Fix taintsources test

2026-04-22 07:15:15 +02:00 · 2024-06-14 15:47:15 +01:00
parent 91db2b6c9c
commit 878867205e
4 changed files with 52 additions and 7 deletions
--- a/java/ql/test/library-tests/dataflow/taintsources/A.java
+++ b/java/ql/test/library-tests/dataflow/taintsources/A.java
@@ -43,7 +43,7 @@ public class A {
    };
    sink(new URL("test").openConnection().getInputStream()); // $hasRemoteValueFlow
    sink(new Socket("test", 1234).getInputStream()); // $hasRemoteValueFlow
-    sink(InetAddress.getByName("test").getHostName()); // $hasRemoteValueFlow
+    sink(InetAddress.getByName("test").getHostName()); // $hasReverseDnsValueFlow

    sink(System.in); // $hasLocalValueFlow
    sink(new FileInputStream("test")); // $hasLocalValueFlow
--- a/java/ql/test/library-tests/dataflow/taintsources/local.ql
+++ b/java/ql/test/library-tests/dataflow/taintsources/local.ql
@@ -2,16 +2,12 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import TestUtilities.InlineExpectationsTest

-class LocalSource extends DataFlow::Node instanceof UserInput {
-  LocalSource() { not this instanceof RemoteFlowSource }
-}
-
 predicate isTestSink(DataFlow::Node n) {
  exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
 }

 module LocalValueConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof LocalSource }
+  predicate isSource(DataFlow::Node n) { n instanceof LocalUserInput }

  predicate isSink(DataFlow::Node n) { isTestSink(n) }
 }
@@ -19,7 +15,7 @@ module LocalValueConfig implements DataFlow::ConfigSig {
 module LocalValueFlow = DataFlow::Global<LocalValueConfig>;

 module LocalTaintConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n instanceof LocalSource }
+  predicate isSource(DataFlow::Node n) { n instanceof LocalUserInput }

  predicate isSink(DataFlow::Node n) { isTestSink(n) }
 }
--- a/java/ql/test/library-tests/dataflow/taintsources/reversedns.expected
+++ b/java/ql/test/library-tests/dataflow/taintsources/reversedns.expected
@@ -0,0 +1,2 @@
+failures
+testFailures
--- a/java/ql/test/library-tests/dataflow/taintsources/reversedns.ql
+++ b/java/ql/test/library-tests/dataflow/taintsources/reversedns.ql
@@ -0,0 +1,47 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+import TestUtilities.InlineExpectationsTest
+
+predicate isTestSink(DataFlow::Node n) {
+  exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
+}
+
+module ReverseDnsValueConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n instanceof ReverseDnsUserInput }
+
+  predicate isSink(DataFlow::Node n) { isTestSink(n) }
+}
+
+module ReverseDnsValueFlow = DataFlow::Global<ReverseDnsValueConfig>;
+
+module ReverseDnsTaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n instanceof ReverseDnsUserInput }
+
+  predicate isSink(DataFlow::Node n) { isTestSink(n) }
+}
+
+module ReverseDnsTaintFlow = TaintTracking::Global<ReverseDnsTaintConfig>;
+
+module ReverseDnsFlowTest implements TestSig {
+  string getARelevantTag() { result = ["hasReverseDnsValueFlow", "hasReverseDnsTaintFlow"] }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasReverseDnsValueFlow" and
+    exists(DataFlow::Node sink | ReverseDnsValueFlow::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+    or
+    tag = "hasReverseDnsTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink |
+      ReverseDnsTaintFlow::flow(src, sink) and not ReverseDnsValueFlow::flow(src, sink)
+    |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<ReverseDnsFlowTest>