hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage

Browse Source 
Java: Add more sinks to the Insecure Randomness query
This commit is contained in:
Tony Torralba
2024-01-08 15:33:03 +01:00
committed by GitHub
parent 6636c76af8 66b54f03b7
commit 7e6f2d1fc5
12 changed files with 179 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/test/query-tests/security/CWE-330/WeakRandomCookies.java → java/ql/test/query-tests/security/CWE-330/InsecureRandomCookies.java
View File

@@ -10,7 +10,7 @@ import javax.servlet.http.Cookie;
import org.apache.commons.lang3.RandomStringUtils;
import org.owasp.esapi.Encoder;
public class WeakRandomCookies extends HttpServlet {
public class InsecureRandomCookies extends HttpServlet {
HttpServletResponse response;
public void doGet() {
@@ -19,6 +19,14 @@ public class WeakRandomCookies extends HttpServlet {
int c = r.nextInt();
// BAD: The cookie value may be predictable.
Cookie cookie = new Cookie("name", Integer.toString(c)); // $hasWeakRandomFlow
cookie.setValue(Integer.toString(c)); // $hasWeakRandomFlow
io.netty.handler.codec.http.Cookie nettyCookie =
new io.netty.handler.codec.http.DefaultCookie("name", Integer.toString(c)); // $hasWeakRandomFlow
nettyCookie.setValue(Integer.toString(c)); // $hasWeakRandomFlow
io.netty.handler.codec.http.cookie.Cookie nettyCookie2 =
new io.netty.handler.codec.http.cookie.DefaultCookie("name", Integer.toString(c)); // $hasWeakRandomFlow
nettyCookie2.setValue(Integer.toString(c)); // $hasWeakRandomFlow
Encoder enc = null;
int c2 = r.nextInt();
@@ -36,8 +44,8 @@ public class WeakRandomCookies extends HttpServlet {
byte[] bytes2 = new byte[16];
sr.nextBytes(bytes2);
// GOOD: The cookie value is unpredictable.
Cookie cookie4 = new Cookie("name", new String(bytes2));
Cookie cookie4 = new Cookie("name", new String(bytes2));
ThreadLocalRandom tlr = ThreadLocalRandom.current();
Cookie cookie5 = new Cookie("name", Integer.toString(tlr.nextInt())); // $hasWeakRandomFlow

2
java/ql/test/query-tests/security/CWE-330/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/apache-commons-lang3-3.7:${testdir}/../../../stubs/esapi-2.0.1
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/apache-commons-lang3-3.7:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/netty-4.1.x

6
java/ql/test/stubs/netty-4.1.x/io/netty/handler/codec/http/Cookie.java generated Normal file
View File

@@ -0,0 +1,6 @@
// Generated automatically from io.netty.handler.codec.http.cookie.Cookie for testing purposes
package io.netty.handler.codec.http;
public interface Cookie extends io.netty.handler.codec.http.cookie.Cookie {
}

9
java/ql/test/stubs/netty-4.1.x/io/netty/handler/codec/http/DefaultCookie.java generated Normal file
View File

@@ -0,0 +1,9 @@
// Generated automatically from io.netty.handler.codec.http.cookie.DefaultCookie for testing
// purposes
package io.netty.handler.codec.http;
public class DefaultCookie extends io.netty.handler.codec.http.cookie.DefaultCookie
implements Cookie {
public DefaultCookie(String p0, String p1) {}
}