hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Convert to inline expectations test

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-03-01 21:22:26 +00:00
parent f30ebf1571
commit aed51644ba
2 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/test/query-tests/security/CWE-367/semmle/tests/TOCTOURace.qlref
View File

@@ -1 +1,2 @@
Security/CWE/CWE-367/TOCTOURace.ql
query: Security/CWE/CWE-367/TOCTOURace.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

38
java/ql/test/query-tests/security/CWE-367/semmle/tests/Test.java
View File

@@ -4,27 +4,27 @@ package test.cwe367.semmle.tests;
class Test {
public final Object lock = new Object();
public volatile boolean aField = true;
public synchronized void bad1(Resource r) {
// probably used concurrently due to synchronization
if (r.getState()) {
r.act();
r.act(); // $ Alert
}
}
public synchronized void bad2(Resource2 r) {
// probably used concurrently due to synchronization
if (r.getState()) {
r.act();
r.act(); // $ Alert
}
}
public void bad3(Resource r) {
// probably used concurrently due to use of volatile field
if (r.getState() && aField) {
r.act();
r.act(); // $ Alert
}
}
@@ -32,11 +32,11 @@ class Test {
// probably used concurrently due to synchronization
synchronized(this) {
if (r.getState() && aField) {
r.act();
r.act(); // $ Alert
}
}
}
public void good1(Resource r) {
// synchronizes on the same monitor as the called methods
synchronized(r) {
@@ -45,15 +45,15 @@ class Test {
}
}
}
public Resource rField = new Resource();
public void someOtherMethod() {
synchronized(lock) {
rField.act();
}
}
public void good2() {
// r is always guarded with the same lock, so okay
synchronized(lock) {
@@ -77,43 +77,43 @@ class Test {
r.act();
}
}
class Resource {
boolean state;
public synchronized void setState(boolean newState) {
this.state = newState;
}
public synchronized boolean getState() {
return state;
}
public synchronized void act() {
if (state)
sideEffect();
else
sideEffect();
}
public void sideEffect() { }
}
class Resource2 {
boolean state;
public void setState(boolean newState) {
synchronized(this) {
this.state = newState;
}
}
public boolean getState() {
synchronized(this) {
return state;
}
}
public void act() {
synchronized(this) {
if (state)
@@ -122,7 +122,7 @@ class Test {
sideEffect();
}
}
public void sideEffect() { }
}
}