[TEST] Java: SensitiveLogInfo: convert to qlref

2026-04-25 16:55:19 +02:00 · 2025-07-15 11:17:36 +02:00
parent 94386f0550
commit 6134518d60
4 changed files with 21 additions and 6 deletions
--- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.expected
+++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.expected
@@ -0,0 +1,15 @@
+#select
+| Test.java:7:21:7:53 | ... + ... | Test.java:7:46:7:53 | password : String | Test.java:7:21:7:53 | ... + ... | This $@ is written to a log file. | Test.java:7:46:7:53 | password | potentially sensitive information |
+| Test.java:8:22:8:52 | ... + ... | Test.java:8:44:8:52 | authToken : String | Test.java:8:22:8:52 | ... + ... | This $@ is written to a log file. | Test.java:8:44:8:52 | authToken | potentially sensitive information |
+edges
+| Test.java:7:46:7:53 | password : String | Test.java:7:21:7:53 | ... + ... | provenance | Sink:MaD:2 |
+| Test.java:8:44:8:52 | authToken : String | Test.java:8:22:8:52 | ... + ... | provenance | Sink:MaD:1 |
+models
+| 1 | Sink: org.apache.logging.log4j; Logger; true; error; (String); ; Argument[0]; log-injection; manual |
+| 2 | Sink: org.apache.logging.log4j; Logger; true; info; (String); ; Argument[0]; log-injection; manual |
+nodes
+| Test.java:7:21:7:53 | ... + ... | semmle.label | ... + ... |
+| Test.java:7:46:7:53 | password : String | semmle.label | password : String |
+| Test.java:8:22:8:52 | ... + ... | semmle.label | ... + ... |
+| Test.java:8:44:8:52 | authToken : String | semmle.label | authToken : String |
+subpaths
--- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
+++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
@@ -1,4 +0,0 @@
-import java
-import utils.test.InlineFlowTest
-import semmle.code.java.security.SensitiveLoggingQuery
-import TaintFlowTest<SensitiveLoggerConfig>
--- a/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.qlref
+++ b/java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-532/SensitiveInfoLog.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/java/ql/test/query-tests/security/CWE-532/Test.java
+++ b/java/ql/test/query-tests/security/CWE-532/Test.java
@@ -4,8 +4,8 @@ class Test {
    void test(String password, String authToken, String username, String nullToken, String stringTokenizer) {
        Logger logger = null;

-        logger.info("User's password is: " + password); // $ hasTaintFlow
-        logger.error("Auth failed for: " + authToken); // $ hasTaintFlow
+        logger.info("User's password is: " + password); // $ Alert
+        logger.error("Auth failed for: " + authToken); // $ Alert
        logger.error("Auth failed for: " + username); // Safe
        logger.error("Auth failed for: " + nullToken); // Safe
        logger.error("Auth failed for: " + stringTokenizer); // Safe