mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
Merge branch 'main' into jorgectf/deserialization-lookahead
This commit is contained in:
Jorge
@@ -1,7 +1,7 @@
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:5:5:5:19 | User.java:5:5:5:19 | after this call to getStrings |
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:13:12:13:26 | User.java:13:12:13:26 | after this call to getStrings |
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:38:12:38:26 | User.java:38:12:38:26 | after this call to getStrings |
|
||||
| ExposesRep.java:13:30:13:41 | getStringMap | getStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:9:5:9:21 | User.java:9:5:9:21 | after this call to getStringMap |
|
||||
| ExposesRep.java:17:15:17:24 | setStrings | setStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:22:5:22:6 | User.java:22:5:22:6 | through the variable ss |
|
||||
| ExposesRep.java:21:15:21:26 | setStringMap | setStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:27:5:27:5 | User.java:27:5:27:5 | through the variable m |
|
||||
| ExposesRep.java:29:14:29:21 | getArray | getArray exposes the internal representation stored in field array. The value may be modified $@. | User.java:31:5:31:18 | User.java:31:5:31:18 | after this call to getArray |
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:5:5:5:19 | getStrings(...) | after this call to getStrings |
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:13:12:13:26 | getStrings(...) | after this call to getStrings |
|
||||
| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:38:12:38:26 | getStrings(...) | after this call to getStrings |
|
||||
| ExposesRep.java:13:30:13:41 | getStringMap | getStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:9:5:9:21 | getStringMap(...) | after this call to getStringMap |
|
||||
| ExposesRep.java:17:15:17:24 | setStrings | setStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:22:5:22:6 | ss | through the variable ss |
|
||||
| ExposesRep.java:21:15:21:26 | setStringMap | setStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:27:5:27:5 | m | through the variable m |
|
||||
| ExposesRep.java:29:14:29:21 | getArray | getArray exposes the internal representation stored in field array. The value may be modified $@. | User.java:31:5:31:18 | getArray(...) | after this call to getArray |
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
| java.nio | 0 | 0 | 2 | 3 | 5 | 0.4 | 0.0 | 0.4 | 0.0 | NaN | 0.6 |
|
||||
| java.nio.charset | 0 | 0 | 0 | 1 | 1 | 0.0 | 0.0 | 0.0 | NaN | NaN | 1.0 |
|
||||
| java.nio.file | 0 | 0 | 7 | 1 | 8 | 0.875 | 0.0 | 0.875 | 0.0 | NaN | 0.125 |
|
||||
| java.sql | 0 | 0 | 2 | 14 | 16 | 0.125 | 0.0 | 0.125 | 0.0 | NaN | 0.875 |
|
||||
| java.sql | 0 | 0 | 1 | 15 | 16 | 0.0625 | 0.0 | 0.0625 | 0.0 | NaN | 0.9375 |
|
||||
| java.text | 0 | 0 | 0 | 5 | 5 | 0.0 | 0.0 | 0.0 | NaN | NaN | 1.0 |
|
||||
| java.time | 0 | 0 | 0 | 17 | 17 | 0.0 | 0.0 | 0.0 | NaN | NaN | 1.0 |
|
||||
| java.time.chrono | 0 | 0 | 0 | 1 | 1 | 0.0 | 0.0 | 0.0 | NaN | NaN | 1.0 |
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
| java.io.File#File(String) | 1 |
|
||||
| java.io.FileWriter#FileWriter(File) | 1 |
|
||||
| java.net.URL#openStream() | 1 |
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -8,12 +8,10 @@ class TestRemoteSource extends RemoteFlowSource {
|
||||
override string getSourceType() { result = "TestSource" }
|
||||
}
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "PartialPathTraversalFromRemoteTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = "hasTaintFlow" }
|
||||
|
||||
override string getARelevantTag() { result = "hasTaintFlow" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasTaintFlow" and
|
||||
exists(DataFlow::Node sink | PartialPathTraversalFromRemoteFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -22,3 +20,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.JndiInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasJndiInjectionTest extends InlineExpectationsTest {
|
||||
HasJndiInjectionTest() { this = "HasJndiInjectionTest" }
|
||||
module HasJndiInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasJndiInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasJndiInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasJndiInjection" and
|
||||
exists(DataFlow::Node sink | JndiInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class HasJndiInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasJndiInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,12 +4,10 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.XsltInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasXsltInjectionTest extends InlineExpectationsTest {
|
||||
HasXsltInjectionTest() { this = "HasXsltInjectionTest" }
|
||||
module HasXsltInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasXsltInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasXsltInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasXsltInjection" and
|
||||
exists(DataFlow::Node sink | XsltInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -18,3 +16,5 @@ class HasXsltInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasXsltInjectionTest>
|
||||
|
||||
@@ -5,8 +5,8 @@ edges
|
||||
| Test.java:6:35:6:44 | arg : String | Test.java:22:15:22:27 | ... + ... : String |
|
||||
| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] |
|
||||
| Test.java:10:61:10:73 | ... + ... : String | Test.java:10:29:10:74 | {...} : String[] [[]] : String |
|
||||
| Test.java:16:5:16:7 | cmd [post update] : List [<element>] : String | Test.java:18:29:18:31 | cmd |
|
||||
| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : List [<element>] : String |
|
||||
| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | Test.java:18:29:18:31 | cmd |
|
||||
| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String |
|
||||
| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 |
|
||||
| Test.java:22:15:22:27 | ... + ... : String | Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String |
|
||||
| Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... |
|
||||
@@ -20,7 +20,7 @@ nodes
|
||||
| Test.java:10:29:10:74 | new String[] | semmle.label | new String[] |
|
||||
| Test.java:10:29:10:74 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
|
||||
| Test.java:10:61:10:73 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| Test.java:16:5:16:7 | cmd [post update] : List [<element>] : String | semmle.label | cmd [post update] : List [<element>] : String |
|
||||
| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | semmle.label | cmd [post update] : ArrayList [<element>] : String |
|
||||
| Test.java:16:13:16:25 | ... + ... : String | semmle.label | ... + ... : String |
|
||||
| Test.java:18:29:18:31 | cmd | semmle.label | cmd |
|
||||
| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | semmle.label | cmd1 [post update] : String[] [[]] : String |
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,9 +4,6 @@
|
||||
|
||||
package test.cwe079.cwe.examples;
|
||||
|
||||
|
||||
|
||||
|
||||
import java.io.IOException;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.Cookie;
|
||||
@@ -14,13 +11,12 @@ import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
|
||||
public class XSS extends HttpServlet {
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
throws ServletException, IOException {
|
||||
// BAD: a request parameter is written directly to the Servlet response stream
|
||||
response.getWriter().print(
|
||||
"The page \"" + request.getParameter("page") + "\" was not found."); // $xss
|
||||
response.getWriter()
|
||||
.print("The page \"" + request.getParameter("page") + "\" was not found."); // $xss
|
||||
|
||||
// GOOD: servlet API encodes the error message HTML for the HTML context
|
||||
response.sendError(HttpServletResponse.SC_NOT_FOUND,
|
||||
@@ -29,35 +25,31 @@ public class XSS extends HttpServlet {
|
||||
// GOOD: escape HTML characters first
|
||||
response.sendError(HttpServletResponse.SC_NOT_FOUND,
|
||||
"The page \"" + encodeForHtml(request.getParameter("page")) + "\" was not found.");
|
||||
|
||||
|
||||
// GOOD: servlet API encodes the error message HTML for the HTML context
|
||||
response.sendError(HttpServletResponse.SC_NOT_FOUND,
|
||||
"The page \"" + capitalizeName(request.getParameter("page")) + "\" was not found.");
|
||||
|
||||
|
||||
// BAD: outputting the path of the resource
|
||||
response.getWriter().print("The path section of the URL was " + request.getPathInfo()); // $xss
|
||||
|
||||
// BAD: typical XSS, this time written to an OutputStream instead of a Writer
|
||||
// BAD: typical XSS, this time written to an OutputStream instead of a Writer
|
||||
response.getOutputStream().write(request.getPathInfo().getBytes()); // $xss
|
||||
|
||||
// GOOD: sanitizer
|
||||
response.getOutputStream().write(hudson.Util.escape(request.getPathInfo()).getBytes()); // safe
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Replace special characters in the given text such that it can
|
||||
* be inserted into an HTML file and not be interpreted as including
|
||||
* any HTML tags.
|
||||
* Replace special characters in the given text such that it can be inserted into an HTML file
|
||||
* and not be interpreted as including any HTML tags.
|
||||
*/
|
||||
static String encodeForHtml(String text) {
|
||||
// This is just a stub. For an example of a real implementation, see
|
||||
// the OWASP Java Encoder Project.
|
||||
return text.replace("<", "<");
|
||||
}
|
||||
|
||||
|
||||
static String capitalizeName(String text) {
|
||||
return text.replace("foo inc", "Foo, Inc.");
|
||||
}
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.XssQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class XssTest extends InlineExpectationsTest {
|
||||
XssTest() { this = "XssTest" }
|
||||
module XssTest implements TestSig {
|
||||
string getARelevantTag() { result = "xss" }
|
||||
|
||||
override string getARelevantTag() { result = "xss" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "xss" and
|
||||
exists(DataFlow::Node sink | XssFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class XssTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<XssTest>
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/jenkins
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -9,12 +9,10 @@ private class SourceMethodSource extends RemoteFlowSource {
|
||||
override string getSourceType() { result = "source" }
|
||||
}
|
||||
|
||||
class HasFlowTest extends InlineExpectationsTest {
|
||||
HasFlowTest() { this = "HasFlowTest" }
|
||||
module HasFlowTest implements TestSig {
|
||||
string getARelevantTag() { result = "sqlInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "sqlInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "sqlInjection" and
|
||||
exists(DataFlow::Node sink | QueryInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -23,3 +21,5 @@ class HasFlowTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasFlowTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -3,12 +3,10 @@ import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.security.ArbitraryApkInstallationQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasApkInstallationTest extends InlineExpectationsTest {
|
||||
HasApkInstallationTest() { this = "HasApkInstallationTest" }
|
||||
module HasApkInstallationTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasApkInstallation" }
|
||||
|
||||
override string getARelevantTag() { result = "hasApkInstallation" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasApkInstallation" and
|
||||
exists(DataFlow::Node sink | ApkInstallationFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -17,3 +15,5 @@ class HasApkInstallationTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasApkInstallationTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,12 +4,10 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.GroovyInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasGroovyInjectionTest extends InlineExpectationsTest {
|
||||
HasGroovyInjectionTest() { this = "HasGroovyInjectionTest" }
|
||||
module HasGroovyInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasGroovyInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasGroovyInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasGroovyInjection" and
|
||||
exists(DataFlow::Node sink | GroovyInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -18,3 +16,5 @@ class HasGroovyInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasGroovyInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.JexlInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class JexlInjectionTest extends InlineExpectationsTest {
|
||||
JexlInjectionTest() { this = "HasJexlInjectionTest" }
|
||||
module JexlInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasJexlInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasJexlInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasJexlInjection" and
|
||||
exists(DataFlow::Node sink | JexlInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class JexlInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<JexlInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,12 +4,10 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.MvelInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasMvelInjectionTest extends InlineExpectationsTest {
|
||||
HasMvelInjectionTest() { this = "HasMvelInjectionTest" }
|
||||
module HasMvelInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasMvelInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasMvelInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasMvelInjection" and
|
||||
exists(DataFlow::Node sink | MvelInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -18,3 +16,5 @@ class HasMvelInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasMvelInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,12 +4,10 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.SpelInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasSpelInjectionTest extends InlineExpectationsTest {
|
||||
HasSpelInjectionTest() { this = "HasSpelInjectionTest" }
|
||||
module HasSpelInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasSpelInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasSpelInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasSpelInjection" and
|
||||
exists(DataFlow::Node sink | SpelInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -18,3 +16,5 @@ class HasSpelInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasSpelInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.TemplateInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class TemplateInjectionTest extends InlineExpectationsTest {
|
||||
TemplateInjectionTest() { this = "TemplateInjectionTest" }
|
||||
module TemplateInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasTemplateInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasTemplateInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasTemplateInjection" and
|
||||
exists(DataFlow::Node sink | TemplateInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class TemplateInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<TemplateInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -8,10 +8,4 @@ private class TestSource extends RemoteFlowSource {
|
||||
override string getSourceType() { result = "test source" }
|
||||
}
|
||||
|
||||
private class LogInjectionTest extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
LogInjectionFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import TaintFlowTest<LogInjectionConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.StaticInitializationVectorQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class StaticInitializationVectorTest extends InlineExpectationsTest {
|
||||
StaticInitializationVectorTest() { this = "StaticInitializationVectorTest" }
|
||||
module StaticInitializationVectorTest implements TestSig {
|
||||
string getARelevantTag() { result = "staticInitializationVector" }
|
||||
|
||||
override string getARelevantTag() { result = "staticInitializationVector" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "staticInitializationVector" and
|
||||
exists(DataFlow::Node sink | StaticInitializationVectorFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class StaticInitializationVectorTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<StaticInitializationVectorTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.IntentUriPermissionManipulationQuery
|
||||
|
||||
class IntentUriPermissionManipulationTest extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
IntentUriPermissionManipulationFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import TaintFlowTest<IntentUriPermissionManipulationConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.UnsafeCertTrustQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class UnsafeCertTrustTest extends InlineExpectationsTest {
|
||||
UnsafeCertTrustTest() { this = "HasUnsafeCertTrustTest" }
|
||||
module UnsafeCertTrustTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasUnsafeCertTrust" }
|
||||
|
||||
override string getARelevantTag() { result = "hasUnsafeCertTrust" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasUnsafeCertTrust" and
|
||||
exists(Expr unsafeTrust |
|
||||
unsafeTrust instanceof RabbitMQEnableHostnameVerificationNotSet
|
||||
@@ -20,3 +18,5 @@ class UnsafeCertTrustTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<UnsafeCertTrustTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.AndroidCertificatePinningQuery
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "AndroidMissingCertificatePinningTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
missingPinning(node, _) and
|
||||
loc = node.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.AndroidCertificatePinningQuery
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "AndroidMissingCertificatePinningTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
missingPinning(node, _) and
|
||||
loc = node.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.AndroidCertificatePinningQuery
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "AndroidMissingCertificatePinningTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
missingPinning(node, _) and
|
||||
loc = node.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.AndroidCertificatePinningQuery
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "AndroidMissingCertificatePinningTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
missingPinning(node, _) and
|
||||
loc = node.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.AndroidCertificatePinningQuery
|
||||
|
||||
class Test extends InlineExpectationsTest {
|
||||
Test() { this = "AndroidMissingCertificatePinningTest" }
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
|
||||
|
||||
override predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string el, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
missingPinning(node, _) and
|
||||
loc = node.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class Test extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<Test>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.AndroidWebViewCertificateValidationQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class WebViewTest extends InlineExpectationsTest {
|
||||
WebViewTest() { this = "WebViewTest" }
|
||||
module WebViewTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasResult" }
|
||||
|
||||
override string getARelevantTag() { result = "hasResult" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(OnReceivedSslErrorMethod m |
|
||||
trustsAllCerts(m) and
|
||||
location = m.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class WebViewTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<WebViewTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.InsecureTrustManagerQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class InsecureTrustManagerTest extends InlineExpectationsTest {
|
||||
InsecureTrustManagerTest() { this = "InsecureTrustManagerTest" }
|
||||
module InsecureTrustManagerTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasValueFlow" }
|
||||
|
||||
override string getARelevantTag() { result = "hasValueFlow" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasValueFlow" and
|
||||
exists(DataFlow::Node sink | InsecureTrustManagerFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class InsecureTrustManagerTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<InsecureTrustManagerTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.Mail
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class InsecureJavaMailTest extends InlineExpectationsTest {
|
||||
InsecureJavaMailTest() { this = "HasInsecureJavaMailTest" }
|
||||
module InsecureJavaMailTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasInsecureJavaMail" }
|
||||
|
||||
override string getARelevantTag() { result = "hasInsecureJavaMail" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasInsecureJavaMail" and
|
||||
exists(MethodAccess ma |
|
||||
ma.getLocation() = location and
|
||||
@@ -22,3 +20,5 @@ class InsecureJavaMailTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<InsecureJavaMailTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class CleartextStorageAndroidDatabaseTest extends InlineExpectationsTest {
|
||||
CleartextStorageAndroidDatabaseTest() { this = "CleartextStorageAndroidDatabaseTest" }
|
||||
module CleartextStorageAndroidDatabaseTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasCleartextStorageAndroidDatabase" }
|
||||
|
||||
override string getARelevantTag() { result = "hasCleartextStorageAndroidDatabase" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasCleartextStorageAndroidDatabase" and
|
||||
exists(SensitiveSource data, LocalDatabaseOpenMethodAccess s, Expr input, Expr store |
|
||||
input = s.getAnInput() and
|
||||
@@ -20,3 +18,5 @@ class CleartextStorageAndroidDatabaseTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<CleartextStorageAndroidDatabaseTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class CleartextStorageAndroidFilesystemTest extends InlineExpectationsTest {
|
||||
CleartextStorageAndroidFilesystemTest() { this = "CleartextStorageAndroidFilesystemTest" }
|
||||
module CleartextStorageAndroidFilesystemTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasCleartextStorageAndroidFilesystem" }
|
||||
|
||||
override string getARelevantTag() { result = "hasCleartextStorageAndroidFilesystem" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasCleartextStorageAndroidFilesystem" and
|
||||
exists(SensitiveSource data, LocalFileOpenCall s, Expr input, Expr store |
|
||||
input = s.getAnInput() and
|
||||
@@ -20,3 +18,5 @@ class CleartextStorageAndroidFilesystemTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<CleartextStorageAndroidFilesystemTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.CleartextStorageSharedPrefsQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class CleartextStorageSharedPrefsTest extends InlineExpectationsTest {
|
||||
CleartextStorageSharedPrefsTest() { this = "CleartextStorageSharedPrefsTest" }
|
||||
module CleartextStorageSharedPrefsTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasCleartextStorageSharedPrefs" }
|
||||
|
||||
override string getARelevantTag() { result = "hasCleartextStorageSharedPrefs" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasCleartextStorageSharedPrefs" and
|
||||
exists(SensitiveSource data, SharedPreferencesEditorMethodAccess s, Expr input, Expr store |
|
||||
input = s.getAnInput() and
|
||||
@@ -20,3 +18,5 @@ class CleartextStorageSharedPrefsTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<CleartextStorageSharedPrefsTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.InsufficientKeySizeQuery
|
||||
|
||||
class InsufficientKeySizeTest extends InlineExpectationsTest {
|
||||
InsufficientKeySizeTest() { this = "InsufficientKeySize" }
|
||||
module InsufficientKeySizeTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasInsufficientKeySize" }
|
||||
|
||||
override string getARelevantTag() { result = "hasInsufficientKeySize" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasInsufficientKeySize" and
|
||||
exists(KeySizeFlow::PathNode sink | KeySizeFlow::flowPath(_, sink) |
|
||||
sink.getNode().getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class InsufficientKeySizeTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<InsufficientKeySizeTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.MissingJWTSignatureCheckQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasMissingJwtSignatureCheckTest extends InlineExpectationsTest {
|
||||
HasMissingJwtSignatureCheckTest() { this = "HasMissingJwtSignatureCheckTest" }
|
||||
module HasMissingJwtSignatureCheckTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasMissingJwtSignatureCheck" }
|
||||
|
||||
override string getARelevantTag() { result = "hasMissingJwtSignatureCheck" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasMissingJwtSignatureCheck" and
|
||||
exists(DataFlow::Node sink | MissingJwtSignatureCheckFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class HasMissingJwtSignatureCheckTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasMissingJwtSignatureCheckTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.UnsafeContentUriResolutionQuery
|
||||
|
||||
class Test extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
UnsafeContentResolutionFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import TaintFlowTest<UnsafeContentResolutionConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.FragmentInjection
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class FragmentInjectionInPreferenceActivityTest extends InlineExpectationsTest {
|
||||
FragmentInjectionInPreferenceActivityTest() { this = "FragmentInjectionInPreferenceActivityTest" }
|
||||
module FragmentInjectionInPreferenceActivityTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasPreferenceFragmentInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasPreferenceFragmentInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasPreferenceFragmentInjection" and
|
||||
exists(IsValidFragmentMethod isValidFragment | isValidFragment.isUnsafe() |
|
||||
isValidFragment.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class FragmentInjectionInPreferenceActivityTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<FragmentInjectionInPreferenceActivityTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import semmle.code.java.security.FragmentInjectionQuery
|
||||
import TestUtilities.InlineFlowTest
|
||||
|
||||
class Test extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
FragmentInjectionTaintFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import TaintFlowTest<FragmentInjectionTaintConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.xml.AndroidManifest
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class DebuggableAttributeEnabledTest extends InlineExpectationsTest {
|
||||
DebuggableAttributeEnabledTest() { this = "DebuggableAttributeEnabledTest" }
|
||||
module DebuggableAttributeEnabledTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasDebuggableAttributeEnabled" }
|
||||
|
||||
override string getARelevantTag() { result = "hasDebuggableAttributeEnabled" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasDebuggableAttributeEnabled" and
|
||||
exists(AndroidApplicationXmlElement androidAppElem |
|
||||
androidAppElem.isDebuggable() and
|
||||
@@ -19,3 +17,5 @@ class DebuggableAttributeEnabledTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<DebuggableAttributeEnabledTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.WebviewDebuggingEnabledQuery
|
||||
|
||||
class HasFlowTest extends InlineFlowTest {
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
WebviewDebugEnabledFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import ValueFlowTest<WebviewDebugEnabledConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.UnsafeDeserializationQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class UnsafeDeserializationTest extends InlineExpectationsTest {
|
||||
UnsafeDeserializationTest() { this = "UnsafeDeserializationTest" }
|
||||
module UnsafeDeserializationTest implements TestSig {
|
||||
string getARelevantTag() { result = "unsafeDeserialization" }
|
||||
|
||||
override string getARelevantTag() { result = "unsafeDeserialization" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "unsafeDeserialization" and
|
||||
exists(DataFlow::Node sink | UnsafeDeserializationFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class UnsafeDeserializationTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<UnsafeDeserializationTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.InsecureBasicAuthQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasInsecureBasicAuthTest extends InlineExpectationsTest {
|
||||
HasInsecureBasicAuthTest() { this = "HasInsecureBasicAuthTest" }
|
||||
module HasInsecureBasicAuthTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasInsecureBasicAuth" }
|
||||
|
||||
override string getARelevantTag() { result = "hasInsecureBasicAuth" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasInsecureBasicAuth" and
|
||||
exists(DataFlow::Node sink | InsecureBasicAuthFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class HasInsecureBasicAuthTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasInsecureBasicAuthTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.InsecureLdapAuthQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class InsecureLdapAuthenticationTest extends InlineExpectationsTest {
|
||||
InsecureLdapAuthenticationTest() { this = "InsecureLdapAuthentication" }
|
||||
module InsecureLdapAuthenticationTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasInsecureLdapAuth" }
|
||||
|
||||
override string getARelevantTag() { result = "hasInsecureLdapAuth" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasInsecureLdapAuth" and
|
||||
exists(DataFlow::Node sink | InsecureLdapUrlFlow::flowTo(sink) |
|
||||
BasicAuthFlow::flowTo(sink) and
|
||||
@@ -18,3 +16,5 @@ class InsecureLdapAuthenticationTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<InsecureLdapAuthenticationTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.SensitiveKeyboardCacheQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
|
||||
SensitiveKeyboardCacheTest() { this = "SensitiveKeyboardCacheTest" }
|
||||
module SensitiveKeyboardCacheTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasResult" }
|
||||
|
||||
override string getARelevantTag() { result = "hasResult" }
|
||||
|
||||
override predicate hasActualResult(Location loc, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location loc, string element, string tag, string value) {
|
||||
exists(AndroidEditableXmlElement el |
|
||||
el = getASensitiveCachedInput() and
|
||||
loc = el.getLocation() and
|
||||
@@ -17,3 +15,5 @@ class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<SensitiveKeyboardCacheTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.SensitiveLoggingQuery
|
||||
|
||||
class HasFlowTest extends InlineFlowTest {
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
SensitiveLoggerFlow::flow(src, sink)
|
||||
}
|
||||
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
}
|
||||
import TaintFlowTest<SensitiveLoggerConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,11 +1,4 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.XxeRemoteQuery
|
||||
|
||||
class HasFlowTest extends InlineFlowTest {
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
XxeFlow::flow(src, sink)
|
||||
}
|
||||
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
}
|
||||
import TaintFlowTest<XxeConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -3,12 +3,10 @@ import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.security.XPathInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HasXPathInjectionTest extends InlineExpectationsTest {
|
||||
HasXPathInjectionTest() { this = "HasXPathInjectionTest" }
|
||||
module HasXPathInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasXPathInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasXPathInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasXPathInjection" and
|
||||
exists(DataFlow::Node sink | XPathInjectionFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -17,3 +15,5 @@ class HasXPathInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasXPathInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.regexp.PolynomialReDoSQuery
|
||||
|
||||
class HasPolyRedos extends InlineExpectationsTest {
|
||||
HasPolyRedos() { this = "HasPolyRedos" }
|
||||
module HasPolyRedos implements TestSig {
|
||||
string getARelevantTag() { result = "hasPolyRedos" }
|
||||
|
||||
override string getARelevantTag() { result = "hasPolyRedos" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasPolyRedos" and
|
||||
exists(DataFlow::Node sink |
|
||||
PolynomialRedosFlow::flowTo(sink) and
|
||||
@@ -16,3 +14,5 @@ class HasPolyRedos extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasPolyRedos>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -4,12 +4,10 @@ private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
|
||||
import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as ExponentialBackTracking
|
||||
import semmle.code.java.regex.regex
|
||||
|
||||
class HasExpRedos extends InlineExpectationsTest {
|
||||
HasExpRedos() { this = "HasExpRedos" }
|
||||
module HasExpRedos implements TestSig {
|
||||
string getARelevantTag() { result = ["hasExpRedos", "hasParseFailure"] }
|
||||
|
||||
override string getARelevantTag() { result = ["hasExpRedos", "hasParseFailure"] }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasExpRedos" and
|
||||
exists(TreeView::RegExpTerm t |
|
||||
ExponentialBackTracking::hasReDoSResult(t, _, _, _) and
|
||||
@@ -28,3 +26,5 @@ class HasExpRedos extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HasExpRedos>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import semmle.code.java.security.regexp.RegexInjectionQuery
|
||||
|
||||
class RegexInjectionTest extends InlineExpectationsTest {
|
||||
RegexInjectionTest() { this = "RegexInjectionTest" }
|
||||
module RegexInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasRegexInjection" }
|
||||
|
||||
override string getARelevantTag() { result = "hasRegexInjection" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasRegexInjection" and
|
||||
exists(RegexInjectionFlow::PathNode sink | RegexInjectionFlow::flowPath(_, sink) |
|
||||
location = sink.getNode().getLocation() and
|
||||
@@ -16,3 +14,5 @@ class RegexInjectionTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<RegexInjectionTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.UnsafeAndroidAccessQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class UnsafeAndroidAccessTest extends InlineExpectationsTest {
|
||||
UnsafeAndroidAccessTest() { this = "HasUnsafeAndroidAccess" }
|
||||
module UnsafeAndroidAccessTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasUnsafeAndroidAccess" }
|
||||
|
||||
override string getARelevantTag() { result = "hasUnsafeAndroidAccess" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasUnsafeAndroidAccess" and
|
||||
exists(DataFlow::Node sink | FetchUntrustedResourceFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class UnsafeAndroidAccessTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<UnsafeAndroidAccessTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,11 +2,4 @@ import java
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import TestUtilities.InlineFlowTest
|
||||
import semmle.code.java.security.RsaWithoutOaepQuery
|
||||
|
||||
class HasFlowTest extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
RsaWithoutOaepFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
import TaintFlowTest<RsaWithoutOaepConfig>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.HardcodedCredentialsApiCallQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HardcodedCredentialsApiCallTest extends InlineExpectationsTest {
|
||||
HardcodedCredentialsApiCallTest() { this = "HardcodedCredentialsApiCallTest" }
|
||||
module HardcodedCredentialsApiCallTest implements TestSig {
|
||||
string getARelevantTag() { result = "HardcodedCredentialsApiCall" }
|
||||
|
||||
override string getARelevantTag() { result = "HardcodedCredentialsApiCall" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "HardcodedCredentialsApiCall" and
|
||||
exists(DataFlow::Node sink | HardcodedCredentialApiCallFlow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class HardcodedCredentialsApiCallTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HardcodedCredentialsApiCallTest>
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
failures
|
||||
testFailures
|
||||
|
||||
@@ -2,12 +2,10 @@ import java
|
||||
import semmle.code.java.security.HardcodedCredentialsComparison
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class HardcodedCredentialsComparisonTest extends InlineExpectationsTest {
|
||||
HardcodedCredentialsComparisonTest() { this = "HardcodedCredentialsComparisonTest" }
|
||||
module HardcodedCredentialsComparisonTest implements TestSig {
|
||||
string getARelevantTag() { result = "HardcodedCredentialsComparison" }
|
||||
|
||||
override string getARelevantTag() { result = "HardcodedCredentialsComparison" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "HardcodedCredentialsComparison" and
|
||||
exists(Expr sink | isHardcodedCredentialsComparison(sink, _, _) |
|
||||
sink.getLocation() = location and
|
||||
@@ -16,3 +14,5 @@ class HardcodedCredentialsComparisonTest extends InlineExpectationsTest {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<HardcodedCredentialsComparisonTest>
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user