hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix tests and make modules private

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-03-08 13:35:25 +01:00
parent 2288eab0fd
commit e7f85673e9
4 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
View File

@@ -2,14 +2,10 @@ import java
import TestUtilities.InlineFlowTest
import semmle.code.java.security.SensitiveLoggingQuery
class EnableLegacy extends EnableLegacyConfiguration {
EnableLegacy() { exists(this) }
}
class HasFlowTest extends InlineFlowTest {
override DataFlow::Configuration getTaintFlowConfig() {
result instanceof SensitiveLoggerConfiguration
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
SensitiveLoggerFlow::hasFlow(src, sink)
}
override DataFlow::Configuration getValueFlowConfig() { none() }
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
}

3
java/ql/test/query-tests/security/CWE-918/RequestForgery.ql
View File

@@ -9,7 +9,8 @@ class HasFlowTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SSRF" and
exists(RequestForgeryConfiguration conf, DataFlow::Node sink | conf.hasFlowTo(sink) |
exists(DataFlow::Node sink |
RequestForgeryFlow::hasFlowTo(sink) and
sink.getLocation() = location and
element = sink.toString() and
value = ""