Fix taintsources test

owen-mc · owen-mc · commit 878867205ef4 · 2024-06-24T21:23:47.000+01:00
diff --git a/java/ql/test/library-tests/dataflow/taintsources/A.java b/java/ql/test/library-tests/dataflow/taintsources/A.java
@@ -43,7 +43,7 @@ public void test(ResultSet rs) throws SQLException {
     };
     sink(new URL("test").openConnection().getInputStream()); // $hasRemoteValueFlow
     sink(new Socket("test", 1234).getInputStream()); // $hasRemoteValueFlow
-    sink(InetAddress.getByName("test").getHostName()); // $hasRemoteValueFlow
+    sink(InetAddress.getByName("test").getHostName()); // $hasReverseDnsValueFlow
 
     sink(System.in); // $hasLocalValueFlow
     sink(new FileInputStream("test")); // $hasLocalValueFlow
diff --git a/java/ql/test/library-tests/dataflow/taintsources/local.ql b/java/ql/test/library-tests/dataflow/taintsources/local.ql
@@ -2,24 +2,20 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineExpectationsTest
 
-class LocalSource extends DataFlow::Node instanceof UserInput {
-  LocalSource() { not this instanceof RemoteFlowSource }
-}
-
 predicate isTestSink(DataFlow::Node n) {
   exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
 }
 
 module LocalValueConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof LocalSource }
+  predicate isSource(DataFlow::Node n) { n instanceof LocalUserInput }
 
   predicate isSink(DataFlow::Node n) { isTestSink(n) }
 }
 
 module LocalValueFlow = DataFlow::Global<LocalValueConfig>;
 
 module LocalTaintConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof LocalSource }
+  predicate isSource(DataFlow::Node n) { n instanceof LocalUserInput }
 
   predicate isSink(DataFlow::Node n) { isTestSink(n) }
 }
diff --git a/java/ql/test/library-tests/dataflow/taintsources/reversedns.expected b/java/ql/test/library-tests/dataflow/taintsources/reversedns.expected
@@ -0,0 +1,2 @@
+failures
+testFailures
diff --git a/java/ql/test/library-tests/dataflow/taintsources/reversedns.ql b/java/ql/test/library-tests/dataflow/taintsources/reversedns.ql
@@ -0,0 +1,47 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+import TestUtilities.InlineExpectationsTest
+
+predicate isTestSink(DataFlow::Node n) {
+  exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
+}
+
+module ReverseDnsValueConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n instanceof ReverseDnsUserInput }
+
+  predicate isSink(DataFlow::Node n) { isTestSink(n) }
+}
+
+module ReverseDnsValueFlow = DataFlow::Global<ReverseDnsValueConfig>;
+
+module ReverseDnsTaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n instanceof ReverseDnsUserInput }
+
+  predicate isSink(DataFlow::Node n) { isTestSink(n) }
+}
+
+module ReverseDnsTaintFlow = TaintTracking::Global<ReverseDnsTaintConfig>;
+
+module ReverseDnsFlowTest implements TestSig {
+  string getARelevantTag() { result = ["hasReverseDnsValueFlow", "hasReverseDnsTaintFlow"] }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasReverseDnsValueFlow" and
+    exists(DataFlow::Node sink | ReverseDnsValueFlow::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+    or
+    tag = "hasReverseDnsTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      ReverseDnsTaintFlow::flow(src, sink) and not ReverseDnsValueFlow::flow(src, sink)
+    |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<ReverseDnsFlowTest>
