Java: convert CWE-522 tests to .qlref

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.expected

@@ -0,0 +1,105 @@
+#select
+| InsecureBasicAuthTest.java:28:4:28:7 | post | InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | InsecureBasicAuthTest.java:28:4:28:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:25:40:25:48 | "http://" | HTTP URL |
+| InsecureBasicAuthTest.java:46:4:46:6 | get | InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuthTest.java:46:4:46:6 | get | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" | HTTP URL |
+| InsecureBasicAuthTest.java:70:4:70:7 | post | InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:70:4:70:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
+| InsecureBasicAuthTest.java:95:4:95:7 | post | InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:95:4:95:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
+| InsecureBasicAuthTest.java:120:4:120:7 | post | InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | InsecureBasicAuthTest.java:120:4:120:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:117:27:117:32 | "http" | HTTP URL |
+| InsecureBasicAuthTest.java:143:4:143:7 | post | InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:143:4:143:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
+| InsecureBasicAuthTest.java:167:4:167:7 | post | InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:167:4:167:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
+| InsecureBasicAuthTest.java:192:4:192:7 | conn | InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:192:4:192:7 | conn | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
+| InsecureBasicAuthTest.java:219:4:219:7 | conn | InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | InsecureBasicAuthTest.java:219:4:219:7 | conn | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:214:22:214:27 | "http" | HTTP URL |
+edges
+| InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:28:4:28:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | provenance |  |
+| InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | provenance | Config |
+| InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | provenance |  |
+| InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | InsecureBasicAuthTest.java:46:4:46:6 | get | provenance |  |
+| InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | provenance | Config |
+| InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | provenance |  |
+| InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:70:4:70:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | provenance | Config |
+| InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | provenance | MaD:2 |
+| InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | provenance |  |
+| InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | provenance |  |
+| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | provenance | Config |
+| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | provenance | MaD:1 |
+| InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:95:4:95:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | provenance | Config |
+| InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:120:4:120:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | provenance | Config |
+| InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | provenance | Config |
+| InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | provenance |  |
+| InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | InsecureBasicAuthTest.java:143:4:143:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | provenance | Config |
+| InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | provenance |  |
+| InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | provenance |  |
+| InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | provenance | MaD:4 |
+| InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | InsecureBasicAuthTest.java:167:4:167:7 | post | provenance |  |
+| InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | provenance | Config |
+| InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | provenance |  |
+| InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | InsecureBasicAuthTest.java:189:49:189:51 | url : URL | provenance |  |
+| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | provenance | Config |
+| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | provenance | MaD:3 |
+| InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | InsecureBasicAuthTest.java:192:4:192:7 | conn | provenance |  |
+| InsecureBasicAuthTest.java:189:49:189:51 | url : URL | InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | provenance | Config |
+| InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | provenance |  |
+| InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | provenance |  |
+| InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | InsecureBasicAuthTest.java:216:49:216:51 | url : URL | provenance |  |
+| InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | provenance | Config |
+| InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | InsecureBasicAuthTest.java:219:4:219:7 | conn | provenance |  |
+| InsecureBasicAuthTest.java:216:49:216:51 | url : URL | InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | provenance | Config |
+| InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | provenance |  |
+models
+| 1 | Summary: java.net; URI; false; URI; (String); ; Argument[0]; Argument[this]; taint; manual |
+| 2 | Summary: java.net; URI; false; create; ; ; Argument[0]; ReturnValue; taint; manual |
+| 3 | Summary: java.net; URL; false; URL; (String); ; Argument[0]; Argument[this]; taint; manual |
+| 4 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual |
+nodes
+| InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
+| InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | semmle.label | "http://" : String |
+| InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | semmle.label | ... + ... : String |
+| InsecureBasicAuthTest.java:28:4:28:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | semmle.label | "http://www.example.com:8000/payment/retrieve" : String |
+| InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | semmle.label | new HttpGet(...) : HttpGet |
+| InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | semmle.label | urlStr : String |
+| InsecureBasicAuthTest.java:46:4:46:6 | get | semmle.label | get |
+| InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
+| InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | semmle.label | create(...) : URI |
+| InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | semmle.label | uriStr : String |
+| InsecureBasicAuthTest.java:70:4:70:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | semmle.label | new URI(...) : URI |
+| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | semmle.label | uriStr : String |
+| InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
+| InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | semmle.label | uri : URI |
+| InsecureBasicAuthTest.java:95:4:95:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
+| InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | semmle.label | new URI(...) : URI |
+| InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | semmle.label | "http" : String |
+| InsecureBasicAuthTest.java:120:4:120:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | semmle.label | new BasicHttpRequest(...) : BasicHttpRequest |
+| InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | semmle.label | uriStr : String |
+| InsecureBasicAuthTest.java:143:4:143:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | semmle.label | new BasicRequestLine(...) : BasicRequestLine |
+| InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | semmle.label | uriStr : String |
+| InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | semmle.label | new BasicHttpRequest(...) : BasicHttpRequest |
+| InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | semmle.label | requestLine : BasicRequestLine |
+| InsecureBasicAuthTest.java:167:4:167:7 | post | semmle.label | post |
+| InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
+| InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | semmle.label | new URL(...) : URL |
+| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | semmle.label | urlStr : String |
+| InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | semmle.label | (...)... : HttpURLConnection |
+| InsecureBasicAuthTest.java:189:49:189:51 | url : URL | semmle.label | url : URL |
+| InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | semmle.label | openConnection(...) : URLConnection |
+| InsecureBasicAuthTest.java:192:4:192:7 | conn | semmle.label | conn |
+| InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | semmle.label | "http" : String |
+| InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | semmle.label | new URL(...) : URL |
+| InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | semmle.label | protocol : String |
+| InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | semmle.label | (...)... : HttpURLConnection |
+| InsecureBasicAuthTest.java:216:49:216:51 | url : URL | semmle.label | url : URL |
+| InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | semmle.label | openConnection(...) : URLConnection |
+| InsecureBasicAuthTest.java:219:4:219:7 | conn | semmle.label | conn |
+subpaths

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.java

@@ -22,10 +22,10 @@ public class InsecureBasicAuthTest {
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		String authStringEnc = new String(authEncBytes);
 		{
-			HttpRequestBase post = new HttpPost("http://" + host + "/rest/getuser.do?uid=abcdx");
+			HttpRequestBase post = new HttpPost("http://" + host + "/rest/getuser.do?uid=abcdx"); // $ Source
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			HttpRequestBase post = new HttpPost("https://" + host + "/rest/getuser.do?uid=abcdx");
@@ -40,10 +40,10 @@ public class InsecureBasicAuthTest {
 	 */
 	public void testApacheHttpRequest2(String url) throws java.io.IOException {
 		{
-			String urlStr = "http://www.example.com:8000/payment/retrieve";
+			String urlStr = "http://www.example.com:8000/payment/retrieve"; // $ Source
 			HttpGet get = new HttpGet(urlStr);
 			get.setHeader("Accept", "application/json");
-			get.setHeader("Authorization", // $hasInsecureBasicAuth
+			get.setHeader("Authorization", // $ Alert
 					"Basic " + new String(Base64.getEncoder().encode("admin:test".getBytes())));
 		}
 		{
@@ -63,11 +63,11 @@ public class InsecureBasicAuthTest {
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		String authStringEnc = new String(authEncBytes);
 		{
-			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
 			HttpRequestBase post = new HttpPost(URI.create(uriStr));
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
@@ -87,12 +87,12 @@ public class InsecureBasicAuthTest {
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		String authStringEnc = new String(authEncBytes);
 		{
-			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
 			URI uri = new URI(uriStr);
 			HttpRequestBase post = new HttpPost(uri);
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
@@ -114,10 +114,10 @@ public class InsecureBasicAuthTest {
 		String authStringEnc = new String(authEncBytes);
 		{
 			HttpRequestBase post =
-					new HttpPost(new URI("http", "www.example.com", "/test", "abc=123", null));
+					new HttpPost(new URI("http", "www.example.com", "/test", "abc=123", null)); // $ Source
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			HttpRequestBase post =
@@ -136,11 +136,11 @@ public class InsecureBasicAuthTest {
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		String authStringEnc = new String(authEncBytes);
 		{
-			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";	 // $ Source
 			BasicHttpRequest post = new BasicHttpRequest("POST", uriStr);
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
@@ -159,12 +159,12 @@ public class InsecureBasicAuthTest {
 		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
 		String authStringEnc = new String(authEncBytes);
 		{
-			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
 			RequestLine requestLine = new BasicRequestLine("POST", uriStr, null);
 			BasicHttpRequest post = new BasicHttpRequest(requestLine);
 			post.setHeader("Accept", "application/json");
 			post.setHeader("Content-type", "application/json");
-			post.addHeader("Authorization", "Basic " + authStringEnc); // $hasInsecureBasicAuth
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
 		}
 		{
 			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
@@ -184,12 +184,12 @@ public class InsecureBasicAuthTest {
 		String authString = username + ":" + password;
 		String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
 		{
-			String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx";
+			String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
 			URL url = new URL(urlStr);
 			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
 			conn.setRequestMethod("POST");
 			conn.setDoOutput(true);
-			conn.setRequestProperty("Authorization", "Basic " + encoding); // $hasInsecureBasicAuth
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // $ Alert
 		}
 		{
 			String urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
@@ -211,12 +211,12 @@ public class InsecureBasicAuthTest {
 		String host = "www.example.com";
 		String path = "/rest/getuser.do?uid=abcdx";
 		{
-			String protocol = "http";
+			String protocol = "http"; // $ Source
 			URL url = new URL(protocol, host, path);
 			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
 			conn.setRequestMethod("POST");
 			conn.setDoOutput(true);
-			conn.setRequestProperty("Authorization", "Basic " + encoding); // $hasInsecureBasicAuth
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // $ Alert
 		}
 		{
 			String protocol = "https";

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.qlref

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-522/InsecureBasicAuth.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/options

@@ -1 +1 @@
-// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuthTest.ql

@@ -1,18 +0,0 @@
-import java
-import semmle.code.java.security.InsecureBasicAuthQuery
-import utils.test.InlineExpectationsTest
-
-module HasInsecureBasicAuthTest implements TestSig {
-  string getARelevantTag() { result = "hasInsecureBasicAuth" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasInsecureBasicAuth" and
-    exists(DataFlow::Node sink | InsecureBasicAuthFlow::flowTo(sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
-
-import MakeTest<HasInsecureBasicAuthTest>

java/ql/test/query-tests/security/CWE-522/InsecureLdapAuth/InsecureLdapAuth.java

@@ -8,7 +8,7 @@ import javax.naming.ldap.InitialLdapContext;
 public class InsecureLdapAuth {
 	// BAD - Test LDAP authentication in cleartext using `DirContext`.
 	public void testCleartextLdapAuth(String ldapUserName, String password) throws Exception {
-		String ldapUrl = "ldap://ad.your-server.com:389";
+		String ldapUrl = "ldap://ad.your-server.com:389"; // $ Source
 		Hashtable<String, String> environment = new Hashtable<String, String>();
 		environment.put(Context.INITIAL_CONTEXT_FACTORY,
 				"com.sun.jndi.ldap.LdapCtxFactory");
@@ -17,12 +17,12 @@ public class InsecureLdapAuth {
 		environment.put(Context.SECURITY_AUTHENTICATION, "simple");
 		environment.put(Context.SECURITY_PRINCIPAL, ldapUserName);
 		environment.put(Context.SECURITY_CREDENTIALS, password);
-		DirContext dirContext = new InitialDirContext(environment); // $ hasInsecureLdapAuth
+		DirContext dirContext = new InitialDirContext(environment); // $ Alert
 	}
 
 	// BAD - Test LDAP authentication in cleartext using `DirContext`.
 	public void testCleartextLdapAuth(String ldapUserName, String password, String serverName) throws Exception {
-		String ldapUrl = "ldap://"+serverName+":389";
+		String ldapUrl = "ldap://"+serverName+":389"; // $ Source
 		Hashtable<String, String> environment = new Hashtable<String, String>();
 		environment.put(Context.INITIAL_CONTEXT_FACTORY,
 				"com.sun.jndi.ldap.LdapCtxFactory");
@@ -31,7 +31,7 @@ public class InsecureLdapAuth {
 		environment.put(Context.SECURITY_AUTHENTICATION, "simple");
 		environment.put(Context.SECURITY_PRINCIPAL, ldapUserName);
 		environment.put(Context.SECURITY_CREDENTIALS, password);
-		DirContext dirContext = new InitialDirContext(environment); // $ hasInsecureLdapAuth
+		DirContext dirContext = new InitialDirContext(environment); // $ Alert
 	}
 
 	// GOOD - Test LDAP authentication over SSL.
@@ -93,7 +93,7 @@ public class InsecureLdapAuth {
 
 	// BAD - Test LDAP authentication in cleartext using `InitialLdapContext`.
 	public void testCleartextLdapAuth3(String ldapUserName, String password) throws Exception {
-		String ldapUrl = "ldap://ad.your-server.com:389";
+		String ldapUrl = "ldap://ad.your-server.com:389"; // $ Source
 		Hashtable<String, String> environment = new Hashtable<String, String>();
 		environment.put(Context.INITIAL_CONTEXT_FACTORY,
 				"com.sun.jndi.ldap.LdapCtxFactory");
@@ -102,13 +102,13 @@ public class InsecureLdapAuth {
 		environment.put(Context.SECURITY_AUTHENTICATION, "simple");
 		environment.put(Context.SECURITY_PRINCIPAL, ldapUserName);
 		environment.put(Context.SECURITY_CREDENTIALS, password);
-		InitialLdapContext ldapContext = new InitialLdapContext(environment, null); // $ hasInsecureLdapAuth
+		InitialLdapContext ldapContext = new InitialLdapContext(environment, null); // $ Alert
 	}
 
 
 	// BAD - Test LDAP authentication in cleartext using `DirContext` and string literals.
 	public void testCleartextLdapAuth4(String ldapUserName, String password) throws Exception {
-		String ldapUrl = "ldap://ad.your-server.com:389";
+		String ldapUrl = "ldap://ad.your-server.com:389"; // $ Source
 		Hashtable<String, String> environment = new Hashtable<String, String>();
 		environment.put("java.naming.factory.initial",
 				"com.sun.jndi.ldap.LdapCtxFactory");
@@ -117,7 +117,7 @@ public class InsecureLdapAuth {
 		environment.put("java.naming.security.authentication", "simple");
 		environment.put("java.naming.security.principal", ldapUserName);
 		environment.put("java.naming.security.credentials", password);
-		DirContext dirContext = new InitialDirContext(environment); // $ hasInsecureLdapAuth
+		DirContext dirContext = new InitialDirContext(environment); // $ Alert
 	}
 
 	private void setSSL(Hashtable env) {
@@ -144,12 +144,12 @@ public class InsecureLdapAuth {
 
 	// BAD - Test LDAP authentication with basic authentication.
 	public void testCleartextLdapAuth6(String ldapUserName, String password, String serverName) throws Exception {
-		String ldapUrl = "ldap://"+serverName+":389";
+		String ldapUrl = "ldap://"+serverName+":389"; // $ Source
 		Hashtable<String, String> environment = new Hashtable<String, String>();
 		environment.put(Context.INITIAL_CONTEXT_FACTORY,
 				"com.sun.jndi.ldap.LdapCtxFactory");
 		environment.put(Context.PROVIDER_URL, ldapUrl);
 		setBasicAuth(environment, ldapUserName, password);
-		DirContext dirContext = new InitialLdapContext(environment, null); // $ hasInsecureLdapAuth
+		DirContext dirContext = new InitialLdapContext(environment, null); // $ Alert
 	}
 }

java/ql/test/query-tests/security/CWE-522/InsecureLdapAuth/InsecureLdapAuthTest.expected

@@ -0,0 +1,100 @@
+#select
+| InsecureLdapAuth.java:20:49:20:59 | environment | InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:20:49:20:59 | environment | Insecure LDAP authentication from $@. | InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" | LDAP connection string |
+| InsecureLdapAuth.java:34:49:34:59 | environment | InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | InsecureLdapAuth.java:34:49:34:59 | environment | Insecure LDAP authentication from $@. | InsecureLdapAuth.java:25:20:25:39 | ... + ... | LDAP connection string |
+| InsecureLdapAuth.java:105:59:105:69 | environment | InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:105:59:105:69 | environment | Insecure LDAP authentication from $@. | InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" | LDAP connection string |
+| InsecureLdapAuth.java:120:49:120:59 | environment | InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:120:49:120:59 | environment | Insecure LDAP authentication from $@. | InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" | LDAP connection string |
+| InsecureLdapAuth.java:153:50:153:60 | environment | InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | InsecureLdapAuth.java:153:50:153:60 | environment | Insecure LDAP authentication from $@. | InsecureLdapAuth.java:147:20:147:39 | ... + ... | LDAP connection string |
+edges
+| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:15:3:15:13 | environment : Hashtable | InsecureLdapAuth.java:20:49:20:59 | environment | provenance |  |
+| InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:20:49:20:59 | environment | provenance |  |
+| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | InsecureLdapAuth.java:15:3:15:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:29:3:29:13 | environment : Hashtable | InsecureLdapAuth.java:34:49:34:59 | environment | provenance |  |
+| InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:34:49:34:59 | environment | provenance |  |
+| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | InsecureLdapAuth.java:29:3:29:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:57:3:57:13 | environment : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment | provenance |  |
+| InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:63:49:63:59 | environment | provenance |  |
+| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | InsecureLdapAuth.java:57:3:57:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:72:3:72:13 | environment : Hashtable | InsecureLdapAuth.java:77:49:77:59 | environment | provenance |  |
+| InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:77:49:77:59 | environment | provenance |  |
+| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | InsecureLdapAuth.java:72:3:72:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:100:3:100:13 | environment : Hashtable | InsecureLdapAuth.java:105:59:105:69 | environment | provenance |  |
+| InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:105:59:105:69 | environment | provenance |  |
+| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | InsecureLdapAuth.java:100:3:100:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:115:3:115:13 | environment : Hashtable | InsecureLdapAuth.java:120:49:120:59 | environment | provenance |  |
+| InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:120:49:120:59 | environment | provenance |  |
+| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | InsecureLdapAuth.java:115:3:115:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:140:3:140:13 | environment : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment | provenance |  |
+| InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:142:50:142:60 | environment | provenance |  |
+| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | InsecureLdapAuth.java:140:3:140:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | provenance |  |
+| InsecureLdapAuth.java:151:3:151:13 | environment : Hashtable | InsecureLdapAuth.java:153:50:153:60 | environment | provenance |  |
+| InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable [<map.value>] : String | InsecureLdapAuth.java:153:50:153:60 | environment | provenance |  |
+| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | InsecureLdapAuth.java:151:3:151:13 | environment : Hashtable | provenance | Config |
+| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:1 |
+| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable [<map.value>] : String | provenance | MaD:2 |
+models
+| 1 | Summary: java.util; Dictionary; true; put; (Object,Object); ; Argument[1]; Argument[this].MapValue; value; manual |
+| 2 | Summary: java.util; Map; true; put; (Object,Object); ; Argument[1]; Argument[this].MapValue; value; manual |
+nodes
+| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
+| InsecureLdapAuth.java:15:3:15:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:20:49:20:59 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | semmle.label | ... + ... : String |
+| InsecureLdapAuth.java:29:3:29:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:34:49:34:59 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | semmle.label | "ldap://ad.your-server.com:636" : String |
+| InsecureLdapAuth.java:57:3:57:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
+| InsecureLdapAuth.java:72:3:72:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:77:49:77:59 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
+| InsecureLdapAuth.java:100:3:100:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:105:59:105:69 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
+| InsecureLdapAuth.java:115:3:115:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:120:49:120:59 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | semmle.label | ... + ... : String |
+| InsecureLdapAuth.java:140:3:140:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
+| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | semmle.label | ... + ... : String |
+| InsecureLdapAuth.java:151:3:151:13 | environment : Hashtable | semmle.label | environment : Hashtable |
+| InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable [<map.value>] : String | semmle.label | environment [post update] : Hashtable [<map.value>] : String |
+| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | semmle.label | ldapUrl : String |
+| InsecureLdapAuth.java:153:50:153:60 | environment | semmle.label | environment |
+subpaths

java/ql/test/query-tests/security/CWE-522/InsecureLdapAuth/InsecureLdapAuthTest.qlref

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-522/InsecureLdapAuth.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

java/ql/test/query-tests/security/CWE-522/InsecureLdapAuth/options

@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13

java/ql/test/query-tests/security/CWE-522/InsecureLdapAuthTest.ql

@@ -1,20 +0,0 @@
-import java
-import semmle.code.java.security.InsecureLdapAuthQuery
-import utils.test.InlineExpectationsTest
-
-module InsecureLdapAuthenticationTest implements TestSig {
-  string getARelevantTag() { result = "hasInsecureLdapAuth" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasInsecureLdapAuth" and
-    exists(DataFlow::Node sink | InsecureLdapUrlFlow::flowTo(sink) |
-      BasicAuthFlow::flowTo(sink) and
-      not RequiresSslFlow::flowTo(sink) and
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
-
-import MakeTest<InsecureLdapAuthenticationTest>