hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.

Browse Source
This commit is contained in:
Michael Nebel
2024-04-30 14:40:24 +02:00
parent 85a4dd0325
commit acd0fa4b7b
7 changed files with 26 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected
View File

@@ -1,12 +1,28 @@
edges
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | Src:MaD:43040 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42905 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42908 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | Src:MaD:43040 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | Src:MaD:43040 |
| Test.java:33:30:33:74 | getParameter(...) : String | Test.java:34:20:34:32 | userParameter : String | provenance | Src:MaD:44662 |
| Test.java:34:20:34:32 | userParameter : String | Test.java:37:31:37:43 | format : String | provenance | |
| Test.java:37:31:37:43 | format : String | Test.java:39:25:39:30 | format | provenance | Sink:MaD:42905 |
nodes
| Test.java:17:27:17:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:19:19:19:30 | userProperty | semmle.label | userProperty |
| Test.java:21:23:21:34 | userProperty | semmle.label | userProperty |
| Test.java:23:23:23:34 | userProperty | semmle.label | userProperty |
| Test.java:25:28:25:39 | userProperty | semmle.label | userProperty |
| Test.java:27:44:27:55 | userProperty | semmle.label | userProperty |
| Test.java:33:30:33:74 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| Test.java:34:20:34:32 | userParameter : String | semmle.label | userParameter : String |
| Test.java:37:31:37:43 | format : String | semmle.label | format : String |
| Test.java:39:25:39:30 | format | semmle.label | format |
subpaths
#select
| Test.java:19:19:19:30 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:21:23:21:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:23:23:23:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:25:28:25:39 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:27:44:27:55 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:39:25:39:30 | format | Test.java:33:30:33:74 | getParameter(...) : String | Test.java:39:25:39:30 | format | Format string depends on a $@. | Test.java:33:30:33:74 | getParameter(...) | user-provided value |

6
java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["local", true, 0]

20
java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.expected
View File

@@ -1,20 +0,0 @@
edges
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | Src:MaD:43040 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42905 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | Src:MaD:43040 Sink:MaD:42908 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | Src:MaD:43040 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | Src:MaD:43040 |
nodes
| Test.java:17:27:17:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:19:19:19:30 | userProperty | semmle.label | userProperty |
| Test.java:21:23:21:34 | userProperty | semmle.label | userProperty |
| Test.java:23:23:23:34 | userProperty | semmle.label | userProperty |
| Test.java:25:28:25:39 | userProperty | semmle.label | userProperty |
| Test.java:27:44:27:55 | userProperty | semmle.label | userProperty |
subpaths
#select
| Test.java:19:19:19:30 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:21:23:21:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:23:23:23:34 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:25:28:25:39 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |
| Test.java:27:44:27:55 | userProperty | Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | Format string depends on a $@. | Test.java:17:27:17:60 | getProperty(...) | user-provided value |

1
java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatStringLocal.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql