hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use InlineExpectationsTest

Browse Source
This commit is contained in:
Tony Torralba
2021-05-20 11:06:32 +02:00
parent 3f0b803796
commit c1e71b60b4
5 changed files with 120 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
java/ql/test/query-tests/security/CWE-074/JndiInjection.expected
View File

@@ -1,180 +0,0 @@
edges
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:34:16:34:22 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:35:20:35:26 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:36:29:36:35 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:41:16:41:19 | name |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:42:20:42:23 | name |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:43:29:43:32 | name |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:44:16:44:19 | name |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:45:14:45:17 | name |
| JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:46:22:46:25 | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:55:20:55:26 | nameStr |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:56:16:56:22 | nameStr |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:57:14:57:20 | nameStr |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:58:22:58:28 | nameStr |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:60:16:60:19 | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:61:20:61:23 | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:62:16:62:19 | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:63:14:63:17 | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:64:22:64:25 | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:72:16:72:22 | nameStr |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:73:20:73:26 | nameStr |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:75:14:75:20 | nameStr |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:76:22:76:28 | nameStr |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:78:16:78:19 | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:79:20:79:23 | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:80:16:80:19 | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:81:14:81:17 | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:82:22:82:25 | name |
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr |
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:90:16:90:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:98:16:98:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:99:23:99:29 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:100:18:100:21 | name |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:101:16:101:19 | name |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:102:14:102:17 | name |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:103:22:103:25 | name |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:104:16:104:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:106:16:106:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:107:16:107:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:108:16:108:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:109:16:109:22 | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:111:25:111:31 | nameStr |
| JndiInjection.java:115:41:115:68 | nameStr : String | JndiInjection.java:118:16:118:22 | nameStr |
| JndiInjection.java:115:41:115:68 | nameStr : String | JndiInjection.java:119:16:119:22 | nameStr |
| JndiInjection.java:123:37:123:63 | urlStr : String | JndiInjection.java:124:33:124:57 | new JMXServiceURL(...) |
| JndiInjection.java:123:37:123:63 | urlStr : String | JndiInjection.java:128:5:128:13 | connector |
| JndiInjection.java:132:27:132:53 | urlStr : String | JndiInjection.java:135:35:135:40 | urlStr |
| JndiInjection.java:140:27:140:53 | urlStr : String | JndiInjection.java:143:41:143:46 | urlStr |
| JndiInjection.java:148:52:148:78 | urlStr : String | JndiInjection.java:151:37:151:42 | urlStr |
| JndiInjection.java:156:52:156:78 | urlStr : String | JndiInjection.java:159:51:159:56 | urlStr |
| JndiInjection.java:164:52:164:78 | urlStr : String | JndiInjection.java:167:51:167:56 | urlStr |
nodes
| JndiInjection.java:30:38:30:65 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:34:16:34:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:35:20:35:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:36:29:36:35 | nameStr | semmle.label | nameStr |
| JndiInjection.java:37:16:37:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:38:14:38:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:39:22:39:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:41:16:41:19 | name | semmle.label | name |
| JndiInjection.java:42:20:42:23 | name | semmle.label | name |
| JndiInjection.java:43:29:43:32 | name | semmle.label | name |
| JndiInjection.java:44:16:44:19 | name | semmle.label | name |
| JndiInjection.java:45:14:45:17 | name | semmle.label | name |
| JndiInjection.java:46:22:46:25 | name | semmle.label | name |
| JndiInjection.java:50:41:50:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:54:16:54:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:55:20:55:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:56:16:56:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:57:14:57:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:58:22:58:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:60:16:60:19 | name | semmle.label | name |
| JndiInjection.java:61:20:61:23 | name | semmle.label | name |
| JndiInjection.java:62:16:62:19 | name | semmle.label | name |
| JndiInjection.java:63:14:63:17 | name | semmle.label | name |
| JndiInjection.java:64:22:64:25 | name | semmle.label | name |
| JndiInjection.java:68:42:68:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:72:16:72:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:73:20:73:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:74:16:74:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:75:14:75:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:76:22:76:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:78:16:78:19 | name | semmle.label | name |
| JndiInjection.java:79:20:79:23 | name | semmle.label | name |
| JndiInjection.java:80:16:80:19 | name | semmle.label | name |
| JndiInjection.java:81:14:81:17 | name | semmle.label | name |
| JndiInjection.java:82:22:82:25 | name | semmle.label | name |
| JndiInjection.java:86:42:86:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:89:16:89:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:90:16:90:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:94:42:94:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:98:16:98:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:99:23:99:29 | nameStr | semmle.label | nameStr |
| JndiInjection.java:100:18:100:21 | name | semmle.label | name |
| JndiInjection.java:101:16:101:19 | name | semmle.label | name |
| JndiInjection.java:102:14:102:17 | name | semmle.label | name |
| JndiInjection.java:103:22:103:25 | name | semmle.label | name |
| JndiInjection.java:104:16:104:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:106:16:106:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:107:16:107:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:108:16:108:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:109:16:109:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:111:25:111:31 | nameStr | semmle.label | nameStr |
| JndiInjection.java:115:41:115:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:118:16:118:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:119:16:119:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:123:37:123:63 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:124:33:124:57 | new JMXServiceURL(...) | semmle.label | new JMXServiceURL(...) |
| JndiInjection.java:128:5:128:13 | connector | semmle.label | connector |
| JndiInjection.java:132:27:132:53 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:135:35:135:40 | urlStr | semmle.label | urlStr |
| JndiInjection.java:140:27:140:53 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:143:41:143:46 | urlStr | semmle.label | urlStr |
| JndiInjection.java:148:52:148:78 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:151:37:151:42 | urlStr | semmle.label | urlStr |
| JndiInjection.java:156:52:156:78 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:159:51:159:56 | urlStr | semmle.label | urlStr |
| JndiInjection.java:164:52:164:78 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:167:51:167:56 | urlStr | semmle.label | urlStr |
#select
| JndiInjection.java:34:16:34:22 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:34:16:34:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:35:20:35:26 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:35:20:35:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:36:29:36:35 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:36:29:36:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:37:16:37:22 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:38:14:38:20 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:39:22:39:28 | nameStr | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:41:16:41:19 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:41:16:41:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:42:20:42:23 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:42:20:42:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:43:29:43:32 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:43:29:43:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:44:16:44:19 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:44:16:44:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:45:14:45:17 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:45:14:45:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:46:22:46:25 | name | JndiInjection.java:30:38:30:65 | nameStr : String | JndiInjection.java:46:22:46:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:30:38:30:65 | nameStr | this user input |
| JndiInjection.java:54:16:54:22 | nameStr | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:55:20:55:26 | nameStr | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:55:20:55:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:56:16:56:22 | nameStr | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:56:16:56:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:57:14:57:20 | nameStr | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:57:14:57:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:58:22:58:28 | nameStr | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:58:22:58:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:60:16:60:19 | name | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:60:16:60:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:61:20:61:23 | name | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:61:20:61:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:62:16:62:19 | name | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:62:16:62:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:63:14:63:17 | name | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:63:14:63:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:64:22:64:25 | name | JndiInjection.java:50:41:50:68 | nameStr : String | JndiInjection.java:64:22:64:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:50:41:50:68 | nameStr | this user input |
| JndiInjection.java:72:16:72:22 | nameStr | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:72:16:72:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:73:20:73:26 | nameStr | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:73:20:73:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:74:16:74:22 | nameStr | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:75:14:75:20 | nameStr | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:75:14:75:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:76:22:76:28 | nameStr | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:76:22:76:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:78:16:78:19 | name | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:78:16:78:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:79:20:79:23 | name | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:79:20:79:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:80:16:80:19 | name | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:80:16:80:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:81:14:81:17 | name | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:81:14:81:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:82:22:82:25 | name | JndiInjection.java:68:42:68:69 | nameStr : String | JndiInjection.java:82:22:82:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:68:42:68:69 | nameStr | this user input |
| JndiInjection.java:89:16:89:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
| JndiInjection.java:90:16:90:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:90:16:90:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
| JndiInjection.java:98:16:98:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:98:16:98:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:99:23:99:29 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:99:23:99:29 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:100:18:100:21 | name | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:100:18:100:21 | name | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:101:16:101:19 | name | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:101:16:101:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:102:14:102:17 | name | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:102:14:102:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:103:22:103:25 | name | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:103:22:103:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:104:16:104:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:104:16:104:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:106:16:106:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:106:16:106:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:107:16:107:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:107:16:107:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:108:16:108:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:108:16:108:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:109:16:109:22 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:109:16:109:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:111:25:111:31 | nameStr | JndiInjection.java:94:42:94:69 | nameStr : String | JndiInjection.java:111:25:111:31 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:94:42:94:69 | nameStr | this user input |
| JndiInjection.java:118:16:118:22 | nameStr | JndiInjection.java:115:41:115:68 | nameStr : String | JndiInjection.java:118:16:118:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:115:41:115:68 | nameStr | this user input |
| JndiInjection.java:119:16:119:22 | nameStr | JndiInjection.java:115:41:115:68 | nameStr : String | JndiInjection.java:119:16:119:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:115:41:115:68 | nameStr | this user input |
| JndiInjection.java:124:33:124:57 | new JMXServiceURL(...) | JndiInjection.java:123:37:123:63 | urlStr : String | JndiInjection.java:124:33:124:57 | new JMXServiceURL(...) | JNDI lookup might include name from $@. | JndiInjection.java:123:37:123:63 | urlStr | this user input |
| JndiInjection.java:128:5:128:13 | connector | JndiInjection.java:123:37:123:63 | urlStr : String | JndiInjection.java:128:5:128:13 | connector | JNDI lookup might include name from $@. | JndiInjection.java:123:37:123:63 | urlStr | this user input |
| JndiInjection.java:135:35:135:40 | urlStr | JndiInjection.java:132:27:132:53 | urlStr : String | JndiInjection.java:135:35:135:40 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:132:27:132:53 | urlStr | this user input |
| JndiInjection.java:143:41:143:46 | urlStr | JndiInjection.java:140:27:140:53 | urlStr : String | JndiInjection.java:143:41:143:46 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:140:27:140:53 | urlStr | this user input |
| JndiInjection.java:151:37:151:42 | urlStr | JndiInjection.java:148:52:148:78 | urlStr : String | JndiInjection.java:151:37:151:42 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:148:52:148:78 | urlStr | this user input |
| JndiInjection.java:159:51:159:56 | urlStr | JndiInjection.java:156:52:156:78 | urlStr : String | JndiInjection.java:159:51:159:56 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:156:52:156:78 | urlStr | this user input |
| JndiInjection.java:167:51:167:56 | urlStr | JndiInjection.java:164:52:164:78 | urlStr : String | JndiInjection.java:167:51:167:56 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:164:52:164:78 | urlStr | this user input |

1
java/ql/test/query-tests/security/CWE-074/JndiInjection.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-074/JndiInjection.ql

0
java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.expected Normal file
View File

162
java/ql/test/query-tests/security/CWE-074/JndiInjection.java → java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.java
View File

@@ -25,25 +25,25 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class JndiInjection {
public class JndiInjectionTest {
@RequestMapping
public void testInitialContextBad1(@RequestParam String nameStr) throws NamingException {
Name name = new CompositeName(nameStr);
InitialContext ctx = new InitialContext();
ctx.lookup(nameStr);
ctx.lookupLink(nameStr);
InitialContext.doLookup(nameStr);
ctx.rename(nameStr, "");
ctx.list(nameStr);
ctx.listBindings(nameStr);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookupLink(nameStr); // $hasJndiInjection
InitialContext.doLookup(nameStr); // $hasJndiInjection
ctx.rename(nameStr, ""); // $hasJndiInjection
ctx.list(nameStr); // $hasJndiInjection
ctx.listBindings(nameStr); // $hasJndiInjection
ctx.lookup(name);
ctx.lookupLink(name);
InitialContext.doLookup(name);
ctx.rename(name, null);
ctx.list(name);
ctx.listBindings(name);
ctx.lookup(name); // $hasJndiInjection
ctx.lookupLink(name); // $hasJndiInjection
InitialContext.doLookup(name); // $hasJndiInjection
ctx.rename(name, null); // $hasJndiInjection
ctx.list(name); // $hasJndiInjection
ctx.listBindings(name); // $hasJndiInjection
}
@RequestMapping
@@ -51,17 +51,17 @@ public class JndiInjection {
Name name = new CompoundName(nameStr, new Properties());
InitialDirContext ctx = new InitialDirContext();
ctx.lookup(nameStr);
ctx.lookupLink(nameStr);
ctx.rename(nameStr, "");
ctx.list(nameStr);
ctx.listBindings(nameStr);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookupLink(nameStr); // $hasJndiInjection
ctx.rename(nameStr, ""); // $hasJndiInjection
ctx.list(nameStr); // $hasJndiInjection
ctx.listBindings(nameStr); // $hasJndiInjection
ctx.lookup(name);
ctx.lookupLink(name);
ctx.rename(name, null);
ctx.list(name);
ctx.listBindings(name);
ctx.lookup(name); // $hasJndiInjection
ctx.lookupLink(name); // $hasJndiInjection
ctx.rename(name, null); // $hasJndiInjection
ctx.list(name); // $hasJndiInjection
ctx.listBindings(name); // $hasJndiInjection
}
@RequestMapping
@@ -69,25 +69,25 @@ public class JndiInjection {
Name name = new CompositeName(nameStr);
InitialLdapContext ctx = new InitialLdapContext();
ctx.lookup(nameStr);
ctx.lookupLink(nameStr);
ctx.rename(nameStr, "");
ctx.list(nameStr);
ctx.listBindings(nameStr);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookupLink(nameStr); // $hasJndiInjection
ctx.rename(nameStr, ""); // $hasJndiInjection
ctx.list(nameStr); // $hasJndiInjection
ctx.listBindings(nameStr); // $hasJndiInjection
ctx.lookup(name);
ctx.lookupLink(name);
ctx.rename(name, null);
ctx.list(name);
ctx.listBindings(name);
ctx.lookup(name); // $hasJndiInjection
ctx.lookupLink(name); // $hasJndiInjection
ctx.rename(name, null); // $hasJndiInjection
ctx.list(name); // $hasJndiInjection
ctx.listBindings(name); // $hasJndiInjection
}
@RequestMapping
public void testSpringJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
JndiTemplate ctx = new JndiTemplate();
ctx.lookup(nameStr);
ctx.lookup(nameStr, null);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookup(nameStr, null); // $hasJndiInjection
}
@RequestMapping
@@ -95,44 +95,44 @@ public class JndiInjection {
LdapTemplate ctx = new LdapTemplate();
Name name = new CompositeName(nameStr);
ctx.lookup(nameStr);
ctx.lookupContext(nameStr);
ctx.findByDn(name, null);
ctx.rename(name, null);
ctx.list(name);
ctx.listBindings(name);
ctx.unbind(nameStr, true);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookupContext(nameStr); // $hasJndiInjection
ctx.findByDn(name, null); // $hasJndiInjection
ctx.rename(name, null); // $hasJndiInjection
ctx.list(name); // $hasJndiInjection
ctx.listBindings(name); // $hasJndiInjection
ctx.unbind(nameStr, true); // $hasJndiInjection
ctx.search(nameStr, "", 0, true, null);
ctx.search(nameStr, "", 0, new String[] {}, (ContextMapper<Object>) new Object());
ctx.search(nameStr, "", 0, (ContextMapper<Object>) new Object());
ctx.search(nameStr, "", (ContextMapper) new Object());
ctx.searchForObject(nameStr, "", (ContextMapper) new Object());
ctx.search(nameStr, "", 0, true, null); // $hasJndiInjection
ctx.search(nameStr, "", 0, new String[] {}, (ContextMapper<Object>) new Object()); // $hasJndiInjection
ctx.search(nameStr, "", 0, (ContextMapper<Object>) new Object()); // $hasJndiInjection
ctx.search(nameStr, "", (ContextMapper) new Object()); // $hasJndiInjection
ctx.searchForObject(nameStr, "", (ContextMapper) new Object()); // $hasJndiInjection
}
@RequestMapping
public void testShiroJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
org.apache.shiro.jndi.JndiTemplate ctx = new org.apache.shiro.jndi.JndiTemplate();
ctx.lookup(nameStr);
ctx.lookup(nameStr, null);
ctx.lookup(nameStr); // $hasJndiInjection
ctx.lookup(nameStr, null); // $hasJndiInjection
}
@RequestMapping
public void testJMXServiceUrlBad1(@RequestParam String urlStr) throws IOException {
JMXConnectorFactory.connect(new JMXServiceURL(urlStr));
JMXConnectorFactory.connect(new JMXServiceURL(urlStr)); // $hasJndiInjection
JMXServiceURL url = new JMXServiceURL(urlStr);
JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, null);
connector.connect();
connector.connect(); // $hasJndiInjection
}
@RequestMapping
public void testEnvBad1(@RequestParam String urlStr) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
env.put(Context.PROVIDER_URL, urlStr);
env.put(Context.PROVIDER_URL, urlStr); // $hasJndiInjection
new InitialContext(env);
}
@@ -140,31 +140,36 @@ public class JndiInjection {
public void testEnvBad2(@RequestParam String urlStr) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
env.put("java.naming.provider.url", urlStr);
env.put("java.naming.provider.url", urlStr); // $hasJndiInjection
new InitialDirContext(env);
}
@RequestMapping
public void testSpringJndiTemplatePropertiesBad1(@RequestParam String urlStr) throws NamingException {
public void testSpringJndiTemplatePropertiesBad1(@RequestParam String urlStr)
throws NamingException {
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
props.put(Context.PROVIDER_URL, urlStr);
props.put(Context.PROVIDER_URL, urlStr); // $hasJndiInjection
new JndiTemplate(props);
}
@RequestMapping
public void testSpringJndiTemplatePropertiesBad2(@RequestParam String urlStr) throws NamingException {
public void testSpringJndiTemplatePropertiesBad2(@RequestParam String urlStr)
throws NamingException {
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
props.setProperty("java.naming.provider.url", urlStr);
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.rmi.registry.RegistryContextFactory");
props.setProperty("java.naming.provider.url", urlStr); // $hasJndiInjection
new JndiTemplate(props);
}
@RequestMapping
public void testSpringJndiTemplatePropertiesBad3(@RequestParam String urlStr) throws NamingException {
public void testSpringJndiTemplatePropertiesBad3(@RequestParam String urlStr)
throws NamingException {
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
props.setProperty("java.naming.provider.url", urlStr);
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.rmi.registry.RegistryContextFactory");
props.setProperty("java.naming.provider.url", urlStr); // $hasJndiInjection
JndiTemplate template = new JndiTemplate();
template.setEnvironment(props);
}
@@ -173,29 +178,30 @@ public class JndiInjection {
public void testSpringLdapTemplateOk1(@RequestParam String nameStr) throws NamingException {
LdapTemplate ctx = new LdapTemplate();
ctx.unbind(nameStr);
ctx.unbind(nameStr, false);
ctx.unbind(nameStr); // Safe
ctx.unbind(nameStr, false); // Safe
ctx.search(nameStr, "", 0, false, null);
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object());
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object(), null);
ctx.search(nameStr, "", (NameClassPairCallbackHandler) new Object());
ctx.search(nameStr, "", 0, new String[] {}, (AttributesMapper<Object>) new Object());
ctx.search(nameStr, "", 0, (AttributesMapper<Object>) new Object());
ctx.search(nameStr, "", (AttributesMapper) new Object());
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object());
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object());
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object(), null);
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object(), null);
ctx.search(nameStr, "", 0, false, null); // Safe
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object()); // Safe
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object(), // Safe
null);
ctx.search(nameStr, "", (NameClassPairCallbackHandler) new Object()); // Safe
ctx.search(nameStr, "", 0, new String[] {}, (AttributesMapper<Object>) new Object()); // Safe
ctx.search(nameStr, "", 0, (AttributesMapper<Object>) new Object()); // Safe
ctx.search(nameStr, "", (AttributesMapper) new Object()); // Safe
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object()); // Safe
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object()); // Safe
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object(), null); // Safe
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object(), null); // Safe
ctx.searchForObject(nameStr, "", new SearchControls(), (ContextMapper) new Object());
ctx.searchForObject(nameStr, "", new SearchControls(), (ContextMapper) new Object()); // Safe
}
@RequestMapping
public void testEnvOk1(@RequestParam String urlStr) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
env.put(Context.SECURITY_PRINCIPAL, urlStr);
env.put(Context.SECURITY_PRINCIPAL, urlStr); // Safe
new InitialContext(env);
}
@@ -203,7 +209,7 @@ public class JndiInjection {
public void testEnvOk2(@RequestParam String urlStr) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
env.put("java.naming.security.principal", urlStr);
env.put("java.naming.security.principal", urlStr); // Safe
new InitialContext(env);
}
}

36
java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.ql Normal file
View File

@@ -0,0 +1,36 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.JndiInjection
import TestUtilities.InlineExpectationsTest
class Conf extends TaintTracking::Configuration {
Conf() { this = "test:cwe:jndiinjection" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(JndiInjectionAdditionalTaintStep c).step(node1, node2)
}
}
class HasJndiInjectionTest extends InlineExpectationsTest {
HasJndiInjectionTest() { this = "HasJndiInjectionTest" }
override string getARelevantTag() { result = "hasJndiInjection" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasJndiInjection" and
exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}