hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SPURIOUS test for += File.separator

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-04-18 19:56:19 +01:00
parent 63d20a54d4
commit 6099c5d034
3 changed files with 63 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected
View File

@@ -14,3 +14,4 @@
| PartialPathTraversalTest.java:176:14:176:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
| PartialPathTraversalTest.java:194:18:194:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
| PartialPathTraversalTest.java:212:14:212:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
| PartialPathTraversalTest.java:234:14:234:54 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |

103
java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalFromRemoteTest.expected
View File

@@ -1,19 +1,20 @@
#select
| PartialPathTraversalTest.java:13:14:13:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:13:14:13:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:20:10:20:33 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:20:10:20:33 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:32:14:32:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:32:14:32:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:38:14:38:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:38:14:38:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:45:14:45:26 | canonicalPath | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:45:14:45:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:52:14:52:26 | canonicalPath | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:52:14:52:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:56:14:56:27 | canonicalPath2 | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:56:14:56:27 | canonicalPath2 | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:64:14:64:26 | canonicalPath | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:64:14:64:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:67:14:67:27 | canonicalPath2 | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:67:14:67:27 | canonicalPath2 | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:97:14:97:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:97:14:97:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:105:14:105:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:105:14:105:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:108:14:108:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:108:14:108:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:176:14:176:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:176:14:176:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:194:18:194:47 | getCanonicalPath(...) | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:194:18:194:47 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:13:14:13:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:13:14:13:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:20:10:20:33 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:20:10:20:33 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:32:14:32:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:32:14:32:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:38:14:38:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:38:14:38:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:45:14:45:26 | canonicalPath | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:45:14:45:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:52:14:52:26 | canonicalPath | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:52:14:52:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:56:14:56:27 | canonicalPath2 | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:56:14:56:27 | canonicalPath2 | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:64:14:64:26 | canonicalPath | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:64:14:64:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:67:14:67:27 | canonicalPath2 | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:67:14:67:27 | canonicalPath2 | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:97:14:97:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:97:14:97:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:105:14:105:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:105:14:105:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:108:14:108:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:108:14:108:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:176:14:176:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:176:14:176:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:194:18:194:47 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:194:18:194:47 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
| PartialPathTraversalTest.java:234:14:234:37 | getCanonicalPath(...) | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:234:14:234:37 | getCanonicalPath(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@. | PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | user-supplied data |
edges
| PartialPathTraversalTest.java:13:14:13:18 | dir(...) : File | PartialPathTraversalTest.java:13:14:13:37 | getCanonicalPath(...) | provenance | MaD:6 |
| PartialPathTraversalTest.java:20:10:20:14 | dir(...) : File | PartialPathTraversalTest.java:20:10:20:33 | getCanonicalPath(...) | provenance | MaD:6 |
@@ -43,30 +44,32 @@ edges
| PartialPathTraversalTest.java:194:18:194:28 | encodedFile : File | PartialPathTraversalTest.java:194:18:194:47 | getCanonicalPath(...) | provenance | MaD:6 |
| PartialPathTraversalTest.java:211:46:211:50 | dir(...) : File | PartialPathTraversalTest.java:211:46:211:69 | getCanonicalPath(...) : String | provenance | MaD:6 |
| PartialPathTraversalTest.java:211:46:211:69 | getCanonicalPath(...) : String | PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | provenance | |
| PartialPathTraversalTest.java:252:45:252:117 | new BufferedReader(...) : BufferedReader | PartialPathTraversalTest.java:253:31:253:44 | filenameReader : BufferedReader | provenance | |
| PartialPathTraversalTest.java:252:64:252:116 | new InputStreamReader(...) : InputStreamReader | PartialPathTraversalTest.java:252:45:252:117 | new BufferedReader(...) : BufferedReader | provenance | MaD:2 |
| PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:252:64:252:116 | new InputStreamReader(...) : InputStreamReader | provenance | Src:MaD:1 MaD:7 |
| PartialPathTraversalTest.java:253:31:253:44 | filenameReader : BufferedReader | PartialPathTraversalTest.java:253:31:253:55 | readLine(...) : String | provenance | MaD:3 |
| PartialPathTraversalTest.java:253:31:253:55 | readLine(...) : String | PartialPathTraversalTest.java:254:29:254:36 | filename : String | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:13:14:13:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:20:10:20:14 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:32:14:32:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:38:14:38:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:44:32:44:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:51:32:51:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:55:33:55:37 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:62:32:62:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:63:33:63:37 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:97:14:97:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:105:14:105:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:108:14:108:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:176:14:176:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:211:46:211:50 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | PartialPathTraversalTest.java:261:16:261:20 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:254:29:254:36 | filename : String | PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | provenance | MaD:4 |
| PartialPathTraversalTest.java:261:16:261:20 | dir(...) : File | PartialPathTraversalTest.java:261:16:261:38 | getAbsolutePath(...) : String | provenance | MaD:5 |
| PartialPathTraversalTest.java:261:16:261:38 | getAbsolutePath(...) : String | PartialPathTraversalTest.java:261:16:261:60 | split(...) : String[] | provenance | MaD:10 |
| PartialPathTraversalTest.java:261:16:261:60 | split(...) : String[] | PartialPathTraversalTest.java:186:25:186:30 | path(...) : String[] | provenance | |
| PartialPathTraversalTest.java:234:14:234:18 | dir(...) : File | PartialPathTraversalTest.java:234:14:234:37 | getCanonicalPath(...) | provenance | MaD:6 |
| PartialPathTraversalTest.java:260:45:260:117 | new BufferedReader(...) : BufferedReader | PartialPathTraversalTest.java:261:31:261:44 | filenameReader : BufferedReader | provenance | |
| PartialPathTraversalTest.java:260:64:260:116 | new InputStreamReader(...) : InputStreamReader | PartialPathTraversalTest.java:260:45:260:117 | new BufferedReader(...) : BufferedReader | provenance | MaD:2 |
| PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | PartialPathTraversalTest.java:260:64:260:116 | new InputStreamReader(...) : InputStreamReader | provenance | Src:MaD:1 MaD:7 |
| PartialPathTraversalTest.java:261:31:261:44 | filenameReader : BufferedReader | PartialPathTraversalTest.java:261:31:261:55 | readLine(...) : String | provenance | MaD:3 |
| PartialPathTraversalTest.java:261:31:261:55 | readLine(...) : String | PartialPathTraversalTest.java:262:29:262:36 | filename : String | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:13:14:13:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:20:10:20:14 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:32:14:32:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:38:14:38:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:44:32:44:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:51:32:51:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:55:33:55:37 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:62:32:62:36 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:63:33:63:37 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:97:14:97:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:105:14:105:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:108:14:108:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:176:14:176:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:211:46:211:50 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:234:14:234:18 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | PartialPathTraversalTest.java:269:16:269:20 | dir(...) : File | provenance | |
| PartialPathTraversalTest.java:262:29:262:36 | filename : String | PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | provenance | MaD:4 |
| PartialPathTraversalTest.java:269:16:269:20 | dir(...) : File | PartialPathTraversalTest.java:269:16:269:38 | getAbsolutePath(...) : String | provenance | MaD:5 |
| PartialPathTraversalTest.java:269:16:269:38 | getAbsolutePath(...) : String | PartialPathTraversalTest.java:269:16:269:60 | split(...) : String[] | provenance | MaD:10 |
| PartialPathTraversalTest.java:269:16:269:60 | split(...) : String[] | PartialPathTraversalTest.java:186:25:186:30 | path(...) : String[] | provenance | |
models
| 1 | Source: java.net; Socket; false; getInputStream; (); ; ReturnValue; remote; manual |
| 2 | Summary: java.io; BufferedReader; false; BufferedReader; ; ; Argument[0]; Argument[this]; taint; manual |
@@ -122,14 +125,16 @@ nodes
| PartialPathTraversalTest.java:211:46:211:50 | dir(...) : File | semmle.label | dir(...) : File |
| PartialPathTraversalTest.java:211:46:211:69 | getCanonicalPath(...) : String | semmle.label | getCanonicalPath(...) : String |
| PartialPathTraversalTest.java:212:14:212:26 | canonicalPath | semmle.label | canonicalPath |
| PartialPathTraversalTest.java:252:45:252:117 | new BufferedReader(...) : BufferedReader | semmle.label | new BufferedReader(...) : BufferedReader |
| PartialPathTraversalTest.java:252:64:252:116 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader |
| PartialPathTraversalTest.java:252:86:252:106 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| PartialPathTraversalTest.java:253:31:253:44 | filenameReader : BufferedReader | semmle.label | filenameReader : BufferedReader |
| PartialPathTraversalTest.java:253:31:253:55 | readLine(...) : String | semmle.label | readLine(...) : String |
| PartialPathTraversalTest.java:254:20:254:37 | new File(...) : File | semmle.label | new File(...) : File |
| PartialPathTraversalTest.java:254:29:254:36 | filename : String | semmle.label | filename : String |
| PartialPathTraversalTest.java:261:16:261:20 | dir(...) : File | semmle.label | dir(...) : File |
| PartialPathTraversalTest.java:261:16:261:38 | getAbsolutePath(...) : String | semmle.label | getAbsolutePath(...) : String |
| PartialPathTraversalTest.java:261:16:261:60 | split(...) : String[] | semmle.label | split(...) : String[] |
| PartialPathTraversalTest.java:234:14:234:18 | dir(...) : File | semmle.label | dir(...) : File |
| PartialPathTraversalTest.java:234:14:234:37 | getCanonicalPath(...) | semmle.label | getCanonicalPath(...) |
| PartialPathTraversalTest.java:260:45:260:117 | new BufferedReader(...) : BufferedReader | semmle.label | new BufferedReader(...) : BufferedReader |
| PartialPathTraversalTest.java:260:64:260:116 | new InputStreamReader(...) : InputStreamReader | semmle.label | new InputStreamReader(...) : InputStreamReader |
| PartialPathTraversalTest.java:260:86:260:106 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| PartialPathTraversalTest.java:261:31:261:44 | filenameReader : BufferedReader | semmle.label | filenameReader : BufferedReader |
| PartialPathTraversalTest.java:261:31:261:55 | readLine(...) : String | semmle.label | readLine(...) : String |
| PartialPathTraversalTest.java:262:20:262:37 | new File(...) : File | semmle.label | new File(...) : File |
| PartialPathTraversalTest.java:262:29:262:36 | filename : String | semmle.label | filename : String |
| PartialPathTraversalTest.java:269:16:269:20 | dir(...) : File | semmle.label | dir(...) : File |
| PartialPathTraversalTest.java:269:16:269:38 | getAbsolutePath(...) : String | semmle.label | getAbsolutePath(...) : String |
| PartialPathTraversalTest.java:269:16:269:60 | split(...) : String[] | semmle.label | split(...) : String[] |
subpaths

8
java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
View File

@@ -228,6 +228,14 @@ public class PartialPathTraversalTest {
}
}
void foo25(File parent) throws IOException {
String path = parent.getCanonicalPath();
path += File.separator;
if (!dir().getCanonicalPath().startsWith(path)) { // $ SPURIOUS: Alert[java/partial-path-traversal-from-remote] Alert[java/partial-path-traversal]
throw new IOException("Invalid directory: " + dir().getCanonicalPath());
}
}
public void doesNotFlagOptimalSafeVersion(File parent) throws IOException {
if (!dir().toPath().normalize().startsWith(parent.toPath())) { // Safe
throw new IOException("Path traversal attempt: " + dir().getCanonicalPath());