Java: Move files in experiemntal dirs to be consistent

java/ql/test/experimental/query-tests/security/CWE-094/MvelInjection.expected

@@ -0,0 +1,63 @@
+edges
+| MvelInjection.java:29:54:29:65 | read(...) : String | MvelInjection.java:30:28:30:37 | expression |
+| MvelInjection.java:34:58:34:69 | read(...) : String | MvelInjection.java:36:5:36:13 | statement |
+| MvelInjection.java:34:58:34:69 | read(...) : String | MvelInjection.java:37:5:37:13 | statement |
+| MvelInjection.java:41:58:41:69 | read(...) : String | MvelInjection.java:43:5:43:14 | expression |
+| MvelInjection.java:48:7:48:18 | read(...) : String | MvelInjection.java:49:5:49:14 | expression |
+| MvelInjection.java:53:20:53:31 | read(...) : String | MvelInjection.java:57:5:57:18 | compiledScript |
+| MvelInjection.java:53:20:53:31 | read(...) : String | MvelInjection.java:60:21:60:26 | script |
+| MvelInjection.java:65:58:65:69 | read(...) : String | MvelInjection.java:68:5:68:10 | script |
+| MvelInjection.java:77:40:77:51 | read(...) : String | MvelInjection.java:77:7:77:52 | compileTemplate(...) |
+| MvelInjection.java:81:54:81:65 | read(...) : String | MvelInjection.java:82:29:82:46 | compile(...) |
+| MvelInjection.java:86:58:86:69 | read(...) : String | MvelInjection.java:88:32:88:41 | expression |
+| MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:95:14:95:36 | new String(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:25:15:25:26 | read(...) |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:29:54:29:65 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:34:58:34:69 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:41:58:41:69 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:48:7:48:18 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:53:20:53:31 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:65:58:65:69 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:72:26:72:37 | read(...) |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:77:40:77:51 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:81:54:81:65 | read(...) : String |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | MvelInjection.java:86:58:86:69 | read(...) : String |
+nodes
+| MvelInjection.java:25:15:25:26 | read(...) | semmle.label | read(...) |
+| MvelInjection.java:29:54:29:65 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:30:28:30:37 | expression | semmle.label | expression |
+| MvelInjection.java:34:58:34:69 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:36:5:36:13 | statement | semmle.label | statement |
+| MvelInjection.java:37:5:37:13 | statement | semmle.label | statement |
+| MvelInjection.java:41:58:41:69 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:43:5:43:14 | expression | semmle.label | expression |
+| MvelInjection.java:48:7:48:18 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:49:5:49:14 | expression | semmle.label | expression |
+| MvelInjection.java:53:20:53:31 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:57:5:57:18 | compiledScript | semmle.label | compiledScript |
+| MvelInjection.java:60:21:60:26 | script | semmle.label | script |
+| MvelInjection.java:65:58:65:69 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:68:5:68:10 | script | semmle.label | script |
+| MvelInjection.java:72:26:72:37 | read(...) | semmle.label | read(...) |
+| MvelInjection.java:77:7:77:52 | compileTemplate(...) | semmle.label | compileTemplate(...) |
+| MvelInjection.java:77:40:77:51 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:81:54:81:65 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:82:29:82:46 | compile(...) | semmle.label | compile(...) |
+| MvelInjection.java:86:58:86:69 | read(...) : String | semmle.label | read(...) : String |
+| MvelInjection.java:88:32:88:41 | expression | semmle.label | expression |
+| MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| MvelInjection.java:95:14:95:36 | new String(...) : String | semmle.label | new String(...) : String |
+#select
+| MvelInjection.java:25:15:25:26 | read(...) | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:25:15:25:26 | read(...) | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:30:28:30:37 | expression | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:30:28:30:37 | expression | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:36:5:36:13 | statement | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:36:5:36:13 | statement | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:37:5:37:13 | statement | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:37:5:37:13 | statement | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:43:5:43:14 | expression | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:43:5:43:14 | expression | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:49:5:49:14 | expression | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:49:5:49:14 | expression | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:57:5:57:18 | compiledScript | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:57:5:57:18 | compiledScript | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:60:21:60:26 | script | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:60:21:60:26 | script | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:68:5:68:10 | script | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:68:5:68:10 | script | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:72:26:72:37 | read(...) | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:72:26:72:37 | read(...) | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:77:7:77:52 | compileTemplate(...) | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:77:7:77:52 | compileTemplate(...) | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:82:29:82:46 | compile(...) | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:82:29:82:46 | compile(...) | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |
+| MvelInjection.java:88:32:88:41 | expression | MvelInjection.java:92:27:92:49 | getInputStream(...) : InputStream | MvelInjection.java:88:32:88:41 | expression | MVEL injection from $@. | MvelInjection.java:92:27:92:49 | getInputStream(...) | this user input |

java/ql/test/experimental/query-tests/security/CWE-094/MvelInjection.java

@@ -0,0 +1,98 @@
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.net.Socket;
+import java.util.HashMap;
+import javax.script.CompiledScript;
+import javax.script.SimpleScriptContext;
+import org.mvel2.MVEL;
+import org.mvel2.MVELRuntime;
+import org.mvel2.ParserContext;
+import org.mvel2.compiler.CompiledAccExpression;
+import org.mvel2.compiler.CompiledExpression;
+import org.mvel2.compiler.ExecutableStatement;
+import org.mvel2.compiler.ExpressionCompiler;
+import org.mvel2.integration.impl.ImmutableDefaultFactory;
+import org.mvel2.jsr223.MvelCompiledScript;
+import org.mvel2.jsr223.MvelScriptEngine;
+import org.mvel2.templates.CompiledTemplate;
+import org.mvel2.templates.TemplateCompiler;
+import org.mvel2.templates.TemplateRuntime;
+
+public class MvelInjection {
+
+  public static void testWithMvelEval(Socket socket) throws IOException {
+    MVEL.eval(read(socket));
+  }
+
+  public static void testWithMvelCompileAndExecute(Socket socket) throws IOException {
+    Serializable expression = MVEL.compileExpression(read(socket));
+    MVEL.executeExpression(expression);
+  }
+
+  public static void testWithExpressionCompiler(Socket socket) throws IOException {
+    ExpressionCompiler compiler = new ExpressionCompiler(read(socket));
+    ExecutableStatement statement = compiler.compile();
+    statement.getValue(new Object(), new ImmutableDefaultFactory());
+    statement.getValue(new Object(), new Object(), new ImmutableDefaultFactory());
+  }
+
+  public static void testWithCompiledExpressionGetDirectValue(Socket socket) throws IOException {
+    ExpressionCompiler compiler = new ExpressionCompiler(read(socket));
+    CompiledExpression expression = compiler.compile();
+    expression.getDirectValue(new Object(), new ImmutableDefaultFactory());
+  }
+
+  public static void testCompiledAccExpressionGetValue(Socket socket) throws IOException {
+    CompiledAccExpression expression = new CompiledAccExpression(
+      read(socket).toCharArray(), Object.class, new ParserContext());
+    expression.getValue(new Object(), new ImmutableDefaultFactory());
+  }
+
+  public static void testMvelScriptEngineCompileAndEvaluate(Socket socket) throws Exception {
+    String input = read(socket);
+
+    MvelScriptEngine engine = new MvelScriptEngine();
+    CompiledScript compiledScript = engine.compile(input);
+    compiledScript.eval();
+
+    Serializable script = engine.compiledScript(input);
+    engine.evaluate(script, new SimpleScriptContext());
+  }
+
+  public static void testMvelCompiledScriptCompileAndEvaluate(Socket socket) throws Exception {
+    MvelScriptEngine engine = new MvelScriptEngine();
+    ExpressionCompiler compiler = new ExpressionCompiler(read(socket));
+    ExecutableStatement statement = compiler.compile();
+    MvelCompiledScript script = new MvelCompiledScript(engine, statement);
+    script.eval(new SimpleScriptContext());
+  }
+
+  public static void testTemplateRuntimeEval(Socket socket) throws Exception {
+    TemplateRuntime.eval(read(socket), new HashMap());
+  }
+
+  public static void testTemplateRuntimeCompileTemplateAndExecute(Socket socket) throws Exception {
+    TemplateRuntime.execute(
+      TemplateCompiler.compileTemplate(read(socket)), new HashMap());
+  }
+
+  public static void testTemplateRuntimeCompileAndExecute(Socket socket) throws Exception {
+    TemplateCompiler compiler = new TemplateCompiler(read(socket));
+    TemplateRuntime.execute(compiler.compile(), new HashMap());
+  }
+
+  public static void testMvelRuntimeExecute(Socket socket) throws Exception {
+    ExpressionCompiler compiler = new ExpressionCompiler(read(socket));
+    CompiledExpression expression = compiler.compile();
+    MVELRuntime.execute(false, expression, new Object(), new ImmutableDefaultFactory());
+  }
+
+  public static String read(Socket socket) throws IOException {
+    try (InputStream is = socket.getInputStream()) {
+      byte[] bytes = new byte[1024];
+      int n = is.read(bytes);
+      return new String(bytes, 0, n);
+    }
+  }
+}

java/ql/test/experimental/query-tests/security/CWE-094/MvelInjection.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-094/MvelInjection.ql

java/ql/test/experimental/query-tests/security/CWE-094/SpelInjection.expected

@@ -0,0 +1,27 @@
+edges
+| SpelInjection.java:15:22:15:44 | getInputStream(...) : InputStream | SpelInjection.java:23:5:23:14 | expression |
+| SpelInjection.java:27:22:27:44 | getInputStream(...) : InputStream | SpelInjection.java:34:5:34:14 | expression |
+| SpelInjection.java:38:22:38:44 | getInputStream(...) : InputStream | SpelInjection.java:48:5:48:14 | expression |
+| SpelInjection.java:52:22:52:44 | getInputStream(...) : InputStream | SpelInjection.java:59:5:59:14 | expression |
+| SpelInjection.java:63:22:63:44 | getInputStream(...) : InputStream | SpelInjection.java:70:5:70:14 | expression |
+| SpelInjection.java:74:22:74:44 | getInputStream(...) : InputStream | SpelInjection.java:83:5:83:14 | expression |
+nodes
+| SpelInjection.java:15:22:15:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:23:5:23:14 | expression | semmle.label | expression |
+| SpelInjection.java:27:22:27:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:34:5:34:14 | expression | semmle.label | expression |
+| SpelInjection.java:38:22:38:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:48:5:48:14 | expression | semmle.label | expression |
+| SpelInjection.java:52:22:52:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:59:5:59:14 | expression | semmle.label | expression |
+| SpelInjection.java:63:22:63:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:70:5:70:14 | expression | semmle.label | expression |
+| SpelInjection.java:74:22:74:44 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| SpelInjection.java:83:5:83:14 | expression | semmle.label | expression |
+#select
+| SpelInjection.java:23:5:23:14 | expression | SpelInjection.java:15:22:15:44 | getInputStream(...) : InputStream | SpelInjection.java:23:5:23:14 | expression | SpEL injection from $@. | SpelInjection.java:15:22:15:44 | getInputStream(...) | this user input |
+| SpelInjection.java:34:5:34:14 | expression | SpelInjection.java:27:22:27:44 | getInputStream(...) : InputStream | SpelInjection.java:34:5:34:14 | expression | SpEL injection from $@. | SpelInjection.java:27:22:27:44 | getInputStream(...) | this user input |
+| SpelInjection.java:48:5:48:14 | expression | SpelInjection.java:38:22:38:44 | getInputStream(...) : InputStream | SpelInjection.java:48:5:48:14 | expression | SpEL injection from $@. | SpelInjection.java:38:22:38:44 | getInputStream(...) | this user input |
+| SpelInjection.java:59:5:59:14 | expression | SpelInjection.java:52:22:52:44 | getInputStream(...) : InputStream | SpelInjection.java:59:5:59:14 | expression | SpEL injection from $@. | SpelInjection.java:52:22:52:44 | getInputStream(...) | this user input |
+| SpelInjection.java:70:5:70:14 | expression | SpelInjection.java:63:22:63:44 | getInputStream(...) : InputStream | SpelInjection.java:70:5:70:14 | expression | SpEL injection from $@. | SpelInjection.java:63:22:63:44 | getInputStream(...) | this user input |
+| SpelInjection.java:83:5:83:14 | expression | SpelInjection.java:74:22:74:44 | getInputStream(...) : InputStream | SpelInjection.java:83:5:83:14 | expression | SpEL injection from $@. | SpelInjection.java:74:22:74:44 | getInputStream(...) | this user input |

java/ql/test/experimental/query-tests/security/CWE-094/SpelInjection.java

@@ -0,0 +1,100 @@
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.Socket;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.SimpleEvaluationContext;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+
+public class SpelInjection {
+
+  private static final ExpressionParser PARSER = new SpelExpressionParser();
+
+  public void testGetValue(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    ExpressionParser parser = new SpelExpressionParser();
+    Expression expression = parser.parseExpression(input);
+    expression.getValue();
+  }
+
+  public void testGetValueWithChainedCalls(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = new SpelExpressionParser().parseExpression(input);
+    expression.getValue();
+  }
+
+  public void testSetValueWithRootObject(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = new SpelExpressionParser().parseExpression(input);
+
+    Object root = new Object();
+    Object value = new Object();
+    expression.setValue(root, value);
+  }
+
+  public void testGetValueWithStaticParser(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = PARSER.parseExpression(input);
+    expression.getValue();
+  }
+
+  public void testGetValueType(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = PARSER.parseExpression(input);
+    expression.getValueType();
+  }
+
+  public void testWithStandardEvaluationContext(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = PARSER.parseExpression(input);
+
+    StandardEvaluationContext context = new StandardEvaluationContext();
+    expression.getValue(context);
+  }
+
+  public void testWithSimpleEvaluationContext(Socket socket) throws IOException {
+    InputStream in = socket.getInputStream();
+
+    byte[] bytes = new byte[1024];
+    int n = in.read(bytes);
+    String input = new String(bytes, 0, n);
+
+    Expression expression = PARSER.parseExpression(input);
+    SimpleEvaluationContext context = SimpleEvaluationContext.forReadWriteDataBinding().build();
+
+    // the expression is evaluated in a limited context
+    expression.getValue(context);
+  }
+
+}

java/ql/test/experimental/query-tests/security/CWE-094/SpelInjection.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-094/SpelInjection.ql

java/ql/test/experimental/query-tests/security/CWE-094/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api

java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.expected

@@ -0,0 +1,17 @@
+edges
+| DisabledRevocationChecking.java:17:5:17:8 | this <.field> [post update] [flag] : Boolean | DisabledRevocationChecking.java:21:5:21:31 | this <.method> [post update] [flag] : Boolean |
+| DisabledRevocationChecking.java:17:12:17:16 | false : Boolean | DisabledRevocationChecking.java:17:5:17:8 | this <.field> [post update] [flag] : Boolean |
+| DisabledRevocationChecking.java:21:5:21:31 | this <.method> [post update] [flag] : Boolean | DisabledRevocationChecking.java:22:5:22:31 | this <.method> [flag] : Boolean |
+| DisabledRevocationChecking.java:22:5:22:31 | this <.method> [flag] : Boolean | DisabledRevocationChecking.java:25:15:25:22 | parameter this [flag] : Boolean |
+| DisabledRevocationChecking.java:25:15:25:22 | parameter this [flag] : Boolean | DisabledRevocationChecking.java:28:33:28:36 | this <.field> [flag] : Boolean |
+| DisabledRevocationChecking.java:28:33:28:36 | this <.field> [flag] : Boolean | DisabledRevocationChecking.java:28:33:28:36 | flag |
+nodes
+| DisabledRevocationChecking.java:17:5:17:8 | this <.field> [post update] [flag] : Boolean | semmle.label | this <.field> [post update] [flag] : Boolean |
+| DisabledRevocationChecking.java:17:12:17:16 | false : Boolean | semmle.label | false : Boolean |
+| DisabledRevocationChecking.java:21:5:21:31 | this <.method> [post update] [flag] : Boolean | semmle.label | this <.method> [post update] [flag] : Boolean |
+| DisabledRevocationChecking.java:22:5:22:31 | this <.method> [flag] : Boolean | semmle.label | this <.method> [flag] : Boolean |
+| DisabledRevocationChecking.java:25:15:25:22 | parameter this [flag] : Boolean | semmle.label | parameter this [flag] : Boolean |
+| DisabledRevocationChecking.java:28:33:28:36 | flag | semmle.label | flag |
+| DisabledRevocationChecking.java:28:33:28:36 | this <.field> [flag] : Boolean | semmle.label | this <.field> [flag] : Boolean |
+#select
+| DisabledRevocationChecking.java:17:12:17:16 | false | DisabledRevocationChecking.java:17:12:17:16 | false : Boolean | DisabledRevocationChecking.java:28:33:28:36 | flag | Revocation checking is disabled $@. | DisabledRevocationChecking.java:17:12:17:16 | false | here |

java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.java

@@ -0,0 +1,80 @@
+import java.security.KeyStore;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.PKIXCertPathChecker;
+import java.security.cert.PKIXParameters;
+import java.security.cert.PKIXRevocationChecker;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+public class DisabledRevocationChecking {
+
+  private boolean flag = true;
+
+  public void disableRevocationChecking() {
+    flag = false;
+  }
+
+  public void testDisabledRevocationChecking(KeyStore cacerts, CertPath certPath) throws Exception {
+    disableRevocationChecking();
+    validate(cacerts, certPath);
+  }
+
+  public void validate(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(flag);
+    validator.validate(certPath, params);
+  }
+
+  public void testSettingRevocationCheckerWithCollectionsSingletonList(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(false);
+    PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
+    params.setCertPathCheckers(Collections.singletonList(checker));
+    validator.validate(certPath, params);
+  }
+
+  public void testSettingRevocationCheckerWithArraysAsList(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(false);
+    PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
+    params.setCertPathCheckers(Arrays.asList(checker));
+    validator.validate(certPath, params);
+  }
+
+  public void testSettingRevocationCheckerWithAddingToArrayList(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(false);
+    PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
+    List<PKIXCertPathChecker> checkers = new ArrayList<>();
+    checkers.add(checker);
+    params.setCertPathCheckers(checkers);
+    validator.validate(certPath, params);
+  }
+
+  public void testSettingRevocationCheckerWithListOf(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(false);
+    PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
+    List<PKIXCertPathChecker> checkers = List.of(checker);
+    params.setCertPathCheckers(checkers);
+    validator.validate(certPath, params);
+  }
+
+  public void testAddingRevocationChecker(KeyStore cacerts, CertPath certPath) throws Exception {
+    CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+    PKIXParameters params = new PKIXParameters(cacerts);
+    params.setRevocationEnabled(false);
+    PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
+    params.addCertPathChecker(checker);
+    validator.validate(certPath, params);
+  }
+
+}

java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql

java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.expected

@@ -0,0 +1,150 @@
+edges
+| UnsafeTlsVersion.java:31:5:31:46 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] |
+| UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" : String | UnsafeTlsVersion.java:31:5:31:46 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:32:5:32:44 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] |
+| UnsafeTlsVersion.java:32:39:32:43 | "TLS" : String | UnsafeTlsVersion.java:32:5:32:44 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:33:5:33:46 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] |
+| UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" : String | UnsafeTlsVersion.java:33:5:33:46 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:34:5:34:48 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] |
+| UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" : String | UnsafeTlsVersion.java:34:5:34:48 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:35:5:35:68 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] |
+| UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" : String | UnsafeTlsVersion.java:35:5:35:68 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" : String | UnsafeTlsVersion.java:35:5:35:68 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] | UnsafeTlsVersion.java:44:44:44:52 | protocols |
+| UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" : String | UnsafeTlsVersion.java:50:38:50:61 | new String[] |
+| UnsafeTlsVersion.java:51:53:51:57 | "TLS" : String | UnsafeTlsVersion.java:51:38:51:59 | new String[] |
+| UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" : String | UnsafeTlsVersion.java:52:38:52:61 | new String[] |
+| UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" : String | UnsafeTlsVersion.java:53:38:53:63 | new String[] |
+| UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" : String | UnsafeTlsVersion.java:56:29:56:65 | new String[] |
+| UnsafeTlsVersion.java:68:5:68:28 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] |
+| UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" : String | UnsafeTlsVersion.java:68:5:68:28 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:69:5:69:26 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] |
+| UnsafeTlsVersion.java:69:21:69:25 | "TLS" : String | UnsafeTlsVersion.java:69:5:69:26 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:70:5:70:28 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] |
+| UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" : String | UnsafeTlsVersion.java:70:5:70:28 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:71:5:71:30 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] |
+| UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:71:5:71:30 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:72:5:72:41 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] |
+| UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:72:5:72:41 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] | UnsafeTlsVersion.java:81:32:81:40 | protocols |
+| UnsafeTlsVersion.java:88:5:88:34 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] |
+| UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" : String | UnsafeTlsVersion.java:88:5:88:34 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:89:5:89:32 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] |
+| UnsafeTlsVersion.java:89:27:89:31 | "TLS" : String | UnsafeTlsVersion.java:89:5:89:32 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:90:5:90:34 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] |
+| UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" : String | UnsafeTlsVersion.java:90:5:90:34 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:91:5:91:36 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] |
+| UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:91:5:91:36 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:92:5:92:47 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] |
+| UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:92:5:92:47 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] | UnsafeTlsVersion.java:101:32:101:40 | protocols |
+| UnsafeTlsVersion.java:108:5:108:28 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] |
+| UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" : String | UnsafeTlsVersion.java:108:5:108:28 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:109:5:109:26 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] |
+| UnsafeTlsVersion.java:109:21:109:25 | "TLS" : String | UnsafeTlsVersion.java:109:5:109:26 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:110:5:110:28 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] |
+| UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" : String | UnsafeTlsVersion.java:110:5:110:28 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:111:5:111:30 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] |
+| UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:111:5:111:30 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:112:5:112:41 | new ..[] { .. } : String[] | UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] |
+| UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:112:5:112:41 | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] | UnsafeTlsVersion.java:121:32:121:40 | protocols |
+nodes
+| UnsafeTlsVersion.java:16:28:16:32 | "SSL" | semmle.label | "SSL" |
+| UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | semmle.label | "SSLv2" |
+| UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | semmle.label | "SSLv3" |
+| UnsafeTlsVersion.java:19:28:19:32 | "TLS" | semmle.label | "TLS" |
+| UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | semmle.label | "TLSv1" |
+| UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | semmle.label | "TLSv1.1" |
+| UnsafeTlsVersion.java:31:5:31:46 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" : String | semmle.label | "SSLv3" : String |
+| UnsafeTlsVersion.java:32:5:32:44 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:32:39:32:43 | "TLS" : String | semmle.label | "TLS" : String |
+| UnsafeTlsVersion.java:33:5:33:46 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:34:5:34:48 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:35:5:35:68 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:43:74:43:92 | protocols : String[] | semmle.label | protocols : String[] |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | semmle.label | protocols |
+| UnsafeTlsVersion.java:50:38:50:61 | new String[] | semmle.label | new String[] |
+| UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" : String | semmle.label | "SSLv3" : String |
+| UnsafeTlsVersion.java:51:38:51:59 | new String[] | semmle.label | new String[] |
+| UnsafeTlsVersion.java:51:53:51:57 | "TLS" : String | semmle.label | "TLS" : String |
+| UnsafeTlsVersion.java:52:38:52:61 | new String[] | semmle.label | new String[] |
+| UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:53:38:53:63 | new String[] | semmle.label | new String[] |
+| UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:56:29:56:65 | new String[] | semmle.label | new String[] |
+| UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:68:5:68:28 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" : String | semmle.label | "SSLv3" : String |
+| UnsafeTlsVersion.java:69:5:69:26 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:69:21:69:25 | "TLS" : String | semmle.label | "TLS" : String |
+| UnsafeTlsVersion.java:70:5:70:28 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:71:5:71:30 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:72:5:72:41 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:79:43:79:61 | protocols : String[] | semmle.label | protocols : String[] |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | semmle.label | protocols |
+| UnsafeTlsVersion.java:88:5:88:34 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" : String | semmle.label | "SSLv3" : String |
+| UnsafeTlsVersion.java:89:5:89:32 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:89:27:89:31 | "TLS" : String | semmle.label | "TLS" : String |
+| UnsafeTlsVersion.java:90:5:90:34 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:91:5:91:36 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:92:5:92:47 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:99:55:99:73 | protocols : String[] | semmle.label | protocols : String[] |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | semmle.label | protocols |
+| UnsafeTlsVersion.java:108:5:108:28 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" : String | semmle.label | "SSLv3" : String |
+| UnsafeTlsVersion.java:109:5:109:26 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:109:21:109:25 | "TLS" : String | semmle.label | "TLS" : String |
+| UnsafeTlsVersion.java:110:5:110:28 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" : String | semmle.label | "TLSv1" : String |
+| UnsafeTlsVersion.java:111:5:111:30 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:112:5:112:41 | new ..[] { .. } : String[] | semmle.label | new ..[] { .. } : String[] |
+| UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" : String | semmle.label | "TLSv1.1" : String |
+| UnsafeTlsVersion.java:119:43:119:61 | protocols : String[] | semmle.label | protocols : String[] |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | semmle.label | protocols |
+#select
+| UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | $@ is unsafe | UnsafeTlsVersion.java:16:28:16:32 | "SSL" | SSL |
+| UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | $@ is unsafe | UnsafeTlsVersion.java:17:28:17:34 | "SSLv2" | SSLv2 |
+| UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | $@ is unsafe | UnsafeTlsVersion.java:18:28:18:34 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | $@ is unsafe | UnsafeTlsVersion.java:19:28:19:32 | "TLS" | TLS |
+| UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | $@ is unsafe | UnsafeTlsVersion.java:20:28:20:34 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | $@ is unsafe | UnsafeTlsVersion.java:21:28:21:36 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:31:39:31:45 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:32:39:32:43 | "TLS" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:32:39:32:43 | "TLS" | TLS |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:33:39:33:45 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:34:39:34:47 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:35:39:35:45 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:44:44:44:52 | protocols | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" : String | UnsafeTlsVersion.java:44:44:44:52 | protocols | $@ is unsafe | UnsafeTlsVersion.java:35:48:35:56 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:50:38:50:61 | new String[] | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" : String | UnsafeTlsVersion.java:50:38:50:61 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:50:53:50:59 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:51:38:51:59 | new String[] | UnsafeTlsVersion.java:51:53:51:57 | "TLS" : String | UnsafeTlsVersion.java:51:38:51:59 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:51:53:51:57 | "TLS" | TLS |
+| UnsafeTlsVersion.java:52:38:52:61 | new String[] | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" : String | UnsafeTlsVersion.java:52:38:52:61 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:52:53:52:59 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:53:38:53:63 | new String[] | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" : String | UnsafeTlsVersion.java:53:38:53:63 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:53:53:53:61 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:56:29:56:65 | new String[] | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" : String | UnsafeTlsVersion.java:56:29:56:65 | new String[] | $@ is unsafe | UnsafeTlsVersion.java:56:44:56:52 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:68:21:68:27 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:69:21:69:25 | "TLS" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:69:21:69:25 | "TLS" | TLS |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:70:21:70:27 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:71:21:71:29 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:81:32:81:40 | protocols | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:81:32:81:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:72:21:72:29 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:88:27:88:33 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:89:27:89:31 | "TLS" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:89:27:89:31 | "TLS" | TLS |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:90:27:90:33 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:91:27:91:35 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:101:32:101:40 | protocols | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" : String | UnsafeTlsVersion.java:101:32:101:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:92:27:92:35 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:108:21:108:27 | "SSLv3" | SSLv3 |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:109:21:109:25 | "TLS" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:109:21:109:25 | "TLS" | TLS |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:110:21:110:27 | "TLSv1" | TLSv1 |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:111:21:111:29 | "TLSv1.1" | TLSv1.1 |
+| UnsafeTlsVersion.java:121:32:121:40 | protocols | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" : String | UnsafeTlsVersion.java:121:32:121:40 | protocols | $@ is unsafe | UnsafeTlsVersion.java:112:21:112:29 | "TLSv1.1" | TLSv1.1 |

java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.java

@@ -0,0 +1,124 @@
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+public class UnsafeTlsVersion {
+
+  public static void testSslContextWithProtocol() throws NoSuchAlgorithmException {
+
+    // unsafe
+    SSLContext.getInstance("SSL");
+    SSLContext.getInstance("SSLv2");
+    SSLContext.getInstance("SSLv3");
+    SSLContext.getInstance("TLS");
+    SSLContext.getInstance("TLSv1");
+    SSLContext.getInstance("TLSv1.1");
+
+    // safe
+    SSLContext.getInstance("TLSv1.2");
+    SSLContext.getInstance("TLSv1.3");
+  }
+
+  public static void testCreateSslParametersWithProtocol(String[] cipherSuites) {
+
+    // unsafe
+    createSslParameters(cipherSuites, "SSLv3");
+    createSslParameters(cipherSuites, "TLS");
+    createSslParameters(cipherSuites, "TLSv1");
+    createSslParameters(cipherSuites, "TLSv1.1");
+    createSslParameters(cipherSuites, "TLSv1", "TLSv1.1", "TLSv1.2");
+    createSslParameters(cipherSuites, "TLSv1.2");
+
+    // safe
+    createSslParameters(cipherSuites, "TLSv1.2");
+    createSslParameters(cipherSuites, "TLSv1.3");
+  }
+
+  public static SSLParameters createSslParameters(String[] cipherSuites, String... protocols) {
+    return new SSLParameters(cipherSuites, protocols);
+  }
+
+  public static void testSettingProtocolsForSslParameters() {
+
+    // unsafe
+    new SSLParameters().setProtocols(new String[] { "SSLv3" });
+    new SSLParameters().setProtocols(new String[] { "TLS" });
+    new SSLParameters().setProtocols(new String[] { "TLSv1" });
+    new SSLParameters().setProtocols(new String[] { "TLSv1.1" });
+
+    SSLParameters parameters = new SSLParameters();
+    parameters.setProtocols(new String[] { "TLSv1.1", "TLSv1.2" });
+
+    // safe
+    new SSLParameters().setProtocols(new String[] { "TLSv1.2" });
+
+    parameters = new SSLParameters();
+    parameters.setProtocols(new String[] { "TLSv1.2", "TLSv1.3" });
+  }
+
+  public static void testSettingProtocolForSslSocket() throws IOException {
+
+    // unsafe
+    createSslSocket("SSLv3");
+    createSslSocket("TLS");
+    createSslSocket("TLSv1");
+    createSslSocket("TLSv1.1");
+    createSslSocket("TLSv1.1", "TLSv1.2");
+
+    // safe
+    createSslSocket("TLSv1.2");
+    createSslSocket("TLSv1.3");
+  }
+
+  public static SSLSocket createSslSocket(String... protocols) throws IOException {
+    SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
+    socket.setEnabledProtocols(protocols);
+    return socket;
+  }
+
+  public static void testSettingProtocolForSslServerSocket() throws IOException {
+
+    // unsafe
+    createSslServerSocket("SSLv3");
+    createSslServerSocket("TLS");
+    createSslServerSocket("TLSv1");
+    createSslServerSocket("TLSv1.1");
+    createSslServerSocket("TLSv1.1", "TLSv1.2");
+
+    // safe
+    createSslServerSocket("TLSv1.2");
+    createSslServerSocket("TLSv1.3");
+  }
+
+  public static SSLServerSocket createSslServerSocket(String... protocols) throws IOException {
+    SSLServerSocket socket = (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket();
+    socket.setEnabledProtocols(protocols);
+    return socket;
+  }
+
+  public static void testSettingProtocolForSslEngine() throws NoSuchAlgorithmException {
+
+    // unsafe
+    createSslEngine("SSLv3");
+    createSslEngine("TLS");
+    createSslEngine("TLSv1");
+    createSslEngine("TLSv1.1");
+    createSslEngine("TLSv1.1", "TLSv1.2");
+
+    // safe
+    createSslEngine("TLSv1.2");
+    createSslEngine("TLSv1.3");
+  }
+
+  public static SSLEngine createSslEngine(String... protocols) throws NoSuchAlgorithmException {
+    SSLEngine engine = SSLContext.getDefault().createSSLEngine();
+    engine.setEnabledProtocols(protocols);
+    return engine;
+  }
+}

java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql