mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Java: Add tests for different versions.
Adds a test for version 6.24, because that version is not vulnerable. The other test is for versions < 6.24, because these versions are vulnerable.
This commit is contained in:
intrigus
@@ -1 +0,0 @@
|
||||
| JxBrowserWithoutCertValidation.java:17:27:17:39 | new Browser(...) | This JxBrowser instance allows man-in-the-middle attacks. |
|
||||
@@ -0,0 +1 @@
|
||||
| JxBrowserWithoutCertValidationV6_23_1.java:17:27:17:39 | new Browser(...) | This JxBrowser instance allows man-in-the-middle attacks. |
|
||||
@@ -3,7 +3,7 @@ import com.teamdev.jxbrowser.chromium.LoadHandler;
|
||||
import com.teamdev.jxbrowser.chromium.LoadParams;
|
||||
import com.teamdev.jxbrowser.chromium.CertificateErrorParams;
|
||||
|
||||
public class JxBrowserWithoutCertValidation {
|
||||
public class JxBrowserWithoutCertValidationV6_23_1 {
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/jxbrowser-6.23.1
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
|
||||
@@ -0,0 +1,36 @@
|
||||
import com.teamdev.jxbrowser.chromium.Browser;
|
||||
import com.teamdev.jxbrowser.chromium.LoadHandler;
|
||||
import com.teamdev.jxbrowser.chromium.LoadParams;
|
||||
import com.teamdev.jxbrowser.chromium.CertificateErrorParams;
|
||||
|
||||
public class JxBrowserWithoutCertValidationV6_24 {
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
goodUsage();
|
||||
|
||||
goodUsage2();
|
||||
|
||||
}
|
||||
|
||||
private static void goodUsage() {
|
||||
Browser browser = new Browser();
|
||||
browser.loadURL("https://example.com");
|
||||
// no further calls
|
||||
// GOOD: On version 6.24 the browser properly validates certificates by default!
|
||||
}
|
||||
|
||||
private static void goodUsage2() {
|
||||
Browser browser = new Browser();
|
||||
browser.setLoadHandler(new LoadHandler() {
|
||||
public boolean onLoad(LoadParams params) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean onCertificateError(CertificateErrorParams params) {
|
||||
return true; // GOOD: This means that loading will be cancelled on certificate errors
|
||||
}
|
||||
}); // GOOD: A secure `LoadHandler` is used.
|
||||
browser.loadURL("https://example.com");
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jxbrowser-6.23.1
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/jxbrowser-6.24
|
||||
@@ -0,0 +1,5 @@
|
||||
package com.teamdev.jxbrowser.chromium;
|
||||
|
||||
public interface BoundsListener {
|
||||
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
package com.teamdev.jxbrowser.chromium;
|
||||
|
||||
public class Browser extends java.lang.Object {
|
||||
public void setLoadHandler(LoadHandler handler) {
|
||||
}
|
||||
|
||||
public void loadURL(String url) {
|
||||
}
|
||||
|
||||
public void addBoundsListener(BoundsListener listener) {
|
||||
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
package com.teamdev.jxbrowser.chromium;
|
||||
|
||||
public final class CertificateErrorParams extends Object {
|
||||
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
package com.teamdev.jxbrowser.chromium;
|
||||
|
||||
public interface LoadHandler {
|
||||
boolean onCertificateError(CertificateErrorParams params);
|
||||
|
||||
boolean onLoad(LoadParams params);
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
package com.teamdev.jxbrowser.chromium;
|
||||
|
||||
public final class LoadParams extends Object {
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user