hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add information disclosure test fix suggestions

Browse Source
This commit is contained in:
Jonathan Leitschuh
2022-01-28 19:24:48 +00:00
committed by Jonathan Leitschuh
parent 0a621c2801
commit 9299c7996d
1 changed files with 176 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java
View File

@@ -3,6 +3,8 @@ import java.util.Arrays;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.charset.StandardCharsets;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
@@ -12,96 +14,253 @@ import java.util.EnumSet;
public class Test {
void vulnerableFileCreateTempFile() throws IOException {
File temp = File.createTempFile("random", "file");
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file");
// TO MAKE SAFE REWRITE TO:
File tempSafe = Files.createTempFile("random", "file").toFile();
}
void vulnerableFileCreateTempFileNull() throws IOException {
File temp = File.createTempFile("random", "file", null);
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file", null);
// TO MAKE SAFE REWRITE TO:
File tempSafe = Files.createTempFile("random", "file").toFile();
}
void vulnerableFileCreateTempFileTainted() throws IOException {
// GIVEN:
File tempDir = new File(System.getProperty("java.io.tmpdir"));
File temp = File.createTempFile("random", "file", tempDir);
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file", tempDir);
// TO MAKE SAFE REWRITE TO (v1):
File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile();
// TO MAKE SAFE REWRITE TO (v2):
File tempSafe2 = Files.createTempFile("random", "file").toFile();
}
void vulnerableFileCreateTempFileChildTainted() throws IOException {
// GIVEN:
File tempDirChild = new File(new File(System.getProperty("java.io.tmpdir")), "/child");
File temp = File.createTempFile("random", "file", tempDirChild);
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file", tempDirChild);
// TO MAKE SAFE REWRITE TO:
File tempSafe = Files.createTempFile(tempDirChild.toPath(), "random", "file").toFile();
}
void vulnerableFileCreateTempFileCanonical() throws IOException {
// GIVEN:
File tempDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile();
File temp = File.createTempFile("random", "file", tempDir);
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file", tempDir);
// TO MAKE SAFE REWRITE TO (v1):
File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile();
// TO MAKE SAFE REWRITE TO (v2):
File tempSafe2 = Files.createTempFile("random", "file").toFile();
}
void vulnerableFileCreateTempFileAbsolute() throws IOException {
// GIVEN:
File tempDir = new File(System.getProperty("java.io.tmpdir")).getAbsoluteFile();
File temp = File.createTempFile("random", "file", tempDir);
// VULNERABLE VERSION:
File tempVuln = File.createTempFile("random", "file", tempDir);
// TO MAKE SAFE REWRITE TO (v1):
File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile();
// TO MAKE SAFE REWRITE TO (v2):
File tempSafe2 = Files.createTempFile("random", "file").toFile();
}
void safeFileCreateTempFileTainted() throws IOException {
/* Creating a temporary directoy in the current user directory is not a vulnerability. */
/*
* Creating a temporary directoy in the current user directory is not a
* vulnerability.
*/
File currentDirectory = new File(System.getProperty("user.dir"));
File temp = File.createTempFile("random", "file", currentDirectory);
}
void vulnerableGuavaFilesCreateTempDir() {
// VULNERABLE VERSION:
File tempDir = com.google.common.io.Files.createTempDir();
// TO MAKE SAFE REWRITE TO:
File tempSafe;
try {
Files.createTempDirectory("random").toFile();
} catch (IOException e) {
throw new RuntimeException("Failed to create temporary directory", e);
}
}
void vulnerableFileCreateTempFileMkdirTainted() {
// GIVEN:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child");
// VULNERABLE VERSION:
tempDirChild.mkdir();
// TO MAKE SAFE REWRITE TO (v1):
File tempSafe1;
try {
tempSafe1 = Files.createTempDirectory(tempDirChild.toPath(), "random").toFile();
} catch (IOException e) {
throw new RuntimeException("Failed to create temporary directory", e);
}
// TO MAKE SAFE REWRITE TO (v2):
File tempSafe2;
try {
tempSafe2 = Files.createTempDirectory("random").toFile();
} catch (IOException e) {
throw new RuntimeException("Failed to create temporary directory", e);
}
}
void vulnerableFileCreateTempFileMkdirsTainted() {
// GIVEN:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child");
// VULNERABLE VERSION:
tempDirChild.mkdirs();
// TO MAKE SAFE REWRITE TO (v1):
File tempSafe1;
try {
tempSafe1 = Files.createTempDirectory(tempDirChild.toPath(), "random").toFile();
} catch (IOException e) {
throw new RuntimeException("Failed to create temporary directory", e);
}
// TO MAKE SAFE REWRITE TO (v2):
File tempSafe2;
try {
tempSafe2 = Files.createTempDirectory("random").toFile();
} catch (IOException e) {
throw new RuntimeException("Failed to create temporary directory", e);
}
}
void vulnerableFileCreateTempFilesWrite1() throws IOException {
// VULNERABLE VERSION:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt");
Files.write(tempDirChild.toPath(), Arrays.asList("secret"), StandardCharsets.UTF_8, StandardOpenOption.CREATE);
// TO MAKE SAFE REWRITE TO (v1):
// Use this version if you care that the file has the exact path of `[java.io.tmpdir]/child.txt`
try {
Path tempSafe = Paths.get(System.getProperty("java.io.tmpdir"), "child.txt");
Files.createFile(tempSafe, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
Files.write(tempSafe, Arrays.asList("secret"));
} catch (IOException e) {
throw new RuntimeException("Failed to write temporary file", e);
}
// TO MAKE SAFE REWRITE TO (v2):
// Use this version if you don't care that the file has an exact path. This will write to a file of the name `[java.io.tmpdir]/random[random string]child.txt`
try {
Path tempSafe = Files.createTempFile("random", "child.txt");
Files.write(tempSafe, Arrays.asList("secret"), StandardCharsets.UTF_8, StandardOpenOption.CREATE);
} catch (IOException e) {
throw new RuntimeException("Failed to write temporary file", e);
}
}
void vulnerableFileCreateTempFilesWrite2() throws IOException {
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt");
// GIVEN:
String secret = "secret";
byte[] byteArrray = secret.getBytes();
// VULNERABLE VERSION:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt");
Files.write(tempDirChild.toPath(), byteArrray, StandardOpenOption.CREATE);
// TO MAKE SAFE REWRITE TO (v1):
// Use this version if you care that the file has the exact path of `[java.io.tmpdir]/child.txt`
Path tempSafe1 = Paths.get(System.getProperty("java.io.tmpdir"), "child.txt");
Files.createFile(tempSafe1, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
Files.write(tempSafe1, byteArrray);
// TO MAKE SAFE REWRITE TO (v2):
// Use this version if you don't care that the file has an exact path. This will write to a file of the name `[java.io.tmpdir]/random[random string]child.txt`
Path tempSafe2 = Files.createTempFile("random", "child.txt");
Files.write(tempSafe2, byteArrray);
}
void vulnerableFileCreateTempFilesNewBufferedWriter() throws IOException {
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-buffered-writer.txt");
Files.newBufferedWriter(tempDirChild.toPath());
// GIVEN:
Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-buffered-writer.txt").toPath();
// VULNERABLE VERSION:
Files.newBufferedWriter(tempDirChild);
// TO MAKE SAFE REWRITE TO:
Files.createFile(tempDirChild, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
Files.newBufferedWriter(tempDirChild);
}
void vulnerableFileCreateTempFilesNewOutputStream() throws IOException {
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-output-stream.txt");
Files.newOutputStream(tempDirChild.toPath()).close();
// GIVEN:
Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-output-stream.txt").toPath();
// VULNERABLE VERSION:
Files.newOutputStream(tempDirChild).close();
// TO MAKE SAFE REWRITE TO:
Files.createFile(tempDirChild, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
Files.newOutputStream(tempDirChild).close();
}
void vulnerableFileCreateTempFilesCreateFile() throws IOException {
// GIVEN:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
// VULNERABLE VERSION:
Files.createFile(tempDirChild.toPath());
// TO MAKE SAFE REWRITE TO:
Files.createFile(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
}
void safeFileCreateTempFilesCreateFile() throws IOException {
// Clear permissions intentions by setting the 'OWNER_READ' and 'OWNER_WRITE' permissions.
// Clear permissions intentions by setting the 'OWNER_READ' and 'OWNER_WRITE'
// permissions.
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
Files.createFile(
tempDirChild.toPath(),
PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))
);
tempDirChild.toPath(),
PosixFilePermissions
.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
}
void vulnerableFileCreateDirectory() throws IOException {
// GIVEN:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory");
// VULNERABLE VERSION:
Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x'
// TO MAKE SAFE REWRITE TO:
Files.createDirectory(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
}
void vulnerableFileCreateDirectories() throws IOException {
// GIVEN:
File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directories/child");
// VULNERABLE VERSION:
Files.createDirectories(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x'
// TO MAKE SAFE REWRITE TO:
Files.createDirectories(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE)));
}
}