This commit is contained in:
Anders Schack-Mulligen
2024-11-22 10:36:36 +01:00
parent 408a38d9fb
commit 2ff2d25784
4 changed files with 807 additions and 0 deletions

View File

@@ -0,0 +1,306 @@
// Test cases for CWE-089 (SQL injection and Java Persistence query injection)
// http://cwe.mitre.org/data/definitions/89.html
package test.cwe089.semmle.tests;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Consumer;
class AllowListSanitizerWithJavaUtilList {
public static Connection connection;
public static final List<String> goodAllowList1 = List.of("allowed1", "allowed2", "allowed3");
public static final List<String> goodAllowList2 = Collections.unmodifiableList(Arrays.asList("allowed1"));
public static final List<String> goodAllowList3;
public static final List<String> goodAllowList4;
public static final List<String> badAllowList1 = List.of("allowed1", "allowed2", getNonConstantString());
public static final List<String> badAllowList2 = Collections.unmodifiableList(Arrays.asList("allowed1", getNonConstantString()));
public static final List<String> badAllowList3;
public static final List<String> badAllowList4;
public static final List<String> badAllowList5;
public static List<String> badAllowList6 = List.of("allowed1", "allowed2", "allowed3");
public final List<String> badAllowList7 = List.of("allowed1", "allowed2", "allowed3");
static {
goodAllowList3 = List.of("allowed1", "allowed2", "allowed3");
goodAllowList4 = Collections.unmodifiableList(Arrays.asList("allowed1", "allowed2"));
badAllowList3 = List.of(getNonConstantString(), "allowed2", "allowed3");
badAllowList4 = Collections.unmodifiableList(Arrays.asList("allowed1", getNonConstantString()));
badAllowList5 = new ArrayList<String>();
badAllowList5.add("allowed1");
badAllowList5.add("allowed2");
badAllowList5.add("allowed3");
}
public static String getNonConstantString() {
return String.valueOf(System.currentTimeMillis());
}
public static void main(String[] args) throws IOException, SQLException {
badAllowList6 = List.of("allowed1", getNonConstantString(), "allowed3");
testStaticFields(args);
testLocal(args);
var x = new AllowListSanitizerWithJavaUtilList();
x.testNonStaticFields(args);
testMultipleSources(args);
testEscape(args);
}
private static void testStaticFields(String[] args) throws IOException, SQLException {
String tainted = args[1];
// GOOD: an allowlist is used with constant strings
if(goodAllowList1.contains(tainted.toLowerCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList2.contains(tainted.toUpperCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList3.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList4.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList1.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList2.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList3.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList4.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList5.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: the allowlist is in a non-final field
if(badAllowList6.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
private void testNonStaticFields(String[] args) throws IOException, SQLException {
String tainted = args[0];
// BAD: the allowlist is in a non-static field
if(badAllowList7.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
private static void testLocal(String[] args) throws IOException, SQLException {
String tainted = args[1];
// GOOD: an allowlist is used with constant strings
{
List<String> allowlist = List.of("allowed1", "allowed2", "allowed3");
if(allowlist.contains(tainted.toLowerCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
List<String> allowlist = List.of("allowed1", "allowed2", args[2]);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
String[] allowedArray = {"allowed1", "allowed2", "allowed3"};
List<String> allowlist = List.of(allowedArray);
if(allowlist.contains(tainted.toUpperCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
String[] allowedArray = {"allowed1", "allowed2", args[2]};
List<String> allowlist = List.of(allowedArray);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
List<String> allowlist = Collections.unmodifiableList(Arrays.asList("allowed1"));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
List<String> allowlist = Collections.unmodifiableList(Arrays.asList("allowed1", "allowed2", args[2]));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
String[] allowedArray = {"allowed1", "allowed2", "allowed3"};
List<String> allowlist = Collections.unmodifiableList(Arrays.asList(allowedArray));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
String[] allowedArray = {"allowed1", "allowed2", args[2]};
List<String> allowlist = Collections.unmodifiableList(Arrays.asList(allowedArray));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant string
{
List<String> allowlist = new ArrayList<String>();
allowlist.add("allowed1");
allowlist.add("allowed2");
allowlist.add("allowed3");
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
List<String> allowlist = new ArrayList<String>();
allowlist.add("allowed1");
allowlist.add(getNonConstantString());
allowlist.add("allowed3");
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but it contains a non-compile-time constant element
{
List<String> allowlist = new ArrayList<String>();
allowlist.add("allowed1");
addNonConstantStringDirectly(allowlist);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void testMultipleSources(String[] args) throws IOException, SQLException {
String tainted = args[1];
boolean b = args[2] == "True";
{
// BAD: an allowlist is used which might contain constant strings
List<String> allowlist = new ArrayList<String>();
allowlist.add("allowed1");
if (b) {
allowlist.add(getNonConstantString());
}
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
{
// BAD: an allowlist is used which might contain constant strings
List<String> allowlist = b ? goodAllowList1 : badAllowList1;
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
{
// BAD: an allowlist is used which might contain constant strings
List<String> allowlist = b ? goodAllowList1 : List.of("allowed1", "allowed2", args[2]);;
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void testEscape(String[] args) throws IOException, SQLException {
String tainted = args[1];
boolean b = args[2] == "True";
{
// BAD: an allowlist is used which contains constant strings
List<String> allowlist = new ArrayList<String>();
addNonConstantStringViaLambda(e -> allowlist.add(e));
if(allowlist.contains(tainted)){ // missing result
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void addNonConstantStringDirectly(List<String> list) {
list.add(getNonConstantString());
}
private static void addNonConstantStringViaLambda(Consumer<String> adder) {
adder.accept(getNonConstantString());
}
}

View File

@@ -0,0 +1,305 @@
// Test cases for CWE-089 (SQL injection and Java Persistence query injection)
// http://cwe.mitre.org/data/definitions/89.html
package test.cwe089.semmle.tests;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashSet;
import java.util.List;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.function.Consumer;
class AllowListSanitizerWithJavaUtilSet {
public static Connection connection;
public static final Set<String> goodAllowList1 = Set.of("allowed1", "allowed2", "allowed3");
public static final Set<String> goodAllowList2 = Collections.unmodifiableSet(new HashSet<String>(Arrays.asList("allowed1","allowed2")));
public static final Set<String> goodAllowList3;
public static final Set<String> goodAllowList4;
public static final Set<String> badAllowList1 = Set.of("allowed1", "allowed2", getNonConstantString());
public static final Set<String> badAllowList2 = Collections.unmodifiableSet(new HashSet<String>(Arrays.asList("allowed1", getNonConstantString())));
public static final Set<String> badAllowList3;
public static final Set<String> badAllowList4;
public static final Set<String> badAllowList5;
public static Set<String> badAllowList6 = Set.of("allowed1", "allowed2", "allowed3");
public final Set<String> badAllowList7 = Set.of("allowed1", "allowed2", "allowed3");
static {
goodAllowList3 = Set.of("allowed1", "allowed2", "allowed3");
goodAllowList4 = Collections.unmodifiableSet(new HashSet<String>(Arrays.asList("allowed1", "allowed2")));
badAllowList3 = Set.of(getNonConstantString(), "allowed2", "allowed3");
badAllowList4 = Collections.unmodifiableSet(new HashSet<String>(Arrays.asList("allowed1", getNonConstantString())));
badAllowList5 = new HashSet<String>();
badAllowList5.add("allowed1");
badAllowList5.add("allowed2");
badAllowList5.add("allowed3");
}
public static String getNonConstantString() {
return String.valueOf(System.currentTimeMillis());
}
public static void main(String[] args) throws IOException, SQLException {
badAllowList6 = Set.of("allowed1", getNonConstantString(), "allowed3");
testStaticFields(args);
testLocal(args);
var x = new AllowListSanitizerWithJavaUtilSet();
x.testNonStaticFields(args);
testMultipleSources(args);
testEscape(args);
}
private static void testStaticFields(String[] args) throws IOException, SQLException {
String tainted = args[1];
// GOOD: an allowlist is used with constant strings
if(goodAllowList1.contains(tainted.toLowerCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList2.contains(tainted.toUpperCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList3.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// GOOD: an allowlist is used with constant strings
if(goodAllowList4.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList1.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList2.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList3.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList4.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: an allowlist is used with constant strings
if(badAllowList5.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
// BAD: the allowlist is in a non-final field
if(badAllowList6.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
private void testNonStaticFields(String[] args) throws IOException, SQLException {
String tainted = args[1];
// BAD: the allowlist is in a non-static field
if(badAllowList7.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
private static void testLocal(String[] args) throws IOException, SQLException {
String tainted = args[1];
// GOOD: an allowlist is used with constant strings
{
Set<String> allowlist = Set.of("allowed1", "allowed2", "allowed3");
if(allowlist.contains(tainted.toLowerCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
Set<String> allowlist = Set.of("allowed1", "allowed2", args[2]);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
String[] allowedArray = {"allowed1", "allowed2", "allowed3"};
Set<String> allowlist = Set.of(allowedArray);
if(allowlist.contains(tainted.toUpperCase())){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
String[] allowedArray = {"allowed1", "allowed2", args[2]};
Set<String> allowlist = Set.of(allowedArray);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
Set<String> allowlist = Collections.unmodifiableSet(new HashSet<>(Arrays.asList("allowed1")));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
Set<String> allowlist = Collections.unmodifiableSet(new HashSet<>(Arrays.asList("allowed1", "allowed2", args[2])));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant strings
{
String[] allowedArray = {"allowed1", "allowed2", "allowed3"};
Set<String> allowlist = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(allowedArray)));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
String[] allowedArray = {"allowed1", "allowed2", args[2]};
Set<String> allowlist = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(allowedArray)));
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// GOOD: an allowlist is used with constant string
{
Set<String> allowlist = new HashSet<String>();
allowlist.add("allowed1");
allowlist.add("allowed2");
allowlist.add("allowed3");
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but one of the entries is not a compile-time constant
{
Set<String> allowlist = new HashSet<String>();
allowlist.add("allowed1");
allowlist.add(getNonConstantString());
allowlist.add("allowed3");
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
// BAD: an allowlist is used but it contains a non-compile-time constant element
{
Set<String> allowlist = new HashSet<String>();
allowlist.add("allowed1");
addNonConstantStringDirectly(allowlist);
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void testMultipleSources(String[] args) throws IOException, SQLException {
String tainted = args[1];
boolean b = args[2] == "True";
{
// BAD: an allowlist is used which might contain constant strings
Set<String> allowlist = new HashSet<String>();
allowlist.add("allowed1");
if (b) {
allowlist.add(getNonConstantString());
}
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
{
// BAD: an allowlist is used which might contain constant strings
Set<String> allowlist = b ? goodAllowList1 : badAllowList1;
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
{
// BAD: an allowlist is used which might contain constant strings
Set<String> allowlist = b ? goodAllowList1 : Set.of("allowed1", "allowed2", args[2]);;
if(allowlist.contains(tainted)){
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void testEscape(String[] args) throws IOException, SQLException {
String tainted = args[1];
boolean b = args[2] == "True";
{
// BAD: an allowlist is used which contains constant strings
Set<String> allowlist = new HashSet<String>();
addNonConstantStringViaLambda(e -> allowlist.add(e));
if(allowlist.contains(tainted)){ // missing result
String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+ tainted + "' ORDER BY PRICE";
ResultSet results = connection.createStatement().executeQuery(query);
}
}
}
private static void addNonConstantStringDirectly(Set<String> set) {
set.add(getNonConstantString());
}
private static void addNonConstantStringViaLambda(Consumer<String> adder) {
adder.accept(getNonConstantString());
}
}

View File

@@ -1,3 +1,55 @@
| AllowListSanitizerWithJavaUtilList.java:64:66:64:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:63:8:63:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:70:66:70:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:69:8:69:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:76:66:76:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:75:8:75:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:82:66:82:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:81:8:81:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:87:8:87:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:93:8:93:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:99:8:99:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:105:8:105:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:111:8:111:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:117:8:117:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:127:8:127:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:140:67:140:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:139:9:139:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:148:9:148:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:159:67:159:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:158:9:158:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:168:9:168:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:178:67:178:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:177:9:177:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:186:9:186:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:197:67:197:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:196:9:196:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:206:9:206:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:219:67:219:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:218:9:218:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:230:9:230:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:241:9:241:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:259:9:259:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:268:9:268:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:277:9:277:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilList.java:293:67:293:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilList.java:292:9:292:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:63:66:63:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:62:8:62:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:69:66:69:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:68:8:68:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:75:66:75:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:74:8:74:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:81:66:81:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:80:8:80:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:87:66:87:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:86:8:86:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:93:66:93:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:92:8:92:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:99:66:99:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:98:8:98:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:105:66:105:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:104:8:104:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:111:66:111:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:110:8:110:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:117:66:117:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:116:8:116:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:127:66:127:70 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:126:8:126:14 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:139:67:139:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:138:9:138:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:148:67:148:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:147:9:147:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:158:67:158:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:157:9:157:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:168:67:168:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:167:9:167:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:177:67:177:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:176:9:176:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:186:67:186:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:185:9:185:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:196:67:196:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:195:9:195:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:206:67:206:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:205:9:205:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:218:67:218:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:217:9:217:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:230:67:230:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:229:9:229:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:241:67:241:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:240:9:240:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:259:67:259:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:258:9:258:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:268:67:268:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:267:9:267:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:277:67:277:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:276:9:276:15 | tainted | this expression |
| AllowListSanitizerWithJavaUtilSet.java:292:67:292:71 | query | Query built by concatenation with $@, which may be untrusted. | AllowListSanitizerWithJavaUtilSet.java:291:9:291:15 | tainted | this expression |
| Test.java:36:47:36:52 | query1 | Query built by concatenation with $@, which may be untrusted. | Test.java:35:8:35:15 | category | this expression |
| Test.java:42:57:42:62 | query2 | Query built by concatenation with $@, which may be untrusted. | Test.java:41:51:41:52 | id | this expression |
| Test.java:50:62:50:67 | query3 | Query built by concatenation with $@, which may be untrusted. | Test.java:49:8:49:15 | category | this expression |

View File

@@ -1,4 +1,38 @@
#select
| AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilList.java:293:67:293:71 | query | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:293:67:293:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:87:66:87:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:87:66:87:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:93:66:93:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:93:66:93:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:99:66:99:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:99:66:99:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:105:66:105:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:105:66:105:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:111:66:111:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:111:66:111:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:117:66:117:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:117:66:117:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:127:66:127:70 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:127:66:127:70 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:148:67:148:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:148:67:148:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:168:67:168:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:168:67:168:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:186:67:186:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:186:67:186:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:206:67:206:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:206:67:206:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:230:67:230:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:230:67:230:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:241:67:241:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:241:67:241:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:259:67:259:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:259:67:259:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:268:67:268:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:268:67:268:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:277:67:277:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:277:67:277:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| AllowListSanitizerWithJavaUtilSet.java:292:67:292:71 | query | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:292:67:292:71 | query | This query depends on a $@. | AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args | user-provided value |
| Mongo.java:17:45:17:67 | parse(...) | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:45:17:67 | parse(...) | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
| Mongo.java:21:49:21:52 | json | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
| Test.java:36:47:36:52 | query1 | Test.java:227:26:227:38 | args : String[] | Test.java:36:47:36:52 | query1 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
@@ -10,6 +44,60 @@
| Test.java:209:47:209:68 | queryWithUserTableName | Test.java:227:26:227:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
| Test.java:221:81:221:111 | ... + ... | Test.java:227:26:227:38 | args : String[] | Test.java:221:81:221:111 | ... + ... | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
edges
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | AllowListSanitizerWithJavaUtilList.java:55:14:55:17 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:55:14:55:17 | args : String[] | AllowListSanitizerWithJavaUtilList.java:283:33:283:45 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilList.java:283:33:283:45 | args : String[] | AllowListSanitizerWithJavaUtilList.java:293:67:293:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:49:20:49:23 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:50:13:50:16 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:52:25:52:28 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:53:23:53:26 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:54:14:54:17 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:49:20:49:23 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:50:13:50:16 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:52:25:52:28 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:121:35:121:47 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:53:23:53:26 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:246:42:246:54 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:54:14:54:17 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:282:33:282:45 | args : String[] | provenance | |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:87:66:87:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:93:66:93:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:99:66:99:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:105:66:105:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:111:66:111:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:117:66:117:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:121:35:121:47 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:127:66:127:70 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:148:67:148:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:168:67:168:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:186:67:186:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:206:67:206:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:230:67:230:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:241:67:241:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:246:42:246:54 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:259:67:259:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:246:42:246:54 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:268:67:268:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:246:42:246:54 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:277:67:277:71 | query | provenance | Sink:MaD:6 |
| AllowListSanitizerWithJavaUtilSet.java:282:33:282:45 | args : String[] | AllowListSanitizerWithJavaUtilSet.java:292:67:292:71 | query | provenance | Sink:MaD:6 |
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:56:17:66 | stringQuery : String | provenance | |
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | provenance | |
| Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | Config |
@@ -40,6 +128,62 @@ models
| 6 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[0]; Argument[this]; taint; manual |
| 7 | Summary: java.lang; CharSequence; true; toString; ; ; Argument[this]; ReturnValue; taint; manual |
nodes
| AllowListSanitizerWithJavaUtilList.java:48:26:48:38 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:50:20:50:23 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:51:13:51:16 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:53:25:53:28 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:54:23:54:26 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:55:14:55:17 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:58:39:58:51 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:88:66:88:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:94:66:94:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:100:66:100:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:106:66:106:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:112:66:112:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:118:66:118:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:122:35:122:47 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:128:66:128:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:132:32:132:44 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:149:67:149:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:169:67:169:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:187:67:187:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:207:67:207:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:231:67:231:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:242:67:242:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:247:42:247:54 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:260:67:260:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:269:67:269:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:278:67:278:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilList.java:283:33:283:45 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilList.java:293:67:293:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:47:26:47:38 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:49:20:49:23 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:50:13:50:16 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:52:25:52:28 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:53:23:53:26 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:54:14:54:17 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:57:39:57:51 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:87:66:87:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:93:66:93:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:99:66:99:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:105:66:105:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:111:66:111:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:117:66:117:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:121:35:121:47 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:127:66:127:70 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:131:32:131:44 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:148:67:148:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:168:67:168:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:186:67:186:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:206:67:206:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:230:67:230:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:241:67:241:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:246:42:246:54 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:259:67:259:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:268:67:268:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:277:67:277:71 | query | semmle.label | query |
| AllowListSanitizerWithJavaUtilSet.java:282:33:282:45 | args : String[] | semmle.label | args : String[] |
| AllowListSanitizerWithJavaUtilSet.java:292:67:292:71 | query | semmle.label | query |
| Mongo.java:10:29:10:41 | args : String[] | semmle.label | args : String[] |
| Mongo.java:17:45:17:67 | parse(...) | semmle.label | parse(...) |
| Mongo.java:17:56:17:66 | stringQuery : String | semmle.label | stringQuery : String |