hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into 'rc/3.14'

Browse Source
This commit is contained in:
Arthur Baars
2024-06-28 19:50:35 +02:00
parent 306e481c5d a85f73972c
commit b12b33c8f9
772 changed files with 16846 additions and 17035 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/diagnostics.expected
View File

@@ -1,6 +1,6 @@
{
"markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/gradle-timed-out",
@@ -14,7 +14,7 @@
}
{
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
@@ -84,7 +84,7 @@
}
{
"markdownMessage": "Running the Gradle plugin `org.gradle:github-dependency-graph-gradle-plugin` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/github-dependency-graph-gradle-plugin-failed",

6
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/diagnostics.expected
View File

@@ -1,6 +1,6 @@
{
"markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/maven-timed-out",
@@ -14,7 +14,7 @@
}
{
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
@@ -84,7 +84,7 @@
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-maven-plugin-failed",

6
java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
View File

@@ -1,6 +1,6 @@
{
"markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/buildless/suggested-classpath-fetches-failed",
@@ -14,7 +14,7 @@
}
{
"markdownMessage": "Buildless extraction tried and failed to fetch a jar (`https://repo1.maven.org/maven2, junit:junit:jar:9.9.9`). If a temporary network outage is likely, consider retrying the scan.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/buildless/jar-fetch-failed",
@@ -98,7 +98,7 @@
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
"severity": "warning",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-maven-plugin-transfer-exception",

5
java/ql/lib/change-notes/2024-06-13-kotlin-qltest-support.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: fix
---
* Support for `codeql test run` for Kotlin sources has been fixed.

4
java/ql/lib/change-notes/2024-06-14-exclude-loopback-from-reverse-dns.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Excluded reverse DNS from the loopback address as a source of untrusted data.

7
java/ql/lib/change-notes/2024-06-17-ffbl-implicit-this.md Normal file
View File

@@ -0,0 +1,7 @@
---
category: minorAnalysis
---
* A bug has been fixed in the heuristic identification of uncertain control
flow, which is used to filter data flow in order to improve performance and
reduce false positives. This fix means that slightly more code is identified
and hence pruned from data flow.

11
java/ql/lib/change-notes/2024-06-28-resource-models.md Normal file
View File

@@ -0,0 +1,11 @@
---
category: minorAnalysis
---
* Added models for the following packages:
* io.undertow.server.handlers.resource
* jakarta.faces.context
* javax.faces.context
* javax.servlet
* org.jboss.vfs
* org.springframework.core.io

14
java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml Normal file
View File

@@ -0,0 +1,14 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["io.undertow.server.handlers.resource", "PathResourceManager", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["io.undertow.server.handlers.resource", "Resource", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["io.undertow.server.handlers.resource", "Resource", True, "getFilePath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["io.undertow.server.handlers.resource", "Resource", True, "getPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]

2
java/ql/lib/ext/jakarta.faces.context.model.yml
View File

@@ -14,5 +14,7 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["jakarta.faces.context", "ExternalContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["jakarta.faces.context", "ExternalContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["jakarta.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "html-injection", "manual"]
- ["jakarta.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "html-injection", "manual"]

2
java/ql/lib/ext/javax.faces.context.model.yml
View File

@@ -14,5 +14,7 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.faces.context", "ExternalContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["javax.faces.context", "ExternalContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["javax.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "html-injection", "manual"]
- ["javax.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "html-injection", "manual"]

1
java/ql/lib/ext/javax.servlet.model.yml
View File

@@ -13,6 +13,7 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.servlet", "ServletContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["javax.servlet", "ServletContext", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"]
- ["javax.servlet", "ServletRequest", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"]

6
java/ql/lib/ext/org.apache.commons.io.model.yml
View File

@@ -29,4 +29,10 @@ extensions:
- ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", True, "delete", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "deleteDirectory", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "deleteQuietly", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceDelete", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceDeleteOnExit", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceMkdirParent", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "IOUtils", False, "resourceToString", "(String,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]

6
java/ql/lib/ext/org.jboss.vfs.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.jboss.vfs", "VirtualFile", True, "getChild", "", "", "Argument[0]", "path-injection", "manual"]

9
java/ql/lib/ext/org.springframework.core.io.model.yml
View File

@@ -6,3 +6,12 @@ extensions:
- ["org.springframework.core.io", "Resource", True, "createRelative", "(String)", "", "Argument[0]", "path-injection", "manual"]
- ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["org.springframework.core.io", "ClassPathResource", False, "ClassPathResource", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["org.springframework.core.io", "ClassPathResource", True, "getFilename", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["org.springframework.core.io", "ClassPathResource", True, "getPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["org.springframework.core.io", "ClassPathResource", True, "getURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["org.springframework.core.io", "ClassPathResource", True, "resolveURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]

30
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -641,3 +641,33 @@ private class NeutralCallableAdapter extends NeutralCallable {
override predicate hasExactModel() { exact = true }
}
/**
* A callable where there exists a MaD sink model that applies to it.
*/
private class SinkModelCallableAdapter extends SinkModelCallable {
private Provenance provenance;
SinkModelCallableAdapter() {
SourceSinkInterpretationInput::sinkElement(this, _, _, provenance, _)
}
override predicate hasProvenance(Provenance p) { provenance = p }
}
final class SinkCallable = SinkModelCallable;
/**
* A callable where there exists a MaD source model that applies to it.
*/
private class SourceModelCallableAdapter extends SourceModelCallable {
private Provenance provenance;
SourceModelCallableAdapter() {
SourceSinkInterpretationInput::sourceElement(this, _, _, provenance, _)
}
override predicate hasProvenance(Provenance p) { provenance = p }
}
final class SourceCallable = SourceModelCallable;

2
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -126,7 +126,7 @@ private class ReverseDnsSource extends RemoteFlowSource {
m.getMethod() instanceof ReverseDnsMethod and
not exists(MethodCall l |
(variableStep(l, m.getQualifier()) or l = m.getQualifier()) and
l.getMethod().getName() = "getLocalHost"
(l.getMethod().getName() = "getLocalHost" or l.getMethod().getName() = "getLoopbackAddress")
)
)
}

21
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
View File

@@ -8,6 +8,7 @@ private import ContainerFlow
private import semmle.code.java.dataflow.FlowSteps
private import semmle.code.java.dataflow.FlowSummary
private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.InstanceAccess
private import FlowSummaryImpl as FlowSummaryImpl
private import DataFlowNodes
private import codeql.dataflow.VariableCapture as VariableCapture
@@ -370,18 +371,12 @@ string ppReprType(DataFlowType t) {
else result = t.toString()
}
pragma[nomagic]
private predicate compatibleTypes0(DataFlowType t1, DataFlowType t2) {
erasedHaveIntersection(t1, t2)
}
/**
* Holds if `t1` and `t2` are compatible, that is, whether data can flow from
* a node of type `t1` to a node of type `t2`.
*/
bindingset[t1, t2]
pragma[inline_late]
predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { compatibleTypes0(t1, t2) }
pragma[nomagic]
predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { erasedHaveIntersection(t1, t2) }
/** A node that performs a type cast. */
class CastNode extends ExprNode {
@@ -710,8 +705,14 @@ class DataFlowSecondLevelScope extends TDataFlowSecondLevelScope {
}
private Expr getRelatedExpr(Node n) {
n.asExpr() = result or
n.(PostUpdateNode).getPreUpdateNode().asExpr() = result
n.asExpr() = result
or
exists(InstanceAccessExt iae | iae = n.(ImplicitInstanceAccess).getInstanceAccess() |
iae.isImplicitFieldQualifier(result) or
iae.isImplicitMethodQualifier(result)
)
or
getRelatedExpr(n.(PostUpdateNode).getPreUpdateNode()) = result
}
/** Gets the second-level scope containing the node `n`, if any. */

2
java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
View File

@@ -15,6 +15,8 @@ private class ShortStringLiteral extends StringLiteral {
class BrokenAlgoLiteral extends ShortStringLiteral {
BrokenAlgoLiteral() {
this.getValue().regexpMatch(getInsecureAlgorithmRegex()) and
// Exclude RSA/ECB/.* ciphers.
not this.getValue().regexpMatch("RSA/ECB.*") and
// Exclude German and French sentences.
not this.getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
}

2
java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
View File

@@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi
* A configuration for tracking flow from user input to a permissions check.
*/
module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof UserInput }
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(PermissionsConstruction p).getInput()

1
java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
View File

@@ -6,6 +6,7 @@
* or comments.
* @kind metric
* @tags summary
* debug
*/
import java

1
java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
View File

@@ -6,6 +6,7 @@
* or comments.
* @kind metric
* @tags summary
* debug
*/
import java

4
java/ql/src/change-notes/2024-05-13-rsa-ecb-secure.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The query `java/weak-cryptographic-algorithm` no longer alerts about `RSA/ECB` algorithm strings.

4
java/ql/src/change-notes/2024-06-10-path-injection-fileutils-sinks.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more `org.apache.commons.io.FileUtils`-related sinks to the path injection query.

4
java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.

6
java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll
View File

@@ -1,6 +1,6 @@
private import java
private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.internal.DataFlowPrivate
private import semmle.code.java.dataflow.internal.FlowSummaryImpl
private import semmle.code.java.dataflow.internal.ModelExclusions
private import ModelEditor
@@ -8,7 +8,7 @@ private import ModelEditor
* A class of effectively public callables from source code.
*/
class PublicEndpointFromSource extends Endpoint, ModelApi {
override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _, _) }
override predicate isSource() { this instanceof SourceCallable }
override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _, _) }
override predicate isSink() { this instanceof SinkCallable }
}

2
java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
View File

@@ -9,6 +9,6 @@
import internal.CaptureModels
import internal.CaptureSummaryFlowQuery
from DataFlowTargetApi api, string noflow
from DataFlowSummaryTargetApi api, string noflow
where noflow = captureNoFlow(api)
select noflow order by noflow

2
java/ql/src/utils/modelgenerator/CaptureSinkModels.ql
View File

@@ -8,6 +8,6 @@
import internal.CaptureModels
from DataFlowTargetApi api, string sink
from DataFlowSinkTargetApi api, string sink
where sink = captureSink(api)
select sink order by sink

2
java/ql/src/utils/modelgenerator/CaptureSourceModels.ql
View File

@@ -8,6 +8,6 @@
import internal.CaptureModels
from DataFlowTargetApi api, string source
from DataFlowSourceTargetApi api, string source
where source = captureSource(api)
select source order by source

2
java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
View File

@@ -9,6 +9,6 @@
import internal.CaptureModels
import internal.CaptureSummaryFlowQuery
from DataFlowTargetApi api, string flow
from DataFlowSummaryTargetApi api, string flow
where flow = captureFlow(api)
select flow order by flow

106
java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -29,17 +29,28 @@ private class ReturnNodeExt extends DataFlow::Node {
}
}
class DataFlowTargetApi extends TargetApiSpecific {
DataFlowTargetApi() { not isUninterestingForDataFlowModels(this) }
class DataFlowSummaryTargetApi extends SummaryTargetApi {
DataFlowSummaryTargetApi() { not isUninterestingForDataFlowModels(this) }
}
private module Printing implements PrintingSig {
class Api = DataFlowTargetApi;
class DataFlowSourceTargetApi = SourceTargetApi;
class DataFlowSinkTargetApi = SinkTargetApi;
private module ModelPrintingInput implements ModelPrintingSig {
class Api = TargetApiBase;
string getProvenance() { result = "df-generated" }
}
module ModelPrinting = PrintingImpl<Printing>;
module Printing = ModelPrinting<ModelPrintingInput>;
/**
* Holds if `c` is a relevant content kind, where the underlying type is relevant.
*/
private predicate isRelevantTypeInContent(DataFlow::Content c) {
isRelevantType(getUnderlyingContentType(c))
}
/**
* Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`.
@@ -47,12 +58,8 @@ module ModelPrinting = PrintingImpl<Printing>;
private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(DataFlow::Content f |
DataFlowPrivate::readStep(node1, f, node2) and
if f instanceof DataFlow::FieldContent
then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
else
if f instanceof DataFlow::SyntheticFieldContent
then isRelevantType(f.(DataFlow::SyntheticFieldContent).getField().getType())
else any()
// Partially restrict the content types used for intermediate steps.
(not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f))
)
or
exists(DataFlow::Content f | DataFlowPrivate::storeStep(node1, f, node2) |
@@ -61,12 +68,11 @@ private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2
}
/**
* Holds if content `c` is either a field or synthetic field of a relevant type
* or a container like content.
* Holds if content `c` is either a field, a synthetic field or language specific
* content of a relevant type or a container like content.
*/
private predicate isRelevantContent(DataFlow::Content c) {
isRelevantType(c.(DataFlow::FieldContent).getField().getType()) or
isRelevantType(c.(DataFlow::SyntheticFieldContent).getField().getType()) or
isRelevantTypeInContent(c) or
DataFlowPrivate::containerContent(c)
}
@@ -87,12 +93,12 @@ string asInputArgument(DataFlow::Node source) { result = asInputArgumentSpecific
/**
* Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`).
*/
string captureQualifierFlow(TargetApiSpecific api) {
string captureQualifierFlow(DataFlowSummaryTargetApi api) {
exists(ReturnNodeExt ret |
api = returnNodeEnclosingCallable(ret) and
isOwnInstanceAccessNode(ret)
) and
result = ModelPrinting::asValueModel(api, qualifierString(), "ReturnValue")
result = Printing::asValueModel(api, qualifierString(), "ReturnValue")
}
private int accessPathLimit0() { result = 2 }
@@ -143,12 +149,12 @@ private class TaintStore extends TaintState, TTaintStore {
*
* This can be used to generate Flow summaries for APIs from parameter to return.
*/
module ThroughFlowConfig implements DataFlow::StateConfigSig {
module PropagateFlowConfig implements DataFlow::StateConfigSig {
class FlowState = TaintState;
predicate isSource(DataFlow::Node source, FlowState state) {
source instanceof DataFlow::ParameterNode and
source.getEnclosingCallable() instanceof DataFlowTargetApi and
source.getEnclosingCallable() instanceof DataFlowSummaryTargetApi and
state.(TaintRead).getStep() = 0
}
@@ -188,19 +194,19 @@ module ThroughFlowConfig implements DataFlow::StateConfigSig {
}
}
private module ThroughFlow = TaintTracking::GlobalWithState<ThroughFlowConfig>;
private module PropagateFlow = TaintTracking::GlobalWithState<PropagateFlowConfig>;
/**
* Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter.
*/
string captureThroughFlow(DataFlowTargetApi api) {
string captureThroughFlow(DataFlowSummaryTargetApi api) {
exists(DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, string input, string output |
ThroughFlow::flow(p, returnNodeExt) and
PropagateFlow::flow(p, returnNodeExt) and
returnNodeExt.(DataFlow::Node).getEnclosingCallable() = api and
input = parameterNodeAsInput(p) and
output = returnNodeExt.getOutput() and
input != output and
result = ModelPrinting::asTaintModel(api, input, output)
result = Printing::asTaintModel(api, input, output)
)
}
@@ -211,35 +217,42 @@ string captureThroughFlow(DataFlowTargetApi api) {
* This can be used to generate Source summaries for an API, if the API expose an already known source
* via its return (then the API itself becomes a source).
*/
module FromSourceConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }
predicate isSink(DataFlow::Node sink) {
exists(DataFlowTargetApi c |
sink instanceof ReturnNodeExt and
sink.getEnclosingCallable() = c
module PropagateFromSourceConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(string kind |
isRelevantSourceKind(kind) and
ExternalFlow::sourceNode(source, kind)
)
}
predicate isSink(DataFlow::Node sink) {
sink instanceof ReturnNodeExt and
sink.getEnclosingCallable() instanceof DataFlowSourceTargetApi
}
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext }
predicate isBarrier(DataFlow::Node n) {
exists(Type t | t = n.getType() and not isRelevantType(t))
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
isRelevantTaintStep(node1, node2)
}
}
private module FromSource = TaintTracking::Global<FromSourceConfig>;
private module PropagateFromSource = TaintTracking::Global<PropagateFromSourceConfig>;
/**
* Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`.
*/
string captureSource(DataFlowTargetApi api) {
string captureSource(DataFlowSourceTargetApi api) {
exists(DataFlow::Node source, ReturnNodeExt sink, string kind |
FromSource::flow(source, sink) and
PropagateFromSource::flow(source, sink) and
ExternalFlow::sourceNode(source, kind) and
api = sink.getEnclosingCallable() and
isRelevantSourceKind(kind) and
result = ModelPrinting::asSourceModel(api, sink.getOutput(), kind)
not irrelevantSourceSinkApi(source.getEnclosingCallable(), api) and
result = Printing::asSourceModel(api, sink.getOutput(), kind)
)
}
@@ -251,13 +264,25 @@ string captureSource(DataFlowTargetApi api) {
* into an existing known sink (then the API itself becomes a sink).
*/
module PropagateToSinkConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { apiSource(source) }
predicate isSource(DataFlow::Node source) {
apiSource(source) and source.getEnclosingCallable() instanceof DataFlowSinkTargetApi
}
predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }
predicate isSink(DataFlow::Node sink) {
exists(string kind | isRelevantSinkKind(kind) and ExternalFlow::sinkNode(sink, kind))
}
predicate isBarrier(DataFlow::Node node) { sinkModelSanitizer(node) }
predicate isBarrier(DataFlow::Node node) {
exists(Type t | t = node.getType() and not isRelevantType(t))
or
sinkModelSanitizer(node)
}
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
isRelevantTaintStep(node1, node2)
}
}
private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;
@@ -265,12 +290,11 @@ private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;
/**
* Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink.
*/
string captureSink(DataFlowTargetApi api) {
string captureSink(DataFlowSinkTargetApi api) {
exists(DataFlow::Node src, DataFlow::Node sink, string kind |
PropagateToSink::flow(src, sink) and
ExternalFlow::sinkNode(sink, kind) and
api = src.getEnclosingCallable() and
isRelevantSinkKind(kind) and
result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind)
result = Printing::asSinkModel(api, asInputArgument(src), kind)
)
}

75
java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
View File

@@ -1,72 +1,11 @@
private import CaptureModelsSpecific
private import java as J
private import codeql.mad.modelgenerator.ModelPrinting
private import CaptureModelsSpecific as Specific
signature module PrintingSig {
/**
* The class of APIs relevant for model generation.
*/
class Api extends TargetApiSpecific;
private module ModelPrintingLang implements ModelPrintingLangSig {
class Callable = J::Callable;
/**
* Gets the string representation of the provenance of the models.
*/
string getProvenance();
predicate partialModel = Specific::partialModel/6;
}
module PrintingImpl<PrintingSig Printing> {
/**
* Gets the summary model for `api` with `input`, `output` and `kind`.
*/
bindingset[input, output, kind]
private string asSummaryModel(Printing::Api api, string input, string output, string kind) {
result =
asPartialModel(api) + input + ";" //
+ output + ";" //
+ kind + ";" //
+ Printing::getProvenance()
}
string asNeutralSummaryModel(Printing::Api api) {
result =
asPartialNeutralModel(api) //
+ "summary" + ";" //
+ Printing::getProvenance()
}
/**
* Gets the value summary model for `api` with `input` and `output`.
*/
bindingset[input, output]
string asValueModel(Printing::Api api, string input, string output) {
result = asSummaryModel(api, input, output, "value")
}
/**
* Gets the taint summary model for `api` with `input` and `output`.
*/
bindingset[input, output]
string asTaintModel(Printing::Api api, string input, string output) {
result = asSummaryModel(api, input, output, "taint")
}
/**
* Gets the sink model for `api` with `input` and `kind`.
*/
bindingset[input, kind]
string asSinkModel(Printing::Api api, string input, string kind) {
result =
asPartialModel(api) + input + ";" //
+ kind + ";" //
+ Printing::getProvenance()
}
/**
* Gets the source model for `api` with `output` and `kind`.
*/
bindingset[output, kind]
string asSourceModel(Printing::Api api, string output, string kind) {
result =
asPartialModel(api) + output + ";" //
+ kind + ";" //
+ Printing::getProvenance()
}
}
import ModelPrintingImpl<ModelPrintingLang>

122
java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
View File

@@ -58,11 +58,21 @@ private J::Callable liftedImpl(J::Callable m) {
not exists(getARelevantOverride(result))
}
private predicate hasManualModel(Callable api) {
private predicate hasManualSummaryModel(Callable api) {
api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.applyManualModel()).asCallable() or
api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel()).asCallable()
}
private predicate hasManualSourceModel(Callable api) {
api = any(ExternalFlow::SourceCallable sc | sc.hasManualModel()) or
api = any(FlowSummaryImpl::Public::NeutralSourceCallable sc | sc.hasManualModel()).asCallable()
}
private predicate hasManualSinkModel(Callable api) {
api = any(ExternalFlow::SinkCallable sc | sc.hasManualModel()) or
api = any(FlowSummaryImpl::Public::NeutralSinkCallable sc | sc.hasManualModel()).asCallable()
}
/**
* Holds if it is irrelevant to generate models for `api` based on data flow analysis.
*
@@ -72,6 +82,28 @@ predicate isUninterestingForDataFlowModels(Callable api) {
api.getDeclaringType() instanceof J::Interface and not exists(api.getBody())
}
/**
* A class of callables that are potentially relevant for generating summary and
* neutral models.
*/
class SummaryTargetApi extends TargetApiBase {
SummaryTargetApi() { not hasManualSummaryModel(this.lift()) }
}
/**
* A class of callables that are potentially relevant for generating sink models.
*/
class SinkTargetApi extends TargetApiBase {
SinkTargetApi() { not hasManualSinkModel(this.lift()) }
}
/**
* A class of callables that are potentially relevant for generating source models.
*/
class SourceTargetApi extends TargetApiBase {
SourceTargetApi() { not hasManualSourceModel(this.lift()) }
}
/**
* Holds if it is irrelevant to generate models for `api` based on type-based analysis.
*
@@ -86,13 +118,10 @@ predicate isUninterestingForTypeBasedFlowModels(Callable api) { none() }
* In the Standard library and 3rd party libraries it is the callables (or callables that have a
* super implementation) that can be called from outside the library itself.
*/
class TargetApiSpecific extends Callable {
class TargetApiBase extends Callable {
private Callable lift;
TargetApiSpecific() {
lift = liftedImpl(this) and
not hasManualModel(lift)
}
TargetApiBase() { lift = liftedImpl(this) }
/**
* Gets the callable that a model will be lifted to.
@@ -110,53 +139,25 @@ private string isExtensible(Callable c) {
}
/**
* Returns the appropriate type name for the model.
* Holds if the callable `c` is in package `package`
* and is a member of `type`.
*/
private string typeAsModel(Callable c) {
exists(RefType type | type = c.getDeclaringType() |
result =
type.getCompilationUnit().getPackage().getName() + ";" +
type.getErasure().(J::RefType).nestedName()
private predicate qualifiedName(Callable c, string package, string type) {
exists(RefType t | t = c.getDeclaringType() |
package = t.getCompilationUnit().getPackage().getName() and
type = t.getErasure().(J::RefType).nestedName()
)
}
private predicate partialModel(
Callable api, string type, string extensible, string name, string parameters
predicate partialModel(
Callable api, string package, string type, string extensible, string name, string parameters
) {
type = typeAsModel(api) and
qualifiedName(api, package, type) and
extensible = isExtensible(api) and
name = api.getName() and
parameters = ExternalFlow::paramsString(api)
}
/**
* Computes the first 6 columns for MaD rows.
*/
string asPartialModel(TargetApiSpecific api) {
exists(string type, string extensible, string name, string parameters |
partialModel(api.lift(), type, extensible, name, parameters) and
result =
type + ";" //
+ extensible + ";" //
+ name + ";" //
+ parameters + ";" //
+ /* ext + */ ";" //
)
}
/**
* Computes the first 4 columns for neutral MaD rows.
*/
string asPartialNeutralModel(TargetApiSpecific api) {
exists(string type, string name, string parameters |
partialModel(api, type, _, name, parameters) and
result =
type + ";" //
+ name + ";" //
+ parameters + ";" //
)
}
predicate isPrimitiveTypeUsedForBulkData(J::Type t) {
t.hasName(["byte", "char", "Byte", "Character"])
}
@@ -186,6 +187,14 @@ predicate isRelevantType(J::Type t) {
)
}
/**
* Gets the underlying type of the content `c`.
*/
J::Type getUnderlyingContentType(DataFlow::Content c) {
result = c.(DataFlow::FieldContent).getField().getType() or
result = c.(DataFlow::SyntheticFieldContent).getField().getType()
}
/**
* Gets the MaD string representation of the qualifier.
*/
@@ -242,15 +251,6 @@ predicate sinkModelSanitizer(DataFlow::Node node) {
)
}
private class ManualNeutralSinkCallable extends Callable {
ManualNeutralSinkCallable() {
this =
any(FlowSummaryImpl::Public::NeutralCallable nc |
nc.hasManualModel() and nc.getKind() = "sink"
).asCallable()
}
}
/**
* Holds if `source` is an api entrypoint relevant for creating sink models.
*/
@@ -259,17 +259,19 @@ predicate apiSource(DataFlow::Node source) {
source.asExpr().(J::FieldAccess).isOwnFieldAccess() or
source instanceof DataFlow::ParameterNode
) and
exists(Callable enclosing | enclosing = source.getEnclosingCallable() |
exists(liftedImpl(enclosing)) and
not enclosing instanceof ManualNeutralSinkCallable and
exists(J::RefType t |
t = enclosing.getDeclaringType().getAnAncestor() and
not t instanceof J::TypeObject and
t.isPublic()
)
exists(J::RefType t |
t = source.getEnclosingCallable().getDeclaringType().getAnAncestor() and
not t instanceof J::TypeObject and
t.isPublic()
)
}
/**
* Holds if it is not relevant to generate a source model for `api`, even
* if flow is detected from a node within `source` to a sink within `api`.
*/
predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() }
/**
* Gets the MaD input string representation of `source`.
*/

8
java/ql/src/utils/modelgenerator/internal/CaptureSummaryFlowQuery.qll
View File

@@ -67,7 +67,7 @@ private import CaptureModels
* Captured Model:
* ```p;Foo;true;addToList;;Argument[0];Argument[1];taint;df-generated```
*/
string captureFlow(DataFlowTargetApi api) {
string captureFlow(DataFlowSummaryTargetApi api) {
result = captureQualifierFlow(api) or
result = captureThroughFlow(api)
}
@@ -77,8 +77,8 @@ string captureFlow(DataFlowTargetApi api) {
* A neutral summary model is generated, if we are not generating
* a summary model that applies to `api`.
*/
string captureNoFlow(DataFlowTargetApi api) {
not exists(DataFlowTargetApi api0 | exists(captureFlow(api0)) and api0.lift() = api.lift()) and
string captureNoFlow(DataFlowSummaryTargetApi api) {
not exists(DataFlowSummaryTargetApi api0 | exists(captureFlow(api0)) and api0.lift() = api.lift()) and
api.isRelevant() and
result = ModelPrinting::asNeutralSummaryModel(api)
result = Printing::asNeutralSummaryModel(api)
}

8
java/ql/src/utils/modelgenerator/internal/CaptureTypeBasedSummaryModels.qll
View File

@@ -283,19 +283,19 @@ private predicate output(Callable callable, TypeVariable tv, string output) {
functionalSink(callable, tv, output)
}
module Printing implements PrintingSig {
module ModelPrintingInput implements ModelPrintingSig {
class Api = TypeBasedFlowTargetApi;
string getProvenance() { result = "tb-generated" }
}
private module ModelPrinting = PrintingImpl<Printing>;
private module Printing = ModelPrinting<ModelPrintingInput>;
/**
* A class of callables that are relevant generating summaries for based
* on the Theorems for Free approach.
*/
class TypeBasedFlowTargetApi extends Specific::TargetApiSpecific {
class TypeBasedFlowTargetApi extends Specific::SummaryTargetApi {
TypeBasedFlowTargetApi() { not Specific::isUninterestingForTypeBasedFlowModels(this) }
/**
@@ -327,7 +327,7 @@ class TypeBasedFlowTargetApi extends Specific::TargetApiSpecific {
output(this, tv, output) and
input != output
|
result = ModelPrinting::asValueModel(this, input, output)
result = Printing::asValueModel(this, input, output)
)
}
}

4174
java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected
View File

File diff suppressed because it is too large Load Diff

14
java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected
View File

@@ -1,12 +1,12 @@
edges
| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | Src:MaD:1972 Sink:MaD:42550 |
| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42550 |
| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42550 |
| FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance | Sink:MaD:42547 |
| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:44678 |
| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance | Sink:MaD:42534 |
| FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | provenance | Src:MaD:1972 Sink:MaD:42556 |
| FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42556 |
| FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | provenance | Src:MaD:1972 AdditionalValueStep Sink:MaD:42556 |
| FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | provenance | Sink:MaD:42553 |
| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | provenance | Src:MaD:44686 |
| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:210:23:210:26 | file | provenance | Sink:MaD:42540 |
| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:217:19:217:22 | file : File | provenance | |
| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:42606 |
| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:42612 |
| FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | provenance | |
nodes
| FilePathInjection.java:21:21:21:34 | getPara(...) : String | semmle.label | getPara(...) : String |

22
java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected
View File

@@ -1,18 +1,18 @@
edges
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:22:67:22:72 | script : String | provenance | Src:MaD:42700 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:25:66:25:71 | script : String | provenance | Src:MaD:42700 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:31:36:31:41 | script : String | provenance | Src:MaD:42700 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:38:52:38:57 | script : String | provenance | Src:MaD:42700 |
| RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | RuntimeExecTest.java:22:43:22:73 | new String[] | provenance | Sink:MaD:42679 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:22:67:22:72 | script : String | provenance | Src:MaD:42706 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:25:66:25:71 | script : String | provenance | Src:MaD:42706 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:31:36:31:41 | script : String | provenance | Src:MaD:42706 |
| RuntimeExecTest.java:17:25:17:51 | getenv(...) : String | RuntimeExecTest.java:38:52:38:57 | script : String | provenance | Src:MaD:42706 |
| RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | RuntimeExecTest.java:22:43:22:73 | new String[] | provenance | Sink:MaD:42685 |
| RuntimeExecTest.java:22:67:22:72 | script : String | RuntimeExecTest.java:22:43:22:73 | {...} : String[] [[]] : String | provenance | |
| RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | RuntimeExecTest.java:26:43:26:55 | commandArray1 | provenance | Sink:MaD:42679 |
| RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | RuntimeExecTest.java:26:43:26:55 | commandArray1 | provenance | Sink:MaD:42685 |
| RuntimeExecTest.java:25:66:25:71 | script : String | RuntimeExecTest.java:25:42:25:72 | {...} : String[] [[]] : String | provenance | |
| RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | RuntimeExecTest.java:32:43:32:55 | commandArray2 | provenance | Sink:MaD:42679 |
| RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | RuntimeExecTest.java:32:43:32:55 | commandArray2 | provenance | Sink:MaD:42685 |
| RuntimeExecTest.java:31:36:31:41 | script : String | RuntimeExecTest.java:31:17:31:29 | commandArray2 [post update] : String[] [[]] : String | provenance | |
| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | MaD:44362 |
| RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) | provenance | Sink:MaD:42679 |
| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | provenance | MaD:44297 |
| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | provenance | MaD:43731 |
| RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | provenance | MaD:44368 |
| RuntimeExecTest.java:36:21:39:44 | toArray(...) : String[] [[]] : String | RuntimeExecTest.java:36:21:39:44 | toArray(...) | provenance | Sink:MaD:42685 |
| RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | RuntimeExecTest.java:36:21:39:21 | concat(...) : Stream [<element>] : String | provenance | MaD:44303 |
| RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | RuntimeExecTest.java:38:25:38:59 | stream(...) : Stream [<element>] : String | provenance | MaD:43737 |
| RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | RuntimeExecTest.java:38:39:38:58 | new String[] : String[] [[]] : String | provenance | |
| RuntimeExecTest.java:38:52:38:57 | script : String | RuntimeExecTest.java:38:39:38:58 | {...} : String[] [[]] : String | provenance | |
nodes

4
java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected
View File

@@ -1,6 +1,6 @@
edges
| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | provenance | Src:MaD:44678 Sink:MaD:1957 |
| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | provenance | Src:MaD:44678 Sink:MaD:1957 |
| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | provenance | Src:MaD:44686 Sink:MaD:1957 |
| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | provenance | Src:MaD:44686 Sink:MaD:1957 |
nodes
| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JSchOSInjectionTest.java:27:52:27:68 | ... + ... | semmle.label | ... + ... |

2
java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.expected
View File

@@ -11,7 +11,7 @@ edges
| MybatisSqlInjection.java:110:40:110:43 | name : String | MybatisSqlInjectionService.java:88:32:88:42 | name : String | provenance | |
| MybatisSqlInjectionService.java:48:19:48:29 | name : String | MybatisSqlInjectionService.java:50:23:50:26 | name : String | provenance | |
| MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [<map.value>] : String | MybatisSqlInjectionService.java:51:27:51:33 | hashMap | provenance | |
| MybatisSqlInjectionService.java:50:23:50:26 | name : String | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [<map.value>] : String | provenance | MaD:43907 |
| MybatisSqlInjectionService.java:50:23:50:26 | name : String | MybatisSqlInjectionService.java:50:3:50:9 | hashMap [post update] : HashMap [<map.value>] : String | provenance | MaD:43913 |
| MybatisSqlInjectionService.java:54:32:54:42 | name : String | MybatisSqlInjectionService.java:55:32:55:35 | name | provenance | |
| MybatisSqlInjectionService.java:80:20:80:30 | name : String | MybatisSqlInjectionService.java:81:28:81:31 | name | provenance | |
| MybatisSqlInjectionService.java:84:20:84:29 | age : String | MybatisSqlInjectionService.java:85:28:85:30 | age | provenance | |

6
java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected
View File

@@ -1,8 +1,8 @@
edges
| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | BeanShellInjection.java:15:45:15:48 | code : String | provenance | Src:MaD:44678 |
| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | BeanShellInjection.java:15:45:15:48 | code : String | provenance | Src:MaD:44686 |
| BeanShellInjection.java:15:45:15:48 | code : String | BeanShellInjection.java:15:22:15:49 | new StaticScriptSource(...) | provenance | Config |
| BeanShellInjection.java:20:17:20:44 | getParameter(...) : String | BeanShellInjection.java:22:20:22:23 | code | provenance | Src:MaD:44678 |
| BeanShellInjection.java:27:17:27:44 | getParameter(...) : String | BeanShellInjection.java:29:32:29:35 | code : String | provenance | Src:MaD:44678 |
| BeanShellInjection.java:20:17:20:44 | getParameter(...) : String | BeanShellInjection.java:22:20:22:23 | code | provenance | Src:MaD:44686 |
| BeanShellInjection.java:27:17:27:44 | getParameter(...) : String | BeanShellInjection.java:29:32:29:35 | code : String | provenance | Src:MaD:44686 |
| BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | BeanShellInjection.java:31:22:31:39 | staticScriptSource | provenance | |
| BeanShellInjection.java:29:32:29:35 | code : String | BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | provenance | Config |
nodes

6
java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected
View File

@@ -1,7 +1,7 @@
edges
| JShellInjection.java:12:18:12:45 | getParameter(...) : String | JShellInjection.java:15:15:15:19 | input | provenance | Src:MaD:44678 |
| JShellInjection.java:20:18:20:45 | getParameter(...) : String | JShellInjection.java:24:31:24:35 | input | provenance | Src:MaD:44678 |
| JShellInjection.java:29:18:29:45 | getParameter(...) : String | JShellInjection.java:33:37:33:41 | input : String | provenance | Src:MaD:44678 |
| JShellInjection.java:12:18:12:45 | getParameter(...) : String | JShellInjection.java:15:15:15:19 | input | provenance | Src:MaD:44686 |
| JShellInjection.java:20:18:20:45 | getParameter(...) : String | JShellInjection.java:24:31:24:35 | input | provenance | Src:MaD:44686 |
| JShellInjection.java:29:18:29:45 | getParameter(...) : String | JShellInjection.java:33:37:33:41 | input : String | provenance | Src:MaD:44686 |
| JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | |
| JShellInjection.java:33:37:33:41 | input : String | JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | provenance | Config |
| JShellInjection.java:35:12:35:50 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | |

4
java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected
View File

@@ -1,8 +1,8 @@
edges
| JakartaExpressionInjection.java:23:25:23:47 | getInputStream(...) : InputStream | JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| JakartaExpressionInjection.java:23:25:23:47 | getInputStream(...) : InputStream | JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | provenance | |
| JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | JakartaExpressionInjection.java:25:31:25:40 | expression : String | provenance | |
| JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | provenance | MaD:42741 |
| JakartaExpressionInjection.java:24:48:24:52 | bytes : byte[] | JakartaExpressionInjection.java:24:37:24:59 | new String(...) : String | provenance | MaD:42747 |
| JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:32:24:32:33 | expression : String | provenance | |
| JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:40:24:40:33 | expression : String | provenance | |
| JakartaExpressionInjection.java:25:31:25:40 | expression : String | JakartaExpressionInjection.java:48:24:48:33 | expression : String | provenance | |

10
java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected
View File

@@ -1,9 +1,9 @@
edges
| JythonInjection.java:28:23:28:50 | getParameter(...) : String | JythonInjection.java:36:30:36:33 | code | provenance | Src:MaD:44678 |
| JythonInjection.java:53:23:53:50 | getParameter(...) : String | JythonInjection.java:58:44:58:47 | code | provenance | Src:MaD:44678 |
| JythonInjection.java:73:23:73:50 | getParameter(...) : String | JythonInjection.java:81:35:81:38 | code | provenance | Src:MaD:44678 |
| JythonInjection.java:97:23:97:50 | getParameter(...) : String | JythonInjection.java:106:61:106:64 | code : String | provenance | Src:MaD:44678 |
| JythonInjection.java:106:61:106:64 | code : String | JythonInjection.java:106:61:106:75 | getBytes(...) | provenance | MaD:42752 |
| JythonInjection.java:28:23:28:50 | getParameter(...) : String | JythonInjection.java:36:30:36:33 | code | provenance | Src:MaD:44686 |
| JythonInjection.java:53:23:53:50 | getParameter(...) : String | JythonInjection.java:58:44:58:47 | code | provenance | Src:MaD:44686 |
| JythonInjection.java:73:23:73:50 | getParameter(...) : String | JythonInjection.java:81:35:81:38 | code | provenance | Src:MaD:44686 |
| JythonInjection.java:97:23:97:50 | getParameter(...) : String | JythonInjection.java:106:61:106:64 | code : String | provenance | Src:MaD:44686 |
| JythonInjection.java:106:61:106:64 | code : String | JythonInjection.java:106:61:106:75 | getBytes(...) | provenance | MaD:42758 |
nodes
| JythonInjection.java:28:23:28:50 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JythonInjection.java:36:30:36:33 | code | semmle.label | code |

20
java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.expected
View File

@@ -1,20 +1,20 @@
edges
| RhinoServlet.java:28:23:28:50 | getParameter(...) : String | RhinoServlet.java:32:55:32:58 | code | provenance | Src:MaD:44678 |
| RhinoServlet.java:81:23:81:50 | getParameter(...) : String | RhinoServlet.java:83:54:83:57 | code | provenance | Src:MaD:44678 |
| RhinoServlet.java:88:23:88:50 | getParameter(...) : String | RhinoServlet.java:89:74:89:77 | code : String | provenance | Src:MaD:44678 |
| RhinoServlet.java:89:74:89:77 | code : String | RhinoServlet.java:89:74:89:88 | getBytes(...) | provenance | MaD:42752 |
| RhinoServlet.java:28:23:28:50 | getParameter(...) : String | RhinoServlet.java:32:55:32:58 | code | provenance | Src:MaD:44686 |
| RhinoServlet.java:81:23:81:50 | getParameter(...) : String | RhinoServlet.java:83:54:83:57 | code | provenance | Src:MaD:44686 |
| RhinoServlet.java:88:23:88:50 | getParameter(...) : String | RhinoServlet.java:89:74:89:77 | code : String | provenance | Src:MaD:44686 |
| RhinoServlet.java:89:74:89:77 | code : String | RhinoServlet.java:89:74:89:88 | getBytes(...) | provenance | MaD:42758 |
| ScriptEngineTest.java:20:44:20:55 | input : String | ScriptEngineTest.java:24:37:24:41 | input | provenance | |
| ScriptEngineTest.java:27:51:27:62 | input : String | ScriptEngineTest.java:31:31:31:35 | input | provenance | |
| ScriptEngineTest.java:35:58:35:69 | input : String | ScriptEngineTest.java:39:31:39:35 | input | provenance | |
| ScriptEngineTest.java:42:46:42:57 | input : String | ScriptEngineTest.java:46:31:46:35 | input | provenance | |
| ScriptEngineTest.java:49:41:49:52 | input : String | ScriptEngineTest.java:52:42:52:46 | input | provenance | |
| ScriptEngineTest.java:56:41:56:52 | input : String | ScriptEngineTest.java:59:51:59:55 | input | provenance | |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:93:57:93:60 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:94:64:94:67 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:95:71:95:74 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:96:59:96:62 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:97:54:97:57 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:98:54:98:57 | code : String | provenance | Src:MaD:44678 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:93:57:93:60 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:94:64:94:67 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:95:71:95:74 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:96:59:96:62 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:97:54:97:57 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:91:18:91:45 | getParameter(...) : String | ScriptEngineTest.java:98:54:98:57 | code : String | provenance | Src:MaD:44686 |
| ScriptEngineTest.java:93:57:93:60 | code : String | ScriptEngineTest.java:20:44:20:55 | input : String | provenance | |
| ScriptEngineTest.java:94:64:94:67 | code : String | ScriptEngineTest.java:27:51:27:62 | input : String | provenance | |
| ScriptEngineTest.java:95:71:95:74 | code : String | ScriptEngineTest.java:35:58:35:69 | input : String | provenance | |

28
java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected
View File

@@ -1,25 +1,25 @@
edges
| SensitiveCookieNotHttpOnly.java:24:33:24:43 | "jwt_token" : String | SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | provenance | |
| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:31:28:31:36 | jwtCookie | provenance | Sink:MaD:44669 |
| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:31:28:31:36 | jwtCookie | provenance | Sink:MaD:44677 |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | Config |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | MaD:44675 |
| SensitiveCookieNotHttpOnly.java:42:42:42:49 | "token=" : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44670 |
| SensitiveCookieNotHttpOnly.java:42:42:42:57 | ... + ... : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44670 |
| SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:52:42:52:124 | toString(...) | provenance | MaD:44717 Sink:MaD:44672 |
| SensitiveCookieNotHttpOnly.java:52:56:52:75 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | provenance | MaD:44755 |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | MaD:44683 |
| SensitiveCookieNotHttpOnly.java:42:42:42:49 | "token=" : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44678 |
| SensitiveCookieNotHttpOnly.java:42:42:42:57 | ... + ... : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44678 |
| SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:52:42:52:124 | toString(...) | provenance | MaD:44726 Sink:MaD:44680 |
| SensitiveCookieNotHttpOnly.java:52:56:52:75 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:52:42:52:113 | new NewCookie(...) : NewCookie | provenance | MaD:44764 |
| SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | provenance | |
| SensitiveCookieNotHttpOnly.java:63:51:63:70 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | provenance | MaD:44755 |
| SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | provenance | MaD:44717 |
| SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | SensitiveCookieNotHttpOnly.java:65:42:65:47 | keyStr | provenance | Sink:MaD:44672 |
| SensitiveCookieNotHttpOnly.java:70:28:70:35 | "token=" : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44670 |
| SensitiveCookieNotHttpOnly.java:70:28:70:43 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44670 |
| SensitiveCookieNotHttpOnly.java:70:28:70:55 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44670 |
| SensitiveCookieNotHttpOnly.java:63:51:63:70 | "session-access-key" : String | SensitiveCookieNotHttpOnly.java:63:37:63:115 | new NewCookie(...) : NewCookie | provenance | MaD:44764 |
| SensitiveCookieNotHttpOnly.java:64:25:64:39 | accessKeyCookie : NewCookie | SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | provenance | MaD:44726 |
| SensitiveCookieNotHttpOnly.java:64:25:64:50 | toString(...) : String | SensitiveCookieNotHttpOnly.java:65:42:65:47 | keyStr | provenance | Sink:MaD:44680 |
| SensitiveCookieNotHttpOnly.java:70:28:70:35 | "token=" : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44678 |
| SensitiveCookieNotHttpOnly.java:70:28:70:43 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44678 |
| SensitiveCookieNotHttpOnly.java:70:28:70:55 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44678 |
| SensitiveCookieNotHttpOnly.java:88:35:88:51 | "Presto-UI-Token" : String | SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | provenance | |
| SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | Config |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | MaD:44675 |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | MaD:44683 |
| SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:111:28:111:33 | cookie | provenance | Sink:MaD:44669 |
| SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:111:28:111:33 | cookie | provenance | Sink:MaD:44677 |
nodes
| SensitiveCookieNotHttpOnly.java:24:33:24:43 | "jwt_token" : String | semmle.label | "jwt_token" : String |
| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie |

8
java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.expected
View File

@@ -34,7 +34,7 @@ edges
| InsecureWebResourceResponse.java:86:41:86:43 | url : String | InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | provenance | MaD:514 |
| InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | provenance | |
| InsecureWebResourceResponse.java:88:66:88:68 | uri : Uri | InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | provenance | MaD:503 |
| InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | provenance | MaD:42607 |
| InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | provenance | MaD:42613 |
| InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:91:75:91:85 | inputStream | provenance | |
| InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 |
| InsecureWebResourceResponse.java:101:20:101:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep |
@@ -47,10 +47,10 @@ edges
| InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | provenance | |
| InsecureWebResourceResponse.java:112:41:112:43 | url : String | InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | provenance | MaD:514 |
| InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | provenance | MaD:504 |
| InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | provenance | MaD:42770 |
| InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String | InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | provenance | MaD:42776 |
| InsecureWebResourceResponse.java:113:35:113:60 | substring(...) : String | InsecureWebResourceResponse.java:115:75:115:78 | path : String | provenance | |
| InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:117:75:117:85 | inputStream | provenance | |
| InsecureWebResourceResponse.java:115:75:115:78 | path : String | InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | provenance | MaD:42770 |
| InsecureWebResourceResponse.java:115:75:115:78 | path : String | InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | provenance | MaD:42776 |
| InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 |
| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep |
| InsecureWebResourceResponse.java:127:20:127:22 | url : String | InsecureWebResourceResponse.java:84:77:84:86 | url : String | provenance | AdditionalTaintStep |
@@ -81,7 +81,7 @@ edges
| InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | provenance | |
| InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | provenance | |
| InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | provenance | MaD:503 |
| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | provenance | MaD:42607 |
| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | provenance | MaD:42613 |
| InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:199:75:199:85 | inputStream | provenance | |
| InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | provenance | MaD:1981 |
| InsecureWebResourceResponse.java:209:20:209:22 | url : String | InsecureWebResourceResponse.java:63:77:63:86 | url : String | provenance | AdditionalTaintStep |

4
java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected
View File

@@ -10,7 +10,7 @@ edges
| FileService.java:34:20:36:13 | {...} : Object[] [[]] : String | FileService.java:34:20:36:13 | new Object[] : Object[] [[]] : String | provenance | |
| FileService.java:35:17:35:25 | sourceUri : String | FileService.java:34:20:36:13 | {...} : Object[] [[]] : String | provenance | |
| FileService.java:40:41:40:55 | params : Object[] | FileService.java:44:33:44:52 | (...)... : String[] | provenance | |
| FileService.java:44:33:44:52 | (...)... : String[] | FileService.java:45:53:45:59 | ...[...] | provenance | Sink:MaD:42550 |
| FileService.java:44:33:44:52 | (...)... : String[] | FileService.java:45:53:45:59 | ...[...] | provenance | Sink:MaD:42556 |
| LeakFileActivity2.java:15:13:15:18 | intent : Intent | LeakFileActivity2.java:16:26:16:31 | intent : Intent | provenance | |
| LeakFileActivity2.java:16:26:16:31 | intent : Intent | FileService.java:20:31:20:43 | intent : Intent | provenance | |
| LeakFileActivity2.java:16:26:16:31 | intent : Intent | FileService.java:20:31:20:43 | intent : Intent | provenance | Config |
@@ -18,7 +18,7 @@ edges
| LeakFileActivity.java:18:40:18:59 | contentIntent : Intent | LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | provenance | |
| LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | provenance | MaD:317 |
| LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | provenance | |
| LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | LeakFileActivity.java:21:58:21:82 | getPath(...) | provenance | MaD:504 Sink:MaD:42586 |
| LeakFileActivity.java:21:58:21:72 | streamsToUpload : Uri | LeakFileActivity.java:21:58:21:82 | getPath(...) | provenance | MaD:504 Sink:MaD:42592 |
nodes
| FileService.java:20:31:20:43 | intent : Intent | semmle.label | intent : Intent |
| FileService.java:21:28:21:33 | intent : Intent | semmle.label | intent : Intent |

2
java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.expected
View File

@@ -6,7 +6,7 @@ edges
| Test.java:99:26:99:45 | doFinal(...) : byte[] | Test.java:101:49:101:51 | tag | provenance | |
| Test.java:116:28:116:30 | tag : byte[] | Test.java:118:44:118:46 | tag | provenance | |
| Test.java:134:56:134:58 | tag : ByteBuffer | Test.java:136:44:136:46 | tag : ByteBuffer | provenance | |
| Test.java:136:44:136:46 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) | provenance | MaD:43119 |
| Test.java:136:44:136:46 | tag : ByteBuffer | Test.java:136:44:136:54 | array(...) | provenance | MaD:43125 |
| Test.java:148:56:148:58 | tag : ByteBuffer | Test.java:150:53:150:55 | tag | provenance | |
| Test.java:174:26:174:50 | doFinal(...) : byte[] | Test.java:176:44:176:46 | tag | provenance | |
| Test.java:201:34:201:50 | doFinal(...) : byte[] | Test.java:204:26:204:36 | computedTag | provenance | |

2
java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected
View File

@@ -1,5 +1,5 @@
edges
| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url | provenance | Src:MaD:44656 Sink:MaD:44670 |
| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url | provenance | Src:MaD:44664 Sink:MaD:44678 |
nodes
| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | semmle.label | getHeader(...) : String |
| UnvalidatedCors.java:27:67:27:69 | url | semmle.label | url |

4
java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected
View File

@@ -1,8 +1,8 @@
edges
| ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | provenance | |
| ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip | provenance | |
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | provenance | Src:MaD:44656 |
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | provenance | MaD:42765 |
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | provenance | Src:MaD:44664 |
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:23 | xfHeader : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | provenance | MaD:42771 |
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | provenance | |
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | provenance | |
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | provenance | |

14
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected
View File

@@ -1,11 +1,11 @@
edges
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | provenance | Src:MaD:44678 |
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | provenance | Src:MaD:44678 |
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | provenance | Src:MaD:44678 |
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | provenance | Src:MaD:44678 |
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | provenance | Src:MaD:44678 Sink:MaD:42585 |
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | provenance | Src:MaD:44678 Sink:MaD:42585 |
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | provenance | Src:MaD:44678 |
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | provenance | Src:MaD:44686 |
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | provenance | Src:MaD:44686 |
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | provenance | Src:MaD:44686 |
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | provenance | Src:MaD:44686 |
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | provenance | Src:MaD:44686 Sink:MaD:42591 |
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | provenance | Src:MaD:44686 Sink:MaD:42591 |
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | provenance | Src:MaD:44686 |
nodes
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |

14
java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected
View File

@@ -1,9 +1,9 @@
edges
| ThreadResourceAbuse.java:18:25:18:57 | getParameter(...) : String | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | provenance | Src:MaD:44678 TaintPreservingCallable |
| ThreadResourceAbuse.java:18:25:18:57 | getParameter(...) : String | ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | provenance | Src:MaD:44686 TaintPreservingCallable |
| ThreadResourceAbuse.java:21:4:21:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | ThreadResourceAbuse.java:21:4:21:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:21:28:21:36 | delayTime : Number | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | provenance | |
| ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | provenance | Src:MaD:44678 TaintPreservingCallable |
| ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | provenance | Src:MaD:44686 TaintPreservingCallable |
| ThreadResourceAbuse.java:30:4:30:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | ThreadResourceAbuse.java:30:4:30:37 | new UncheckedSyncAction(...) : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:30:28:30:36 | delayTime : Number | ThreadResourceAbuse.java:66:30:66:41 | waitTime : Number | provenance | |
@@ -12,15 +12,15 @@ edges
| ThreadResourceAbuse.java:67:20:67:27 | waitTime : Number | ThreadResourceAbuse.java:67:4:67:7 | this [post update] : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:71:15:71:17 | parameter this : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | provenance | |
| ThreadResourceAbuse.java:74:18:74:25 | this <.field> : UncheckedSyncAction [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime | provenance | Sink:MaD:1982 |
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | provenance | Src:MaD:44655 TaintPreservingCallable Sink:MaD:1985 |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | provenance | Src:MaD:44656 TaintPreservingCallable Sink:MaD:1982 |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | provenance | Src:MaD:44678 TaintPreservingCallable |
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | provenance | Src:MaD:44663 TaintPreservingCallable Sink:MaD:1985 |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | provenance | Src:MaD:44664 TaintPreservingCallable Sink:MaD:1982 |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | provenance | Src:MaD:44686 TaintPreservingCallable |
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | provenance | |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | provenance | |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | provenance | |
| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | provenance | Src:MaD:44656 TaintPreservingCallable |
| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | provenance | Src:MaD:44664 TaintPreservingCallable |
| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | provenance | Config Sink:MaD:1982 |
| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | provenance | Src:MaD:44656 TaintPreservingCallable |
| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | provenance | Src:MaD:44664 TaintPreservingCallable |
| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | provenance | Config |
| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | provenance | Sink:MaD:1982 |
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | provenance | |

16
java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected
View File

@@ -1,12 +1,12 @@
edges
| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:24:41:24:49 | className : String | provenance | Src:MaD:44678 |
| UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue | provenance | Src:MaD:44678 |
| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:24:41:24:49 | className : String | provenance | Src:MaD:44686 |
| UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue | provenance | Src:MaD:44686 |
| UnsafeReflection.java:24:27:24:50 | forName(...) : Class | UnsafeReflection.java:25:29:25:33 | clazz : Class | provenance | |
| UnsafeReflection.java:24:41:24:49 | className : String | UnsafeReflection.java:24:27:24:50 | forName(...) : Class | provenance | Config |
| UnsafeReflection.java:25:29:25:33 | clazz : Class | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | provenance | Config |
| UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | UnsafeReflection.java:25:29:25:62 | ...[...] | provenance | |
| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:37:49:37:57 | className : String | provenance | Src:MaD:44678 |
| UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue | provenance | Src:MaD:44678 |
| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:37:49:37:57 | className : String | provenance | Src:MaD:44686 |
| UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue | provenance | Src:MaD:44686 |
| UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | UnsafeReflection.java:38:29:38:33 | clazz : Class | provenance | |
| UnsafeReflection.java:37:49:37:57 | className : String | UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | provenance | Config |
| UnsafeReflection.java:38:29:38:33 | clazz : Class | UnsafeReflection.java:38:29:38:47 | newInstance(...) : Object | provenance | Config |
@@ -17,13 +17,13 @@ edges
| UnsafeReflection.java:46:24:46:82 | beanIdOrClassName : String | UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String | provenance | |
| UnsafeReflection.java:46:132:46:168 | body : Map | UnsafeReflection.java:49:37:49:40 | body : Map | provenance | |
| UnsafeReflection.java:49:23:49:59 | (...)... : List | UnsafeReflection.java:53:67:53:73 | rawData : List | provenance | |
| UnsafeReflection.java:49:37:49:40 | body : Map | UnsafeReflection.java:49:37:49:59 | get(...) : Object | provenance | MaD:43878 |
| UnsafeReflection.java:49:37:49:40 | body : Map | UnsafeReflection.java:49:37:49:59 | get(...) : Object | provenance | MaD:43884 |
| UnsafeReflection.java:49:37:49:59 | get(...) : Object | UnsafeReflection.java:49:23:49:59 | (...)... : List | provenance | |
| UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String | UnsafeReflection.java:104:34:104:57 | beanIdOrClassName : String | provenance | |
| UnsafeReflection.java:53:67:53:73 | rawData : List | UnsafeReflection.java:104:102:104:118 | data : List | provenance | |
| UnsafeReflection.java:62:33:62:70 | getParameter(...) : String | UnsafeReflection.java:68:76:68:89 | parameterValue | provenance | Src:MaD:44678 |
| UnsafeReflection.java:77:33:77:70 | getParameter(...) : String | UnsafeReflection.java:83:76:83:89 | parameterValue | provenance | Src:MaD:44678 |
| UnsafeReflection.java:92:33:92:70 | getParameter(...) : String | UnsafeReflection.java:98:76:98:89 | parameterValue | provenance | Src:MaD:44678 |
| UnsafeReflection.java:62:33:62:70 | getParameter(...) : String | UnsafeReflection.java:68:76:68:89 | parameterValue | provenance | Src:MaD:44686 |
| UnsafeReflection.java:77:33:77:70 | getParameter(...) : String | UnsafeReflection.java:83:76:83:89 | parameterValue | provenance | Src:MaD:44686 |
| UnsafeReflection.java:92:33:92:70 | getParameter(...) : String | UnsafeReflection.java:98:76:98:89 | parameterValue | provenance | Src:MaD:44686 |
| UnsafeReflection.java:104:34:104:57 | beanIdOrClassName : String | UnsafeReflection.java:108:39:108:55 | beanIdOrClassName : String | provenance | |
| UnsafeReflection.java:104:102:104:118 | data : List | UnsafeReflection.java:119:41:119:44 | data | provenance | |
| UnsafeReflection.java:108:25:108:56 | forName(...) : Class | UnsafeReflection.java:109:31:109:39 | beanClass : Class | provenance | |

12
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected
View File

@@ -1,17 +1,17 @@
edges
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:30:14:32 | map : Map | provenance | Src:MaD:44679 |
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:30:14:32 | map : Map | provenance | Src:MaD:44687 |
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | SensitiveGetQuery2.java:15:29:15:36 | password | provenance | |
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | SensitiveGetQuery2.java:15:29:15:36 | password : String | provenance | |
| SensitiveGetQuery2.java:14:30:14:32 | map : Map | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | provenance | MaD:43878 |
| SensitiveGetQuery2.java:14:30:14:32 | map : Map | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | provenance | MaD:43884 |
| SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | SensitiveGetQuery2.java:14:21:14:48 | (...)... : String | provenance | |
| SensitiveGetQuery2.java:15:29:15:36 | password : String | SensitiveGetQuery2.java:18:40:18:54 | password : String | provenance | |
| SensitiveGetQuery2.java:18:40:18:54 | password : String | SensitiveGetQuery2.java:19:61:19:68 | password | provenance | |
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password | provenance | |
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | provenance | Src:MaD:44678 |
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | provenance | Src:MaD:44686 |
| SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | SensitiveGetQuery4.java:16:37:16:47 | accessToken | provenance | |
| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | provenance | Src:MaD:44678 |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | provenance | Src:MaD:44678 |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String | provenance | Src:MaD:44678 |
| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | provenance | Src:MaD:44686 |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | provenance | Src:MaD:44686 |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String | provenance | Src:MaD:44686 |
| SensitiveGetQuery.java:14:29:14:36 | password : String | SensitiveGetQuery.java:17:40:17:54 | password : String | provenance | |
| SensitiveGetQuery.java:17:40:17:54 | password : String | SensitiveGetQuery.java:18:61:18:68 | password | provenance | |
nodes

8
java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.expected
View File

@@ -1,8 +1,8 @@
edges
| UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | provenance | Src:MaD:44678 |
| UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | provenance | Src:MaD:44665 |
| UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | provenance | Src:MaD:44678 |
| UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | provenance | Src:MaD:44665 |
| UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | UncaughtServletException.java:14:44:14:45 | ip | provenance | Src:MaD:44686 |
| UncaughtServletException.java:16:19:16:41 | getRemoteUser(...) : String | UncaughtServletException.java:17:20:17:25 | userId | provenance | Src:MaD:44673 |
| UncaughtServletException.java:54:16:54:44 | getParameter(...) : String | UncaughtServletException.java:55:45:55:46 | ip | provenance | Src:MaD:44686 |
| UncaughtServletException.java:75:21:75:43 | getRemoteUser(...) : String | UncaughtServletException.java:76:22:76:27 | userId | provenance | Src:MaD:44673 |
nodes
| UncaughtServletException.java:13:15:13:43 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| UncaughtServletException.java:14:44:14:45 | ip | semmle.label | ip |

22
java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected
View File

@@ -6,35 +6,35 @@ edges
| SpringUrlRedirect.java:41:24:41:41 | redirectUrl : String | SpringUrlRedirect.java:44:29:44:39 | redirectUrl | provenance | |
| SpringUrlRedirect.java:49:24:49:41 | redirectUrl : String | SpringUrlRedirect.java:52:30:52:40 | redirectUrl | provenance | |
| SpringUrlRedirect.java:57:24:57:41 | redirectUrl : String | SpringUrlRedirect.java:58:55:58:65 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | SpringUrlRedirect.java:58:30:58:66 | format(...) | provenance | MaD:42748 |
| SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | SpringUrlRedirect.java:58:30:58:66 | format(...) | provenance | MaD:42754 |
| SpringUrlRedirect.java:58:55:58:65 | redirectUrl : String | SpringUrlRedirect.java:58:30:58:66 | new ..[] { .. } : Object[] [[]] : String | provenance | |
| SpringUrlRedirect.java:62:24:62:41 | redirectUrl : String | SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | provenance | |
| SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | SpringUrlRedirect.java:63:30:63:76 | format(...) | provenance | MaD:42747 |
| SpringUrlRedirect.java:63:44:63:68 | ... + ... : String | SpringUrlRedirect.java:63:30:63:76 | format(...) | provenance | MaD:42753 |
| SpringUrlRedirect.java:89:38:89:55 | redirectUrl : String | SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | SpringUrlRedirect.java:91:27:91:49 | create(...) | provenance | MaD:42968 |
| SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | SpringUrlRedirect.java:91:27:91:49 | create(...) | provenance | MaD:42974 |
| SpringUrlRedirect.java:96:39:96:56 | redirectUrl : String | SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:100:37:100:47 | httpHeaders | provenance | |
| SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | provenance | Config |
| SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | MaD:42968 |
| SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | MaD:42974 |
| SpringUrlRedirect.java:104:39:104:56 | redirectUrl : String | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | |
| SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | |
| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49213 |
| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49454 |
| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49234 |
| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49475 |
| SpringUrlRedirect.java:112:39:112:56 | redirectUrl : String | SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | |
| SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | |
| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49213 |
| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49454 |
| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49234 |
| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49475 |
| SpringUrlRedirect.java:120:33:120:50 | redirectUrl : String | SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | |
| SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | |
| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49213 |
| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49454 |
| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:49234 |
| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49475 |
| SpringUrlRedirect.java:128:33:128:50 | redirectUrl : String | SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:132:49:132:59 | httpHeaders | provenance | |
| SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | provenance | Config |
| SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | provenance | MaD:42968 |
| SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | provenance | MaD:42974 |
nodes
| SpringUrlRedirect.java:17:30:17:47 | redirectUrl : String | semmle.label | redirectUrl : String |
| SpringUrlRedirect.java:19:19:19:29 | redirectUrl | semmle.label | redirectUrl |

12
java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected
View File

@@ -1,14 +1,14 @@
edges
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | Src:MaD:1986 |
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | Src:MaD:44663 |
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | provenance | Src:MaD:44671 |
| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | Src:MaD:1986 |
| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | Src:MaD:44663 |
| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | provenance | Src:MaD:44671 |
| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | Src:MaD:1988 |
| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | Src:MaD:44666 |
| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source | provenance | Src:MaD:44674 |
| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | Src:MaD:1986 |
| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | Src:MaD:44663 |
| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source | provenance | Src:MaD:44671 |
| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | Src:MaD:1986 |
| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | Src:MaD:44663 |
| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source | provenance | Src:MaD:44671 |
| DotRegexSpring.java:20:26:20:50 | path : String | DotRegexSpring.java:22:21:22:24 | path : String | provenance | |
| DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | DotRegexSpring.java:23:25:23:28 | path | provenance | |
| DotRegexSpring.java:22:21:22:24 | path : String | DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | provenance | |
@@ -21,7 +21,7 @@ edges
| DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String | provenance | |
| DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:71:29:71:32 | path : String | provenance | |
| DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:73:10:73:13 | path : String | provenance | |
| DotRegexSpring.java:71:29:71:32 | path : String | DotRegexSpring.java:71:11:71:42 | decode(...) : String | provenance | MaD:42989 |
| DotRegexSpring.java:71:29:71:32 | path : String | DotRegexSpring.java:71:11:71:42 | decode(...) : String | provenance | MaD:42995 |
nodes
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexFilter.java:32:25:32:30 | source | semmle.label | source |

28
java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected
View File

@@ -1,31 +1,31 @@
edges
| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | XQueryInjection.java:50:60:50:64 | query : String | provenance | Src:MaD:44678 |
| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | XQueryInjection.java:50:60:50:64 | query : String | provenance | Src:MaD:44686 |
| XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:51:35:51:38 | xqpe | provenance | |
| XQueryInjection.java:50:60:50:64 | query : String | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:59:23:59:50 | getParameter(...) : String | XQueryInjection.java:65:53:65:57 | query | provenance | Src:MaD:44678 |
| XQueryInjection.java:59:23:59:50 | getParameter(...) : String | XQueryInjection.java:65:53:65:57 | query | provenance | Src:MaD:44686 |
| XQueryInjection.java:73:32:73:59 | nameStr : String | XQueryInjection.java:78:60:78:64 | query : String | provenance | |
| XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:79:35:79:38 | xqpe | provenance | |
| XQueryInjection.java:78:60:78:64 | query : String | XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:86:33:86:60 | nameStr : String | XQueryInjection.java:92:53:92:57 | query | provenance | |
| XQueryInjection.java:100:28:100:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | provenance | Src:MaD:44677 |
| XQueryInjection.java:100:28:100:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | provenance | Src:MaD:44685 |
| XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:104:35:104:38 | xqpe | provenance | |
| XQueryInjection.java:103:60:103:63 | name : ServletInputStream | XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:112:28:112:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:116:53:116:56 | name | provenance | Src:MaD:44677 |
| XQueryInjection.java:124:28:124:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:125:70:125:73 | name : ServletInputStream | provenance | Src:MaD:44677 |
| XQueryInjection.java:112:28:112:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:116:53:116:56 | name | provenance | Src:MaD:44685 |
| XQueryInjection.java:124:28:124:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:125:70:125:73 | name : ServletInputStream | provenance | Src:MaD:44685 |
| XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:128:60:128:61 | br : BufferedReader | provenance | |
| XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| XQueryInjection.java:125:70:125:73 | name : ServletInputStream | XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| XQueryInjection.java:125:70:125:73 | name : ServletInputStream | XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
| XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:129:35:129:38 | xqpe | provenance | |
| XQueryInjection.java:128:60:128:61 | br : BufferedReader | XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:137:28:137:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:138:70:138:73 | name : ServletInputStream | provenance | Src:MaD:44677 |
| XQueryInjection.java:137:28:137:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:138:70:138:73 | name : ServletInputStream | provenance | Src:MaD:44685 |
| XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:142:53:142:54 | br | provenance | |
| XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| XQueryInjection.java:138:70:138:73 | name : ServletInputStream | XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| XQueryInjection.java:150:23:150:50 | getParameter(...) : String | XQueryInjection.java:155:29:155:32 | name | provenance | Src:MaD:44678 |
| XQueryInjection.java:157:26:157:49 | getInputStream(...) : ServletInputStream | XQueryInjection.java:158:70:158:71 | is : ServletInputStream | provenance | Src:MaD:44677 |
| XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| XQueryInjection.java:138:70:138:73 | name : ServletInputStream | XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
| XQueryInjection.java:150:23:150:50 | getParameter(...) : String | XQueryInjection.java:155:29:155:32 | name | provenance | Src:MaD:44686 |
| XQueryInjection.java:157:26:157:49 | getInputStream(...) : ServletInputStream | XQueryInjection.java:158:70:158:71 | is : ServletInputStream | provenance | Src:MaD:44685 |
| XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:159:29:159:30 | br | provenance | |
| XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| XQueryInjection.java:158:70:158:71 | is : ServletInputStream | XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:158:29:158:73 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| XQueryInjection.java:158:70:158:71 | is : ServletInputStream | XQueryInjection.java:158:48:158:72 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
nodes
| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | semmle.label | prepareExpression(...) : XQPreparedExpression |

8
java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.expected
View File

@@ -1,9 +1,9 @@
edges
| HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) | provenance | MaD:42752 |
| HashWithoutSalt.java:25:13:25:20 | password : String | HashWithoutSalt.java:25:13:25:31 | getBytes(...) | provenance | MaD:42752 |
| HashWithoutSalt.java:93:22:93:29 | password : String | HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | provenance | MaD:42752 |
| HashWithoutSalt.java:10:36:10:43 | password : String | HashWithoutSalt.java:10:36:10:54 | getBytes(...) | provenance | MaD:42758 |
| HashWithoutSalt.java:25:13:25:20 | password : String | HashWithoutSalt.java:25:13:25:31 | getBytes(...) | provenance | MaD:42758 |
| HashWithoutSalt.java:93:22:93:29 | password : String | HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | provenance | MaD:42758 |
| HashWithoutSalt.java:93:22:93:40 | getBytes(...) : byte[] | HashWithoutSalt.java:94:17:94:25 | passBytes | provenance | |
| HashWithoutSalt.java:111:22:111:29 | password : String | HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | provenance | MaD:42752 |
| HashWithoutSalt.java:111:22:111:29 | password : String | HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | provenance | MaD:42758 |
| HashWithoutSalt.java:111:22:111:40 | getBytes(...) : byte[] | HashWithoutSalt.java:112:18:112:26 | passBytes | provenance | |
nodes
| HashWithoutSalt.java:10:36:10:43 | password : String | semmle.label | password : String |

8
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
View File

@@ -1,12 +1,12 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
nodes

12
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
View File

@@ -1,16 +1,16 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43205 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43691 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43211 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43697 |
nodes
| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |

22
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected
View File

@@ -1,26 +1,26 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43205 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43691 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43205 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43691 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42622 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43211 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43697 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43211 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43697 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42628 |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43697 |
nodes
| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |

26
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected
View File

@@ -1,28 +1,28 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43205 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43691 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43205 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43691 |
| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43205 |
| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | provenance | Src:MaD:3 Sink:MaD:43691 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42622 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:1 Sink:MaD:43211 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:1 Sink:MaD:43697 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43211 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:2 Sink:MaD:43697 |
| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:55:26:55:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43211 |
| Test.java:52:21:52:47 | getCustom(...) : String | Test.java:58:36:58:41 | result | provenance | Src:MaD:3 Sink:MaD:43697 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42628 |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43697 |
nodes
| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |

18
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected
View File

@@ -1,24 +1,24 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43205 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:3 Sink:MaD:43691 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42622 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:44:26:44:68 | ... + ... | provenance | Src:MaD:3 Sink:MaD:43211 |
| Test.java:41:21:41:49 | readEnv(...) : String | Test.java:47:36:47:41 | result | provenance | Src:MaD:3 Sink:MaD:43697 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42628 |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43697 |
nodes
| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |

18
java/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected
View File

@@ -1,24 +1,24 @@
edges
| Test.java:10:31:10:41 | data : byte[] | Test.java:11:23:11:26 | data : byte[] | provenance | |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42741 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42932 MaD:42622 |
| Test.java:11:23:11:26 | data : byte[] | Test.java:11:12:11:51 | new String(...) : String | provenance | MaD:42747 |
| Test.java:19:5:19:25 | getInputStream(...) : InputStream | Test.java:19:32:19:35 | data [post update] : byte[] | provenance | Src:MaD:42938 MaD:42628 |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:22:49:22:52 | data : byte[] | provenance | |
| Test.java:19:32:19:35 | data [post update] : byte[] | Test.java:25:69:25:72 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:22:49:22:52 | data : byte[] | Test.java:22:36:22:53 | byteToString(...) | provenance | Sink:MaD:43697 |
| Test.java:25:56:25:73 | byteToString(...) : String | Test.java:25:26:25:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:25:69:25:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:25:69:25:72 | data : byte[] | Test.java:25:56:25:73 | byteToString(...) : String | provenance | |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43205 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:2 Sink:MaD:43691 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42622 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:33:26:33:68 | ... + ... | provenance | Src:MaD:2 Sink:MaD:43211 |
| Test.java:30:21:30:61 | executeQuery(...) : String | Test.java:36:36:36:41 | result | provenance | Src:MaD:2 Sink:MaD:43697 |
| Test.java:64:5:64:13 | System.in : InputStream | Test.java:64:20:64:23 | data [post update] : byte[] | provenance | MaD:42628 |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:67:69:67:72 | data : byte[] | provenance | |
| Test.java:64:20:64:23 | data [post update] : byte[] | Test.java:70:49:70:52 | data : byte[] | provenance | |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43205 |
| Test.java:67:56:67:73 | byteToString(...) : String | Test.java:67:26:67:80 | ... + ... | provenance | Sink:MaD:43211 |
| Test.java:67:69:67:72 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:67:69:67:72 | data : byte[] | Test.java:67:56:67:73 | byteToString(...) : String | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:10:31:10:41 | data : byte[] | provenance | |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43691 |
| Test.java:70:49:70:52 | data : byte[] | Test.java:70:36:70:53 | byteToString(...) | provenance | Sink:MaD:43697 |
nodes
| Test.java:10:31:10:41 | data : byte[] | semmle.label | data : byte[] |
| Test.java:11:12:11:51 | new String(...) : String | semmle.label | new String(...) : String |

8
java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected
View File

@@ -1,8 +1,8 @@
edges
| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44678 MaD:42967 Sink:MaD:42364 |
| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44678 MaD:42967 Sink:MaD:42365 |
| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44678 MaD:42967 Sink:MaD:44706 |
| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44678 MaD:42967 Sink:MaD:44707 |
| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44686 MaD:42973 Sink:MaD:42370 |
| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44686 MaD:42973 Sink:MaD:42371 |
| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44686 MaD:42973 Sink:MaD:44715 |
| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44686 MaD:42973 Sink:MaD:44716 |
nodes
| UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | semmle.label | new URI(...) |
| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |

2
java/ql/test/library-tests/pathcreation/PathCreation.expected
View File

@@ -1,4 +1,4 @@
WARNING: Type PathCreation has been deprecated and may be removed in future (PathCreation.ql:4,6-18)
WARNING: type 'PathCreation' has been deprecated and may be removed in future (PathCreation.ql:4,6-18)
| PathCreation.java:13:18:13:32 | new File(...) | PathCreation.java:13:27:13:31 | "dir" |
| PathCreation.java:14:19:14:40 | new File(...) | PathCreation.java:14:28:14:32 | "dir" |
| PathCreation.java:14:19:14:40 | new File(...) | PathCreation.java:14:35:14:39 | "sub" |

8
java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected
View File

@@ -1,9 +1,9 @@
edges
| ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:8:31:8:34 | name : String | provenance | |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance | Sink:MaD:42550 |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance | Sink:MaD:42586 |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance | Sink:MaD:42558 |
| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | MaD:42607 |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance | Sink:MaD:42556 |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance | Sink:MaD:42592 |
| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance | Sink:MaD:42564 |
| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | MaD:42613 |
nodes
| ZipTest.java:7:19:7:33 | getName(...) : String | semmle.label | getName(...) : String |
| ZipTest.java:8:17:8:35 | new File(...) : File | semmle.label | new File(...) : File |

12
java/ql/test/query-tests/security/CWE-078/ExecTainted.expected
View File

@@ -3,16 +3,16 @@ edges
| Test.java:6:35:6:44 | arg : String | Test.java:10:61:10:73 | ... + ... : String | provenance | |
| Test.java:6:35:6:44 | arg : String | Test.java:16:13:16:25 | ... + ... : String | provenance | |
| Test.java:6:35:6:44 | arg : String | Test.java:22:15:22:27 | ... + ... : String | provenance | |
| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance | Sink:MaD:42675 |
| Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | Test.java:7:25:7:70 | new ..[] { .. } | provenance | Sink:MaD:42681 |
| Test.java:7:44:7:69 | ... + ... : String | Test.java:7:25:7:70 | new ..[] { .. } : String[] [[]] : String | provenance | |
| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance | Sink:MaD:42675 |
| Test.java:10:29:10:74 | {...} : String[] [[]] : String | Test.java:10:29:10:74 | new String[] | provenance | Sink:MaD:42681 |
| Test.java:10:61:10:73 | ... + ... : String | Test.java:10:29:10:74 | {...} : String[] [[]] : String | provenance | |
| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | Test.java:18:29:18:31 | cmd | provenance | Sink:MaD:42674 |
| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | provenance | MaD:43740 |
| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance | Sink:MaD:42675 |
| Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | Test.java:18:29:18:31 | cmd | provenance | Sink:MaD:42680 |
| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : ArrayList [<element>] : String | provenance | MaD:43746 |
| Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | Test.java:24:29:24:32 | cmd1 | provenance | Sink:MaD:42681 |
| Test.java:22:15:22:27 | ... + ... : String | Test.java:22:5:22:8 | cmd1 [post update] : String[] [[]] : String | provenance | |
| Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... : String | provenance | |
| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance | Sink:MaD:42675 |
| Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | Test.java:29:25:29:65 | new ..[] { .. } | provenance | Sink:MaD:42681 |
| Test.java:29:44:29:64 | ... + ... : String | Test.java:29:25:29:65 | new ..[] { .. } : String[] [[]] : String | provenance | |
| Test.java:57:27:57:39 | args : String[] | Test.java:60:20:60:22 | arg : String | provenance | |
| Test.java:57:27:57:39 | args : String[] | Test.java:61:23:61:25 | arg : String | provenance | |

20
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
View File

@@ -2,18 +2,18 @@ edges
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:56:17:66 | stringQuery : String | provenance | |
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | provenance | |
| Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | Config |
| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance | Sink:MaD:43204 |
| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance | Sink:MaD:43192 |
| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance | Sink:MaD:43193 |
| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance | Sink:MaD:43210 |
| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance | Sink:MaD:43198 |
| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance | Sink:MaD:43199 |
| Test.java:29:30:29:42 | args : String[] | Test.java:58:19:58:26 | category : String | provenance | |
| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance | Sink:MaD:43205 |
| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance | Sink:MaD:43203 |
| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance | Sink:MaD:43211 |
| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance | Sink:MaD:43209 |
| Test.java:58:4:58:10 | querySb [post update] : StringBuilder | Test.java:60:29:60:35 | querySb : StringBuilder | provenance | |
| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | MaD:42705 |
| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | MaD:42720 |
| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance | Sink:MaD:43204 |
| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance | Sink:MaD:43204 |
| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance | Sink:MaD:43204 |
| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | MaD:42711 |
| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | MaD:42726 |
| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance | Sink:MaD:43210 |
| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance | Sink:MaD:43210 |
| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance | Sink:MaD:43210 |
| Test.java:227:26:227:38 | args : String[] | Test.java:228:11:228:14 | args : String[] | provenance | |
| Test.java:227:26:227:38 | args : String[] | Test.java:232:14:232:17 | args : String[] | provenance | |
| Test.java:227:26:227:38 | args : String[] | Test.java:233:15:233:18 | args : String[] | provenance | |

88
java/ql/test/query-tests/security/CWE-090/LdapInjection.expected
View File

@@ -1,20 +1,20 @@
edges
| LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:45:28:45:52 | jBad : String | LdapInjection.java:47:38:47:57 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:51:55:51:85 | jBadDNName : String | LdapInjection.java:53:29:53:52 | ... + ... : String | provenance | |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | Config Sink:MaD:44630 |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | MaD:12746 Sink:MaD:44630 |
| LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | Config Sink:MaD:44638 |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | MaD:12746 Sink:MaD:44638 |
| LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:69:55:69:88 | jBadDNNameAdd : String | LdapInjection.java:71:53:71:79 | ... + ... : String | provenance | |
| LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | MaD:12895 Sink:MaD:44630 |
| LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | MaD:12895 Sink:MaD:44638 |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | Config Sink:MaD:44630 |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | Config Sink:MaD:44638 |
| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 : String | LdapInjection.java:78:30:78:57 | ... + ... : String | provenance | |
| LdapInjection.java:78:5:78:8 | name : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | |
| LdapInjection.java:78:5:78:8 | name [post update] : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | |
@@ -24,23 +24,23 @@ edges
| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name [post update] : LdapName | provenance | MaD:12752 |
| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | MaD:12895 Sink:MaD:44630 |
| LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | MaD:12895 Sink:MaD:44638 |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | Config Sink:MaD:44630 |
| LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | Config Sink:MaD:44638 |
| LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:83:55:83:93 | jBadDNNameToString : String | LdapInjection.java:85:29:85:60 | ... + ... : String | provenance | |
| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | Config Sink:MaD:44630 |
| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | Config Sink:MaD:44638 |
| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | provenance | Sink:MaD:44630 |
| LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | provenance | Sink:MaD:44638 |
| LdapInjection.java:89:55:89:90 | jBadDNNameClone : String | LdapInjection.java:91:36:91:64 | ... + ... : String | provenance | |
| LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | LdapInjection.java:91:23:91:73 | clone(...) : Object | provenance | |
| LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | LdapInjection.java:91:23:91:73 | clone(...) : Object | provenance | Config |
| LdapInjection.java:91:23:91:73 | clone(...) : Object | LdapInjection.java:91:16:91:73 | (...)... | provenance | Sink:MaD:44630 |
| LdapInjection.java:91:23:91:73 | clone(...) : Object | LdapInjection.java:91:16:91:73 | (...)... | provenance | Sink:MaD:44638 |
| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:100:27:100:59 | jOkAttribute : String | LdapInjection.java:101:49:101:60 | jOkAttribute : String | provenance | |
| LdapInjection.java:101:49:101:60 | jOkAttribute : String | LdapInjection.java:101:29:101:75 | new BasicAttributes(...) | provenance | MaD:12612 Sink:MaD:44630 |
| LdapInjection.java:101:49:101:60 | jOkAttribute : String | LdapInjection.java:101:29:101:75 | new BasicAttributes(...) | provenance | MaD:12612 Sink:MaD:44638 |
| LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | provenance | Sink:MaD:1935 |
| LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | provenance | Sink:MaD:1935 |
| LdapInjection.java:112:31:112:67 | uBadFilterCreate : String | LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | provenance | |
@@ -77,7 +77,7 @@ edges
| LdapInjection.java:167:5:167:49 | create(...) : Filter | LdapInjection.java:167:70:167:70 | b : StringBuilder | provenance | Config |
| LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:5:167:49 | create(...) : Filter | provenance | Config |
| LdapInjection.java:167:70:167:70 | b : StringBuilder | LdapInjection.java:168:58:168:58 | b : StringBuilder | provenance | |
| LdapInjection.java:168:58:168:58 | b : StringBuilder | LdapInjection.java:168:58:168:69 | toString(...) | provenance | MaD:42720 Sink:MaD:1935 |
| LdapInjection.java:168:58:168:58 | b : StringBuilder | LdapInjection.java:168:58:168:69 | toString(...) | provenance | MaD:42726 Sink:MaD:1935 |
| LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:175:9:175:50 | ... + ... : String | provenance | |
| LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | LdapInjection.java:176:14:176:14 | s : SearchRequest | provenance | |
| LdapInjection.java:175:9:175:50 | ... + ... : String | LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | provenance | Config |
@@ -92,68 +92,68 @@ edges
| LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | provenance | |
| LdapInjection.java:199:5:199:5 | s : SearchRequest | LdapInjection.java:200:14:200:14 | s | provenance | Sink:MaD:1933 |
| LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:5:199:5 | s : SearchRequest | provenance | Config |
| LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | provenance | Sink:MaD:49343 |
| LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | provenance | Sink:MaD:49343 |
| LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | provenance | Sink:MaD:49333 |
| LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | provenance | Sink:MaD:49364 |
| LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | provenance | Sink:MaD:49364 |
| LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | provenance | Sink:MaD:49354 |
| LdapInjection.java:234:57:234:92 | sBadDNLNBuilder : String | LdapInjection.java:235:48:235:76 | ... + ... : String | provenance | |
| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | Config Sink:MaD:49333 |
| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | Config Sink:MaD:49354 |
| LdapInjection.java:235:48:235:76 | ... + ... : String | LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | provenance | Config |
| LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | provenance | Sink:MaD:49345 |
| LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | provenance | Sink:MaD:49366 |
| LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:240:57:240:88 | ... + ... : String | provenance | |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49330 |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49345 |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49351 |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49366 |
| LdapInjection.java:240:57:240:88 | ... + ... : String | LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | provenance | Config |
| LdapInjection.java:244:30:244:63 | sBadLdapQuery : String | LdapInjection.java:245:47:245:75 | ... + ... : String | provenance | |
| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | Config Sink:MaD:49342 |
| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | Config Sink:MaD:49363 |
| LdapInjection.java:249:30:249:60 | sBadFilter : String | LdapInjection.java:250:86:250:111 | ... + ... : String | provenance | |
| LdapInjection.java:249:63:249:98 | sBadDNLdapUtils : String | LdapInjection.java:250:34:250:62 | ... + ... : String | provenance | |
| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | Config Sink:MaD:49341 |
| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | Config Sink:MaD:49341 |
| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | Config Sink:MaD:49362 |
| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | Config Sink:MaD:49362 |
| LdapInjection.java:254:30:254:63 | sBadLdapQuery : String | LdapInjection.java:255:56:255:84 | ... + ... : String | provenance | |
| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | Config Sink:MaD:49344 |
| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | Config Sink:MaD:49365 |
| LdapInjection.java:259:30:259:64 | sBadLdapQuery2 : String | LdapInjection.java:260:51:260:80 | ... + ... : String | provenance | |
| LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | LdapInjection.java:261:24:261:24 | q | provenance | Sink:MaD:49344 |
| LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | LdapInjection.java:261:24:261:24 | q | provenance | Sink:MaD:49365 |
| LdapInjection.java:260:51:260:80 | ... + ... : String | LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | provenance | Config |
| LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:266:76:266:114 | ... + ... : String | provenance | |
| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | Config Sink:MaD:49344 |
| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | Config Sink:MaD:49365 |
| LdapInjection.java:266:76:266:114 | ... + ... : String | LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:271:68:271:107 | ... + ... : String | provenance | |
| LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:272:56:272:56 | f : HardcodedFilter | provenance | |
| LdapInjection.java:271:68:271:107 | ... + ... : String | LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | Config Sink:MaD:49344 |
| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | Config Sink:MaD:49365 |
| LdapInjection.java:276:31:276:68 | sBadLdapQueryBase : String | LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | provenance | |
| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | Config Sink:MaD:49341 |
| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | Config Sink:MaD:49362 |
| LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | provenance | Config |
| LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex : String | LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | provenance | |
| LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | provenance | Config |
| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | Config Sink:MaD:49344 |
| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | Config Sink:MaD:49365 |
| LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | provenance | Config |
| LdapInjection.java:286:31:286:69 | sBadFilterToString : String | LdapInjection.java:287:38:287:71 | ... + ... : String | provenance | |
| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | Config Sink:MaD:49343 |
| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | Config Sink:MaD:49364 |
| LdapInjection.java:287:38:287:71 | ... + ... : String | LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:291:31:291:67 | sBadFilterEncode : String | LdapInjection.java:293:25:293:56 | ... + ... : String | provenance | |
| LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:293:66:293:66 | s : StringBuffer | provenance | Config |
| LdapInjection.java:293:25:293:56 | ... + ... : String | LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:293:66:293:66 | s : StringBuffer | LdapInjection.java:294:18:294:18 | s : StringBuffer | provenance | |
| LdapInjection.java:294:18:294:18 | s : StringBuffer | LdapInjection.java:294:18:294:29 | toString(...) | provenance | MaD:42720 Sink:MaD:49343 |
| LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | provenance | Sink:MaD:47441 |
| LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | provenance | Sink:MaD:47441 |
| LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | provenance | Sink:MaD:47441 |
| LdapInjection.java:294:18:294:18 | s : StringBuffer | LdapInjection.java:294:18:294:29 | toString(...) | provenance | MaD:42726 Sink:MaD:49364 |
| LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | provenance | Sink:MaD:47456 |
| LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | provenance | Sink:MaD:47456 |
| LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | provenance | Sink:MaD:47456 |
| LdapInjection.java:320:57:320:94 | aBadDNObjToString : String | LdapInjection.java:322:21:322:51 | ... + ... : String | provenance | |
| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | Config Sink:MaD:47441 |
| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | Config Sink:MaD:47456 |
| LdapInjection.java:322:21:322:51 | ... + ... : String | LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:326:30:326:67 | aBadSearchRequest : String | LdapInjection.java:329:17:329:49 | ... + ... : String | provenance | |
| LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | LdapInjection.java:330:14:330:14 | s | provenance | Sink:MaD:47441 |
| LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | LdapInjection.java:330:14:330:14 | s | provenance | Sink:MaD:47456 |
| LdapInjection.java:329:17:329:49 | ... + ... : String | LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:334:74:334:103 | aBadDNObj : String | LdapInjection.java:337:22:337:44 | ... + ... : String | provenance | |
| LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | LdapInjection.java:338:14:338:14 | s | provenance | Sink:MaD:47441 |
| LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | LdapInjection.java:338:14:338:14 | s | provenance | Sink:MaD:47456 |
| LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:337:22:337:44 | ... + ... : String | LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet : String | LdapInjection.java:345:22:345:57 | ... + ... : String | provenance | |
| LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | provenance | |
| LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:345:22:345:57 | ... + ... : String | LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | Config Sink:MaD:47441 |
| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | Config Sink:MaD:47456 |
nodes
| LdapInjection.java:45:28:45:52 | jBad : String | semmle.label | jBad : String |
| LdapInjection.java:45:55:45:81 | jBadDN : String | semmle.label | jBadDN : String |

2
java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.expected
View File

@@ -1,5 +1,5 @@
edges
| InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | provenance | Src:MaD:44694 Sink:MaD:44695 |
| InsecureBeanValidation.java:7:28:7:40 | object : String | InsecureBeanValidation.java:11:64:11:68 | value | provenance | Src:MaD:44703 Sink:MaD:44704 |
nodes
| InsecureBeanValidation.java:7:28:7:40 | object : String | semmle.label | object : String |
| InsecureBeanValidation.java:11:64:11:68 | value | semmle.label | value |

8
java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected
View File

@@ -1,8 +1,8 @@
edges
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:44669 |
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:44678 MaD:44676 |
| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:44678 |
| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:42763 Sink:MaD:44672 |
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:44677 |
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:44686 MaD:44684 |
| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:44686 |
| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:42769 Sink:MaD:44680 |
nodes
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie |
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | semmle.label | getParameter(...) : String |

4
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.expected
View File

@@ -1,6 +1,6 @@
edges
| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String | provenance | Src:MaD:42702 |
| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String | provenance | MaD:42776 |
| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String | provenance | Src:MaD:42708 |
| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String | provenance | MaD:42782 |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size | provenance | TaintPreservingCallable |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size | provenance | TaintPreservingCallable |
nodes

4
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.expected
View File

@@ -1,6 +1,6 @@
edges
| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String | provenance | Src:MaD:42702 |
| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String | provenance | MaD:42776 |
| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String | provenance | Src:MaD:42708 |
| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String | provenance | MaD:42782 |
| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index | provenance | TaintPreservingCallable |
nodes
| Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |

14
java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.expected
View File

@@ -1,12 +1,12 @@
edges
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | Src:MaD:42702 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | Src:MaD:42702 Sink:MaD:42567 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | Src:MaD:42702 Sink:MaD:42570 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | Src:MaD:42702 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | Src:MaD:42702 |
| Test.java:33:30:33:74 | getParameter(...) : String | Test.java:34:20:34:32 | userParameter : String | provenance | Src:MaD:44678 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:19:19:19:30 | userProperty | provenance | Src:MaD:42708 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:21:23:21:34 | userProperty | provenance | Src:MaD:42708 Sink:MaD:42573 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:23:23:23:34 | userProperty | provenance | Src:MaD:42708 Sink:MaD:42576 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:25:28:25:39 | userProperty | provenance | Src:MaD:42708 |
| Test.java:17:27:17:60 | getProperty(...) : String | Test.java:27:44:27:55 | userProperty | provenance | Src:MaD:42708 |
| Test.java:33:30:33:74 | getParameter(...) : String | Test.java:34:20:34:32 | userParameter : String | provenance | Src:MaD:44686 |
| Test.java:34:20:34:32 | userParameter : String | Test.java:37:31:37:43 | format : String | provenance | |
| Test.java:37:31:37:43 | format : String | Test.java:39:25:39:30 | format | provenance | Sink:MaD:42567 |
| Test.java:37:31:37:43 | format : String | Test.java:39:25:39:30 | format | provenance | Sink:MaD:42573 |
nodes
| Test.java:17:27:17:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:19:19:19:30 | userProperty | semmle.label | userProperty |

16
java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.expected
View File

@@ -1,18 +1,18 @@
edges
| ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | provenance | |
| ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | provenance | |
| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
| ArithmeticTainted.java:17:46:17:54 | System.in : InputStream | ArithmeticTainted.java:17:24:17:64 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
| ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | provenance | |
| ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | provenance | |
| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42595 |
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42595 |
| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| ArithmeticTainted.java:18:40:18:56 | readerInputStream : InputStreamReader | ArithmeticTainted.java:18:21:18:57 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42601 |
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | provenance | MaD:42601 |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | provenance | |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String | provenance | |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:42776 |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:42776 |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:42782 |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String | provenance | MaD:42782 |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data | provenance | TaintPreservingCallable |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data | provenance | TaintPreservingCallable |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data | provenance | TaintPreservingCallable |

88
java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.expected
View File

@@ -1,59 +1,59 @@
edges
| Files.java:10:24:10:69 | new File(...) : File | Files.java:14:37:14:43 | baseDir : File | provenance | |
| Files.java:10:33:10:68 | getProperty(...) : String | Files.java:10:24:10:69 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Files.java:14:28:14:64 | new File(...) : File | Files.java:15:17:15:23 | tempDir | provenance | Sink:MaD:42538 |
| Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File | provenance | MaD:42606 |
| Test.java:36:24:36:69 | new File(...) : File | Test.java:39:63:39:69 | tempDir | provenance | Sink:MaD:42531 |
| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:36:24:36:69 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:50:29:50:94 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | provenance | Sink:MaD:42531 |
| Test.java:50:38:50:83 | new File(...) : File | Test.java:50:29:50:94 | new File(...) : File | provenance | MaD:42606 |
| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:50:38:50:83 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:61:24:61:69 | new File(...) : File | Test.java:61:24:61:88 | getCanonicalFile(...) : File | provenance | MaD:42610 |
| Test.java:61:24:61:88 | getCanonicalFile(...) : File | Test.java:64:63:64:69 | tempDir | provenance | Sink:MaD:42531 |
| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:61:24:61:69 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:75:24:75:69 | new File(...) : File | Test.java:75:24:75:87 | getAbsoluteFile(...) : File | provenance | MaD:42608 |
| Test.java:75:24:75:87 | getAbsoluteFile(...) : File | Test.java:78:63:78:69 | tempDir | provenance | Sink:MaD:42531 |
| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:75:24:75:69 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:110:29:110:84 | new File(...) : File | Test.java:113:9:113:20 | tempDirChild | provenance | Sink:MaD:42538 |
| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:110:29:110:84 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:134:29:134:84 | new File(...) : File | Test.java:137:9:137:20 | tempDirChild | provenance | Sink:MaD:42539 |
| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:134:29:134:84 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Files.java:10:33:10:68 | getProperty(...) : String | Files.java:10:24:10:69 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Files.java:14:28:14:64 | new File(...) : File | Files.java:15:17:15:23 | tempDir | provenance | Sink:MaD:42544 |
| Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File | provenance | MaD:42612 |
| Test.java:36:24:36:69 | new File(...) : File | Test.java:39:63:39:69 | tempDir | provenance | Sink:MaD:42537 |
| Test.java:36:33:36:68 | getProperty(...) : String | Test.java:36:24:36:69 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:50:29:50:94 | new File(...) : File | Test.java:53:63:53:74 | tempDirChild | provenance | Sink:MaD:42537 |
| Test.java:50:38:50:83 | new File(...) : File | Test.java:50:29:50:94 | new File(...) : File | provenance | MaD:42612 |
| Test.java:50:47:50:82 | getProperty(...) : String | Test.java:50:38:50:83 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:61:24:61:69 | new File(...) : File | Test.java:61:24:61:88 | getCanonicalFile(...) : File | provenance | MaD:42616 |
| Test.java:61:24:61:88 | getCanonicalFile(...) : File | Test.java:64:63:64:69 | tempDir | provenance | Sink:MaD:42537 |
| Test.java:61:33:61:68 | getProperty(...) : String | Test.java:61:24:61:69 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:75:24:75:69 | new File(...) : File | Test.java:75:24:75:87 | getAbsoluteFile(...) : File | provenance | MaD:42614 |
| Test.java:75:24:75:87 | getAbsoluteFile(...) : File | Test.java:78:63:78:69 | tempDir | provenance | Sink:MaD:42537 |
| Test.java:75:33:75:68 | getProperty(...) : String | Test.java:75:24:75:69 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:110:29:110:84 | new File(...) : File | Test.java:113:9:113:20 | tempDirChild | provenance | Sink:MaD:42544 |
| Test.java:110:38:110:73 | getProperty(...) : String | Test.java:110:29:110:84 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:134:29:134:84 | new File(...) : File | Test.java:137:9:137:20 | tempDirChild | provenance | Sink:MaD:42545 |
| Test.java:134:38:134:73 | getProperty(...) : String | Test.java:134:29:134:84 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:158:29:158:88 | new File(...) : File | Test.java:159:21:159:32 | tempDirChild : File | provenance | |
| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:158:29:158:88 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:159:21:159:32 | tempDirChild : File | Test.java:159:21:159:41 | toPath(...) | provenance | MaD:42616 Sink:MaD:43038 |
| Test.java:158:38:158:73 | getProperty(...) : String | Test.java:158:29:158:88 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:159:21:159:32 | tempDirChild : File | Test.java:159:21:159:41 | toPath(...) | provenance | MaD:42622 Sink:MaD:43044 |
| Test.java:187:29:187:88 | new File(...) : File | Test.java:188:21:188:32 | tempDirChild : File | provenance | |
| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:187:29:187:88 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:188:21:188:32 | tempDirChild : File | Test.java:188:21:188:41 | toPath(...) | provenance | MaD:42616 Sink:MaD:43038 |
| Test.java:204:29:204:104 | new File(...) : File | Test.java:204:29:204:113 | toPath(...) : Path | provenance | MaD:42616 |
| Test.java:204:29:204:113 | toPath(...) : Path | Test.java:207:33:207:44 | tempDirChild | provenance | Sink:MaD:43028 |
| Test.java:204:38:204:73 | getProperty(...) : String | Test.java:204:29:204:104 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:216:29:216:102 | new File(...) : File | Test.java:216:29:216:111 | toPath(...) : Path | provenance | MaD:42616 |
| Test.java:216:29:216:111 | toPath(...) : Path | Test.java:219:31:219:42 | tempDirChild | provenance | Sink:MaD:43030 |
| Test.java:216:38:216:73 | getProperty(...) : String | Test.java:216:29:216:102 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:187:38:187:73 | getProperty(...) : String | Test.java:187:29:187:88 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:188:21:188:32 | tempDirChild : File | Test.java:188:21:188:41 | toPath(...) | provenance | MaD:42622 Sink:MaD:43044 |
| Test.java:204:29:204:104 | new File(...) : File | Test.java:204:29:204:113 | toPath(...) : Path | provenance | MaD:42622 |
| Test.java:204:29:204:113 | toPath(...) : Path | Test.java:207:33:207:44 | tempDirChild | provenance | Sink:MaD:43034 |
| Test.java:204:38:204:73 | getProperty(...) : String | Test.java:204:29:204:104 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:216:29:216:102 | new File(...) : File | Test.java:216:29:216:111 | toPath(...) : Path | provenance | MaD:42622 |
| Test.java:216:29:216:111 | toPath(...) : Path | Test.java:219:31:219:42 | tempDirChild | provenance | Sink:MaD:43036 |
| Test.java:216:38:216:73 | getProperty(...) : String | Test.java:216:29:216:102 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:228:29:228:100 | new File(...) : File | Test.java:231:26:231:37 | tempDirChild : File | provenance | |
| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:228:29:228:100 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:231:26:231:37 | tempDirChild : File | Test.java:231:26:231:46 | toPath(...) | provenance | MaD:42616 Sink:MaD:43013 |
| Test.java:228:38:228:73 | getProperty(...) : String | Test.java:228:29:228:100 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:231:26:231:37 | tempDirChild : File | Test.java:231:26:231:46 | toPath(...) | provenance | MaD:42622 Sink:MaD:43019 |
| Test.java:249:29:249:101 | new File(...) : File | Test.java:252:31:252:42 | tempDirChild : File | provenance | |
| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:249:29:249:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:252:31:252:42 | tempDirChild : File | Test.java:252:31:252:51 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:249:38:249:73 | getProperty(...) : String | Test.java:249:29:249:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:252:31:252:42 | tempDirChild : File | Test.java:252:31:252:51 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
| Test.java:260:29:260:109 | new File(...) : File | Test.java:263:33:263:44 | tempDirChild : File | provenance | |
| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:260:29:260:109 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:263:33:263:44 | tempDirChild : File | Test.java:263:33:263:53 | toPath(...) | provenance | MaD:42616 Sink:MaD:43011 |
| Test.java:260:38:260:73 | getProperty(...) : String | Test.java:260:29:260:109 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:263:33:263:44 | tempDirChild : File | Test.java:263:33:263:53 | toPath(...) | provenance | MaD:42622 Sink:MaD:43017 |
| Test.java:294:29:294:101 | new File(...) : File | Test.java:298:35:298:46 | tempDirChild : File | provenance | |
| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:294:29:294:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:298:35:298:46 | tempDirChild : File | Test.java:298:35:298:55 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:294:38:294:73 | getProperty(...) : String | Test.java:294:29:294:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:298:35:298:46 | tempDirChild : File | Test.java:298:35:298:55 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
| Test.java:313:29:313:101 | new File(...) : File | Test.java:316:35:316:46 | tempDirChild : File | provenance | |
| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:313:29:313:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:316:35:316:46 | tempDirChild : File | Test.java:316:35:316:55 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:313:38:313:73 | getProperty(...) : String | Test.java:313:29:313:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:316:35:316:46 | tempDirChild : File | Test.java:316:35:316:55 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
| Test.java:322:29:322:101 | new File(...) : File | Test.java:326:35:326:46 | tempDirChild : File | provenance | |
| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:322:29:322:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:326:35:326:46 | tempDirChild : File | Test.java:326:35:326:55 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:322:38:322:73 | getProperty(...) : String | Test.java:322:29:322:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:326:35:326:46 | tempDirChild : File | Test.java:326:35:326:55 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
| Test.java:350:29:350:101 | new File(...) : File | Test.java:355:35:355:46 | tempDirChild : File | provenance | |
| Test.java:350:38:350:73 | getProperty(...) : String | Test.java:350:29:350:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:355:35:355:46 | tempDirChild : File | Test.java:355:35:355:55 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:350:38:350:73 | getProperty(...) : String | Test.java:350:29:350:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:355:35:355:46 | tempDirChild : File | Test.java:355:35:355:55 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
| Test.java:361:29:361:101 | new File(...) : File | Test.java:366:35:366:46 | tempDirChild : File | provenance | |
| Test.java:361:38:361:73 | getProperty(...) : String | Test.java:361:29:361:101 | new File(...) : File | provenance | Src:MaD:42702 MaD:42606 |
| Test.java:366:35:366:46 | tempDirChild : File | Test.java:366:35:366:55 | toPath(...) | provenance | MaD:42616 Sink:MaD:43012 |
| Test.java:361:38:361:73 | getProperty(...) : String | Test.java:361:29:361:101 | new File(...) : File | provenance | Src:MaD:42708 MaD:42612 |
| Test.java:366:35:366:46 | tempDirChild : File | Test.java:366:35:366:55 | toPath(...) | provenance | MaD:42622 Sink:MaD:43018 |
nodes
| Files.java:10:24:10:69 | new File(...) : File | semmle.label | new File(...) : File |
| Files.java:10:33:10:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |

6
java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.expected
View File

@@ -1,7 +1,7 @@
edges
| UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | provenance | Sink:MaD:44638 |
| UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | provenance | Sink:MaD:44638 |
| UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:34:59:34:85 | ALLOW_ALL_HOSTNAME_VERIFIER | provenance | Sink:MaD:44638 |
| UnsafeHostnameVerification.java:66:37:80:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:81:55:81:62 | verifier | provenance | Sink:MaD:44646 |
| UnsafeHostnameVerification.java:88:37:93:9 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:94:55:94:62 | verifier | provenance | Sink:MaD:44646 |
| UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:34:59:34:85 | ALLOW_ALL_HOSTNAME_VERIFIER | provenance | Sink:MaD:44646 |
| UnsafeHostnameVerification.java:97:72:102:5 | new (...) : new HostnameVerifier(...) { ... } | UnsafeHostnameVerification.java:97:42:97:68 | ALLOW_ALL_HOSTNAME_VERIFIER : new HostnameVerifier(...) { ... } | provenance | |
nodes
| UnsafeHostnameVerification.java:14:55:19:9 | new (...) | semmle.label | new (...) |

2
java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.expected
View File

@@ -1,5 +1,5 @@
edges
| WeakHashing.java:21:86:21:90 | "MD5" : String | WeakHashing.java:21:56:21:91 | getProperty(...) | provenance | MaD:43990 |
| WeakHashing.java:21:86:21:90 | "MD5" : String | WeakHashing.java:21:56:21:91 | getProperty(...) | provenance | MaD:43996 |
nodes
| Test.java:19:45:19:49 | "DES" | semmle.label | "DES" |
| Test.java:42:33:42:37 | "RC2" | semmle.label | "RC2" |

10
java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected
View File

@@ -1,10 +1,10 @@
edges
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:44678 |
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:44678 |
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:44686 |
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:44686 |
| UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:14 | input : String | provenance | |
| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:42761 |
| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:44678 |
| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:48998 |
| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:42767 |
| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:44686 |
| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:49014 |
nodes
| UrlRedirect2.java:27:25:27:54 | getParameter(...) | semmle.label | getParameter(...) |
| UrlRedirect.java:23:25:23:54 | getParameter(...) | semmle.label | getParameter(...) |

8
java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTainted.expected
View File

@@ -1,10 +1,10 @@
edges
| Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | Test.java:12:26:12:39 | readerBuffered : BufferedReader | provenance | |
| Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | provenance | MaD:42594 |
| Test.java:11:28:11:36 | System.in : InputStream | Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42628 |
| Test.java:12:26:12:39 | readerBuffered : BufferedReader | Test.java:12:26:12:50 | readLine(...) : String | provenance | MaD:42595 |
| Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | provenance | MaD:42600 |
| Test.java:11:28:11:36 | System.in : InputStream | Test.java:11:6:11:46 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42634 |
| Test.java:12:26:12:39 | readerBuffered : BufferedReader | Test.java:12:26:12:50 | readLine(...) : String | provenance | MaD:42601 |
| Test.java:12:26:12:50 | readLine(...) : String | Test.java:14:27:14:38 | stringNumber : String | provenance | |
| Test.java:14:27:14:38 | stringNumber : String | Test.java:14:27:14:45 | trim(...) : String | provenance | MaD:42776 |
| Test.java:14:27:14:38 | stringNumber : String | Test.java:14:27:14:45 | trim(...) : String | provenance | MaD:42782 |
| Test.java:14:27:14:45 | trim(...) : String | Test.java:21:22:21:25 | data | provenance | TaintPreservingCallable |
nodes
| Test.java:10:36:11:47 | new BufferedReader(...) : BufferedReader | semmle.label | new BufferedReader(...) : BufferedReader |

11
java/ql/test/query-tests/security/CWE-807/semmle/tests/ConditionalBypassTest.java
View File

@@ -38,7 +38,7 @@ class ConditionalBypassTest {
}
// FALSE NEGATIVE: we have no way of telling that the skipped method is sensitive
if (adminCookie.getValue() == "false") // $ MISSING: $ hasConditionalBypassTest
if (adminCookie.getValue() == "false") // $ MISSING: hasConditionalBypassTest
doReallyImportantSecurityWork();
InetAddress local = InetAddress.getLocalHost();
@@ -49,6 +49,15 @@ class ConditionalBypassTest {
if (Inet4Address.getLocalHost().getCanonicalHostName().equals("localhost")) {
login(user, password);
}
InetAddress loopback = InetAddress.getLoopbackAddress();
// GOOD: reverse DNS on loopback address is fine
if (loopback.getCanonicalHostName().equals("localhost")) {
login(user, password);
}
if (Inet4Address.getLoopbackAddress().getCanonicalHostName().equals("localhost")) {
login(user, password);
}
}
public static void test(String user, String password) {

2
java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected
View File

@@ -1,5 +1,5 @@
edges
| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | provenance | Src:MaD:44678 |
| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | provenance | Src:MaD:44686 |
nodes
| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | semmle.label | ... + ... |

14
java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml Normal file
View File

@@ -0,0 +1,14 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- [ "p", "Sinks", False, "sink", "(Object)", "", "Argument[0]", "test-sink", "manual" ]
- [ "p", "Sinks", False, "manualSinkAlreadyDefined", "(Object)", "", "Argument[0]", "test-sink", "manual" ]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- [ "p", "Sinks", "hasManualSinkNeutral", "(Object)", "sink", "manual"]

14
java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml Normal file
View File

@@ -0,0 +1,14 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- [ "p", "Sources", False, "source", "()", "", "ReturnValue", "test-source", "manual" ]
- [ "p", "Sources", False, "manualSourceAlreadyDefined", "()", "", "ReturnValue", "test-source", "manual" ]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["p", "Sources", "manualNeutralSource", "()", "source", "manual"]

39
java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
View File

@@ -11,6 +11,12 @@ import java.util.logging.Logger;
public class Sinks {
public Object tainted;
// Defined as a sink in the model file next to the test.
// neutral=p;Sinks;sink;(Object);summary;df-generated
public void sink(Object o) {}
// sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated
// sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated
// neutral=p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated
@@ -38,4 +44,37 @@ public class Sinks {
Logger logger = Logger.getLogger(Sinks.class.getSimpleName());
logger.warning(s);
}
// New sink as the value of a public field is propagated to a sink.
// sink=p;Sinks;true;fieldSink;();;Argument[this];test-sink;df-generated
// neutral=p;Sinks;fieldSink;();summary;df-generated
public void fieldSink() {
sink(tainted);
}
// Not a new sink as this method is already defined as a manual
// sink neutral.
// neutral=p;Sinks;hasManualSinkNeutral;(Object);summary;df-generated
public void hasManualSinkNeutral(Object o) {
sink(o);
}
// sink=p;Sinks;true;compoundPropgate;(Sinks);;Argument[0];test-sink;df-generated
// neutral=p;Sinks;compoundPropgate;(Sinks);summary;df-generated
public void compoundPropgate(Sinks s) {
s.fieldSink();
}
// Not a new sink because a simple type is used in an intermediate step
// neutral=p;Sinks;wrapSinkSimpleType;(String);summary;df-generated
public void wrapSinkSimpleType(String s) {
Boolean b = s == "hello";
sink(b);
}
// Not a new sink as this callable already has a manual sink.
// neutral=p;Sinks;manualSinkAlreadyDefined;(Object);summary;df-generated
public void manualSinkAlreadyDefined(Object o) {
sink(o);
}
}

42
java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
View File

@@ -8,6 +8,12 @@ import java.util.List;
public class Sources {
// Defined as a source in the model file next to the test.
// neutral=p;Sources;source;();summary;df-generated
public String source() {
return "";
}
// source=p;Sources;true;readUrl;(URL);;ReturnValue;remote;df-generated
// sink=p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated
// neutral=p;Sources;readUrl;(URL);summary;df-generated
@@ -37,4 +43,40 @@ public class Sources {
streams[0] = socket.accept().getInputStream();
otherStreams.add(socket.accept().getInputStream());
}
// Not a new source because a simple type is used in an intermediate step
// neutral=p;Sources;wrapSourceGetBool;();summary;df-generated
public Boolean wrapSourceGetBool() {
String s = source();
return s == "hello";
}
public class SourceReader {
@Override
public String toString() {
return source();
}
}
public class MyContainer<T> {
private T value;
// neutral=p;Sources$MyContainer;read;();summary;df-generated
public String read() {
return value.toString();
}
}
// Not a new source as this callable has been manually modelled
// as source neutral.
// neutral=p;Sources;manualNeutralSource;();summary;df-generated
public String manualNeutralSource() {
return source();
}
// Not a new source as this callable already has a manual source.
// neutral=p;Sources;manualSourceAlreadyDefined;();summary;df-generated
public String manualSourceAlreadyDefined() {
return source();
}
}