Skip to content

Commit f73f1a7

Browse files
KwstubbsKwstubbs
committed
Add additional test
1 parent f22429d commit f73f1a7

File tree

2 files changed

+15
-1
lines changed

2 files changed

+15
-1
lines changed

java/ql/test/library-tests/dataflow/taintsources/FileUpload.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
import javax.servlet.http.HttpServletResponse;
33
import org.apache.commons.fileupload.FileItem;
44
import org.apache.commons.fileupload.FileItemStream;
5-
5+
import org.apache.commons.fileupload.servlet.ServletFileUpload;
66

77
public class FileUpload {
88

@@ -12,6 +12,7 @@ public class FileUpload {
1212
private FileItem fileItem;
1313
private FileItemStream fileItemStream;
1414
private jakarta.servlet.http.Part jakartaPart;
15+
private ServletFileUpload servletFileUpload;
1516

1617
private static void sink(Object o) {}
1718

@@ -45,5 +46,7 @@ public void test() throws Exception {
4546
sink(jakartaPart.getName()); // $ hasRemoteValueFlow
4647
sink(jakartaPart.getSubmittedFileName()); // $ hasRemoteValueFlow
4748

49+
FileItem item = servletFileUpload.parseRequest(request).get(0);
50+
sink(item.getName()); // $ hasRemoteValueFlow
4851
}
4952
}

java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/servlet/ServletFileUpload.java

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)