Make inline expectation comments specify query

2026-05-14 11:19:27 +02:00 · 2026-04-18 10:35:15 +01:00
parent 29b07d5d07
commit dca7046d8c
1 changed files with 15 additions and 15 deletions
--- a/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
+++ b/java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java
@@ -10,14 +10,14 @@ import java.net.Socket;

 public class PartialPathTraversalTest {
    public void esapiExample(File parent) throws IOException {
-        if (!dir().getCanonicalPath().startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }

    @SuppressWarnings("ResultOfMethodCallIgnored")
    void foo1(File parent) throws IOException {
-        (dir().getCanonicalPath()).startsWith((parent.getCanonicalPath())); // $ Alert
+        (dir().getCanonicalPath()).startsWith((parent.getCanonicalPath())); // $ Alert[java/partial-path-traversal-from-remote]
    }

    void foo2(File parent) throws IOException {
@@ -29,31 +29,31 @@ public class PartialPathTraversalTest {

    void foo3(File parent) throws IOException {
        String parentPath = parent.getCanonicalPath();
-        if (!dir().getCanonicalPath().startsWith(parentPath)) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parentPath)) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }

    void foo4() throws IOException {
-        if (!dir().getCanonicalPath().startsWith("/usr" + "/dir")) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith("/usr" + "/dir")) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }

    void foo5(File parent) throws IOException {
        String canonicalPath = dir().getCanonicalPath();
-        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }

    void foo6(File parent) throws IOException {
        String canonicalPath = dir().getCanonicalPath();
-        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
        String canonicalPath2 = dir().getCanonicalPath();
-        if (!canonicalPath2.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath2.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }
@@ -61,10 +61,10 @@ public class PartialPathTraversalTest {
    void foo7(File dir, File parent) throws IOException {
        String canonicalPath = dir().getCanonicalPath();
        String canonicalPath2 = dir().getCanonicalPath();
-        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
-        if (!canonicalPath2.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath2.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }
@@ -94,7 +94,7 @@ public class PartialPathTraversalTest {

    void foo11(File parent) throws IOException {
        String parentCanonical = parent.getCanonicalPath();
-        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }
@@ -102,10 +102,10 @@ public class PartialPathTraversalTest {
    void foo12(File parent) throws IOException {
        String parentCanonical = parent.getCanonicalPath();
        String parentCanonical2 = parent.getCanonicalPath();
-        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
-        if (!dir().getCanonicalPath().startsWith(parentCanonical2)) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parentCanonical2)) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }
@@ -173,7 +173,7 @@ public class PartialPathTraversalTest {

    void foo19(File parent) throws IOException {
        String parentCanonical = parent.getCanonicalPath() + "/potato";
-        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert
+        if (!dir().getCanonicalPath().startsWith(parentCanonical)) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }
@@ -191,7 +191,7 @@ public class PartialPathTraversalTest {
        String filePath = sb.toString();
        File encodedFile = new File(filePath);
        try {
-            if (!encodedFile.getCanonicalPath().startsWith(cacheDir.getCanonicalPath())) { // $ Alert
+            if (!encodedFile.getCanonicalPath().startsWith(cacheDir.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
                return null;
            }
            return Files.newInputStream(encodedFile.toPath());
@@ -209,7 +209,7 @@ public class PartialPathTraversalTest {

    void foo22(File dir2, File parent, boolean conditional) throws IOException {
        String canonicalPath = conditional ? dir().getCanonicalPath() : dir2.getCanonicalPath();
-        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert
+        if (!canonicalPath.startsWith(parent.getCanonicalPath())) { // $ Alert[java/partial-path-traversal-from-remote]
            throw new IOException("Invalid directory: " + dir().getCanonicalPath());
        }
    }