UnitTestBot
diff --git a/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/AliasExamplesTest.kt
Lines changed: 108 additions & 0 deletions b/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/AliasExamplesTest.kt
Lines changed: 108 additions & 0 deletions
diff --git a/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/CollectionExamples.kt
Lines changed: 25 additions & 0 deletions b/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/CollectionExamples.kt
Lines changed: 25 additions & 0 deletions
diff --git a/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/alias/Injection550Test.kt
Lines changed: 28 additions & 0 deletions b/‎utbot-framework-test/src/test/kotlin/org/utbot/examples/taint/alias/Injection550Test.kt
Lines changed: 28 additions & 0 deletions
diff --git a/‎utbot-sample/src/main/java/org/utbot/examples/taint/AliasExamples.java
Lines changed: 157 additions & 0 deletions b/‎utbot-sample/src/main/java/org/utbot/examples/taint/AliasExamples.java
Lines changed: 157 additions & 0 deletions
diff --git a/‎utbot-sample/src/main/java/org/utbot/examples/taint/BadSink.java
Lines changed: 14 additions & 0 deletions b/‎utbot-sample/src/main/java/org/utbot/examples/taint/BadSink.java
Lines changed: 14 additions & 0 deletions
diff --git a/‎utbot-sample/src/main/java/org/utbot/examples/taint/BadSource.java
Lines changed: 7 additions & 0 deletions b/‎utbot-sample/src/main/java/org/utbot/examples/taint/BadSource.java
Lines changed: 7 additions & 0 deletions
@@ -0,0 +1,108 @@
+package org.utbot.examples.taint
+
+import org.junit.jupiter.api.Test
+import org.utbot.testcheckers.eq
+import org.utbot.tests.infrastructure.UtValueTestCaseChecker
+
+internal class AliasExamplesTest : UtValueTestCaseChecker(
+    testClass = AliasExamplesTest::class
+) {
+    @Test
+    fun testBad550() {
+        check(
+            AliasExamples::bad550,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testParamDependentGood() {
+        check(
+            AliasExamples::paramDependentGood,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testPassSecondParamBad() {
+        check(
+            AliasExamples::passSecondParamBad,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testPassSecondParamGood() {
+        check(
+            AliasExamples::passSecondParamGood,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testPassFirstParamGood() {
+        check(
+            AliasExamples::passFirstParamGood,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testPassFirstParamBad() {
+        check(
+            AliasExamples::passFirstParamBad,
+            eq(-1),
+        )
+    }
+
+
+    @Test
+    fun testParamDependentBad() {
+        check(
+            AliasExamples::paramDependentBad,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testClearSecondParameter() {
+        check(
+            AliasExamples::clearSecondParameter,
+            eq(-1),
+        )
+    }
+
+
+    @Test
+    fun testBad551() {
+        check(
+            AliasExamples::bad551,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testBad552() {
+        check(
+            AliasExamples::bad552,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testBad553() {
+        check(
+            AliasExamples::bad553,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testBad554() {
+        check(
+            AliasExamples::bad554,
+            eq(-1),
+        )
+    }
+
+}
@@ -0,0 +1,25 @@
+package org.utbot.examples.taint
+
+import org.junit.jupiter.api.Test
+import org.utbot.testcheckers.eq
+import org.utbot.tests.infrastructure.UtValueTestCaseChecker
+
+internal class CollectionExamplesTest : UtValueTestCaseChecker(
+    testClass = CollectionsExamples::class
+) {
+    @Test
+    fun testSinkWithList() {
+        check(
+            CollectionsExamples::sinkWithList,
+            eq(-1),
+        )
+    }
+
+    @Test
+    fun testPassThroughExample() {
+        check(
+            CollectionsExamples::passThroughExample,
+            eq(-1),
+        )
+    }
+}
@@ -0,0 +1,28 @@
+package org.utbot.examples.taint.alias
+
+import org.junit.jupiter.api.Test
+import org.utbot.engine.taint.TaintAnalysisError
+import org.utbot.framework.plugin.api.CodegenLanguage
+import org.utbot.tests.infrastructure.AtLeast
+import org.utbot.tests.infrastructure.Compilation
+import org.utbot.tests.infrastructure.UtValueTestCaseChecker
+import org.utbot.tests.infrastructure.ignoreExecutionsNumber
+import org.utbot.tests.infrastructure.isException
+
+class Injection550Test : UtValueTestCaseChecker(
+    testClass = CWE_89_SQL_Injection_console__env_execute_550::class,
+    testCodeGeneration = true,
+    pipelines = listOf(
+        TestLastStage(CodegenLanguage.JAVA, Compilation)
+    )
+) {
+    @Test
+    fun testBad() {
+        checkWithException(
+            CWE_89_SQL_Injection_console__env_execute_550::bad,
+            ignoreExecutionsNumber,
+            { r -> r.isException<TaintAnalysisError>() },
+            coverage = AtLeast(95)
+        )
+    }
+}
@@ -0,0 +1,157 @@
+package org.utbot.examples.taint;
+
+import org.utbot.examples.taint.aliases.AliasA;
+import org.utbot.examples.taint.aliases.AliasB;
+
+import static org.utbot.examples.taint.BadSink.writeIntoBd;
+
+public class AliasExamples {
+
+    public void bad550() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        writeIntoBd(a.f.getData());
+    }
+
+    public void paramDependentBad() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        BadSink.onlySecondParamIsImportant("safe", a.f.getData());
+    }
+
+    public void clearSecondParameter() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        BadSink.onlySecondParamIsImportant("safe", TaintCleaner.removeTaintMark(a.f.getData()));
+    }
+
+    public void paramDependentGood() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        BadSink.onlySecondParamIsImportant(a.f.getData(), "safe");
+    }
+
+    public void passSecondParamGood() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        String param = a.f.getData();
+        TaintPassThrough taintPassThrough = new TaintPassThrough();
+
+        BadSink.writeIntoBd(taintPassThrough.passSecondParameter(param, ""));
+    }
+
+    public void passSecondParamBad() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        String param = a.f.getData();
+        TaintPassThrough taintPassThrough = new TaintPassThrough();
+
+        BadSink.writeIntoBd(taintPassThrough.passSecondParameter("", param));
+    }
+
+    public void passFirstParamGood() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        String param = a.f.getData();
+        TaintPassThrough taintPassThrough = new TaintPassThrough();
+
+        BadSink.writeIntoBd(taintPassThrough.passFirstParameter("", param));
+    }
+
+    public void passFirstParamBad() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        String param = a.f.getData();
+        TaintPassThrough taintPassThrough = new TaintPassThrough();
+
+        BadSink.writeIntoBd(taintPassThrough.passFirstParameter(param, ""));
+    }
+
+    public void passSecondParam() {
+        AliasA a = new AliasA();
+        AliasA b = new AliasA();
+        b.getF().setData(BadSource.getEnvironment("data"));
+
+        a.f = b.f;
+
+        BadSink.onlySecondParamIsImportant(a.f.getData(), "safe");
+    }
+
+    public void bad551() {
+        AliasA a = new AliasA();
+        a.getF().setData(BadSource.getEnvironment("data"));
+
+        AliasA b = a;
+
+        writeIntoBd(b.getF().getData());
+    }
+
+    public void bad552() {
+        AliasB b = new AliasB();
+        b.setData(BadSource.getEnvironment("data"));
+        AliasA a = new AliasA(b);
+        AliasA c = new AliasA();
+        assign(a, c);
+        AliasB d = c.f;
+
+        writeIntoBd(d.getData());
+    }
+
+    private static void assign(AliasA x, AliasA y) {
+        y.f = x.f;
+    }
+
+    public void bad553() {
+        AliasB b = new AliasB();
+        b.setData(BadSource.getEnvironment("data"));
+        AliasA a = new AliasA(b);
+        AliasA c = new AliasA();
+        assign(a, c);
+        AliasB d = c.f;
+
+        writeIntoBd(d.getData());
+    }
+
+    public void bad554() {
+        AliasA a = new AliasA();
+        a.setData(BadSource.getEnvironment("data"));
+        AliasA b = new AliasA();
+
+        b = a;
+
+        writeIntoBd(b.getData());
+    }
+
+}
@@ -0,0 +1,14 @@
+package org.utbot.examples.taint;
+
+public class BadSink {
+    private static String value;
+
+    public static void writeIntoBd(String param) {
+        value = param;
+    }
+
+    public static void onlySecondParamIsImportant(String fst, String snd) {
+        System.out.println(fst);
+        value = snd;
+    }
+}
@@ -0,0 +1,7 @@
+package org.utbot.examples.taint;
+
+public class BadSource {
+    public static String getEnvironment(String param) {
+        return "unsafe " + param;
+    }
+}