mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Add tests
This commit is contained in:
Tony Torralba
committed by
Stephan Brandauer
Stephan Brandauer
parent
eef3dc81df
commit
8065714ebe
@@ -0,0 +1,32 @@
|
||||
package generatedtest;
|
||||
|
||||
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
|
||||
|
||||
// Test case generated by GenerateFlowTestCase.ql
|
||||
public class Test {
|
||||
|
||||
Object source() {
|
||||
return null;
|
||||
}
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
public void test() throws Exception {
|
||||
{
|
||||
// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;TarArchiveEntry;(String);;Argument[0];Argument[-1];taint;ai-generated"
|
||||
TarArchiveEntry out = null;
|
||||
String in = (String) source();
|
||||
out = new TarArchiveEntry(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;TarArchiveEntry;(String,boolean);;Argument[0];Argument[-1];taint;ai-generated"
|
||||
TarArchiveEntry out = null;
|
||||
String in = (String) source();
|
||||
out = new TarArchiveEntry(in, false);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-compress
|
||||
@@ -0,0 +1,2 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
@@ -0,0 +1,71 @@
|
||||
package generatedtest;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.List;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.apache.http.client.utils.URLEncodedUtils;
|
||||
|
||||
// Test case generated by GenerateFlowTestCase.ql
|
||||
public class Test {
|
||||
|
||||
<T> T getElement(Iterable<T> it) { return it.iterator().next(); }
|
||||
Object getURIBuilder_pathDefault(Object container) { return null; }
|
||||
Object source() { return null; }
|
||||
void sink(Object o) { }
|
||||
|
||||
public void test() throws Exception {
|
||||
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(String);;Argument[0];Argument[-1];taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
String in = (String)source();
|
||||
out = new URIBuilder(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(URI);;Argument[0];Argument[-1];taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
URI in = (URI)source();
|
||||
out = new URIBuilder(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];Argument[-1];taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
String in = (String)source();
|
||||
out.setHost(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];ReturnValue;taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
String in = (String)source();
|
||||
URIBuilder instance = null;
|
||||
out = instance.setHost(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;setPath;(String);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
String in = (String)source();
|
||||
out.setPath(in);
|
||||
sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URIBuilder;true;setPathSegments;(List);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
|
||||
URIBuilder out = null;
|
||||
List in = (List)source();
|
||||
out.setPathSegments(in);
|
||||
sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.apache.http.client.utils;URLEncodedUtils;true;parse;(URI,String);;Argument[0];ReturnValue.Element;taint;ai-generated"
|
||||
List out = null;
|
||||
URI in = (URI)source();
|
||||
out = URLEncodedUtils.parse(in, (String)null);
|
||||
sink(getElement(out)); // $ hasTaintFlow
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-tests
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["generatedtest", "Test", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "value", "manual"]
|
||||
@@ -0,0 +1,2 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
@@ -101,9 +101,4 @@ class Test {
|
||||
new File(new URI(null, null, null, 0, t, null, null));
|
||||
}
|
||||
|
||||
void doGet6(InetAddress address) throws IOException {
|
||||
String t = address.getHostName();
|
||||
// BAD: accessing local resource with user input
|
||||
getClass().getModule().getResourceAsStream(t);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileReader;
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.URL;
|
||||
import org.codehaus.cargo.container.installer.ZipURLInstaller;
|
||||
|
||||
public class Test {
|
||||
|
||||
void test(InetAddress address) throws IOException {
|
||||
String t = address.getHostName();
|
||||
// "java.lang;Module;true;getResourceAsStream;(String);;Argument[0];read-file;ai-generated"
|
||||
getClass().getModule().getResourceAsStream(t);
|
||||
// "java.lang;Class;false;getResource;(String);;Argument[0];read-file;ai-generated"
|
||||
getClass().getResource(t);
|
||||
// "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
|
||||
ClassLoader.getSystemResource(t);
|
||||
// "java.io;File;true;createTempFile;(String,String,File);;Argument[2];create-file;ai-generated"
|
||||
File.createTempFile(";", t);
|
||||
// "java.io;File;true;renameTo;(File);;Argument[0];create-file;ai-generated"
|
||||
new File("").renameTo((File) t);
|
||||
// "java.io;FileInputStream;true;FileInputStream;(File);;Argument[0];read-file;ai-generated"
|
||||
new FileInputStream((File) t);
|
||||
// "java.io;FileReader;true;FileReader;(File);;Argument[0];read-file;ai-generated"
|
||||
new FileReader((File) t);
|
||||
// "java.io;FileReader;true;FileReader;(String);;Argument[0];read-file;ai-generated"
|
||||
new FileReader(t);
|
||||
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[1];create-file;ai-generated"
|
||||
new ZipURLInstaller((URL) null, t, "");
|
||||
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[2];create-file;ai-generated"
|
||||
new ZipURLInstaller((URL) null, "", t);
|
||||
}
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
import org.apache.hadoop.hive.metastore.api.ColumnStatistics;
|
||||
import org.apache.hadoop.hive.metastore.api.DefaultConstraintsRequest;
|
||||
import org.apache.hadoop.hive.metastore.ObjectStore;
|
||||
import org.apache.hive.hcatalog.templeton.ColumnDesc;
|
||||
import org.apache.hive.hcatalog.templeton.HcatDelegator;
|
||||
import java.util.List;
|
||||
|
||||
public class Hive {
|
||||
|
||||
public static Object source() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public void test(ObjectStore objStore, HcatDelegator hcatDel) throws Exception {
|
||||
{
|
||||
String taint = (String) source();
|
||||
new DefaultConstraintsRequest("", taint, ""); // $ sqlInjection
|
||||
}
|
||||
{
|
||||
ColumnStatistics taint = (ColumnStatistics) source();
|
||||
//objStore.updatePartitionColumnStatistics(taint, (List<String>) null, (String) null, 0L); // $ sqlInjection
|
||||
objStore.updatePartitionColumnStatistics(taint, (List<String>) null); // $ sqlInjection
|
||||
}
|
||||
{
|
||||
ColumnDesc taint = (ColumnDesc) source();
|
||||
hcatDel.addOneColumn(null, null, null, taint); // $ sqlInjection
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
import java.sql.DatabaseMetaData;
|
||||
|
||||
public class Test {
|
||||
public static Object source() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public void test(DatabaseMetaData dmd) {
|
||||
String taint = (String) source();
|
||||
// java.sql;DatabaseMetaData;true;getColumns;(String,String,String,String);;Argument[2];sql;ai-generated
|
||||
dmd.getCoolumns("", "", taint, ""); // $ sqlInjection
|
||||
// java.sql;DatabaseMetaData;true;getPrimaryKeys;(String,String,String);;Argument[2];sql;ai-generated
|
||||
dmd.getPrimaryKeys("", "", taint); // $ sqlInjection
|
||||
}
|
||||
|
||||
public void test(ObjectStore objStore, HcatDelegator hcatDel) throws Exception {
|
||||
{
|
||||
String taint = (String) source();
|
||||
// "org.apache.hadoop.hive.metastore.api;DefaultConstraintsRequest;true;DefaultConstraintsRequest;(String,String,String);;Argument[1];sql;ai-generated"
|
||||
new DefaultConstraintsRequest("", taint, ""); // $ sqlInjection
|
||||
}
|
||||
{
|
||||
ColumnStatistics taint = (ColumnStatistics) source();
|
||||
// "org.apache.hadoop.hive.metastore;ObjectStore;true;updatePartitionColumnStatistics;(ColumnStatistics,List,String,long);;Argument[0];sql;ai-generated"
|
||||
// @formatter:off
|
||||
// objStore.updatePartitionColumnStatistics(taint, (List<String>) null, (String) null, 0L); // $ sqlInjection
|
||||
// @formatter:on
|
||||
// "org.apache.hadoop.hive.metastore;ObjectStore;true;updatePartitionColumnStatistics;(ColumnStatistics,List);;Argument[0];sql;ai-generated"
|
||||
objStore.updatePartitionColumnStatistics(taint, (List<String>) null); // $ sqlInjection
|
||||
}
|
||||
{
|
||||
ColumnDesc taint = (ColumnDesc) source();
|
||||
// "org.apache.hive.hcatalog.templeton;HcatDelegator;true;addOneColumn;(String,String,String,ColumnDesc);;Argument[3];sql;ai-generated"
|
||||
hcatDel.addOneColumn(null, null, null, taint); // $ sqlInjection
|
||||
}
|
||||
}
|
||||
}
|
||||
22
java/ql/test/query-tests/security/CWE-918/mad/Test.java
Normal file
22
java/ql/test/query-tests/security/CWE-918/mad/Test.java
Normal file
@@ -0,0 +1,22 @@
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javafx.scene.web.WebEngine;
|
||||
import org.codehaus.cargo.container.installer.ZipURLInstaller;
|
||||
|
||||
public class Test {
|
||||
|
||||
public static Object source(HttpServletRequest request) {
|
||||
return request.getParameter(null);
|
||||
}
|
||||
|
||||
public void test(WebEngine webEngine) {
|
||||
String taint = source(null);
|
||||
// "javafx.scene.web;WebEngine;false;load;(String);;Argument[0];open-url;ai-generated"
|
||||
webEngine.load(taint); // $ SSRF
|
||||
}
|
||||
|
||||
public void test() {
|
||||
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[0];open-url:ai-generated"
|
||||
new ZipURLInstaller((URL) source(), "", ""); // $ SSRF
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user