From ddcf852d3f59078be3ea182669dc0b1de05e7b04 Mon Sep 17 00:00:00 2001 From: Kevin Stubbings Date: Wed, 20 Nov 2024 01:07:03 +0000 Subject: [PATCH] Add taint steps --- .../lib/change-notes/2024-09-24-multipart.md | 2 +- .../apache-commons-fileupload-1.4/Test.java | 55 +++++++++++++++++++ .../apache-commons-fileupload-1.4/options | 1 + .../test.expected | 45 +++++++++++++++ .../apache-commons-fileupload-1.4/test.ql | 4 ++ .../commons/fileupload/util/Streams.java | 16 ++++++ 6 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/Test.java create mode 100644 java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/options create mode 100644 java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.expected create mode 100644 java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.ql create mode 100644 java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/util/Streams.java diff --git a/java/ql/lib/change-notes/2024-09-24-multipart.md b/java/ql/lib/change-notes/2024-09-24-multipart.md index f10cfbfd944..e1102698065 100644 --- a/java/ql/lib/change-notes/2024-09-24-multipart.md +++ b/java/ql/lib/change-notes/2024-09-24-multipart.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Added more dataflow models of `org.apache.commons.fileupload.FileItem` and `javax.servlet.http.Part`. \ No newline at end of file +* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`. \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/Test.java b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/Test.java new file mode 100644 index 00000000000..552b9fc6973 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/Test.java @@ -0,0 +1,55 @@ +package com.mycompany.app; + +import org.apache.commons.fileupload.util.Streams; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.ByteArrayOutputStream; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object source() { + return null; + } + + void sink(Object o) { + } + + public void test() throws Exception { + + { + InputStream in = (InputStream)source(); + OutputStream os = new ByteArrayOutputStream(1024); + + InputStream in2 = (InputStream)source(); + OutputStream os2 = new ByteArrayOutputStream(1024); + + byte[] myArray = new byte[1024]; + + // "org.apache.commons.fileupload.util;Streams;true;copy;(InputStream,OutputStream,boolean,byte[]);;Argument[0];Argument[1];taint;manual" + long status = Streams.copy(in, os, true, myArray); + sink(os); // $ hasTaintFlow + // "org.apache.commons.fileupload.util;Streams;true;copy;(InputStream,OutputStream,boolean);;Argument[0];Argument[1];taint;manual" + long status2 = Streams.copy(in2, os2, true); + sink(os2); // $ hasTaintFlow + } + + } + public void test2() throws Exception { + + { + + InputStream in = (InputStream)source(); + // "org.apache.commons.fileupload.util;Streams;true;asString;(InputStream,String);;Argument[0];ReturnValue;taint;manual" + String result = Streams.asString(in); + sink(result); // $ hasTaintFlow + + InputStream in1 = (InputStream)source(); + // "org.apache.commons.fileupload.util;Streams;true;asString;(InputStream,String);;Argument[0];ReturnValue;taint;manual" + String result1 = Streams.asString(in1, "test"); + sink(result1); // $ hasTaintFlow + } + + } + +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/options b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/options new file mode 100644 index 00000000000..89451545827 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-fileupload-1.4 \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.expected b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.expected new file mode 100644 index 00000000000..f725a2f11bd --- /dev/null +++ b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.expected @@ -0,0 +1,45 @@ +models +| 1 | Summary: org.apache.commons.fileupload.util; Streams; true; asString; (InputStream); ; Argument[0]; ReturnValue; taint; manual | +| 2 | Summary: org.apache.commons.fileupload.util; Streams; true; asString; (InputStream,String); ; Argument[0]; ReturnValue; taint; manual | +| 3 | Summary: org.apache.commons.fileupload.util; Streams; true; copy; (InputStream,OutputStream,boolean); ; Argument[0]; Argument[1]; taint; manual | +| 4 | Summary: org.apache.commons.fileupload.util; Streams; true; copy; (InputStream,OutputStream,boolean,byte[]); ; Argument[0]; Argument[1]; taint; manual | +edges +| Test.java:22:30:22:50 | (...)... : InputStream | Test.java:30:31:30:32 | in : InputStream | provenance | | +| Test.java:22:43:22:50 | source(...) : Object | Test.java:22:30:22:50 | (...)... : InputStream | provenance | | +| Test.java:25:22:25:42 | (...)... : InputStream | Test.java:33:32:33:34 | in2 : InputStream | provenance | | +| Test.java:25:35:25:42 | source(...) : Object | Test.java:25:22:25:42 | (...)... : InputStream | provenance | | +| Test.java:30:31:30:32 | in : InputStream | Test.java:30:35:30:36 | os [post update] : ByteArrayOutputStream | provenance | MaD:4 | +| Test.java:30:35:30:36 | os [post update] : ByteArrayOutputStream | Test.java:31:9:31:10 | os | provenance | | +| Test.java:33:32:33:34 | in2 : InputStream | Test.java:33:37:33:39 | os2 [post update] : ByteArrayOutputStream | provenance | MaD:3 | +| Test.java:33:37:33:39 | os2 [post update] : ByteArrayOutputStream | Test.java:34:9:34:11 | os2 | provenance | | +| Test.java:45:30:45:50 | (...)... : InputStream | Test.java:47:37:47:38 | in : InputStream | provenance | | +| Test.java:45:43:45:50 | source(...) : Object | Test.java:45:30:45:50 | (...)... : InputStream | provenance | | +| Test.java:47:20:47:39 | asString(...) : String | Test.java:48:9:48:14 | result | provenance | | +| Test.java:47:37:47:38 | in : InputStream | Test.java:47:20:47:39 | asString(...) : String | provenance | MaD:1 | +| Test.java:50:31:50:51 | (...)... : InputStream | Test.java:51:47:51:49 | in1 : InputStream | provenance | | +| Test.java:50:44:50:51 | source(...) : Object | Test.java:50:31:50:51 | (...)... : InputStream | provenance | | +| Test.java:51:30:51:58 | asString(...) : String | Test.java:52:18:52:24 | result1 | provenance | | +| Test.java:51:47:51:49 | in1 : InputStream | Test.java:51:30:51:58 | asString(...) : String | provenance | MaD:2 | +nodes +| Test.java:22:30:22:50 | (...)... : InputStream | semmle.label | (...)... : InputStream | +| Test.java:22:43:22:50 | source(...) : Object | semmle.label | source(...) : Object | +| Test.java:25:22:25:42 | (...)... : InputStream | semmle.label | (...)... : InputStream | +| Test.java:25:35:25:42 | source(...) : Object | semmle.label | source(...) : Object | +| Test.java:30:31:30:32 | in : InputStream | semmle.label | in : InputStream | +| Test.java:30:35:30:36 | os [post update] : ByteArrayOutputStream | semmle.label | os [post update] : ByteArrayOutputStream | +| Test.java:31:9:31:10 | os | semmle.label | os | +| Test.java:33:32:33:34 | in2 : InputStream | semmle.label | in2 : InputStream | +| Test.java:33:37:33:39 | os2 [post update] : ByteArrayOutputStream | semmle.label | os2 [post update] : ByteArrayOutputStream | +| Test.java:34:9:34:11 | os2 | semmle.label | os2 | +| Test.java:45:30:45:50 | (...)... : InputStream | semmle.label | (...)... : InputStream | +| Test.java:45:43:45:50 | source(...) : Object | semmle.label | source(...) : Object | +| Test.java:47:20:47:39 | asString(...) : String | semmle.label | asString(...) : String | +| Test.java:47:37:47:38 | in : InputStream | semmle.label | in : InputStream | +| Test.java:48:9:48:14 | result | semmle.label | result | +| Test.java:50:31:50:51 | (...)... : InputStream | semmle.label | (...)... : InputStream | +| Test.java:50:44:50:51 | source(...) : Object | semmle.label | source(...) : Object | +| Test.java:51:30:51:58 | asString(...) : String | semmle.label | asString(...) : String | +| Test.java:51:47:51:49 | in1 : InputStream | semmle.label | in1 : InputStream | +| Test.java:52:18:52:24 | result1 | semmle.label | result1 | +subpaths +testFailures diff --git a/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.ql b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.ql new file mode 100644 index 00000000000..0004e84a3f1 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/apache-commons-fileupload-1.4/test.ql @@ -0,0 +1,4 @@ +import java +import TestUtilities.InlineFlowTest +import DefaultFlowTest +import TaintFlow::PathGraph \ No newline at end of file diff --git a/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/util/Streams.java b/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/util/Streams.java new file mode 100644 index 00000000000..3c84ce04198 --- /dev/null +++ b/java/ql/test/stubs/apache-commons-fileupload-1.4/org/apache/commons/fileupload/util/Streams.java @@ -0,0 +1,16 @@ +// Generated automatically from org.apache.commons.fileupload.util.Streams for testing purposes + +package org.apache.commons.fileupload.util; + +import java.io.InputStream; +import java.io.OutputStream; + +public class Streams +{ + protected Streams() {} + public static String asString(InputStream p0){ return null; } + public static String asString(InputStream p0, String p1){ return null; } + public static String checkFileName(String p0){ return null; } + public static long copy(InputStream p0, OutputStream p1, boolean p2){ return 0; } + public static long copy(InputStream p0, OutputStream p1, boolean p2, byte[] p3){ return 0; } +}