Fix Micronaut local threat model value flow test

nicolaswill · nicolaswill · commit 157a1550e01f · 2026-02-27T17:31:52.000+01:00
diff --git a/java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java b/java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java
@@ -0,0 +1,30 @@
+import io.micronaut.context.annotation.Value;
+import io.micronaut.context.annotation.Property;
+import io.micronaut.http.annotation.*;
+
+@Controller("/config")
+class MicronautConfig {
+
+    private static void sink(Object o) {}
+
+    @Value("${app.secret}")
+    String secretValue;
+
+    @Property(name = "app.api-key")
+    String apiKey;
+
+    @Get("/secret")
+    void testValueField() {
+        sink(secretValue); // $hasLocalValueFlow
+    }
+
+    @Get("/key")
+    void testPropertyField() {
+        sink(apiKey); // $hasLocalValueFlow
+    }
+
+    @Get("/param")
+    void testValueParam(@Value("${app.name}") String appName) {
+        sink(appName); // $hasLocalValueFlow
+    }
+}
diff --git a/java/ql/test/library-tests/dataflow/taintsources/options b/java/ql/test/library-tests/dataflow/taintsources/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/micronaut-4.x

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
	`1`	+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/micronaut-4.x