hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert InsecureRandomness test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 16:36:43 +02:00
parent 288a938814
commit 85c2f72892
4 changed files with 93 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
java/ql/test/query-tests/security/CWE-330/InsecureRandomCookies.java
View File

@@ -16,28 +16,28 @@ public class InsecureRandomCookies extends HttpServlet {
public void doGet() {
Random r = new Random();
int c = r.nextInt();
int c = r.nextInt(); // $ Source
// BAD: The cookie value may be predictable.
Cookie cookie = new Cookie("name", Integer.toString(c)); // $hasWeakRandomFlow
cookie.setValue(Integer.toString(c)); // $hasWeakRandomFlow
Cookie cookie = new Cookie("name", Integer.toString(c)); // $ Alert
cookie.setValue(Integer.toString(c)); // $ Alert
io.netty.handler.codec.http.Cookie nettyCookie =
new io.netty.handler.codec.http.DefaultCookie("name", Integer.toString(c)); // $hasWeakRandomFlow
nettyCookie.setValue(Integer.toString(c)); // $hasWeakRandomFlow
new io.netty.handler.codec.http.DefaultCookie("name", Integer.toString(c)); // $ Alert
nettyCookie.setValue(Integer.toString(c)); // $ Alert
io.netty.handler.codec.http.cookie.Cookie nettyCookie2 =
new io.netty.handler.codec.http.cookie.DefaultCookie("name", Integer.toString(c)); // $hasWeakRandomFlow
nettyCookie2.setValue(Integer.toString(c)); // $hasWeakRandomFlow
new io.netty.handler.codec.http.cookie.DefaultCookie("name", Integer.toString(c)); // $ Alert
nettyCookie2.setValue(Integer.toString(c)); // $ Alert
Encoder enc = null;
int c2 = r.nextInt();
int c2 = r.nextInt(); // $ Source
String value = enc.encodeForHTML(Integer.toString(c2));
// BAD: The cookie value may be predictable.
Cookie cookie2 = new Cookie("name", value); // $hasWeakRandomFlow
Cookie cookie2 = new Cookie("name", value); // $ Alert
byte[] bytes = new byte[16];
r.nextBytes(bytes);
r.nextBytes(bytes); // $ Source
// BAD: The cookie value may be predictable.
Cookie cookie3 = new Cookie("name", new String(bytes)); // $hasWeakRandomFlow
Cookie cookie3 = new Cookie("name", new String(bytes)); // $ Alert
SecureRandom sr = new SecureRandom();
@@ -48,22 +48,22 @@ public class InsecureRandomCookies extends HttpServlet {
ThreadLocalRandom tlr = ThreadLocalRandom.current();
Cookie cookie5 = new Cookie("name", Integer.toString(tlr.nextInt())); // $hasWeakRandomFlow
Cookie cookie5 = new Cookie("name", Integer.toString(tlr.nextInt())); // $ Alert
Cookie cookie6 = new Cookie("name", RandomStringUtils.random(10)); // $hasWeakRandomFlow
Cookie cookie6 = new Cookie("name", RandomStringUtils.random(10)); // $ Alert
Cookie cookie7 = new Cookie("name", RandomStringUtils.randomAscii(10)); // $hasWeakRandomFlow
Cookie cookie7 = new Cookie("name", RandomStringUtils.randomAscii(10)); // $ Alert
long c3 = r.nextLong();
long c3 = r.nextLong(); // $ Source
// BAD: The cookie value may be predictable.
Cookie cookie8 = new Cookie("name", Long.toString(c3 * 5)); // $hasWeakRandomFlow
Cookie cookie8 = new Cookie("name", Long.toString(c3 * 5)); // $ Alert
double c4 = Math.random();
double c4 = Math.random(); // $ Source
// BAD: The cookie value may be predictable.
Cookie cookie9 = new Cookie("name", Double.toString(c4)); // $hasWeakRandomFlow
Cookie cookie9 = new Cookie("name", Double.toString(c4)); // $ Alert
double c5 = Math.random();
double c5 = Math.random(); // $ Source
// BAD: The cookie value may be predictable.
Cookie cookie10 = new Cookie("name", Double.toString(++c5)); // $hasWeakRandomFlow
Cookie cookie10 = new Cookie("name", Double.toString(++c5)); // $ Alert
}
}

69
java/ql/test/query-tests/security/CWE-330/InsecureRandomnessTest.expected
View File

@@ -0,0 +1,69 @@
#select
| InsecureRandomCookies.java:21:44:21:62 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:21:44:21:62 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:22:25:22:43 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:22:25:22:43 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:25:71:25:89 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:25:71:25:89 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:26:30:26:48 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:26:30:26:48 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:28:78:28:96 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:28:78:28:96 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:29:31:29:49 | toString(...) | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:29:31:29:49 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:19:17:19:27 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:35:45:35:49 | value | InsecureRandomCookies.java:32:18:32:28 | nextInt(...) : Number | InsecureRandomCookies.java:35:45:35:49 | value | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:32:18:32:28 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:40:45:40:61 | new String(...) | InsecureRandomCookies.java:38:21:38:25 | bytes : byte[] | InsecureRandomCookies.java:40:45:40:61 | new String(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:38:21:38:25 | bytes | Insecure randomness source. |
| InsecureRandomCookies.java:51:45:51:75 | toString(...) | InsecureRandomCookies.java:51:62:51:74 | nextInt(...) : Number | InsecureRandomCookies.java:51:45:51:75 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:51:62:51:74 | nextInt(...) | Insecure randomness source. |
| InsecureRandomCookies.java:53:45:53:72 | random(...) | InsecureRandomCookies.java:53:45:53:72 | random(...) | InsecureRandomCookies.java:53:45:53:72 | random(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:53:45:53:72 | random(...) | Insecure randomness source. |
| InsecureRandomCookies.java:55:45:55:77 | randomAscii(...) | InsecureRandomCookies.java:55:45:55:77 | randomAscii(...) | InsecureRandomCookies.java:55:45:55:77 | randomAscii(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:55:45:55:77 | randomAscii(...) | Insecure randomness source. |
| InsecureRandomCookies.java:59:45:59:65 | toString(...) | InsecureRandomCookies.java:57:19:57:30 | nextLong(...) : Number | InsecureRandomCookies.java:59:45:59:65 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:57:19:57:30 | nextLong(...) | Insecure randomness source. |
| InsecureRandomCookies.java:63:45:63:63 | toString(...) | InsecureRandomCookies.java:61:21:61:33 | random(...) : Number | InsecureRandomCookies.java:63:45:63:63 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:61:21:61:33 | random(...) | Insecure randomness source. |
| InsecureRandomCookies.java:67:46:67:66 | toString(...) | InsecureRandomCookies.java:65:21:65:33 | random(...) : Number | InsecureRandomCookies.java:67:46:67:66 | toString(...) | Potential Insecure randomness due to a $@. | InsecureRandomCookies.java:65:21:65:33 | random(...) | Insecure randomness source. |
edges
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:21:44:21:62 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:22:25:22:43 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:25:71:25:89 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:26:30:26:48 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:28:78:28:96 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | InsecureRandomCookies.java:29:31:29:49 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:32:18:32:28 | nextInt(...) : Number | InsecureRandomCookies.java:33:42:33:61 | toString(...) : String | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:33:24:33:62 | encodeForHTML(...) : String | InsecureRandomCookies.java:35:45:35:49 | value | provenance | |
| InsecureRandomCookies.java:33:42:33:61 | toString(...) : String | InsecureRandomCookies.java:33:24:33:62 | encodeForHTML(...) : String | provenance | Config |
| InsecureRandomCookies.java:33:42:33:61 | toString(...) : String | InsecureRandomCookies.java:33:24:33:62 | encodeForHTML(...) : String | provenance | MaD:2 |
| InsecureRandomCookies.java:38:21:38:25 | bytes : byte[] | InsecureRandomCookies.java:40:56:40:60 | bytes : byte[] | provenance | |
| InsecureRandomCookies.java:40:56:40:60 | bytes : byte[] | InsecureRandomCookies.java:40:45:40:61 | new String(...) | provenance | MaD:1 |
| InsecureRandomCookies.java:51:62:51:74 | nextInt(...) : Number | InsecureRandomCookies.java:51:45:51:75 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:57:19:57:30 | nextLong(...) : Number | InsecureRandomCookies.java:59:59:59:60 | c3 : Number | provenance | |
| InsecureRandomCookies.java:59:59:59:60 | c3 : Number | InsecureRandomCookies.java:59:59:59:64 | ... * ... : Number | provenance | Config |
| InsecureRandomCookies.java:59:59:59:64 | ... * ... : Number | InsecureRandomCookies.java:59:45:59:65 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:61:21:61:33 | random(...) : Number | InsecureRandomCookies.java:63:45:63:63 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:65:21:65:33 | random(...) : Number | InsecureRandomCookies.java:67:64:67:65 | c5 : Number | provenance | |
| InsecureRandomCookies.java:67:62:67:65 | ++... : Number | InsecureRandomCookies.java:67:46:67:66 | toString(...) | provenance | TaintPreservingCallable |
| InsecureRandomCookies.java:67:64:67:65 | c5 : Number | InsecureRandomCookies.java:67:62:67:65 | ++... : Number | provenance | Config |
models
| 1 | Summary: java.lang; String; false; String; ; ; Argument[0]; Argument[this]; taint; manual |
| 2 | Summary: org.owasp.esapi; Encoder; true; encodeForHTML; (String); ; Argument[0]; ReturnValue; taint; manual |
nodes
| InsecureRandomCookies.java:19:17:19:27 | nextInt(...) : Number | semmle.label | nextInt(...) : Number |
| InsecureRandomCookies.java:21:44:21:62 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:22:25:22:43 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:25:71:25:89 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:26:30:26:48 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:28:78:28:96 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:29:31:29:49 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:32:18:32:28 | nextInt(...) : Number | semmle.label | nextInt(...) : Number |
| InsecureRandomCookies.java:33:24:33:62 | encodeForHTML(...) : String | semmle.label | encodeForHTML(...) : String |
| InsecureRandomCookies.java:33:42:33:61 | toString(...) : String | semmle.label | toString(...) : String |
| InsecureRandomCookies.java:35:45:35:49 | value | semmle.label | value |
| InsecureRandomCookies.java:38:21:38:25 | bytes : byte[] | semmle.label | bytes : byte[] |
| InsecureRandomCookies.java:40:45:40:61 | new String(...) | semmle.label | new String(...) |
| InsecureRandomCookies.java:40:56:40:60 | bytes : byte[] | semmle.label | bytes : byte[] |
| InsecureRandomCookies.java:51:45:51:75 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:51:62:51:74 | nextInt(...) : Number | semmle.label | nextInt(...) : Number |
| InsecureRandomCookies.java:53:45:53:72 | random(...) | semmle.label | random(...) |
| InsecureRandomCookies.java:55:45:55:77 | randomAscii(...) | semmle.label | randomAscii(...) |
| InsecureRandomCookies.java:57:19:57:30 | nextLong(...) : Number | semmle.label | nextLong(...) : Number |
| InsecureRandomCookies.java:59:45:59:65 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:59:59:59:60 | c3 : Number | semmle.label | c3 : Number |
| InsecureRandomCookies.java:59:59:59:64 | ... * ... : Number | semmle.label | ... * ... : Number |
| InsecureRandomCookies.java:61:21:61:33 | random(...) : Number | semmle.label | random(...) : Number |
| InsecureRandomCookies.java:63:45:63:63 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:65:21:65:33 | random(...) : Number | semmle.label | random(...) : Number |
| InsecureRandomCookies.java:67:46:67:66 | toString(...) | semmle.label | toString(...) |
| InsecureRandomCookies.java:67:62:67:65 | ++... : Number | semmle.label | ++... : Number |
| InsecureRandomCookies.java:67:64:67:65 | c5 : Number | semmle.label | c5 : Number |
subpaths

19
java/ql/test/query-tests/security/CWE-330/InsecureRandomnessTest.ql
View File

@@ -1,19 +0,0 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.InsecureRandomnessQuery
import utils.test.InlineExpectationsTest
module WeakRandomTest implements TestSig {
string getARelevantTag() { result = "hasWeakRandomFlow" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasWeakRandomFlow" and
exists(DataFlow::Node sink | InsecureRandomnessFlow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
import MakeTest<WeakRandomTest>

4
java/ql/test/query-tests/security/CWE-330/InsecureRandomnessTest.qlref Normal file
View File

@@ -0,0 +1,4 @@
query: Security/CWE/CWE-330/InsecureRandomness.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql