Fix JsonArray.addAll model

atorralba · atorralba · commit c0135673fac4 · 2023-06-07T16:18:32.000+02:00
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml
@@ -31,7 +31,7 @@ extensions:
       - ["com.google.gson", "JsonArray", True, "add", "(JsonElement)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["com.google.gson", "JsonArray", True, "add", "(Number)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
       - ["com.google.gson", "JsonArray", True, "add", "(String)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
-      - ["com.google.gson", "JsonArray", True, "add", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
+      - ["com.google.gson", "JsonArray", True, "addAll", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
       - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
       - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
       - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/gson/Test.java b/java/ql/test/library-tests/frameworks/gson/Test.java
@@ -260,23 +260,30 @@ public void test() throws Exception {
 			sink(getElement(out)); // $ hasTaintFlow
 		}
 		{
-			// "com.google.gson;JsonArray;true;add;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual"
+			// "com.google.gson;JsonArray;true;add;(String);;Argument[0];Argument[this].Element;taint;manual"
 			JsonArray out = null;
-			JsonElement in = (JsonElement)source();
+			String in = (String)source();
 			out.add(in);
+			sink(getElement(out)); // $ hasTaintFlow
+		}
+		{
+			// "com.google.gson;JsonArray;true;addAll;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual"
+			JsonArray out = null;
+			JsonArray in = newWithElementDefault((JsonElement) source());
+			out.addAll(in);
 			sink(getElement(out)); // $ hasValueFlow
 		}
 		{
 			// "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual"
 			List out = null;
-			JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source());
+			JsonArray in = newWithElementDefault((JsonElement) source());
 			out = in.asList();
 			sink(getElement(out)); // $ hasValueFlow
 		}
 		{
 			// "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual"
 			JsonElement out = null;
-			JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source());
+			JsonArray in = newWithElementDefault((JsonElement) source());
 			out = in.get(0);
 			sink(out); // $ hasValueFlow
 		}

Original file line number	Diff line number	Diff line change
`@@ -260,23 +260,30 @@ public void test() throws Exception {`
`260`	`260`	`sink(getElement(out)); // $ hasTaintFlow`
`261`	`261`	`}`
`262`	`262`	`{`
`263`		`- // "com.google.gson;JsonArray;true;add;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual"`
	`263`	`+ // "com.google.gson;JsonArray;true;add;(String);;Argument[0];Argument[this].Element;taint;manual"`
`264`	`264`	`JsonArray out = null;`
`265`		`- JsonElement in = (JsonElement)source();`
	`265`	`+ String in = (String)source();`
`266`	`266`	`out.add(in);`
	`267`	`+ sink(getElement(out)); // $ hasTaintFlow`
	`268`	`+ }`
	`269`	`+ {`
	`270`	`+ // "com.google.gson;JsonArray;true;addAll;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual"`
	`271`	`+ JsonArray out = null;`
	`272`	`+ JsonArray in = newWithElementDefault((JsonElement) source());`
	`273`	`+ out.addAll(in);`
`267`	`274`	`sink(getElement(out)); // $ hasValueFlow`
`268`	`275`	`}`
`269`	`276`	`{`
`270`	`277`	`// "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual"`
`271`	`278`	`List out = null;`
`272`		`- JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source());`
	`279`	`+ JsonArray in = newWithElementDefault((JsonElement) source());`
`273`	`280`	`out = in.asList();`
`274`	`281`	`sink(getElement(out)); // $ hasValueFlow`
`275`	`282`	`}`
`276`	`283`	`{`
`277`	`284`	`// "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual"`
`278`	`285`	`JsonElement out = null;`
`279`		`- JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source());`
	`286`	`+ JsonArray in = newWithElementDefault((JsonElement) source());`
`280`	`287`	`out = in.get(0);`
`281`	`288`	`sink(out); // $ hasValueFlow`
`282`	`289`	`}`