Java: convert CWE-522 tests to .qlref

2026-04-26 09:15:12 +02:00 · 2025-06-23 17:42:45 +02:00
parent 4412335223
commit bf1a699982
12 changed files with 243 additions and 67 deletions
--- a/java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.java
+++ b/java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.java
@@ -0,0 +1,253 @@
+import org.apache.http.RequestLine;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.message.BasicHttpRequest;
+import org.apache.http.message.BasicRequestLine;
+
+import java.net.URI;
+import java.net.URL;
+import java.net.HttpURLConnection;
+import java.net.URLConnection;
+import java.util.Base64;
+import javax.net.ssl.HttpsURLConnection;
+
+public class InsecureBasicAuthTest {
+	/**
+	 * Test basic authentication with Apache HTTP POST request using string constructor.
+	 */
+	public void testApacheHttpRequest(String username, String password) {
+		String host = "www.example.com";
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			HttpRequestBase post = new HttpPost("http://" + host + "/rest/getuser.do?uid=abcdx"); // $ Source
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			HttpRequestBase post = new HttpPost("https://" + host + "/rest/getuser.do?uid=abcdx");
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP GET request.
+	 */
+	public void testApacheHttpRequest2(String url) throws java.io.IOException {
+		{
+			String urlStr = "http://www.example.com:8000/payment/retrieve"; // $ Source
+			HttpGet get = new HttpGet(urlStr);
+			get.setHeader("Accept", "application/json");
+			get.setHeader("Authorization", // $ Alert
+					"Basic " + new String(Base64.getEncoder().encode("admin:test".getBytes())));
+		}
+		{
+			String urlStr = "https://www.example.com:8000/payment/retrieve";
+			HttpGet get = new HttpGet(urlStr);
+			get.setHeader("Accept", "application/json");
+			get.setHeader("Authorization", // Safe
+					"Basic " + new String(Base64.getEncoder().encode("admin:test".getBytes())));
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP POST request using URI create method.
+	 */
+	public void testApacheHttpRequest3(String username, String password) {
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
+			HttpRequestBase post = new HttpPost(URI.create(uriStr));
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
+			HttpRequestBase post = new HttpPost(URI.create(uriStr));
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP POST request using the URI constructor with one
+	 * argument.
+	 */
+	public void testApacheHttpRequest4(String username, String password) throws Exception {
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
+			URI uri = new URI(uriStr);
+			HttpRequestBase post = new HttpPost(uri);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
+			URI uri = new URI(uriStr);
+			HttpRequestBase post = new HttpPost(uri);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP POST request using a URI constructor with multiple
+	 * arguments.
+	 */
+	public void testApacheHttpRequest5(String username, String password) throws Exception {
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			HttpRequestBase post =
+					new HttpPost(new URI("http", "www.example.com", "/test", "abc=123", null)); // $ Source
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			HttpRequestBase post =
+					new HttpPost(new URI("https", "www.example.com", "/test", "abc=123", null));
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP `BasicHttpRequest` using string constructor.
+	 */
+	public void testApacheHttpRequest6(String username, String password) {
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx";	 // $ Source
+			BasicHttpRequest post = new BasicHttpRequest("POST", uriStr);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
+			BasicHttpRequest post = new BasicHttpRequest("POST", uriStr);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Apache HTTP `BasicHttpRequest` using `RequestLine`.
+	 */
+	public void testApacheHttpRequest7(String username, String password) {
+		String authString = username + ":" + password;
+		byte[] authEncBytes = Base64.getEncoder().encode(authString.getBytes());
+		String authStringEnc = new String(authEncBytes);
+		{
+			String uriStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
+			RequestLine requestLine = new BasicRequestLine("POST", uriStr, null);
+			BasicHttpRequest post = new BasicHttpRequest(requestLine);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // $ Alert
+		}
+		{
+			String uriStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
+			RequestLine requestLine = new BasicRequestLine("POST", uriStr, null);
+			BasicHttpRequest post = new BasicHttpRequest(requestLine);
+			post.setHeader("Accept", "application/json");
+			post.setHeader("Content-type", "application/json");
+			post.addHeader("Authorization", "Basic " + authStringEnc); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Java HTTP URL connection using the `URL(String spec)`
+	 * constructor.
+	 */
+	public void testHttpUrlConnection(String username, String password) throws Exception {
+		String authString = username + ":" + password;
+		String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
+		{
+			String urlStr = "http://www.example.com/rest/getuser.do?uid=abcdx"; // $ Source
+			URL url = new URL(urlStr);
+			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // $ Alert
+		}
+		{
+			String urlStr = "https://www.example.com/rest/getuser.do?uid=abcdx";
+			URL url = new URL(urlStr);
+			HttpURLConnection conn = (HttpsURLConnection) url.openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Java HTTP URL connection using the `URL(String protocol,
+	 * String host, String file)` constructor.
+	 */
+	public void testHttpUrlConnection2(String username, String password) throws Exception {
+		String authString = username + ":" + password;
+		String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
+		String host = "www.example.com";
+		String path = "/rest/getuser.do?uid=abcdx";
+		{
+			String protocol = "http"; // $ Source
+			URL url = new URL(protocol, host, path);
+			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // $ Alert
+		}
+		{
+			String protocol = "https";
+			URL url = new URL(protocol, host, path);
+			HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // Safe
+		}
+	}
+
+	/**
+	 * Test basic authentication with Java HTTP URL connection using a constructor with private URL.
+	 */
+	public void testHttpUrlConnection3(String username, String password) throws Exception {
+		String host = "LOCALHOST";
+		String authString = username + ":" + password;
+		String encoding = Base64.getEncoder().encodeToString(authString.getBytes("UTF-8"));
+		{
+			HttpURLConnection conn = (HttpURLConnection) new URL(
+					"http://" + (((host + "/rest/getuser.do") + "?uid=abcdx"))).openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // Safe
+		}
+		{
+			HttpURLConnection conn = (HttpURLConnection) new URL(
+					"https://" + (((host + "/rest/getuser.do") + "?uid=abcdx"))).openConnection();
+			conn.setRequestMethod("POST");
+			conn.setDoOutput(true);
+			conn.setRequestProperty("Authorization", "Basic " + encoding); // Safe
+		}
+	}
+}