mirror of
https://github.com/github/codeql.git
synced 2026-04-23 07:45:17 +02:00
Java: merge application mode tests into one
This commit is contained in:
Stephan Brandauer
@@ -1,2 +0,0 @@
|
||||
| Test.java:8:15:8:18 | size | known non-sink\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:7:10:8:19 | allocate(...) | CallContext | file://java.nio:1:1:1:1 | java.nio | package | file://ByteBuffer:1:1:1:1 | ByteBuffer | type | file://false:1:1:1:1 | false | subtypes | file://allocate:1:1:1:1 | allocate | name | file://(int):1:1:1:1 | (int) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
| Test.java:8:15:8:18 | size | known sanitizer\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:7:10:8:19 | allocate(...) | CallContext | file://java.nio:1:1:1:1 | java.nio | package | file://ByteBuffer:1:1:1:1 | ByteBuffer | type | file://false:1:1:1:1 | false | subtypes | file://allocate:1:1:1:1 | allocate | name | file://(int):1:1:1:1 | (int) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
@@ -1,10 +0,0 @@
|
||||
package com.github.codeql.test;
|
||||
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
class AutomodelApplicationModeExtractNegativeExamples {
|
||||
public static ByteBuffer getBuffer(int size) {
|
||||
return ByteBuffer // negative example, modeled as a neutral model
|
||||
.allocate(size); // negative example, modeled as a neutral model
|
||||
}
|
||||
}
|
||||
@@ -1,2 +0,0 @@
|
||||
| Test.java:17:4:17:9 | source | path-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:16:3:20:3 | copy(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
| Test.java:18:4:18:9 | target | path-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:16:3:20:3 | copy(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[1]:1:1:1:1 | Argument[1] | input |
|
||||
@@ -1,22 +0,0 @@
|
||||
package com.github.codeql.test;
|
||||
|
||||
import java.nio.file.CopyOption;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
class AutomodelApplicationModeExtractPositiveExamples {
|
||||
public static void callSupplier(Supplier<String> supplier) {
|
||||
supplier.get(); // not an example
|
||||
}
|
||||
|
||||
public static void copyFiles(Path source, Path target, CopyOption option) throws Exception {
|
||||
Files.copy(
|
||||
source, // positive example
|
||||
target, // positive example
|
||||
option // no example
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -1,2 +1,2 @@
|
||||
| Test.java:14:3:14:11 | reference | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:14:3:14:24 | set(...) | CallContext | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input |
|
||||
| Test.java:20:3:20:10 | supplier | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:20:3:20:16 | get(...) | CallContext | file://java.util.function:1:1:1:1 | java.util.function | package | file://Supplier:1:1:1:1 | Supplier | type | file://true:1:1:1:1 | true | subtypes | file://get:1:1:1:1 | get | name | file://():1:1:1:1 | () | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input |
|
||||
| Test.java:16:3:16:11 | reference | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:16:3:16:24 | set(...) | CallContext | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input |
|
||||
| Test.java:21:3:21:10 | supplier | command-injection, path-injection, request-forgery, sql-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:21:3:21:16 | get(...) | CallContext | file://java.util.function:1:1:1:1 | java.util.function | package | file://Supplier:1:1:1:1 | Supplier | type | file://true:1:1:1:1 | true | subtypes | file://get:1:1:1:1 | get | name | file://():1:1:1:1 | () | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input |
|
||||
@@ -0,0 +1,3 @@
|
||||
| Test.java:40:14:40:21 | openPath | taint step\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:40:4:40:22 | get(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Paths:1:1:1:1 | Paths | type | file://false:1:1:1:1 | false | subtypes | file://get:1:1:1:1 | get | name | file://(String,String[]):1:1:1:1 | (String,String[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
| Test.java:46:15:46:18 | size | known non-sink\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:45:10:46:19 | allocate(...) | CallContext | file://java.nio:1:1:1:1 | java.nio | package | file://ByteBuffer:1:1:1:1 | ByteBuffer | type | file://false:1:1:1:1 | false | subtypes | file://allocate:1:1:1:1 | allocate | name | file://(int):1:1:1:1 | (int) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
| Test.java:46:15:46:18 | size | known sanitizer\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:45:10:46:19 | allocate(...) | CallContext | file://java.nio:1:1:1:1 | java.nio | package | file://ByteBuffer:1:1:1:1 | ByteBuffer | type | file://false:1:1:1:1 | false | subtypes | file://allocate:1:1:1:1 | allocate | name | file://(int):1:1:1:1 | (int) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
@@ -0,0 +1,3 @@
|
||||
| Test.java:26:4:26:9 | source | path-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:25:3:29:3 | copy(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
| Test.java:27:4:27:9 | target | path-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:25:3:29:3 | copy(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://Argument[1]:1:1:1:1 | Argument[1] | input |
|
||||
| Test.java:34:4:34:11 | openPath | path-injection\nrelated locations: $@.\nmetadata: $@, $@, $@, $@, $@, $@. | Test.java:33:10:35:3 | newInputStream(...) | CallContext | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://newInputStream:1:1:1:1 | newInputStream | name | file://(Path,OpenOption[]):1:1:1:1 | (Path,OpenOption[]) | signature | file://Argument[0]:1:1:1:1 | Argument[0] | input |
|
||||
@@ -7,8 +7,10 @@ import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.function.Supplier;
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
class AutomodelApplicationModeExtractCandidates {
|
||||
|
||||
class Test {
|
||||
public static void main(String[] args) throws Exception {
|
||||
AtomicReference<String> reference = new AtomicReference<>(); // uninteresting (parameterless constructor)
|
||||
reference.set(args[0]); // arg[0] is not a candidate (modeled as value flow step)
|
||||
@@ -21,21 +23,27 @@ class AutomodelApplicationModeExtractCandidates {
|
||||
|
||||
public static void copyFiles(Path source, Path target, CopyOption option) throws Exception {
|
||||
Files.copy(
|
||||
source, // no candidate (modeled)
|
||||
target, // no candidate (modeled)
|
||||
source, // positive example (known sink)
|
||||
target, // positive example (known sink)
|
||||
option // no candidate (not modeled, but source and target are modeled)
|
||||
);
|
||||
}
|
||||
|
||||
public static InputStream getInputStream(Path openPath) throws Exception {
|
||||
return Files.newInputStream(
|
||||
openPath // no candidate (known sink)
|
||||
openPath // positive example (known sink)
|
||||
);
|
||||
}
|
||||
|
||||
public static InputStream getInputStream(String openPath) throws Exception {
|
||||
return AutomodelApplicationModeExtractCandidates.getInputStream(
|
||||
return Test.getInputStream(
|
||||
Paths.get(openPath) // no candidate (argument to local call)
|
||||
);
|
||||
}
|
||||
|
||||
public static ByteBuffer getBuffer(int size) {
|
||||
return ByteBuffer // negative example, modeled as a neutral model
|
||||
.allocate(size); // negative example, modeled as a neutral model
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user