Add test cases

java/ql/test/query-tests/security/CWE-330/WeakRandomCookies.java

@@ -0,0 +1,40 @@
+import java.io.IOException;
+import java.util.Random;
+import java.security.SecureRandom;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.Cookie;
+
+public class WeakRandomCookies extends HttpServlet {
+    HttpServletResponse response;
+
+    public void doGet() {
+        Random r = new Random();
+
+        int c = r.nextInt();
+        // BAD: The cookie value may be predictable.
+        Cookie cookie = new Cookie("name", Integer.toString(c));
+        response.addCookie(cookie); // $hasWeakRandomFlow
+
+        int c2 = r.nextInt();
+        // BAD: The cookie value may be predictable.
+        Cookie cookie2 = new Cookie("name" + c2, "value");
+        response.addCookie(cookie2); // $hasWeakRandomFlow
+
+        byte[] bytes = new byte[16];
+        r.nextBytes(bytes);
+        // BAD: The cookie value may be predictable.
+        Cookie cookie3 = new Cookie("name", new String(bytes));
+        response.addCookie(cookie3); // $hasWeakRandomFlow
+
+        SecureRandom sr = new SecureRandom();
+
+        byte[] bytes2 = new byte[16];
+        sr.nextBytes(bytes2);
+        // GOOD: The cookie value is unpredictable.
+        Cookie cookie4 = new Cookie("name", new String(bytes2));
+        response.addCookie(cookie4);
+    }
+}

java/ql/test/query-tests/security/CWE-330/WeakRandomTest.expected

@@ -0,0 +1,2 @@
+failures
+testFailures

java/ql/test/query-tests/security/CWE-330/WeakRandomTest.ql

@@ -0,0 +1,18 @@
+import java
+import semmle.code.java.security.WeakRandomnessQuery
+import TestUtilities.InlineExpectationsTest
+
+module WeakRandomTest implements TestSig {
+  string getARelevantTag() { result = "hasWeakRandomFlow" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasWeakRandomFlow" and
+    exists(DataFlow::Node sink | WeakRandomnessFlow::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<WeakRandomTest>

java/ql/test/query-tests/security/CWE-330/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4