[TEST] Java: TrustBoundaryViolations: convert test to qlref

2026-04-26 09:15:12 +02:00 · 2025-07-15 11:12:01 +02:00
parent 49e03b4dfd
commit 94386f0550
4 changed files with 17 additions and 6 deletions
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.expected
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.expected
@@ -0,0 +1,11 @@
+#select
+| TrustBoundaryViolations.java:14:52:14:56 | input | TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | TrustBoundaryViolations.java:14:52:14:56 | input | This servlet reads data from a $@ and writes it to a session variable. | TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | remote source |
+edges
+| TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | TrustBoundaryViolations.java:14:52:14:56 | input | provenance | Src:MaD:2 Sink:MaD:1 |
+models
+| 1 | Sink: javax.servlet.http; HttpSession; true; setAttribute; ; ; Argument[0..1]; trust-boundary-violation; manual |
+| 2 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
+nodes
+| TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
+| TrustBoundaryViolations.java:14:52:14:56 | input | semmle.label | input |
+subpaths
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java
@@ -8,10 +8,10 @@ public class TrustBoundaryViolations extends HttpServlet {
    Validator validator;

    public void doGet(HttpServletRequest request, HttpServletResponse response) {
-        String input = request.getParameter("input");
+        String input = request.getParameter("input"); // $ Source

        // BAD: The input is written to the session without being sanitized.
-        request.getSession().setAttribute("input", input); // $ hasTaintFlow
+        request.getSession().setAttribute("input", input); // $ Alert

        String input2 = request.getParameter("input2");

--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.ql
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.ql
@@ -1,4 +0,0 @@
-import java
-import semmle.code.java.security.TrustBoundaryViolationQuery
-import utils.test.InlineFlowTest
-import TaintFlowTest<TrustBoundaryConfig>
--- a/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.qlref
+++ b/java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-501/TrustBoundaryViolation.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql