mirror of
https://github.com/github/codeql.git
synced 2026-04-28 10:15:14 +02:00
Java: tests for automodel framework mode candidate extraction
This commit is contained in:
Stephan Brandauer
@@ -0,0 +1,3 @@
|
||||
| com/github/codeql/test/PublicClass.java:4:21:4:30 | arg | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@. | com/github/codeql/test/PublicClass.java:4:21:4:30 | arg | MethodDoc | com/github/codeql/test/PublicClass.java:4:21:4:30 | arg | ClassDoc | file://com.github.codeql.test:1:1:1:1 | com.github.codeql.test | package | file://PublicClass:1:1:1:1 | PublicClass | type | file://true:1:1:1:1 | true | subtypes | file://stuff:1:1:1:1 | stuff | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://arg:1:1:1:1 | arg | parameterName |
|
||||
| com/github/codeql/test/PublicClass.java:8:34:8:43 | arg | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@. | com/github/codeql/test/PublicClass.java:8:34:8:43 | arg | MethodDoc | com/github/codeql/test/PublicClass.java:8:34:8:43 | arg | ClassDoc | file://com.github.codeql.test:1:1:1:1 | com.github.codeql.test | package | file://PublicClass:1:1:1:1 | PublicClass | type | file://false:1:1:1:1 | false | subtypes | file://staticStuff:1:1:1:1 | staticStuff | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input | file://arg:1:1:1:1 | arg | parameterName |
|
||||
| java/nio/file/Files.java:12:42:12:57 | out | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@. | java/nio/file/Files.java:12:42:12:57 | out | MethodDoc | java/nio/file/Files.java:12:42:12:57 | out | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,OutputStream):1:1:1:1 | (Path,OutputStream) | signature | file://Argument[1]:1:1:1:1 | Argument[1] | input | file://out:1:1:1:1 | out | parameterName |
|
||||
@@ -0,0 +1 @@
|
||||
Telemetry/AutomodelFrameworkModeExtractCandidates.ql
|
||||
@@ -0,0 +1,10 @@
|
||||
package com.github.codeql.test;
|
||||
|
||||
/**
|
||||
* No candidates in this class, as it's not public!
|
||||
*/
|
||||
class NonPublicClass {
|
||||
public void noCandidates(String here) {
|
||||
System.out.println(here);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
package com.github.codeql.test;
|
||||
|
||||
public class PublicClass {
|
||||
public void stuff(String arg) { // arg is a candidate
|
||||
System.out.println(arg);
|
||||
}
|
||||
|
||||
public static void staticStuff(String arg) { // arg is a candidate
|
||||
System.out.println(arg);
|
||||
}
|
||||
|
||||
// arg is not a candidate because the method is not public:
|
||||
protected void nonPublicStuff(String arg) {
|
||||
System.out.println(arg);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
package java.nio.file;
|
||||
|
||||
import java.nio.file.Path;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
||||
public class Files {
|
||||
// - source is not a candidate because a manual model exists:
|
||||
// ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection", "manual"]
|
||||
// - out is a candidate. NB: may be worthwile to implement the same behaviour as in application mode where out
|
||||
// would not be a candidate because another param is already modeled.
|
||||
public static void copy(Path source, OutputStream out) throws IOException {
|
||||
// ...
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user