Format the code and update qldoc

2026-04-28 18:25:24 +02:00 · 2020-12-13 02:33:03 +00:00
parent 7ba237120b
commit e27ccd0a81
6 changed files with 36 additions and 54 deletions
--- a/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.expected
@@ -1,2 +1,2 @@
-| applicationContext.xml:11:6:11:50 | name=password | Avoid plaintext passwords in configuration files. |
-| context.xml:4:5:8:63 | password=1234 | Avoid plaintext passwords in configuration files. |
+| applicationContext.xml:9:3:9:48 | name=password | Plaintext passwords in configuration files. |
+| context.xml:4:5:4:253 | password=1234 | Plaintext passwords in configuration files. |
--- a/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml
+++ b/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml
@@ -1,32 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

-<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
-	    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
-	    <property name="url" value="jdbc:mysql://www.example.com:3306/test"/>
-	    <property name="username" value="root"/>
-	    <property name="password" value="mysecret"/>
-		<property name="initialSize" value="30"/>
-		
-	 	<property name="maxActive" value="500"/> 
-		<property name="maxIdle" value="2"/>
-		<property name="minIdle" value="1"/>
-</bean>
+	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
+		<property name="driverClassName" value="com.mysql.jdbc.Driver" />
+		<property name="url" value="jdbc:mysql://www.example.com:3306/test" />
+		<property name="username" value="root" />
+		<property name="password" value="mysecret" />
+		<property name="initialSize" value="30" />

-<bean id="sessionFactory"  class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
-     <property name="dataSource" ref="dataSource"/>
-     
-	    <property name="annotatedClasses">
-	       <list>
-	           <value>com.example.entity.Users</value>
-	        </list>
-	    </property>
-    
-     <property name="hibernateProperties">
-	    <value>
+		<property name="maxActive" value="500" />
+		<property name="maxIdle" value="2" />
+		<property name="minIdle" value="1" />
+	</bean>
+
+	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
+		<property name="dataSource" ref="dataSource" />
+
+		<property name="annotatedClasses">
+			<list>
+				<value>com.example.entity.Users</value>
+			</list>
+		</property>
+
+		<property name="hibernateProperties">
+			<value>
 	        	hibernate.dialect=org.hibernate.dialect.MySQLDialect
 	        	hibernate.hbm2ddl.auto=update
 				hibernate.show_sql=true
@@ -34,6 +32,6 @@
        	    hibernate.cache.provider_class=org.hibernate.cache.internal.NoCacheProvider
        	    hibernate.generate_statistics=true	      
 	    </value>
-    </property>
-</bean>
+		</property>
+	</bean>
 </beans>
--- a/java/ql/test/experimental/query-tests/security/CWE-555/context.xml
+++ b/java/ql/test/experimental/query-tests/security/CWE-555/context.xml
@@ -1,31 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Context>
-    <!-- BAD: Password of datasource is in not encrypted -->
-    <Resource name="jdbc/exampleDS1" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="1234"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example1.com:3306/proj"/>
+    <!-- BAD: Password of datasource is not encrypted -->
+    <Resource name="jdbc/exampleDS1" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="1234" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example1.com:3306/proj" />

    <!-- GOOD: Password is encrypted and stored in a password vault -->
-    <Resource name="jdbc/exampleDS2" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="${VAULT::exampleDS2::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example2.com:3306/proj"/>
+    <Resource name="jdbc/exampleDS2" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="${VAULT::exampleDS2::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example2.com:3306/proj" />

    <!-- GOOD: Password is not stored in the configuration file -->
-    <Resource name="jdbc/exampleDS3" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="${jdbc.password}"
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example3.com:3306/proj"/>
+    <Resource name="jdbc/exampleDS3" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="${jdbc.password}" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example3.com:3306/proj" />

    <!-- GOOD: Password is encrypted -->
-    <Resource name="jdbc/exampleDS4" auth="Container" type="javax.sql.DataSource"
-               maxTotal="100" maxIdle="30" maxWaitMillis="10000"
-               username="root" password="Tg2Nn7wUZOQ6Xc+1lenkZTQ9ZDf9a2/RBRiqJBCIX6o="
-               driverClassName="com.mysql.jdbc.Driver"
-               url="jdbc:mysql://www.example4.com:3306/proj"/>
-               
+    <Resource name="jdbc/exampleDS4" auth="Container" type="javax.sql.DataSource" maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="Tg2Nn7wUZOQ6Xc+1lenkZTQ9ZDf9a2/RBRiqJBCIX6o=" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://www.example4.com:3306/proj" />
+
 </Context>