hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

java.net tests

Browse Source
This commit is contained in:
Tony Torralba
2023-03-14 11:41:28 +01:00
parent cad5cd4037
commit 452b9d11db
2 changed files with 93 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
java/ql/test/library-tests/frameworks/jdk/java.net/Test.java
View File

@@ -1,5 +1,7 @@
package generatedtest;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.net.URLDecoder;
@@ -16,6 +18,27 @@ public class Test {
public void test() throws Exception {
{
// "java.net;InetAddress;true;getByName;(String);;Argument[0];ReturnValue;taint;ai-generated"
InetAddress out = null;
String in = (String) source();
out = InetAddress.getByName(in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;InetSocketAddress;true;InetSocketAddress;(String,int);;Argument[0];Argument[-1];taint;ai-generated"
InetSocketAddress out = null;
String in = (String) source();
out = new InetSocketAddress(in, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.net;InetSocketAddress;true;createUnresolved;(String,int);;Argument[0];ReturnValue;taint;ai-generated"
InetSocketAddress out = null;
String in = (String) source();
out = InetSocketAddress.createUnresolved(in, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint;manual"
URI out = null;
@@ -30,6 +53,22 @@ public class Test {
out = URI.create(in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URI;false;resolve;(String);;Argument[0];ReturnValue;taint;ai-generated"
URI out = null;
String in = (String) source();
URI instance = null;
out = instance.resolve(in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URI;false;resolve;(URI);;Argument[0];ReturnValue;taint;ai-generated"
URI out = null;
URI in = (URI) source();
URI instance = null;
out = instance.resolve(in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URI;false;toASCIIString;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
@@ -58,6 +97,20 @@ public class Test {
out = new URL(in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URL;false;URL;(URL,String);;Argument[0];Argument[-1];taint;ai-generated"
URL out = null;
URL in = (URL) source();
out = new URL(in, null);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URL;false;URL;(URL,String);;Argument[1];Argument[-1];taint;ai-generated"
URL out = null;
String in = (String) source();
out = new URL(null, in);
sink(out); // $ hasTaintFlow
}
{
// "java.net;URL;false;toExternalForm;;;Argument[-1];ReturnValue;taint;manual"
String out = null;

44
java/ql/test/query-tests/security/CWE-918/mad/Test.java
View File

@@ -1,22 +1,58 @@
import java.net.DatagramSocket;
import java.net.Proxy;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLClassLoader;
import javax.servlet.http.HttpServletRequest;
import javafx.scene.web.WebEngine;
import org.codehaus.cargo.container.installer.ZipURLInstaller;
public class Test {
public static Object source(HttpServletRequest request) {
private static HttpServletRequest request;
public static Object source() {
return request.getParameter(null);
}
public void test(DatagramSocket socket) throws Exception {
// "java.net;DatagramSocket;true;connect;(SocketAddress);;Argument[0];open-url;ai-generated"
socket.connect((SocketAddress) source()); // $ SSRF
}
public void test(URL url) throws Exception {
// "java.net;URL;false;openConnection;(Proxy);:Argument[-1]:open-url;manual"
((URL) source()).openConnection(); // $ SSRF
// "java.net;URL;false;openConnection;(Proxy);:Argument[0]:open-url;ai-generated"
url.openConnection((Proxy) source()); // $ SSRF
// "java.net;URL;false;openStream;;:Argument[-1]:open-url;manual"
((URL) source()).openStream(); // $ SSRF
}
public void test(URLClassLoader cl) throws Exception {
// "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader);;Argument[1];open-url;manual"
new URLClassLoader("", (URL[]) source(), null); // $ SSRF
// "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader,URLStreamHandlerFactory);;Argument[1];open-url;manual"
new URLClassLoader("", (URL[]) source(), null, null); // $ SSRF
// "java.net;URLClassLoader;false;URLClassLoader;(URL[]);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source()); // $ SSRF
// "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source(), null); // $ SSRF
// "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader,URLStreamHandlerFactory);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source(), null, null); // $ SSRF
// "java.net;URLClassLoader;false;newInstance;;;Argument[0];open-url;manual"
URLClassLoader.newInstance((URL[]) source()); // $ SSRF
}
public void test(WebEngine webEngine) {
// "javafx.scene.web;WebEngine;false;load;(String);;Argument[0];open-url;ai-generated"
webEngine.load((String) source(null)); // $ SSRF
webEngine.load((String) source()); // $ SSRF
}
public void test() {
public void test(ZipURLInstaller zui) {
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[0];open-url:ai-generated"
new ZipURLInstaller((URL) source(null), "", ""); // $ SSRF
new ZipURLInstaller((URL) source(), "", ""); // $ SSRF
}
}