hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add additional tests from real world query run

Browse Source
This commit is contained in:
Shyam Mehta
2022-06-28 17:32:20 -04:00
parent 7122f29296
commit b5ca2c3d9d
3 changed files with 72 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
View File

@@ -218,8 +218,22 @@ public class PartialPathTraversalTest {
}
}
void foo24(File dir, File parent) throws IOException {
String parentCanonical = parent.getCanonicalPath();
if (!dir.getCanonicalPath().startsWith(parentCanonical + '/')) {
throw new IOException("Invalid directory: " + dir.getCanonicalPath());
}
}
public void doesNotFlag() {
"hello".startsWith("goodbye");
}
public void doesNotFlagBackslash(File file) throws IOException {
// https://github.com/jenkinsci/jenkins/blob/be3cf6bffe7aa2fe2307c424fa418519f3bbd73b/core/src/main/java/hudson/util/jna/Kernel32Utils.java#L77-L77
if (!file.getCanonicalPath().startsWith("\\\\")) {
throw new RuntimeException("Boom");
}
}
}