hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use InlineExpectationsTest

Browse Source
This commit is contained in:
Tony Torralba
2021-06-01 11:57:44 +02:00
parent 2cada386b4
commit 148443fae1
5 changed files with 63 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth.expected
View File

@@ -1,63 +0,0 @@
edges
| InsecureBasicAuth.java:20:39:20:52 | ... + ... : String | InsecureBasicAuth.java:28:3:28:6 | post |
| InsecureBasicAuth.java:35:19:35:64 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuth.java:38:3:38:5 | get |
| InsecureBasicAuth.java:45:19:45:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:46:50:46:55 | uriStr : String |
| InsecureBasicAuth.java:45:19:45:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:54:3:54:6 | post |
| InsecureBasicAuth.java:46:39:46:56 | create(...) : URI | InsecureBasicAuth.java:54:3:54:6 | post |
| InsecureBasicAuth.java:46:50:46:55 | uriStr : String | InsecureBasicAuth.java:46:39:46:56 | create(...) : URI |
| InsecureBasicAuth.java:61:19:61:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:62:21:62:26 | uriStr : String |
| InsecureBasicAuth.java:61:19:61:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:71:3:71:6 | post |
| InsecureBasicAuth.java:62:13:62:27 | new URI(...) : URI | InsecureBasicAuth.java:71:3:71:6 | post |
| InsecureBasicAuth.java:62:21:62:26 | uriStr : String | InsecureBasicAuth.java:62:13:62:27 | new URI(...) : URI |
| InsecureBasicAuth.java:78:47:78:52 | "http" : String | InsecureBasicAuth.java:86:3:86:6 | post |
| InsecureBasicAuth.java:93:19:93:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:102:3:102:6 | post |
| InsecureBasicAuth.java:109:19:109:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:110:58:110:63 | uriStr : String |
| InsecureBasicAuth.java:110:29:110:70 | new BasicRequestLine(...) : BasicRequestLine | InsecureBasicAuth.java:119:3:119:6 | post |
| InsecureBasicAuth.java:110:58:110:63 | uriStr : String | InsecureBasicAuth.java:110:29:110:70 | new BasicRequestLine(...) : BasicRequestLine |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:129:21:129:26 | urlStr : String |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL | InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:129:21:129:26 | urlStr : String | InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL |
| InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection | InsecureBasicAuth.java:133:3:133:6 | conn |
| InsecureBasicAuth.java:145:21:145:28 | protocol : String | InsecureBasicAuth.java:146:28:146:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:146:28:146:67 | (...)... : URLConnection | InsecureBasicAuth.java:149:3:149:6 | conn |
nodes
| InsecureBasicAuth.java:20:39:20:52 | ... + ... : String | semmle.label | ... + ... : String |
| InsecureBasicAuth.java:28:3:28:6 | post | semmle.label | post |
| InsecureBasicAuth.java:35:19:35:64 | "http://www.example.com:8000/payment/retrieve" : String | semmle.label | "http://www.example.com:8000/payment/retrieve" : String |
| InsecureBasicAuth.java:38:3:38:5 | get | semmle.label | get |
| InsecureBasicAuth.java:45:19:45:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:46:39:46:56 | create(...) : URI | semmle.label | create(...) : URI |
| InsecureBasicAuth.java:46:50:46:55 | uriStr : String | semmle.label | uriStr : String |
| InsecureBasicAuth.java:54:3:54:6 | post | semmle.label | post |
| InsecureBasicAuth.java:61:19:61:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:62:13:62:27 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| InsecureBasicAuth.java:62:21:62:26 | uriStr : String | semmle.label | uriStr : String |
| InsecureBasicAuth.java:71:3:71:6 | post | semmle.label | post |
| InsecureBasicAuth.java:78:47:78:52 | "http" : String | semmle.label | "http" : String |
| InsecureBasicAuth.java:86:3:86:6 | post | semmle.label | post |
| InsecureBasicAuth.java:93:19:93:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:102:3:102:6 | post | semmle.label | post |
| InsecureBasicAuth.java:109:19:109:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:110:29:110:70 | new BasicRequestLine(...) : BasicRequestLine | semmle.label | new BasicRequestLine(...) : BasicRequestLine |
| InsecureBasicAuth.java:110:58:110:63 | uriStr : String | semmle.label | uriStr : String |
| InsecureBasicAuth.java:119:3:119:6 | post | semmle.label | post |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL | semmle.label | new URL(...) : URL |
| InsecureBasicAuth.java:129:21:129:26 | urlStr : String | semmle.label | urlStr : String |
| InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection | semmle.label | (...)... : URLConnection |
| InsecureBasicAuth.java:133:3:133:6 | conn | semmle.label | conn |
| InsecureBasicAuth.java:145:21:145:28 | protocol : String | semmle.label | protocol : String |
| InsecureBasicAuth.java:146:28:146:67 | (...)... : URLConnection | semmle.label | (...)... : URLConnection |
| InsecureBasicAuth.java:149:3:149:6 | conn | semmle.label | conn |
subpaths
#select
| InsecureBasicAuth.java:28:3:28:6 | post | InsecureBasicAuth.java:20:39:20:52 | ... + ... : String | InsecureBasicAuth.java:28:3:28:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:20:39:20:52 | ... + ... | HTTP URL |
| InsecureBasicAuth.java:38:3:38:5 | get | InsecureBasicAuth.java:35:19:35:64 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuth.java:38:3:38:5 | get | Insecure basic authentication from $@. | InsecureBasicAuth.java:35:19:35:64 | "http://www.example.com:8000/payment/retrieve" | HTTP URL |
| InsecureBasicAuth.java:54:3:54:6 | post | InsecureBasicAuth.java:45:19:45:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:54:3:54:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:45:19:45:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
| InsecureBasicAuth.java:71:3:71:6 | post | InsecureBasicAuth.java:61:19:61:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:71:3:71:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:61:19:61:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
| InsecureBasicAuth.java:86:3:86:6 | post | InsecureBasicAuth.java:78:47:78:52 | "http" : String | InsecureBasicAuth.java:86:3:86:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:78:47:78:52 | "http" | HTTP URL |
| InsecureBasicAuth.java:102:3:102:6 | post | InsecureBasicAuth.java:93:19:93:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:102:3:102:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:93:19:93:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
| InsecureBasicAuth.java:119:3:119:6 | post | InsecureBasicAuth.java:109:19:109:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:119:3:119:6 | post | Insecure basic authentication from $@. | InsecureBasicAuth.java:109:19:109:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
| InsecureBasicAuth.java:133:3:133:6 | conn | InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:133:3:133:6 | conn | Insecure basic authentication from $@. | InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
| InsecureBasicAuth.java:149:3:149:6 | conn | InsecureBasicAuth.java:145:21:145:28 | protocol : String | InsecureBasicAuth.java:149:3:149:6 | conn | Insecure basic authentication from $@. | InsecureBasicAuth.java:145:21:145:28 | protocol | HTTP URL |

1
java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-522/InsecureBasicAuth.ql

0
java/ql/test/query-tests/security/CWE-522/InsecureBasicAuthTest.expected Normal file
View File

55
java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth.java → java/ql/test/query-tests/security/CWE-522/InsecureBasicAuthTest.java
View File

@@ -11,21 +11,21 @@ import java.net.HttpURLConnection;
import java.net.URLConnection;
import java.util.Base64;
public class InsecureBasicAuth {
public class InsecureBasicAuthTest {
/**
* Test basic authentication with Apache HTTP POST request using string constructor.
*/
public void testApacheHttpRequest(String username, String password) {
String host = "www.example.com";
HttpRequestBase post = new HttpPost("http://"+host+"/rest/getuser.do?uid=abcdx");
HttpRequestBase post = new HttpPost("http://" + host + "/rest/getuser.do?uid=abcdx");
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
@@ -35,7 +35,8 @@ public class InsecureBasicAuth {
String urlStr = "http://www.example.com:8000/payment/retrieve";
HttpGet get = new HttpGet(urlStr);
get.setHeader("Accept", "application/json");
get.setHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode("admin:test".getBytes())));
get.setHeader("Authorization", // $hasInsecureBasicAuth
"Basic " + new String(Base64.getEncoder().encode("admin:test".getBytes())));
}
/**
@@ -46,16 +47,17 @@ public class InsecureBasicAuth {
HttpRequestBase post = new HttpPost(URI.create(uriStr));
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
* Test basic authentication with Apache HTTP POST request using the URI constructor with one argument.
* Test basic authentication with Apache HTTP POST request using the URI constructor with one
* argument.
*/
public void testApacheHttpRequest4(String username, String password) throws Exception {
String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
@@ -63,27 +65,29 @@ public class InsecureBasicAuth {
HttpRequestBase post = new HttpPost(uri);
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
* Test basic authentication with Apache HTTP POST request using a URI constructor with multiple arguments.
* Test basic authentication with Apache HTTP POST request using a URI constructor with multiple
* arguments.
*/
public void testApacheHttpRequest5(String username, String password) throws Exception {
HttpRequestBase post = new HttpPost(new URI("http", "www.example.com", "/test", "abc=123", null));
HttpRequestBase post =
new HttpPost(new URI("http", "www.example.com", "/test", "abc=123", null));
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
@@ -94,12 +98,12 @@ public class InsecureBasicAuth {
BasicHttpRequest post = new BasicHttpRequest("POST", uriStr);
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
@@ -111,16 +115,17 @@ public class InsecureBasicAuth {
BasicHttpRequest post = new BasicHttpRequest(requestLine);
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
String authString = username + ":" + password;
byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
String authStringEnc = new String(authEncBytes);
post.addHeader("Authorization", "Basic " + authStringEnc);
post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
}
/**
* Test basic authentication with Java HTTP URL connection using the `URL(String spec)` constructor.
* Test basic authentication with Java HTTP URL connection using the `URL(String spec)`
* constructor.
*/
public void testHttpUrlConnection(String username, String password) throws Exception {
String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
@@ -130,11 +135,12 @@ public class InsecureBasicAuth {
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("Authorization", "Basic " + encoding);
conn.setRequestProperty("Authorization", "Basic " + encoding); // $hasInsecureBasicAuth
}
/**
* Test basic authentication with Java HTTP URL connection using the `URL(String protocol, String host, String file)` constructor.
* Test basic authentication with Java HTTP URL connection using the `URL(String protocol,
* String host, String file)` constructor.
*/
public void testHttpUrlConnection2(String username, String password) throws Exception {
String host = "www.example.com";
@@ -146,7 +152,7 @@ public class InsecureBasicAuth {
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("Authorization", "Basic " + encoding);
conn.setRequestProperty("Authorization", "Basic " + encoding); // $hasInsecureBasicAuth
}
/**
@@ -156,9 +162,10 @@ public class InsecureBasicAuth {
String host = "LOCALHOST";
String authString = username + ":" + password;
String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
HttpURLConnection conn = (HttpURLConnection) new URL("http://"+(((host+"/rest/getuser.do")+"?uid=abcdx"))).openConnection();
HttpURLConnection conn = (HttpURLConnection) new URL(
"http://" + (((host + "/rest/getuser.do") + "?uid=abcdx"))).openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setRequestProperty("Authorization", "Basic " + encoding);
conn.setRequestProperty("Authorization", "Basic " + encoding); // Safe
}
}

32
java/ql/test/query-tests/security/CWE-522/InsecureBasicAuthTest.ql Normal file
View File

@@ -0,0 +1,32 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.InsecureBasicAuth
import TestUtilities.InlineExpectationsTest
class Conf extends TaintTracking::Configuration {
Conf() { this = "test:cwe:insecure-basic-auth" }
override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
}
}
class HasInsecureBasicAuthTest extends InlineExpectationsTest {
HasInsecureBasicAuthTest() { this = "HasInsecureBasicAuthTest" }
override string getARelevantTag() { result = "hasInsecureBasicAuth" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasInsecureBasicAuth" and
exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}