hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Review fixes.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-11-24 11:31:44 +01:00
parent ebc6c49555
commit 0450489022
20 changed files with 219 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql
View File

@@ -52,7 +52,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration {
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(UrlConstructor u |
exists(UrlConstructorCall u |
node1.asExpr() = u.protocolArg() and
node2.asExpr() = u
)

18
java/ql/src/experimental/CWE-918/RequestForgery.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Server Sider Request Forgery (SSRF) from remote source
* @name Server Sider Request Forgery (SSRF)
* @description Making web requests based on unvalidated user-input
* may cause server to communicate with malicious servers.
* @kind path-problem
@@ -12,10 +12,22 @@
import java
import semmle.code.java.dataflow.FlowSources
import RequestForgery::RequestForgery
import RequestForgery
import DataFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, RequestForgeryRemoteConfiguration conf
class RequestForgeryConfiguration extends TaintTracking::Configuration {
RequestForgeryConfiguration() { this = "Server Side Request Forgery" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink }
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
requestForgeryStep(pred, succ)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, RequestForgeryConfiguration conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Potential server side request forgery due to $@.",
source.getNode(), "a user-provided value"

184
java/ql/src/experimental/CWE-918/RequestForgery.qll
View File

@@ -1,33 +1,17 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Networking
import semmle.code.java.frameworks.ApacheHttp
import semmle.code.java.frameworks.spring.Spring
import semmle.code.java.frameworks.JaxWS
import semmle.code.java.frameworks.javase.Http
import semmle.code.java.dataflow.DataFlow
module RequestForgery {
import RequestForgeryCustomizations::RequestForgery
/**
* A taint-tracking configuration for reasoning about request forgery.
*/
class RequestForgeryRemoteConfiguration extends TaintTracking::Configuration {
RequestForgeryRemoteConfiguration() { this = "Server Side Request Forgery" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
additionalStep(pred, succ)
}
}
}
predicate additionalStep(DataFlow::Node pred, DataFlow::Node succ) {
predicate requestForgeryStep(DataFlow::Node pred, DataFlow::Node succ) {
// propagate to a URI when its host is assigned to
exists(UriCreation c | c.getHostArg() = pred.asExpr() | succ.asExpr() = c)
or
// propagate to a URL when its host is assigned to
exists(UrlConstructor c | c.getHostArg() = pred.asExpr() | succ.asExpr() = c)
exists(UrlConstructorCall c | c.getHostArg() = pred.asExpr() | succ.asExpr() = c)
or
// propagate to a RequestEntity when its url is assigned to
exists(MethodAccess m |
@@ -36,12 +20,12 @@ predicate additionalStep(DataFlow::Node pred, DataFlow::Node succ) {
m.getMethod().hasName(["get", "post", "head", "delete", "options", "patch", "put"]) and
m.getArgument(0) = pred.asExpr() and
m = succ.asExpr()
)
or
m.getMethod().hasName("method") and
m.getArgument(1) = pred.asExpr() and
m = succ.asExpr()
)
)
or
// propagate from a `RequestEntity<>$BodyBuilder` to a `RequestEntity`
// when the builder is tainted
@@ -53,3 +37,157 @@ predicate additionalStep(DataFlow::Node pred, DataFlow::Node succ) {
m = succ.asExpr()
)
}
/** A data flow sink for request forgery vulnerabilities. */
abstract class RequestForgerySink extends DataFlow::Node { }
/**
* An argument to an url `openConnection` or `openStream` call
* taken as a sink for request forgery vulnerabilities.
*/
private class UrlOpen extends RequestForgerySink {
UrlOpen() {
exists(MethodAccess ma |
ma.getMethod() instanceof UrlOpenConnectionMethod or
ma.getMethod() instanceof UrlOpenStreamMethod
|
this.asExpr() = ma.getQualifier()
)
}
}
/**
* An argument to an Apache `setURI` call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheSetUri extends RequestForgerySink {
ApacheSetUri() {
exists(MethodAccess ma |
ma.getReceiverType() instanceof ApacheHttpRequest and
ma.getMethod().hasName("setURI")
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to any Apache Request Instantiation call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheHttpRequestInstantiation extends RequestForgerySink {
ApacheHttpRequestInstantiation() {
exists(ClassInstanceExpr c | c.getConstructedType() instanceof ApacheHttpRequest |
this.asExpr() = c.getArgument(0)
)
}
}
/**
* An argument to a Apache RequestBuilder method call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheHttpRequestBuilderArgument extends RequestForgerySink {
ApacheHttpRequestBuilderArgument() {
exists(MethodAccess ma |
ma.getReceiverType() instanceof TypeApacheHttpRequestBuilder and
ma.getMethod().hasName(["setURI", "get", "post", "put", "optons", "head", "delete"])
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to any Java.net.http.request Instantiation call taken as a
* sink for request forgery vulnerabilities.
*/
private class HttpRequestNewBuilder extends RequestForgerySink {
HttpRequestNewBuilder() {
exists(MethodAccess call |
call.getCallee().hasName("newBuilder") and
call.getMethod().getDeclaringType().getName() = "HttpRequest"
|
this.asExpr() = call.getArgument(0)
)
}
}
/**
* An argument to an Http Builder `uri` call taken as a
* sink for request forgery vulnerabilities.
*/
private class HttpBuilderUriArgument extends RequestForgerySink {
HttpBuilderUriArgument() {
exists(MethodAccess ma | ma.getMethod() instanceof HttpBuilderUri |
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to a Spring Rest Template method call taken as a
* sink for request forgery vulnerabilities.
*/
private class SpringRestTemplateArgument extends RequestForgerySink {
SpringRestTemplateArgument() {
exists(MethodAccess ma |
this.asExpr() = ma.getMethod().(SpringRestTemplateUrlMethods).getUrlArgument(ma)
)
}
}
/**
* An argument to `javax.ws.rs.Client`s `target` method call taken as a
* sink for request forgery vulnerabilities.
*/
private class JaxRsClientTarget extends RequestForgerySink {
JaxRsClientTarget() {
exists(MethodAccess ma |
ma.getMethod().getDeclaringType() instanceof JaxRsClient and
ma.getMethod().hasName("target")
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to `org.springframework.http.RequestEntity`s constructor call
* which is an URI taken as a sink for request forgery vulnerabilities.
*/
private class RequestEntityUriArg extends RequestForgerySink {
RequestEntityUriArg() {
exists(ClassInstanceExpr e, Argument a |
e.getConstructedType() instanceof SpringRequestEntity and
e.getAnArgument() = a and
a.getType() instanceof TypeUri and
this.asExpr() = a
)
}
}
/**
* A class representing all Spring Rest Template methods
* which take an URL as an argument.
*/
private class SpringRestTemplateUrlMethods extends Method {
SpringRestTemplateUrlMethods() {
this.getDeclaringType() instanceof SpringRestTemplate and
this
.hasName([
"doExecute", "postForEntity", "postForLocation", "postForObject", "put", "exchange",
"execute", "getForEntity", "getForObject", "patchForObject"
])
}
/**
* Gets the argument which corresponds to a URL argument
* passed as a `java.net.URL` object or as a string or the like
*/
Argument getUrlArgument(MethodAccess ma) {
// doExecute(URI url, HttpMethod method, RequestCallback requestCallback,
// ResponseExtractor<T> responseExtractor)
result = ma.getArgument(0)
}
}

164
java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll
View File

@@ -1,164 +0,0 @@
/** A module to reason about request forgery vulnerabilities. */
import java
import semmle.code.java.frameworks.Networking
import semmle.code.java.frameworks.ApacheHttp
import semmle.code.java.frameworks.spring.Spring
import semmle.code.java.frameworks.JaxWS
import semmle.code.java.frameworks.javase.Http
import semmle.code.java.dataflow.DataFlow
/** A module to reason about request forgery vulnerabilities. */
module RequestForgery {
/** A data flow sink for request forgery vulnerabilities. */
abstract class Sink extends DataFlow::Node { }
/**
* An argument to an url `openConnection` or `openStream` call
* taken as a sink for request forgery vulnerabilities.
*/
private class UrlOpen extends Sink {
UrlOpen() {
exists(MethodAccess ma |
ma.getMethod() instanceof UrlOpenConnectionMethod or
ma.getMethod() instanceof UrlOpenStreamMethod
|
this.asExpr() = ma.getQualifier()
)
}
}
/**
* An argument to an Apache `setURI` call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheSetUri extends Sink {
ApacheSetUri() {
exists(MethodAccess ma |
ma.getReceiverType() instanceof ApacheHttpRequest and
ma.getMethod().hasName("setURI")
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to any Apache Request Instantiation call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheHttpRequestInstantiation extends Sink {
ApacheHttpRequestInstantiation() {
exists(ClassInstanceExpr c | c.getConstructedType() instanceof ApacheHttpRequest |
this.asExpr() = c.getArgument(0)
)
}
}
/**
* An argument to a Apache RequestBuilder method call taken as a
* sink for request forgery vulnerabilities.
*/
private class ApacheHttpRequestBuilderArgument extends Sink {
ApacheHttpRequestBuilderArgument() {
exists(MethodAccess ma |
ma.getReceiverType() instanceof TypeApacheHttpRequestBuilder and
ma.getMethod().hasName(["setURI", "get", "post", "put", "optons", "head", "delete"])
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to any Java.net.http.request Instantiation call taken as a
* sink for request forgery vulnerabilities.
*/
private class HttpRequestNewBuilder extends Sink {
HttpRequestNewBuilder() {
exists(MethodAccess call |
call.getCallee().hasName("newBuilder") and
call.getMethod().getDeclaringType().getName() = "HttpRequest"
|
this.asExpr() = call.getArgument(0)
)
}
}
/**
* An argument to an Http Builder `uri` call taken as a
* sink for request forgery vulnerabilities.
*/
private class HttpBuilderUriArgument extends Sink {
HttpBuilderUriArgument() {
exists(MethodAccess ma | ma.getMethod() instanceof HttpBuilderUri |
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to a Spring Rest Template method call taken as a
* sink for request forgery vulnerabilities.
*/
private class SpringRestTemplateArgument extends Sink {
SpringRestTemplateArgument() {
exists(MethodAccess ma |
this.asExpr() = ma.getMethod().(SpringRestTemplateUrlMethods).getUrlArgument(ma)
)
}
}
/**
* An argument to `javax.ws.rs.Client`s `target` method call taken as a
* sink for request forgery vulnerabilities.
*/
private class JaxRsClientTarget extends Sink {
JaxRsClientTarget() {
exists(MethodAccess ma |
ma.getMethod().getDeclaringType() instanceof JaxRsClient and
ma.getMethod().hasName("target")
|
this.asExpr() = ma.getArgument(0)
)
}
}
/**
* An argument to `org.springframework.http.RequestEntity`s constructor call
* which is an URI taken as a sink for request forgery vulnerabilities.
*/
private class RequestEntityUriArg extends Sink {
RequestEntityUriArg() {
exists(ClassInstanceExpr e, Argument a |
e.getConstructedType() instanceof SpringRequestEntity and
e.getAnArgument() = a and
a.getType() instanceof TypeUri and
this.asExpr() = a
)
}
}
}
/**
* A class representing all Spring Rest Template methods
* which take an URL as an argument.
*/
class SpringRestTemplateUrlMethods extends Method {
SpringRestTemplateUrlMethods() {
this.getDeclaringType() instanceof SpringRestTemplate and
this
.hasName(["doExecute", "postForEntity", "postForLocation", "postForObject", "put",
"exchange", "execute", "getForEntity", "getForObject", "patchForObject"])
}
/**
* Gets the argument which corresponds to a URL argument
* passed as a `java.net.URL` object or as a string or the like
*/
Argument getUrlArgument(MethodAccess ma) {
// doExecute(URI url, HttpMethod method, RequestCallback requestCallback,
// ResponseExtractor<T> responseExtractor)
result = ma.getArgument(0)
}
}

15
java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll
View File

@@ -1,3 +1,7 @@
/**
* Provides classes and predicates related to `org.apache.http.*`.
*/
import java
class ApacheHttpGetParams extends Method {
@@ -15,8 +19,9 @@ class ApacheHttpEntityGetContent extends Method {
}
/**
* A class that is derived from the `HttpRequestBase` or the `BasicHttpRequest`
* classes of the Apache HTTP Client `org.apache.http` library
* An HTTP request as represented by the Apache HTTP Client library. This is
* either `org.apache.http.client.methods.HttpRequestBase`,
* `org.apache.http.message.BasicHttpRequest`, or one of their subclasses.
*/
class ApacheHttpRequest extends RefType {
ApacheHttpRequest() {
@@ -27,9 +32,11 @@ class ApacheHttpRequest extends RefType {
}
}
/** Models `RequestBuilder` class of the Apache Http Client library */
/**
* The `org.apache.http.client.methods.RequestBuilder` class.
*/
class TypeApacheHttpRequestBuilder extends Class {
TypeApacheHttpRequestBuilder() {
hasQualifiedName("org.apache.http.client.methods", "RequestBuilder")
this.hasQualifiedName("org.apache.http.client.methods", "RequestBuilder")
}
}

53
java/ql/src/semmle/code/java/frameworks/Networking.qll
View File

@@ -42,7 +42,7 @@ class SocketGetInputStreamMethod extends Method {
}
}
/** A function or method call that returns a new `URI`. */
/** A method or constructor call that returns a new `URI`. */
class UriCreation extends Call {
UriCreation() {
this.getCallee().getDeclaringType() instanceof TypeUri and
@@ -50,47 +50,44 @@ class UriCreation extends Call {
}
/**
* Returns the host of the newly created URI.
* In the case where the host is specified separately, this returns only the host.
* In the case where the uri is parsed from an input string,
* such as in `URI(`http://foo.com/mypath')`,
* this returns the entire argument passed i.e. `http://foo.com/mypath'.
* Gets the host argument of the newly created URI. In the case where the
* host is specified separately, this is only the host. In the case where the
* uri is parsed from an input string, such as in
* `URI("http://foo.com/mypath")`, this is the entire argument passed in,
* that is `"http://foo.com/mypath"`.
*/
Expr getHostArg() { none() }
}
/** An URI constructor expression */
class UriConstructor extends ClassInstanceExpr, UriCreation {
/** A `java.net.URI` constructor call. */
class UriConstructorCall extends ClassInstanceExpr, UriCreation {
override Expr getHostArg() {
// URI(String str)
// URI(String str)
result = this.getArgument(0) and this.getNumArgument() = 1
or
// URI(String scheme, String ssp, String fragment)
// URI(String scheme, String host, String path, String fragment)
// URI(String scheme, String authority, String path, String query, String fragment)
// URI(String scheme, String host, String path, String fragment)
// URI(String scheme, String authority, String path, String query, String fragment)
result = this.getArgument(1) and this.getNumArgument() = [3, 4, 5]
or
// URI(String scheme, String userInfo, String host, int port, String path, String query,
// URI(String scheme, String userInfo, String host, int port, String path, String query,
// String fragment)
result = this.getArgument(2) and this.getNumArgument() = 7
}
}
/** A call to the `create` method of the `java.net.URI` class */
class UriCreate extends Call, UriCreation {
UriCreate() {
this.getCallee().getName() = "create" and
this.getCallee().getDeclaringType() instanceof TypeUri
}
/** A call to `java.net.URI::create`. */
class UriCreate extends UriCreation {
UriCreate() { this.getCallee().hasName("create") }
override Expr getHostArg() { result = this.getArgument(0) }
}
/** An `java.net.URL` constructor expression */
class UrlConstructor extends ClassInstanceExpr {
UrlConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl }
/** A `java.net.URL` constructor call. */
class UrlConstructorCall extends ClassInstanceExpr {
UrlConstructorCall() { this.getConstructor().getDeclaringType() instanceof TypeUrl }
/** Returns the host of the newly created URI. */
/** Gets the host argument of the newly created URL. */
Expr getHostArg() {
// URL(String spec)
this.getNumArgument() = 1 and result = this.getArgument(0)
@@ -102,24 +99,22 @@ class UrlConstructor extends ClassInstanceExpr {
// URL(String protocol, String host, String file)
// but not
// URL(URL context, String spec, URLStreamHandler handler)
(
this.getNumArgument() = 3 and
this.getConstructor().getParameter(2).getType() instanceof TypeString
) and
this.getConstructor().getParameterType(2) instanceof TypeString and
result = this.getArgument(1)
}
/** Returns the expression which corresponds to the protocol of the url. */
/** Gets the argument that corresponds to the protocol of the URL. */
Expr protocolArg() {
// In all cases except where the first parameter is a URL, the argument
// containing the protocol is the first one, otherwise it is the second.
if this.getConstructor().getParameter(0).getType().getName() = "URL"
if this.getConstructor().getParameterType(0) instanceof TypeUrl
then result = this.getArgument(1)
else result = this.getArgument(0)
}
}
/** Models the `openStream` method of `java.net.url`. */
/** The method `java.net.URL::openStream`. */
class UrlOpenStreamMethod extends Method {
UrlOpenStreamMethod() {
this.getDeclaringType() instanceof TypeUrl and
@@ -127,7 +122,7 @@ class UrlOpenStreamMethod extends Method {
}
}
/** Models the `openConnection` method of `java.net.url`. */
/** The method `java.net.URL::openConnection`. */
class UrlOpenConnectionMethod extends Method {
UrlOpenConnectionMethod() {
this.getDeclaringType() instanceof TypeUrl and

4
java/ql/src/semmle/code/java/frameworks/javase/Http.qll
View File

@@ -1,5 +1,5 @@
/**
* Provides classes for identifying methods called by the Java net Http package.
* Provides classes and predicates related to `java.net.http.*`.
*/
import java
@@ -9,7 +9,7 @@ class TypeHttpRequestBuilder extends Interface {
TypeHttpRequestBuilder() { hasQualifiedName("java.net.http", "HttpRequest$Builder") }
}
/** A class representing `java.net.http.HttpRequest`. */
/** The interface representing `java.net.http.HttpRequest`. */
class TypeHttpRequest extends Interface {
TypeHttpRequest() { hasQualifiedName("java.net.http", "HttpRequest") }
}

1
java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll
View File

@@ -4,7 +4,6 @@
*/
import java
import semmle.code.java.frameworks.Networking
/** The class `org.springframework.http.HttpEntity` or an instantiation of it. */
class SpringHttpEntity extends Class {

2
java/ql/test/experimental/query-tests/security/CWE-918/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/apache-httpclient-4.5.12/:${testdir}/../../../../stubs/servlet-api-2.4/
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4/

19
java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpGet.java
View File

@@ -1,19 +0,0 @@
package org.apache.http.client.methods;
public class HttpGet extends org.apache.http.client.methods.HttpRequestBase {
public static final java.lang.String METHOD_NAME = "GET";
public HttpGet() {
}
public HttpGet(java.net.URI uri) {
}
public HttpGet(java.lang.String uri) {
}
public java.lang.String getMethod() {
return null;
}
}

17
java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpRequestBase.java
View File

@@ -1,17 +0,0 @@
package org.apache.http.client.methods;
public abstract class HttpRequestBase {
private java.net.URI uri;
public HttpRequestBase() {
}
public java.net.URI getURI() {
return null;
}
public void setURI(java.net.URI uri) {
}
}

59
java/ql/test/library-tests/frameworks/Networking/Uri.java
View File

@@ -1,59 +0,0 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLStreamHandler;
import java.net.Proxy.Type;
public class Uri {
public static void main(String[] args) throws Exception {
// URI(String str)
URI uri = new URI("uri1");
// URI(String scheme, String ssp, String fragment)
URI ur2 = new URI("http", "ssp", "fragement");
// URI(String scheme, String userInfo, String host, int port, String path,
// String query, String fragment)
URI uri3 = new URI("http", "userinfo", "host", 1, "path", "query", "fragment");
// URI(String scheme, String host, String path, String fragment)
URI uri4 = new URI("http", "host", "path", "fragment");
// URI(String scheme, String authority, String path, String query, String
// fragment)
URI uri5 = new URI("http", "authority", "path", "query", "fragment");
// URI.create(String str)
URI uri6 = URI.create("http://foo.com/");
// URL(String spec)
URL url1 = new URL("spec");
// URL(String protocol, String host, int port, String file)
URL url2 = new URL("http", "host", 1, "file");
// URL(String protocol, String host, String file)
URL url3 = new URL("http", "host", "file");
// URL(URL context, String spec)
URL url4 = new URL(url3, "http");
// URL(String protocol, String host, int port, String file, URLStreamHandler
// handler)
URL url5 = new URL("http", "host", 1, "file", new Helper());
// URL(URL context, String spec, URLStreamHandler handler)
URL url6 = new URL(url3, "spec", new Helper());
URLConnection c1 = url1.openConnection();
SocketAddress sa = new SocketAddress() {
};
URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa));
InputStream c3 = url1.openStream();
}
}
class Helper extends URLStreamHandler {
@Override
protected URLConnection openConnection(URL arg0) throws IOException {
return null;
}
}

2
java/ql/test/library-tests/frameworks/Networking/openConnection.expected
View File

@@ -1,2 +0,0 @@
| Uri.java:46:28:46:48 | openConnection(...) |
| Uri.java:49:28:49:72 | openConnection(...) |

5
java/ql/test/library-tests/frameworks/Networking/openConnection.ql
View File

@@ -1,5 +0,0 @@
import java
import semmle.code.java.frameworks.Networking
from UrlOpenConnectionMethod m
select m.getAReference()

1
java/ql/test/library-tests/frameworks/Networking/openStream.expected
View File

@@ -1 +0,0 @@
| Uri.java:50:26:50:42 | openStream(...) |

5
java/ql/test/library-tests/frameworks/Networking/openStream.ql
View File

@@ -1,5 +0,0 @@
import java
import semmle.code.java.frameworks.Networking
from UrlOpenStreamMethod m
select m.getAReference()

6
java/ql/test/library-tests/frameworks/Networking/uri.expected
View File

@@ -1,6 +0,0 @@
| Uri.java:14:19:14:33 | new URI(...) | Uri.java:14:27:14:32 | "uri1" |
| Uri.java:17:19:17:53 | new URI(...) | Uri.java:17:35:17:39 | "ssp" |
| Uri.java:21:20:21:86 | new URI(...) | Uri.java:21:48:21:53 | "host" |
| Uri.java:23:20:23:62 | new URI(...) | Uri.java:23:36:23:41 | "host" |
| Uri.java:26:20:26:76 | new URI(...) | Uri.java:26:36:26:46 | "authority" |
| Uri.java:29:20:29:48 | create(...) | Uri.java:29:31:29:47 | "http://foo.com/" |

5
java/ql/test/library-tests/frameworks/Networking/uri.ql
View File

@@ -1,5 +0,0 @@
import java
import semmle.code.java.frameworks.Networking
from UriCreation c
select c, c.getHostArg()

4
java/ql/test/library-tests/frameworks/Networking/url.expected
View File

@@ -1,4 +0,0 @@
| Uri.java:32:20:32:34 | new URL(...) | Uri.java:32:28:32:33 | "spec" |
| Uri.java:34:20:34:53 | new URL(...) | Uri.java:34:36:34:41 | "host" |
| Uri.java:36:20:36:50 | new URL(...) | Uri.java:36:36:36:41 | "host" |
| Uri.java:41:20:41:67 | new URL(...) | Uri.java:41:36:41:41 | "host" |

5
java/ql/test/library-tests/frameworks/Networking/url.ql
View File

@@ -1,5 +0,0 @@
import java
import semmle.code.java.frameworks.Networking
from UrlConstructor c
select c, c.getHostArg()