hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Simple Test

Browse Source
This commit is contained in:
Kevin Stubbings
2024-09-25 17:27:41 +00:00
parent d99f552cb3
commit a8efb92b9b
6 changed files with 73 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
java/ql/test/library-tests/dataflow/taintsources/App.java
View File

@@ -1,21 +0,0 @@
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
/**
* Hello world!
*/
public class App {
public class FileUploadServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException {
Part filePart = request.getPart("file"); // Retrieves <input type="file" name="file">
sink(filePart.getName());
}
}
}

22
java/ql/test/library-tests/dataflow/taintsources/FileUpload/App.java Normal file
View File

@@ -0,0 +1,22 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
public class App {
private HttpServletRequest request;
private HttpServletResponse response;
private Part filePart;
private static void sink(Object o) {}
public void test() throws Exception {
sink(filePart.getContentType()); // $hasRemoteValueFlow
sink(filePart.getHeader("test")); // $hasRemoteValueFlow
sink(filePart.getInputStream()); // $hasRemoteValueFlow
sink(filePart.getHeaders("test")); // $hasRemoteValueFlow
//sink(filePart.getHeaderNames()); // $hasRemoteValueFlow
sink(filePart.getSubmittedFileName()); // $hasRemoteValueFlow
sink(filePart.getName()); // $hasRemoteValueFlow
}
}

1
java/ql/test/library-tests/dataflow/taintsources/FileUpload/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/test

2
java/ql/test/library-tests/dataflow/taintsources/FileUpload/remote.expected Normal file
View File

@@ -0,0 +1,2 @@
failures
testFailures

47
java/ql/test/library-tests/dataflow/taintsources/FileUpload/remote.ql Normal file
View File

@@ -0,0 +1,47 @@
import java
import semmle.code.java.dataflow.FlowSources
import TestUtilities.InlineExpectationsTest
predicate isTestSink(DataFlow::Node n) {
exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
}
module RemoteValueConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
predicate isSink(DataFlow::Node n) { isTestSink(n) }
}
module RemoteValueFlow = DataFlow::Global<RemoteValueConfig>;
module RemoteTaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
predicate isSink(DataFlow::Node n) { isTestSink(n) }
}
module RemoteTaintFlow = TaintTracking::Global<RemoteTaintConfig>;
module RemoteFlowTest implements TestSig {
string getARelevantTag() { result = ["hasRemoteValueFlow", "hasRemoteTaintFlow"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasRemoteValueFlow" and
exists(DataFlow::Node sink | RemoteValueFlow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
or
tag = "hasRemoteTaintFlow" and
exists(DataFlow::Node src, DataFlow::Node sink |
RemoteTaintFlow::flow(src, sink) and not RemoteValueFlow::flow(src, sink)
|
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
import MakeTest<RemoteFlowTest>

2
java/ql/test/library-tests/dataflow/taintsources/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/test
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263