[uast-inspections] IDEA-335116 - Non-safe string, support qualifier cleaners

GitOrigin-RevId: 5bd6b1c53c32e096a7a20e7cdd23b2e39bc19fea
2026-01-04 17:20:55 +07:00 · 2023-10-17 14:42:53 +02:00
parent eb6980f7c3
commit de1dca93d3
5 changed files with 143 additions and 27 deletions
--- a/jvm/jvm-analysis-java-tests/testSrc/com/intellij/codeInspection/tests/java/sourceToSink/JavaSourceToSinkFlowInspectionContextTest.kt
+++ b/jvm/jvm-analysis-java-tests/testSrc/com/intellij/codeInspection/tests/java/sourceToSink/JavaSourceToSinkFlowInspectionContextTest.kt
@@ -17,10 +17,15 @@ class JavaSourceToSinkFlowInspectionContextTest : SourceToSinkFlowInspectionTest
      untaintedParameterWithPlacePlaceClass.add("com.example.sqlinjection.Complete.HttpServletResponse")
      untaintedParameterWithPlacePlaceMethod.add("getWriter")
      checkedTypes.add("java.util.List")
+      checkedTypes.add("com.example.sqlinjection.CleanQualifier")
      depthInside = 10
      depthOutsideMethods = 1
      getUntaintedMethodMatcher().classNames.add("com.example.sqlinjection.utils.Utils")
      getUntaintedMethodMatcher().methodNamePatterns.add("safe")
+
+      qualifierCleanerClass.add("com.example.sqlinjection.CleanQualifier")
+      qualifierCleanerMethod.add("setSafe")
+      qualifierCleanerParams.add("true")
    }

  override fun getBasePath(): String {
@@ -57,4 +62,9 @@ class JavaSourceToSinkFlowInspectionContextTest : SourceToSinkFlowInspectionTest
    prepareCheckFramework()
    myFixture.testHighlighting("TaintDepth.java")
  }
+
+  fun `test clean qualifier`() {
+    prepareCheckFramework()
+    myFixture.testHighlighting("CleanQualifier.java")
+  }
 }