hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tests

Browse Source
This commit is contained in:
Tony Torralba
2023-03-01 09:49:28 +01:00
parent 4e7dbbf5f0
commit 0439eb640d
5 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/lib/ext/org.apache.hadoop.hive.metastore.model.yml
View File

@@ -4,4 +4,5 @@ extensions:
extensible: sinkModel
data:
- ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List,String,long)", "", "Argument[0]", "sql", "ai-generated"]
- ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List)", "", "Argument[0]", "sql", "ai-generated"]

4
java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -14,6 +14,7 @@ edges
| Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) |
| Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) |
| Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) |
| Test.java:105:14:105:34 | getHostName(...) : String | Test.java:107:46:107:46 | t |
nodes
| Test.java:19:18:19:38 | getHostName(...) : String | semmle.label | getHostName(...) : String |
| Test.java:24:20:24:23 | temp | semmle.label | temp |
@@ -34,6 +35,8 @@ nodes
| Test.java:99:12:99:33 | new URI(...) | semmle.label | new URI(...) |
| Test.java:100:12:100:45 | new URI(...) | semmle.label | new URI(...) |
| Test.java:101:12:101:54 | new URI(...) | semmle.label | new URI(...) |
| Test.java:105:14:105:34 | getHostName(...) : String | semmle.label | getHostName(...) : String |
| Test.java:107:46:107:46 | t | semmle.label | t |
subpaths
#select
| Test.java:24:11:24:24 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:24:20:24:23 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value |
@@ -47,3 +50,4 @@ subpaths
| Test.java:99:3:99:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
| Test.java:100:3:100:46 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
| Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
| Test.java:107:46:107:46 | t | Test.java:105:14:105:34 | getHostName(...) : String | Test.java:107:46:107:46 | t | This path depends on a $@. | Test.java:105:14:105:34 | getHostName(...) | user-provided value |

6
java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java
View File

@@ -100,4 +100,10 @@ class Test {
new File(new URI(null, null, t, null, null));
new File(new URI(null, null, null, 0, t, null, null));
}
void doGet6(InetAddress address) throws IOException {
String t = address.getHostName();
// BAD: accessing local resource with user input
getClass().getModule().getResourceAsStream(t);
}
}

29
java/ql/test/query-tests/security/CWE-089/semmle/examples/Hive.java Normal file
View File

@@ -0,0 +1,29 @@
import org.apache.hadoop.hive.metastore.api.ColumnStatistics;
import org.apache.hadoop.hive.metastore.api.DefaultConstraintsRequest;
import org.apache.hadoop.hive.metastore.ObjectStore;
import org.apache.hive.hcatalog.templeton.ColumnDesc;
import org.apache.hive.hcatalog.templeton.HcatDelegator;
import java.util.List;
public class Hive {
public static Object source() {
return null;
}
public void test(ObjectStore objStore, HcatDelegator hcatDel) throws Exception {
{
String taint = (String) source();
new DefaultConstraintsRequest("", taint, ""); // $ sqlInjection
}
{
ColumnStatistics taint = (ColumnStatistics) source();
//objStore.updatePartitionColumnStatistics(taint, (List<String>) null, (String) null, 0L); // $ sqlInjection
objStore.updatePartitionColumnStatistics(taint, (List<String>) null); // $ sqlInjection
}
{
ColumnDesc taint = (ColumnDesc) source();
hcatDel.addOneColumn(null, null, null, taint); // $ sqlInjection
}
}
}

2
java/ql/test/query-tests/security/CWE-089/semmle/examples/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.3.8
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/apache-hive