mirror of
https://github.com/github/codeql.git
synced 2026-05-04 05:05:12 +02:00
Playframework test cases & review fixes
This commit is contained in:
Francis Alexander
@@ -104,4 +104,32 @@
|
||||
| ModulusAnalysis.java:49:25:49:25 | 3 | 0 | 3 | 0 |
|
||||
| ModulusAnalysis.java:50:32:50:32 | x | 0 | 3 | 16 |
|
||||
| ModulusAnalysis.java:50:32:50:32 | x | SSA init(x) | 0 | 0 |
|
||||
| ModulusAnalysis.java:54:38:54:39 | 42 | 0 | 42 | 0 |
|
||||
| ModulusAnalysis.java:56:22:56:22 | 0 | 0 | 0 | 0 |
|
||||
| ModulusAnalysis.java:56:25:56:25 | i | SSA phi(i) | 0 | 0 |
|
||||
| ModulusAnalysis.java:56:29:56:31 | cap | SSA init(cap) | 0 | 0 |
|
||||
| ModulusAnalysis.java:56:34:56:34 | i | SSA phi(i) | 0 | 0 |
|
||||
| ModulusAnalysis.java:56:34:56:36 | ...++ | SSA phi(i) | 0 | 0 |
|
||||
| ModulusAnalysis.java:57:32:57:32 | i | SSA phi(i) | 0 | 0 |
|
||||
| ModulusAnalysis.java:59:22:59:22 | 0 | 0 | 0 | 0 |
|
||||
| ModulusAnalysis.java:59:25:59:25 | j | SSA phi(j) | 0 | 0 |
|
||||
| ModulusAnalysis.java:59:29:59:31 | cap | SSA init(cap) | 0 | 0 |
|
||||
| ModulusAnalysis.java:59:34:59:34 | j | SSA phi(j) | 0 | 0 |
|
||||
| ModulusAnalysis.java:59:34:59:39 | ...+=... | SSA phi(j) | 1 | 0 |
|
||||
| ModulusAnalysis.java:59:39:59:39 | 1 | 0 | 1 | 0 |
|
||||
| ModulusAnalysis.java:60:32:60:32 | j | SSA phi(j) | 0 | 0 |
|
||||
| ModulusAnalysis.java:62:22:62:22 | 0 | 0 | 0 | 0 |
|
||||
| ModulusAnalysis.java:62:25:62:25 | k | 0 | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:25:62:25 | k | SSA def(k) | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:25:62:25 | k | SSA phi(k) | 0 | 0 |
|
||||
| ModulusAnalysis.java:62:29:62:31 | cap | SSA init(cap) | 0 | 0 |
|
||||
| ModulusAnalysis.java:62:34:62:34 | k | 0 | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:34:62:34 | k | SSA def(k) | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:34:62:34 | k | SSA phi(k) | 0 | 0 |
|
||||
| ModulusAnalysis.java:62:34:62:39 | ...+=... | 0 | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:34:62:39 | ...+=... | SSA def(k) | 0 | 3 |
|
||||
| ModulusAnalysis.java:62:34:62:39 | ...+=... | SSA phi(k) | 3 | 0 |
|
||||
| ModulusAnalysis.java:62:39:62:39 | 3 | 0 | 3 | 0 |
|
||||
| ModulusAnalysis.java:63:32:63:32 | k | 0 | 0 | 3 |
|
||||
| ModulusAnalysis.java:63:32:63:32 | k | SSA def(k) | 0 | 3 |
|
||||
| ModulusAnalysis.java:63:32:63:32 | k | SSA phi(k) | 0 | 0 |
|
||||
| ModulusAnalysis.java:66:38:66:39 | 42 | 0 | 42 | 0 |
|
||||
|
||||
@@ -51,5 +51,17 @@ class ModulusAnalysis
|
||||
}
|
||||
}
|
||||
|
||||
void loops(int cap)
|
||||
{
|
||||
for (int i = 0; i < cap; i++)
|
||||
System.out.println(i);
|
||||
|
||||
for (int j = 0; j < cap; j += 1)
|
||||
System.out.println(j);
|
||||
|
||||
for (int k = 0; k < cap; k += 3)
|
||||
System.out.println(k); // congruent 0 mod 3
|
||||
}
|
||||
|
||||
int[] getArray(){ return new int[42]; }
|
||||
}
|
||||
@@ -20,6 +20,11 @@ public class A {
|
||||
|
||||
void f3(Box b) {
|
||||
Box other = new Box();
|
||||
addElem(other);
|
||||
sink(other.elem);
|
||||
}
|
||||
|
||||
void addElem(Box b) {
|
||||
b.elem = new Object();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,10 +1,17 @@
|
||||
edges
|
||||
| A.java:4:16:4:18 | this <constr(this)> [post update] [elem] | A.java:22:17:22:25 | new Box(...) [elem] |
|
||||
| A.java:12:5:12:5 | b [post update] [elem] | A.java:13:12:13:12 | b [elem] |
|
||||
| A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:5 | b [post update] [elem] |
|
||||
| A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:18 | ...=... : Object |
|
||||
| A.java:13:12:13:12 | b [elem] | A.java:17:13:17:16 | f1(...) [elem] |
|
||||
| A.java:17:13:17:16 | f1(...) [elem] | A.java:18:8:18:8 | b [elem] |
|
||||
| A.java:18:8:18:8 | b [elem] | A.java:21:11:21:15 | b [elem] |
|
||||
| A.java:22:17:22:25 | new Box(...) [elem] | A.java:23:13:23:17 | other [elem] |
|
||||
| A.java:23:13:23:17 | other [elem] | A.java:24:10:24:14 | other [elem] |
|
||||
| A.java:23:13:23:17 | other [post update] [elem] | A.java:24:10:24:14 | other [elem] |
|
||||
| A.java:24:10:24:14 | other [elem] | A.java:24:10:24:19 | other.elem |
|
||||
| A.java:28:5:28:5 | b [post update] [elem] | A.java:23:13:23:17 | other [post update] [elem] |
|
||||
| A.java:28:14:28:25 | new Object(...) | A.java:28:5:28:5 | b [post update] [elem] |
|
||||
#select
|
||||
| 0 | A.java:12:5:12:5 | b [post update] [elem] |
|
||||
| 0 | A.java:12:5:12:18 | ...=... : Object |
|
||||
|
||||
22
java/ql/test/library-tests/dataflow/partial/testRev.expected
Normal file
22
java/ql/test/library-tests/dataflow/partial/testRev.expected
Normal file
@@ -0,0 +1,22 @@
|
||||
edges
|
||||
| A.java:4:16:4:18 | this <constr(this)> [post update] [elem] | A.java:22:17:22:25 | new Box(...) [elem] |
|
||||
| A.java:12:5:12:5 | b [post update] [elem] | A.java:13:12:13:12 | b [elem] |
|
||||
| A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:5 | b [post update] [elem] |
|
||||
| A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:18 | ...=... : Object |
|
||||
| A.java:13:12:13:12 | b [elem] | A.java:17:13:17:16 | f1(...) [elem] |
|
||||
| A.java:17:13:17:16 | f1(...) [elem] | A.java:18:8:18:8 | b [elem] |
|
||||
| A.java:18:8:18:8 | b [elem] | A.java:21:11:21:15 | b [elem] |
|
||||
| A.java:22:17:22:25 | new Box(...) [elem] | A.java:23:13:23:17 | other [elem] |
|
||||
| A.java:23:13:23:17 | other [elem] | A.java:24:10:24:14 | other [elem] |
|
||||
| A.java:23:13:23:17 | other [post update] [elem] | A.java:24:10:24:14 | other [elem] |
|
||||
| A.java:24:10:24:14 | other [elem] | A.java:24:10:24:19 | other.elem |
|
||||
| A.java:28:5:28:5 | b [post update] [elem] | A.java:23:13:23:17 | other [post update] [elem] |
|
||||
| A.java:28:14:28:25 | new Object(...) | A.java:28:5:28:5 | b [post update] [elem] |
|
||||
#select
|
||||
| 0 | A.java:22:17:22:25 | new Box(...) [elem] |
|
||||
| 0 | A.java:23:13:23:17 | other [elem] |
|
||||
| 0 | A.java:23:13:23:17 | other [post update] [elem] |
|
||||
| 0 | A.java:24:10:24:14 | other [elem] |
|
||||
| 1 | A.java:4:16:4:18 | this <constr(this)> [post update] [elem] |
|
||||
| 1 | A.java:28:5:28:5 | b [post update] [elem] |
|
||||
| 1 | A.java:28:14:28:25 | new Object(...) |
|
||||
18
java/ql/test/library-tests/dataflow/partial/testRev.ql
Normal file
18
java/ql/test/library-tests/dataflow/partial/testRev.ql
Normal file
@@ -0,0 +1,18 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import DataFlow
|
||||
import PartialPathGraph
|
||||
|
||||
class Conf extends Configuration {
|
||||
Conf() { this = "partial flow" }
|
||||
|
||||
override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("src") }
|
||||
|
||||
override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") }
|
||||
|
||||
override int explorationLimit() { result = 10 }
|
||||
}
|
||||
|
||||
from PartialPathNode n, int dist
|
||||
where any(Conf c).hasPartialFlowRev(n, _, dist)
|
||||
select dist, n
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args --enable-preview -source 14 -target 14
|
||||
//semmle-extractor-options: --javac-args --enable-preview -source 15 -target 15
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args --enable-preview -source 14 -target 14
|
||||
//semmle-extractor-options: --javac-args --enable-preview -source 15 -target 15
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<manifest
|
||||
xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
android:versionCode="1"
|
||||
android:versionName="1.0"
|
||||
package="com.example.myapp">
|
||||
|
||||
<!-- Beware that these values are overridden by the build.gradle file -->
|
||||
<uses-sdk android:minSdkVersion="15" android:targetSdkVersion="26" />
|
||||
|
||||
<application
|
||||
android:allowBackup="true"
|
||||
android:icon="@mipmap/ic_launcher"
|
||||
android:roundIcon="@mipmap/ic_launcher_round"
|
||||
android:label="@string/app_name"
|
||||
android:supportsRtl="true"
|
||||
android:theme="@style/AppTheme">
|
||||
|
||||
<!-- This name is resolved to com.example.myapp.MainActivity
|
||||
based upon the package attribute -->
|
||||
<activity android:name=".IntentSources">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.MAIN" />
|
||||
<category android:name="android.intent.category.LAUNCHER" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
|
||||
<activity
|
||||
android:name=".DisplayMessageActivity"
|
||||
android:parentActivityName=".MainActivity" />
|
||||
</application>
|
||||
</manifest>
|
||||
|
||||
<!--
|
||||
/*
|
||||
* This file is licensed under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
-->
|
||||
@@ -0,0 +1,37 @@
|
||||
package com.example.myapp;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
public class IntentSources extends Activity {
|
||||
|
||||
public void test() {
|
||||
|
||||
String trouble = this.getIntent().getStringExtra("key");
|
||||
Runtime.getRuntime().exec(trouble);
|
||||
|
||||
}
|
||||
|
||||
public void test2() {
|
||||
|
||||
String trouble = getIntent().getStringExtra("key");
|
||||
Runtime.getRuntime().exec(trouble);
|
||||
|
||||
}
|
||||
|
||||
public void test3() {
|
||||
|
||||
String trouble = getIntent().getExtras().getString("key");
|
||||
Runtime.getRuntime().exec(trouble);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class OtherClass {
|
||||
|
||||
public void test(IntentSources is) {
|
||||
String trouble = is.getIntent().getStringExtra("key");
|
||||
Runtime.getRuntime().exec(trouble);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,14 +1,34 @@
|
||||
import play.mvc.Controller;
|
||||
import play.mvc.Http.*;
|
||||
import play.mvc.Result;
|
||||
import play.filters.csrf.AddCSRFToken;
|
||||
import play.libs.F;
|
||||
import java.util.concurrent.CompletionStage;
|
||||
|
||||
|
||||
public class PlayResource extends Controller {
|
||||
|
||||
@AddCSRFToken
|
||||
public Result play_index(String username, String password) {
|
||||
public Result index(String username, String password) {
|
||||
String append_token = "password" + password;
|
||||
ok("Working");
|
||||
return ok("Working");
|
||||
}
|
||||
|
||||
public Result session_redirect_me() {
|
||||
String url = request().getQueryString("url");
|
||||
redirect(url);
|
||||
}
|
||||
|
||||
public F.Promise<Result> async_promise(String token) {
|
||||
ok(token);
|
||||
}
|
||||
|
||||
public CompletionStage<Result> async_completionstage(String complete) {
|
||||
String return_code = "complete" + complete;
|
||||
ok("Async completion Stage");
|
||||
}
|
||||
|
||||
public String not_playactionmethod(String no_action) {
|
||||
String return_code = no_action;
|
||||
return return_code;
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x
|
||||
@@ -5,10 +5,35 @@
|
||||
| A.java:41:5:41:53 | getInputStream(...) | A.java:41:5:41:53 | getInputStream(...) |
|
||||
| A.java:42:5:42:45 | getInputStream(...) | A.java:42:5:42:45 | getInputStream(...) |
|
||||
| A.java:43:5:43:47 | getHostName(...) | A.java:43:5:43:47 | getHostName(...) |
|
||||
| PlayResource.java:10:30:10:44 | username | PlayResource.java:10:30:10:44 | username |
|
||||
| PlayResource.java:10:47:10:61 | password | PlayResource.java:10:47:10:61 | password |
|
||||
| PlayResource.java:10:47:10:61 | password | PlayResource.java:11:31:11:51 | ... + ... |
|
||||
| PlayResource.java:10:47:10:61 | password | PlayResource.java:11:44:11:51 | password |
|
||||
| IntentSources.java:9:20:9:35 | getIntent(...) | ../../../stubs/google-android-9.0.0/android/content/Intent.java:1057:19:1057:32 | parameter this |
|
||||
| IntentSources.java:9:20:9:35 | getIntent(...) | IntentSources.java:9:20:9:35 | getIntent(...) |
|
||||
| IntentSources.java:9:20:9:35 | getIntent(...) | IntentSources.java:9:20:9:57 | getStringExtra(...) |
|
||||
| IntentSources.java:9:20:9:35 | getIntent(...) | IntentSources.java:10:29:10:35 | trouble |
|
||||
| IntentSources.java:16:20:16:30 | getIntent(...) | ../../../stubs/google-android-9.0.0/android/content/Intent.java:1057:19:1057:32 | parameter this |
|
||||
| IntentSources.java:16:20:16:30 | getIntent(...) | IntentSources.java:16:20:16:30 | getIntent(...) |
|
||||
| IntentSources.java:16:20:16:30 | getIntent(...) | IntentSources.java:16:20:16:52 | getStringExtra(...) |
|
||||
| IntentSources.java:16:20:16:30 | getIntent(...) | IntentSources.java:17:29:17:35 | trouble |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | ../../../stubs/google-android-9.0.0/android/content/Intent.java:1356:19:1356:27 | parameter this |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | ../../../stubs/google-android-9.0.0/android/os/BaseBundle.java:599:19:599:27 | parameter this |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | IntentSources.java:23:20:23:30 | getIntent(...) |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | IntentSources.java:23:20:23:42 | getExtras(...) |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | IntentSources.java:23:20:23:59 | getString(...) |
|
||||
| IntentSources.java:23:20:23:30 | getIntent(...) | IntentSources.java:24:29:24:35 | trouble |
|
||||
| IntentSources.java:33:20:33:33 | getIntent(...) | ../../../stubs/google-android-9.0.0/android/content/Intent.java:1057:19:1057:32 | parameter this |
|
||||
| IntentSources.java:33:20:33:33 | getIntent(...) | IntentSources.java:33:20:33:33 | getIntent(...) |
|
||||
| IntentSources.java:33:20:33:33 | getIntent(...) | IntentSources.java:33:20:33:55 | getStringExtra(...) |
|
||||
| IntentSources.java:33:20:33:33 | getIntent(...) | IntentSources.java:34:29:34:35 | trouble |
|
||||
| PlayResource.java:11:25:11:39 | username | PlayResource.java:11:25:11:39 | username |
|
||||
| PlayResource.java:11:42:11:56 | password | PlayResource.java:11:42:11:56 | password |
|
||||
| PlayResource.java:11:42:11:56 | password | PlayResource.java:12:31:12:51 | ... + ... |
|
||||
| PlayResource.java:11:42:11:56 | password | PlayResource.java:12:44:12:51 | password |
|
||||
| PlayResource.java:17:22:17:52 | getQueryString(...) | PlayResource.java:17:22:17:52 | getQueryString(...) |
|
||||
| PlayResource.java:21:44:21:55 | token | ../../../stubs/playframework-2.6.x/play/mvc/Results.java:261:27:261:40 | content |
|
||||
| PlayResource.java:21:44:21:55 | token | PlayResource.java:21:44:21:55 | token |
|
||||
| PlayResource.java:21:44:21:55 | token | PlayResource.java:22:12:22:16 | token |
|
||||
| PlayResource.java:25:58:25:72 | complete | PlayResource.java:25:58:25:72 | complete |
|
||||
| PlayResource.java:25:58:25:72 | complete | PlayResource.java:26:30:26:50 | ... + ... |
|
||||
| PlayResource.java:25:58:25:72 | complete | PlayResource.java:26:43:26:50 | complete |
|
||||
| RmiFlowImpl.java:4:30:4:40 | path | RmiFlowImpl.java:4:30:4:40 | path |
|
||||
| RmiFlowImpl.java:4:30:4:40 | path | RmiFlowImpl.java:5:20:5:31 | ... + ... |
|
||||
| RmiFlowImpl.java:4:30:4:40 | path | RmiFlowImpl.java:5:28:5:31 | path |
|
||||
|
||||
Reference in New Issue
Block a user