Skip to content

Java: Add MaDs for java.lang.ScopedValue #20339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: idrissrio/java-upgrade-fix
Choose a base branch
from
Open

Java: Add MaDs for java.lang.ScopedValue #20339

wants to merge 6 commits into from

Conversation

IdrissRio
Copy link
Contributor

@IdrissRio IdrissRio commented Sep 1, 2025
edited
Loading

This pull request adds support for modeling and testing dataflow through Java's new ScopedValue API, introduced in Java 25.

Java Docs - Scoped Value: https://docs.oracle.com/en/java/javase/24/docs/api/java.base/java/lang/ScopedValue.html
Java Docs - Carrier: https://docs.oracle.com/en/java/javase/24/docs/api/java.base/java/lang/ScopedValue.Carrier.html
JEP: https://openjdk.org/jeps/506

@IdrissRio IdrissRio changed the base branch from main to idrissrio/java-upgrade-fix September 1, 2025 15:44
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 1, 2025

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

java

Generated file changes for java

  • Changes to framework-coverage-java.rst:
-    Java Standard Library,``java.*``,10,4621,260,99,,9,,,26
+    Java Standard Library,``java.*``,10,4626,260,99,,9,,,26
-    Totals,,330,26328,2656,404,16,128,33,1,409
+    Totals,,330,26333,2656,404,16,128,33,1,409
  • Changes to framework-coverage-java.csv:
- java.lang,38,3,783,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,,3,,,506,277
+ java.lang,38,3,788,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,,3,,,508,280

@IdrissRio IdrissRio force-pushed the idrissrio/scoped-values branch from ef9b662 to 9bc14e0 Compare September 2, 2025 07:13
@github-actions github-actions bot removed the Kotlin label Sep 2, 2025
@IdrissRio IdrissRio marked this pull request as ready for review September 2, 2025 11:04
@IdrissRio IdrissRio requested a review from a team as a code owner September 2, 2025 11:04
@Copilot Copilot AI review requested due to automatic review settings September 2, 2025 11:04
Copilot
Copilot AI reviewed Sep 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for modeling and testing dataflow through Java's new ScopedValue API, introduced in Java 25.

  • Adds MaD (Models as Data) entries for ScopedValue operations to enable dataflow tracking
  • Creates comprehensive test cases that verify taint propagation through scoped value bindings and retrievals
  • Configures the test environment to use Java 25 with preview features enabled

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
java/ql/lib/ext/java.lang.scoped.model.yml Defines dataflow models for ScopedValue API methods including value binding and retrieval
java/ql/test/library-tests/dataflow/scoped-values/test.ql Test query that tracks taint flow from command line arguments to sink methods
java/ql/test/library-tests/dataflow/scoped-values/ScopedValueFlowTest.java Java test code demonstrating various ScopedValue usage patterns for dataflow testing
java/ql/test/library-tests/dataflow/scoped-values/test.expected Expected test results showing detected dataflow paths
java/ql/test/library-tests/dataflow/scoped-values/options Compiler options to enable Java 25 preview features

@IdrissRio IdrissRio force-pushed the idrissrio/scoped-values branch from 4c987d7 to 2c076f6 Compare September 2, 2025 11:29
@IdrissRio IdrissRio changed the title Java: Add MaDs for java.lang.scoped Java: Add MaDs for java.lang.ScopedValue Sep 2, 2025
@IdrissRio @Copilot
Java: Fix missing right brace in test comment
3320fa0 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@IdrissRio IdrissRio force-pushed the idrissrio/java-upgrade-fix branch from a34b362 to 5d2268f Compare September 2, 2025 18:19
@IdrissRio IdrissRio requested a review from a team as a code owner September 2, 2025 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@IdrissRio