Java: Update existing tests and add a couple of extra configuration tests.

2026-05-21 06:37:10 +02:00 · 2023-05-01 14:35:30 +02:00
parent 9c5db8cd90
commit 34572ea639
14 changed files with 126 additions and 71 deletions
--- a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml
+++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ext.yml
@@ -27,8 +27,8 @@ extensions:
      - ["", "SinkClass", True, "memberSink", "(int,int)", "", "Argument[0]", "kotlinMadFlowTest", "manual"]
      - ["", "SinkClass", True, "extensionMemberSink", "(String,int,int)", "", "Argument[1]", "kotlinMadFlowTest", "manual"]

-  - addsTo:
-      pack: codeql/java-all
-      extensible: supportedThreatModel
-    data:
-      - ["kotlinMadFlowTest"]
+  # - addsTo:
+  #     pack: codeql/java-all
+  #     extensible: supportedThreatModel
+  #   data:
+  #     - ["kotlinMadFlowTest"]
--- a/java/ql/test/experimental/configured-flow/Test.qll
+++ b/java/ql/test/experimental/configured-flow/Test.qll
@@ -0,0 +1,12 @@
+private import java
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.TaintTracking
+
+private module ThreatModelConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
+
+  predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
+}
+
+module ThreatModel = TaintTracking::Global<ThreatModelConfig>;
--- a/java/ql/test/experimental/configured-flow/codeql-pack.yml
+++ b/java/ql/test/experimental/configured-flow/codeql-pack.yml
@@ -1,9 +0,0 @@
-name: test/configured-threat-models
-version: 0.0.0
-dependencies:
-  codeql/java-all: "*"
-
-dataExtensions:
-  - ext/*.yml
-
-extractor: java
--- a/java/ql/test/experimental/configured-flow/test-all.expected
+++ b/java/ql/test/experimental/configured-flow/test-all.expected
--- a/java/ql/test/experimental/configured-flow/ext/threat-models.yml
+++ b/java/ql/test/experimental/configured-flow/ext/threat-models.yml
--- a/java/ql/test/experimental/configured-flow/test-all.ql
+++ b/java/ql/test/experimental/configured-flow/test-all.ql
@@ -0,0 +1,16 @@
+/**
+ * @name Testing the threat model
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision low
+ * @id java/threat-model-all
+ * @tags security
+ */
+
+import Test
+import ThreatModel::PathGraph
+
+from ThreatModel::PathNode source, ThreatModel::PathNode sink
+where ThreatModel::flowPath(source, sink)
+select sink.getNode(), source, sink, "This is some kind of threat model thingy $@.",
+  source.getNode(), "Source of that thingy"
--- a/java/ql/test/experimental/configured-flow/test-remote.expected
+++ b/java/ql/test/experimental/configured-flow/test-remote.expected
@@ -0,0 +1,11 @@
+edges
+| Test.java:15:15:15:42 | read(...) : Number | Test.java:18:34:18:36 | val |
+| Test.java:15:15:15:42 | read(...) : Number | Test.java:21:29:21:68 | ... + ... |
+nodes
+| Test.java:15:15:15:42 | read(...) : Number | semmle.label | read(...) : Number |
+| Test.java:18:34:18:36 | val | semmle.label | val |
+| Test.java:21:29:21:68 | ... + ... | semmle.label | ... + ... |
+subpaths
+#select
+| Test.java:18:34:18:36 | val | Test.java:15:15:15:42 | read(...) : Number | Test.java:18:34:18:36 | val | This is some kind of threat model thingy $@. | Test.java:15:15:15:42 | read(...) | Source of that thingy |
+| Test.java:21:29:21:68 | ... + ... | Test.java:15:15:15:42 | read(...) : Number | Test.java:21:29:21:68 | ... + ... | This is some kind of threat model thingy $@. | Test.java:15:15:15:42 | read(...) | Source of that thingy |
--- a/java/ql/test/experimental/configured-flow/test-remote.ext.yml
+++ b/java/ql/test/experimental/configured-flow/test-remote.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: supportedThreatModel
+    data:
+      - ["remote"]
--- a/java/ql/test/experimental/configured-flow/test-remote.ql
+++ b/java/ql/test/experimental/configured-flow/test-remote.ql
@@ -0,0 +1,16 @@
+/**
+ * @name Testing the threat model
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision low
+ * @id java/threat-model-remote
+ * @tags security
+ */
+
+import Test
+import ThreatModel::PathGraph
+
+from ThreatModel::PathNode source, ThreatModel::PathNode sink
+where ThreatModel::flowPath(source, sink)
+select sink.getNode(), source, sink, "This is some kind of threat model thingy $@.",
+  source.getNode(), "Source of that thingy"
--- a/java/ql/test/experimental/configured-flow/test-sql.expected
+++ b/java/ql/test/experimental/configured-flow/test-sql.expected
@@ -0,0 +1,19 @@
+edges
+| Test.java:12:20:12:61 | executeQuery(...) : ResultSet | Test.java:24:59:24:60 | rs : ResultSet |
+| Test.java:12:20:12:61 | executeQuery(...) : ResultSet | Test.java:26:34:26:35 | rs : ResultSet |
+| Test.java:24:59:24:60 | rs : ResultSet | Test.java:24:59:24:78 | getString(...) : String |
+| Test.java:24:59:24:78 | getString(...) : String | Test.java:24:29:24:85 | ... + ... |
+| Test.java:26:34:26:35 | rs : ResultSet | Test.java:26:34:26:53 | getString(...) : String |
+| Test.java:26:34:26:53 | getString(...) : String | Test.java:26:34:26:64 | getBytes(...) |
+nodes
+| Test.java:12:20:12:61 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:24:29:24:85 | ... + ... | semmle.label | ... + ... |
+| Test.java:24:59:24:60 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:24:59:24:78 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:26:34:26:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:26:34:26:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:26:34:26:64 | getBytes(...) | semmle.label | getBytes(...) |
+subpaths
+#select
+| Test.java:24:29:24:85 | ... + ... | Test.java:12:20:12:61 | executeQuery(...) : ResultSet | Test.java:24:29:24:85 | ... + ... | This is some kind of threat model thingy $@. | Test.java:12:20:12:61 | executeQuery(...) | Source of that thingy |
+| Test.java:26:34:26:64 | getBytes(...) | Test.java:12:20:12:61 | executeQuery(...) : ResultSet | Test.java:26:34:26:64 | getBytes(...) | This is some kind of threat model thingy $@. | Test.java:12:20:12:61 | executeQuery(...) | Source of that thingy |
--- a/java/ql/test/experimental/configured-flow/test-sql.ext.yml
+++ b/java/ql/test/experimental/configured-flow/test-sql.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: supportedThreatModel
+    data:
+      - ["sql"]
--- a/java/ql/test/experimental/configured-flow/test-sql.ql
+++ b/java/ql/test/experimental/configured-flow/test-sql.ql
@@ -0,0 +1,16 @@
+/**
+ * @name Testing the threat model
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision low
+ * @id java/threat-model-sql
+ * @tags security
+ */
+
+import Test
+import ThreatModel::PathGraph
+
+from ThreatModel::PathNode source, ThreatModel::PathNode sink
+where ThreatModel::flowPath(source, sink)
+select sink.getNode(), source, sink, "This is some kind of threat model thingy $@.",
+  source.getNode(), "Source of that thingy"
--- a/java/ql/test/experimental/configured-flow/test.ql
+++ b/java/ql/test/experimental/configured-flow/test.ql
@@ -1,40 +0,0 @@
-/**
- * @name Testing the threat model
- * @kind path-problem
- * @problem.severity warning
- * @precision low
- * @id java/threat-model
- * @tags security
- */
-
-import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.ExternalFlow
-import ThreatModel::PathGraph
-import semmle.code.java.dataflow.TaintTracking
-
-private module ThreatModelConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    sourceNode(source, _)
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sinkNode(sink, _)
-  }
-}
-
-module ThreatModel = TaintTracking::Global<ThreatModelConfig>;
-
-from ThreatModel::PathNode source, ThreatModel::PathNode sink
-where ThreatModel::flowPath(source, sink)
-select sink.getNode(), source, sink, "This is some kind of threat model thingy $@.", source.getNode(),
-  "Source of that thingy"
-
-// from DataFlow::Node source, DataFlow::Node sink
-// where ThreatModel::flow(source, sink)
-// select source, sink
-
-
-// from DataFlow::Node node, string kind
-// where sourceNode(node, kind)
-// select node, kind
--- a/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
+++ b/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
@@ -20,20 +20,20 @@ extensions:
      - ["my.qltest", "A", False, "srcTwoArg", "(String,String)", "", "ReturnValue", "qltest-shortsig", "manual"]
      - ["my.qltest", "A", False, "srcTwoArg", "(java.lang.String,java.lang.String)", "", "ReturnValue", "qltest-longsig", "manual"]

-  - addsTo:
-      pack: codeql/java-all
-      extensible: supportedThreatModel
-    data:
-      - ["standard"]
-      - ["qltest"]
-      - ["qltest-alt"]
-      - ["qltest-w-subtypes"]
-      - ["qltest-argany"]
-      - ["qltest-all-overloads"]
-      - ["qltest-argnum"]
-      - ["qltest-retval"]
-      - ["qltest-param"]
-      - ["qltest-nospec"]
-      - ["qltest-shortsig"]
-      - ["qltest-longsig"]
-      - ["qltest-param-override"]
+  # - addsTo:
+  #     pack: codeql/java-all
+  #     extensible: supportedThreatModel
+  #   data:
+  #     - ["standard"]
+  #     - ["qltest"]
+  #     - ["qltest-alt"]
+  #     - ["qltest-w-subtypes"]
+  #     - ["qltest-argany"]
+  #     - ["qltest-all-overloads"]
+  #     - ["qltest-argnum"]
+  #     - ["qltest-retval"]
+  #     - ["qltest-param"]
+  #     - ["qltest-nospec"]
+  #     - ["qltest-shortsig"]
+  #     - ["qltest-longsig"]
+  #     - ["qltest-param-override"]