hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update for collection flow and add more tests

Browse Source
This commit is contained in:
Joe Farebrother
2021-06-08 11:33:51 +01:00
parent 8f89d748fe
commit df74a142dd
2 changed files with 161 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
java/ql/test/library-tests/frameworks/spring/TestHttp.java
View File

@@ -2,9 +2,11 @@ import org.springframework.http.HttpEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.http.RequestEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.util.MultiValueMap;
import org.springframework.util.LinkedMultiValueMap;
import java.util.Optional;
import java.util.List;
class TestHttp {
static <T> T taint() { return null; }
@@ -14,12 +16,16 @@ class TestHttp {
String x = taint();
sink(new HttpEntity(x)); // $hasTaintFlow
MultiValueMap<String,String> m = new LinkedMultiValueMap();
sink(new HttpEntity(x, m)); // $hasTaintFlow
MultiValueMap<String,String> m1 = new LinkedMultiValueMap();
sink(new HttpEntity(x, m1)); // $hasTaintFlow
m.add("a", taint());
sink(new HttpEntity("a", m)); // $ MISSING:hasTaintFlow
sink(new HttpEntity<String>(m)); // $ MISSING:hasTaintFlow
m1.add("a", taint());
sink(new HttpEntity("a", m1)); // $ MISSING:hasTaintFlow
sink(new HttpEntity<String>(m1)); // $ MISSING:hasTaintFlow
MultiValueMap<String,String> m2 = new LinkedMultiValueMap();
m2.add(taint(), "a");
sink(new HttpEntity<String>(m2)); // $ MISSING:hasTaintFlow
HttpEntity<String> ent = taint();
sink(ent.getBody()); // $hasTaintFlow
@@ -45,4 +51,112 @@ class TestHttp {
sink(ResponseEntity.status(200).location(taint()).lastModified(10000000).build()); // $hasTaintFlow
sink(ResponseEntity.status(200).varyBy(x).build());
}
void test3() {
String x = taint();
MultiValueMap<String,String> m1 = new LinkedMultiValueMap();
sink(new ResponseEntity(x, HttpStatus.ACCEPTED)); // $hasTaintFlow
sink(new ResponseEntity(x, m1, HttpStatus.ACCEPTED)); // $hasTaintFlow
sink(new ResponseEntity(x, m1, 200)); // $hasTaintFlow
m1.add("a", taint());
sink(new ResponseEntity("a", m1, HttpStatus.ACCEPTED)); // $ MISSING:hasTaintFlow
sink(new ResponseEntity<String>(m1, HttpStatus.ACCEPTED)); // $ MISSING:hasTaintFlow
sink(new ResponseEntity("a", m1, 200)); // $ MISSING:hasTaintFlow
MultiValueMap<String,String> m2 = new LinkedMultiValueMap();
m2.add(taint(), "a");
sink(new ResponseEntity("a", m2, HttpStatus.ACCEPTED)); // $ MISSING:hasTaintFlow
sink(new ResponseEntity<String>(m2, HttpStatus.ACCEPTED)); // $ MISSING:hasTaintFlow
sink(new ResponseEntity("a", m2, 200)); // $ MISSING:hasTaintFlow
ResponseEntity<String> ent = taint();
sink(ent.getBody()); // $hasTaintFlow
sink(ent.getHeaders()); // $hasTaintFlow
}
void test4() {
MultiValueMap<String,String> m1 = new LinkedMultiValueMap();
m1.add("a", taint());
sink(new HttpHeaders(m1)); // $ MISSING:hasTaintFlow
MultiValueMap<String,String> m2 = new LinkedMultiValueMap();
m2.add(taint(), "a");
sink(new HttpHeaders(m2)); // $ MISSING:hasTaintFlow
HttpHeaders h1 = new HttpHeaders();
h1.add(taint(), "a");
sink(h1); // $hasTaintFlow
HttpHeaders h2 = new HttpHeaders();
h2.add("a", taint());
sink(h2); // $hasTaintFlow
HttpHeaders h3 = new HttpHeaders();
h3.addAll(m1);
sink(h3); // $ MISSING:hasTaintFlow
HttpHeaders h4 = new HttpHeaders();
h4.addAll(m2);
sink(h4); // $ MISSING:hasTaintFlow
HttpHeaders h5 = new HttpHeaders();
h5.addAll(taint(), List.of());
sink(h5); // $hasTaintFlow
HttpHeaders h6 = new HttpHeaders();
h6.addAll("a", List.of(taint()));
sink(h6); // $hasTaintFlow
sink(HttpHeaders.formatHeaders(m1)); // $ MISSING:hasTaintFlow
sink(HttpHeaders.formatHeaders(m2)); // $ MISSING:hasTaintFlow
sink(HttpHeaders.encodeBasicAuth(taint(), "a", null)); // $hasTaintFlow
sink(HttpHeaders.encodeBasicAuth("a", taint(), null)); // $hasTaintFlow
}
void test5() {
HttpHeaders h = taint();
sink(h.get(null).get(0)); // $hasTaintFlow
sink(h.getAccept().get(0));
sink(h.getAcceptCharset().get(0));
sink(h.getAcceptLanguage().get(0));
sink(h.getAcceptLanguageAsLocales().get(0));
sink(h.getAccessControlAllowCredentials());
sink(h.getAccessControlAllowHeaders().get(0)); // $hasTaintFlow
sink(h.getAccessControlAllowMethods().get(0));
sink(h.getAccessControlAllowOrigin()); // $hasTaintFlow
sink(h.getAccessControlExposeHeaders().get(0)); // $hasTaintFlow
sink(h.getAccessControlMaxAge());
sink(h.getAccessControlRequestHeaders().get(0)); // $hasTaintFlow
sink(h.getAccessControlRequestMethod());
sink(h.getAllow().toArray()[0]);
sink(h.getCacheControl()); // $hasTaintFlow
sink(h.getConnection().get(0)); // $hasTaintFlow
sink(h.getContentDisposition());
sink(h.getContentLanguage());
sink(h.getContentLength());
sink(h.getContentType());
sink(h.getDate());
sink(h.getETag()); // $hasTaintFlow
sink(h.getExpires());
sink(h.getFirst("a")); // $hasTaintFlow
sink(h.getFirstDate("a"));
sink(h.getFirstZonedDateTime("a"));
sink(h.getHost()); // $hasTaintFlow
sink(h.getIfMatch().get(0)); // $hasTaintFlow
sink(h.getIfModifiedSince());
sink(h.getIfNoneMatch().get(0)); // $hasTaintFlow
sink(h.getIfUnmodifiedSince());
sink(h.getLastModified());
sink(h.getLocation()); // $hasTaintFlow
sink(h.getOrEmpty("a").get(0)); // $hasTaintFlow
sink(h.getOrigin()); // $hasTaintFlow
sink(h.getPragma()); // $hasTaintFlow
sink(h.getUpgrade()); // $hasTaintFlow
sink(h.getValuesAsList("a").get(0)); // $hasTaintFlow
sink(h.getVary().get(0)); // $hasTaintFlow
}
}