Java: Add test for SQL injection using different threat models.

2026-05-22 07:07:09 +02:00 · 2023-05-04 19:27:52 +02:00
parent 65f2155840
commit e4375b0c06
5 changed files with 72 additions and 0 deletions
--- a/java/ql/test/experimental/configured-flow/sql-tainted1.expected
+++ b/java/ql/test/experimental/configured-flow/sql-tainted1.expected
@@ -0,0 +1,24 @@
+edges
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
+nodes
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
+subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
+#select
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This query depends on a $@. | Test.java:14:5:14:25 | getInputStream(...) | user-provided value |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This query depends on a $@. | Test.java:14:5:14:25 | getInputStream(...) | user-provided value |
--- a/java/ql/test/experimental/configured-flow/sql-tainted1.qlref
+++ b/java/ql/test/experimental/configured-flow/sql-tainted1.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-089/SqlTainted.ql
--- a/java/ql/test/experimental/configured-flow/sql-tainted2.expected
+++ b/java/ql/test/experimental/configured-flow/sql-tainted2.expected
@@ -0,0 +1,39 @@
+edges
+| Test.java:6:31:6:41 | data : byte[] | Test.java:7:23:7:26 | data : byte[] |
+| Test.java:7:23:7:26 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:14:32:14:35 | data [post update] : byte[] |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:17:34:17:37 | data |
+| Test.java:14:32:14:35 | data [post update] : byte[] | Test.java:20:69:20:72 | data : byte[] |
+| Test.java:20:56:20:73 | byteToString(...) : String | Test.java:20:26:20:80 | ... + ... |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] |
+| Test.java:20:69:20:72 | data : byte[] | Test.java:20:56:20:73 | byteToString(...) : String |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:56:28:57 | rs : ResultSet |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:35 | rs : ResultSet |
+| Test.java:28:56:28:57 | rs : ResultSet | Test.java:28:56:28:75 | getString(...) : String |
+| Test.java:28:56:28:75 | getString(...) : String | Test.java:28:26:28:82 | ... + ... |
+| Test.java:32:34:32:35 | rs : ResultSet | Test.java:32:34:32:53 | getString(...) : String |
+| Test.java:32:34:32:53 | getString(...) : String | Test.java:32:34:32:64 | getBytes(...) |
+nodes
+| Test.java:6:31:6:41 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:7:12:7:51 | new String(...) : String | semmle.label | new String(...) : String |
+| Test.java:7:23:7:26 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:14:5:14:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Test.java:14:32:14:35 | data [post update] : byte[] | semmle.label | data [post update] : byte[] |
+| Test.java:17:34:17:37 | data | semmle.label | data |
+| Test.java:20:26:20:80 | ... + ... | semmle.label | ... + ... |
+| Test.java:20:56:20:73 | byteToString(...) : String | semmle.label | byteToString(...) : String |
+| Test.java:20:69:20:72 | data : byte[] | semmle.label | data : byte[] |
+| Test.java:25:20:25:59 | executeQuery(...) : ResultSet | semmle.label | executeQuery(...) : ResultSet |
+| Test.java:28:26:28:82 | ... + ... | semmle.label | ... + ... |
+| Test.java:28:56:28:57 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:28:56:28:75 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:35 | rs : ResultSet | semmle.label | rs : ResultSet |
+| Test.java:32:34:32:53 | getString(...) : String | semmle.label | getString(...) : String |
+| Test.java:32:34:32:64 | getBytes(...) | semmle.label | getBytes(...) |
+subpaths
+| Test.java:20:69:20:72 | data : byte[] | Test.java:6:31:6:41 | data : byte[] | Test.java:7:12:7:51 | new String(...) : String | Test.java:20:56:20:73 | byteToString(...) : String |
+#select
+| Test.java:17:34:17:37 | data | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:17:34:17:37 | data | This query depends on a $@. | Test.java:14:5:14:25 | getInputStream(...) | user-provided value |
+| Test.java:20:26:20:80 | ... + ... | Test.java:14:5:14:25 | getInputStream(...) : InputStream | Test.java:20:26:20:80 | ... + ... | This query depends on a $@. | Test.java:14:5:14:25 | getInputStream(...) | user-provided value |
+| Test.java:28:26:28:82 | ... + ... | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:28:26:28:82 | ... + ... | This query depends on a $@. | Test.java:25:20:25:59 | executeQuery(...) | user-provided value |
+| Test.java:32:34:32:64 | getBytes(...) | Test.java:25:20:25:59 | executeQuery(...) : ResultSet | Test.java:32:34:32:64 | getBytes(...) | This query depends on a $@. | Test.java:25:20:25:59 | executeQuery(...) | user-provided value |
--- a/java/ql/test/experimental/configured-flow/sql-tainted2.ext.yml
+++ b/java/ql/test/experimental/configured-flow/sql-tainted2.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: supportedThreatModel
+    data:
+      - ["sql"]
--- a/java/ql/test/experimental/configured-flow/sql-tainted2.qlref
+++ b/java/ql/test/experimental/configured-flow/sql-tainted2.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-089/SqlTainted.ql