hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Playframework test cases & review fixes

Browse Source
This commit is contained in:
Francis Alexander
2021-01-06 22:57:14 +05:30
parent 27c554c164 b230868893
commit 1f5a466e46
2109 changed files with 202403 additions and 103314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
java/ql/test/library-tests/frameworks/guava/Test.java Normal file
View File

@@ -0,0 +1,62 @@
import com.google.common.base.Strings;
import com.google.common.base.Splitter;
import com.google.common.base.Joiner;
import java.util.Map;
import java.util.HashMap;
class Test {
String taint() { return "tainted"; }
void sink(Object o) {}
void test1() {
String x = taint();
sink(Strings.padStart(x, 10, ' '));
sink(Strings.padEnd(x, 10, ' '));
sink(Strings.repeat(x, 3));
sink(Strings.emptyToNull(Strings.nullToEmpty(x)));
sink(Strings.lenientFormat(x, 3));
sink(Strings.commonPrefix(x, "abc"));
sink(Strings.commonSuffix(x, "cde"));
sink(Strings.lenientFormat("%s = %s", x, 3));
}
void test2() {
String x = taint();
Splitter s = Splitter.on(x).omitEmptyStrings();
sink(s.split("x y z"));
sink(s.split(x));
sink(s.splitToList(x));
sink(s.withKeyValueSeparator("=").split("a=b"));
sink(s.withKeyValueSeparator("=").split(x));
}
void test3() {
String x = taint();
Joiner taintedJoiner = Joiner.on(x);
Joiner safeJoiner = Joiner.on(", ");
StringBuilder sb = new StringBuilder();
sink(safeJoiner.appendTo(sb, "a", "b", "c"));
sink(sb.toString());
sink(taintedJoiner.appendTo(sb, "a", "b", "c"));
sink(sb.toString());
sink(safeJoiner.appendTo(sb, "a", "b", "c"));
sink(sb.toString());
sb = new StringBuilder();
sink(safeJoiner.appendTo(sb, x, x));
Map<String, String> m = new HashMap<String, String>();
m.put("k", "v");
sink(safeJoiner.withKeyValueSeparator("=").join(m));
sink(safeJoiner.withKeyValueSeparator(x).join(m));
sink(taintedJoiner.useForNull("(null)").withKeyValueSeparator("=").join(m));
m.put("k2", x);
sink(safeJoiner.withKeyValueSeparator("=").join(m));
}
}

17
java/ql/test/library-tests/frameworks/guava/flow.expected Normal file
View File

@@ -0,0 +1,17 @@
| Test.java:15:20:15:26 | taint(...) | Test.java:17:14:17:41 | padStart(...) |
| Test.java:15:20:15:26 | taint(...) | Test.java:18:14:18:39 | padEnd(...) |
| Test.java:15:20:15:26 | taint(...) | Test.java:19:14:19:33 | repeat(...) |
| Test.java:15:20:15:26 | taint(...) | Test.java:20:14:20:56 | emptyToNull(...) |
| Test.java:15:20:15:26 | taint(...) | Test.java:21:14:21:40 | lenientFormat(...) |
| Test.java:15:20:15:26 | taint(...) | Test.java:24:14:24:51 | lenientFormat(...) |
| Test.java:28:20:28:26 | taint(...) | Test.java:32:14:32:23 | split(...) |
| Test.java:28:20:28:26 | taint(...) | Test.java:33:14:33:29 | splitToList(...) |
| Test.java:28:20:28:26 | taint(...) | Test.java:35:14:35:50 | split(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:46:14:46:54 | appendTo(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:47:14:47:26 | toString(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:48:14:48:51 | appendTo(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:49:14:49:26 | toString(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:52:14:52:42 | appendTo(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:57:14:57:56 | join(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:58:14:58:82 | join(...) |
| Test.java:39:20:39:26 | taint(...) | Test.java:60:14:60:58 | join(...) |

18
java/ql/test/library-tests/frameworks/guava/flow.ql Normal file
View File

@@ -0,0 +1,18 @@
import java
import semmle.code.java.dataflow.TaintTracking
class Conf extends TaintTracking::Configuration {
Conf() { this = "qltest:frameworks:guava" }
override predicate isSource(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod().hasName("taint")
}
override predicate isSink(DataFlow::Node n) {
exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
}
from DataFlow::Node src, DataFlow::Node sink, Conf conf
where conf.hasFlow(src, sink)
select src, sink

1
java/ql/test/library-tests/frameworks/guava/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/guava-30.0

3
java/ql/test/library-tests/frameworks/play/PlayActionMethodQueryParameter.expected Normal file
View File

@@ -0,0 +1,3 @@
| resources/Resource.java:20:39:20:48 | uri |
| resources/Resource.java:25:44:25:55 | token |
| resources/Resource.java:29:58:29:67 | uri |

4
java/ql/test/library-tests/frameworks/play/PlayActionMethodQueryParameter.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayActionMethodQueryParameter p
select p

1
java/ql/test/library-tests/frameworks/play/PlayAddCSRFTokenAnnotation.expected Normal file
View File

@@ -0,0 +1 @@
| resources/Resource.java:13:5:13:17 | AddCSRFToken |

4
java/ql/test/library-tests/frameworks/play/PlayAddCSRFTokenAnnotation.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayAddCSRFTokenAnnotation token
select token

1
java/ql/test/library-tests/frameworks/play/PlayBodyParserAnnotation.expected Normal file
View File

@@ -0,0 +1 @@
| play.mvc.BodyParser<>$Of |

4
java/ql/test/library-tests/frameworks/play/PlayBodyParserAnnotation.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayBodyParserAnnotation parser
select parser.getType().getQualifiedName()

2
java/ql/test/library-tests/frameworks/play/PlayController.expected Normal file
View File

@@ -0,0 +1,2 @@
| Resource |
| play.mvc.Controller |

4
java/ql/test/library-tests/frameworks/play/PlayController.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayController c
select c.getQualifiedName()

4
java/ql/test/library-tests/frameworks/play/PlayControllerActionMethod.expected Normal file
View File

@@ -0,0 +1,4 @@
| Resource.async_completionstage |
| Resource.async_promise |
| Resource.index |
| Resource.session_redirect_me |

4
java/ql/test/library-tests/frameworks/play/PlayControllerActionMethod.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayControllerActionMethod m
select m.getQualifiedName()

27
java/ql/test/library-tests/frameworks/play/PlayMVCHTTPRequestHeader.expected Normal file
View File

@@ -0,0 +1,27 @@
| play.mvc.Http$RequestHeader | RequestHeader.acceptLanguages |
| play.mvc.Http$RequestHeader | RequestHeader.accepts |
| play.mvc.Http$RequestHeader | RequestHeader.addAttr |
| play.mvc.Http$RequestHeader | RequestHeader.attrs |
| play.mvc.Http$RequestHeader | RequestHeader.charset |
| play.mvc.Http$RequestHeader | RequestHeader.clientCertificateChain |
| play.mvc.Http$RequestHeader | RequestHeader.contentType |
| play.mvc.Http$RequestHeader | RequestHeader.cookie |
| play.mvc.Http$RequestHeader | RequestHeader.cookies |
| play.mvc.Http$RequestHeader | RequestHeader.getHeader |
| play.mvc.Http$RequestHeader | RequestHeader.getHeaders |
| play.mvc.Http$RequestHeader | RequestHeader.getQueryString |
| play.mvc.Http$RequestHeader | RequestHeader.hasBody |
| play.mvc.Http$RequestHeader | RequestHeader.hasHeader |
| play.mvc.Http$RequestHeader | RequestHeader.header |
| play.mvc.Http$RequestHeader | RequestHeader.headers |
| play.mvc.Http$RequestHeader | RequestHeader.host |
| play.mvc.Http$RequestHeader | RequestHeader.method |
| play.mvc.Http$RequestHeader | RequestHeader.path |
| play.mvc.Http$RequestHeader | RequestHeader.queryString |
| play.mvc.Http$RequestHeader | RequestHeader.remoteAddress |
| play.mvc.Http$RequestHeader | RequestHeader.secure |
| play.mvc.Http$RequestHeader | RequestHeader.tags |
| play.mvc.Http$RequestHeader | RequestHeader.uri |
| play.mvc.Http$RequestHeader | RequestHeader.version |
| play.mvc.Http$RequestHeader | RequestHeader.withAttrs |
| play.mvc.Http$RequestHeader | RequestHeader.withBody |

4
java/ql/test/library-tests/frameworks/play/PlayMVCHTTPRequestHeader.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayMVCHTTPRequestHeader c
select c.getQualifiedName(), c.getAMethod().getQualifiedName()

1
java/ql/test/library-tests/frameworks/play/PlayMVCResultClass.expected Normal file
View File

@@ -0,0 +1 @@
| play.mvc.Result |

4
java/ql/test/library-tests/frameworks/play/PlayMVCResultClass.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayMVCResultClass m
select m.getQualifiedName()

19
java/ql/test/library-tests/frameworks/play/PlayMVCResultsClass.expected Normal file
View File

@@ -0,0 +1,19 @@
| play.mvc.Results | Results.<clinit> |
| play.mvc.Results | Results.badRequest |
| play.mvc.Results | Results.created |
| play.mvc.Results | Results.forbidden |
| play.mvc.Results | Results.found |
| play.mvc.Results | Results.internalServerError |
| play.mvc.Results | Results.movedPermanently |
| play.mvc.Results | Results.noContent |
| play.mvc.Results | Results.notAcceptable |
| play.mvc.Results | Results.notFound |
| play.mvc.Results | Results.ok |
| play.mvc.Results | Results.paymentRequired |
| play.mvc.Results | Results.permanentRedirect |
| play.mvc.Results | Results.redirect |
| play.mvc.Results | Results.seeOther |
| play.mvc.Results | Results.status |
| play.mvc.Results | Results.temporaryRedirect |
| play.mvc.Results | Results.unauthorized |
| play.mvc.Results | Results.unsupportedMediaType |

4
java/ql/test/library-tests/frameworks/play/PlayMVCResultsClass.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayMVCResultsClass m
select m.getQualifiedName(), m.getAMethod().getQualifiedName()

3
java/ql/test/library-tests/frameworks/play/PlayMVCResultsMethods.expected Normal file
View File

@@ -0,0 +1,3 @@
| resources/Resource.java:16:16:16:30 | ok(...) |
| resources/Resource.java:26:9:26:17 | ok(...) |
| resources/Resource.java:30:9:30:36 | ok(...) |

4
java/ql/test/library-tests/frameworks/play/PlayMVCResultsMethods.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.java.frameworks.play.Play
from PlayMVCResultsMethods m
select m.getAnOkAccess()

1
java/ql/test/library-tests/frameworks/play/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x

37
java/ql/test/library-tests/frameworks/play/resources/Resource.java Normal file
View File

@@ -0,0 +1,37 @@
import play.mvc.Controller;
import play.mvc.Http.*;
import play.mvc.Results;
import play.mvc.Result;
import play.filters.csrf.AddCSRFToken;
import play.mvc.BodyParser;
import play.libs.F;
import java.util.concurrent.CompletionStage;
public class Resource extends Controller {
@AddCSRFToken
public Result index() {
response().setHeader("X-Play-QL", "1");
return ok("It works!");
}
@BodyParser.Of()
public Result session_redirect_me(String uri) {
String url = request().getQueryString("url");
redirect(url);
}
public F.Promise<Result> async_promise(String token) {
ok(token);
}
public CompletionStage<Result> async_completionstage(String uri) {
ok("Async completion Stage");
}
public String not_playactionmethod(String no_action) {
String return_code = no_action;
return return_code;
}
}