethod.add("setSafe")
qualifierCleanerParams.add("true")
}
override fun getBasePath(): String {
@@ -57,4 +62,9 @@ class JavaSourceToSinkFlowInspectionContextTest : SourceToSinkFlowInspectionTest
prepareCheckFramework()
myFixture.testHighlighting("TaintDepth.java")
}
fun `test clean qualifier`() {
prepareCheckFramework()
myFixture.testHighlighting("CleanQualifier.java")
}
}