hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Apache Commons HTTP Client and SQL Injection tests

Browse Source
This commit is contained in:
Tony Torralba
2023-03-10 16:41:16 +01:00
parent 746c2d1fca
commit e834f9302e
9 changed files with 54 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
java/ql/test/library-tests/frameworks/apache-http/client/Test.java → java/ql/test/library-tests/frameworks/apache-http/Client.java
View File

@@ -6,40 +6,49 @@ import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URLEncodedUtils;
// Test case generated by GenerateFlowTestCase.ql
public class Test {
public class Client {
<T> T getElement(Iterable<T> it) { return it.iterator().next(); }
Object getURIBuilder_pathDefault(Object container) { return null; }
Object source() { return null; }
void sink(Object o) { }
<T> T getElement(Iterable<T> it) {
return it.iterator().next();
}
Object getURIBuilder_pathDefault(Object container) {
return null;
}
Object taint() {
return null;
}
void sink(Object o) {}
public void test() throws Exception {
{
// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(String);;Argument[0];Argument[-1];taint;ai-generated"
URIBuilder out = null;
String in = (String)source();
String in = (String) taint();
out = new URIBuilder(in);
sink(out); // $ hasTaintFlow
}
{
// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(URI);;Argument[0];Argument[-1];taint;ai-generated"
URIBuilder out = null;
URI in = (URI)source();
URI in = (URI) taint();
out = new URIBuilder(in);
sink(out); // $ hasTaintFlow
}
{
// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];Argument[-1];taint;ai-generated"
URIBuilder out = null;
String in = (String)source();
String in = (String) taint();
out.setHost(in);
sink(out); // $ hasTaintFlow
}
{
// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];ReturnValue;taint;ai-generated"
URIBuilder out = null;
String in = (String)source();
String in = (String) taint();
URIBuilder instance = null;
out = instance.setHost(in);
sink(out); // $ hasTaintFlow
@@ -47,25 +56,25 @@ public class Test {
{
// "org.apache.http.client.utils;URIBuilder;true;setPath;(String);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
URIBuilder out = null;
String in = (String)source();
String in = (String) taint();
out.setPath(in);
sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
}
{
// "org.apache.http.client.utils;URIBuilder;true;setPathSegments;(List);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
URIBuilder out = null;
List in = (List)source();
List in = (List) taint();
out.setPathSegments(in);
sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
}
{
// "org.apache.http.client.utils;URLEncodedUtils;true;parse;(URI,String);;Argument[0];ReturnValue.Element;taint;ai-generated"
List out = null;
URI in = (URI)source();
out = URLEncodedUtils.parse(in, (String)null);
URI in = (URI) taint();
out = URLEncodedUtils.parse(in, (String) null);
sink(getElement(out)); // $ hasTaintFlow
}
}
}
}

1
java/ql/test/library-tests/frameworks/apache-http/client/options
View File

@@ -1 +0,0 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13

0
java/ql/test/library-tests/frameworks/apache-http/client/test.expected
View File

6
java/ql/test/library-tests/frameworks/apache-http/client/test.ext.yml
View File

@@ -1,6 +0,0 @@
extensions:
- addsTo:
pack: codeql/java-tests
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/apache-http/client/test.ql
View File

@@ -1,2 +0,0 @@
import java
import TestUtilities.InlineFlowTest

6
java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
extensible: summaryModel
data:
- ["generatedtest", "Client", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "taint", "manual"]

13
java/ql/test/query-tests/security/CWE-089/semmle/examples/controlledString.expected
View File

@@ -57,6 +57,7 @@
| good | 4 | Test.java:126:20:126:88 | "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=? ORDER BY PRICE" |
| good | 5 | Test.java:127:62:127:67 | query2 |
| good | 6 | Test.java:128:24:128:24 | 1 |
| source | 1 | mad/Test.java:11:16:11:19 | null |
| tableNames | 4 | Test.java:187:32:187:56 | "SELECT ITEM,PRICE FROM " |
| tableNames | 5 | Test.java:188:8:188:55 | " WHERE ITEM_CATEGORY='Biscuits' ORDER BY PRICE" |
| tableNames | 10 | Test.java:193:33:193:57 | "SELECT ITEM,PRICE FROM " |
@@ -97,6 +98,18 @@
| tainted | 58 | Test.java:87:8:87:15 | category |
| tainted | 58 | Test.java:87:19:87:36 | "' ORDER BY PRICE" |
| tainted | 59 | Test.java:88:47:88:52 | query1 |
| test | 3 | mad/Test.java:17:24:17:25 | "" |
| test | 3 | mad/Test.java:17:28:17:29 | "" |
| test | 3 | mad/Test.java:17:39:17:40 | "" |
| test | 4 | mad/Test.java:26:43:26:44 | "" |
| test | 4 | mad/Test.java:26:54:26:55 | "" |
| test | 5 | mad/Test.java:19:28:19:29 | "" |
| test | 5 | mad/Test.java:19:32:19:33 | "" |
| test | 13 | mad/Test.java:35:13:35:80 | updatePartitionColumnStatistics(...) |
| test | 13 | mad/Test.java:35:76:35:79 | null |
| test | 18 | mad/Test.java:40:34:40:37 | null |
| test | 18 | mad/Test.java:40:40:40:43 | null |
| test | 18 | mad/Test.java:40:46:40:49 | null |
| unescaped | 4 | Test.java:96:28:96:81 | "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" |
| unescaped | 5 | Test.java:97:23:97:40 | "' ORDER BY PRICE" |
| unescaped | 11 | Test.java:103:19:103:72 | "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" |

10
java/ql/test/query-tests/security/CWE-089/semmle/examples/mad/Test.java
View File

@@ -1,14 +1,20 @@
import java.sql.DatabaseMetaData;
import java.util.List;
import org.apache.hadoop.hive.metastore.api.ColumnStatistics;
import org.apache.hadoop.hive.metastore.api.DefaultConstraintsRequest;
import org.apache.hadoop.hive.metastore.ObjectStore;
import org.apache.hive.hcatalog.templeton.HcatDelegator;
import org.apache.hive.hcatalog.templeton.ColumnDesc;
public class Test {
public static Object source() {
return null;
}
public void test(DatabaseMetaData dmd) {
public void test(DatabaseMetaData dmd) throws Exception {
String taint = (String) source();
// java.sql;DatabaseMetaData;true;getColumns;(String,String,String,String);;Argument[2];sql;ai-generated
dmd.getCoolumns("", "", taint, ""); // $ sqlInjection
dmd.getColumns("", "", taint, ""); // $ sqlInjection
// java.sql;DatabaseMetaData;true;getPrimaryKeys;(String,String,String);;Argument[2];sql;ai-generated
dmd.getPrimaryKeys("", "", taint); // $ sqlInjection
}

8
java/ql/test/stubs/apache-http-4.4.13/org/apache/http/HttpEntity.java generated
View File

@@ -2,19 +2,19 @@
package org.apache.http;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import org.apache.http.Header;
public interface HttpEntity
{
Header getContentEncoding();
Header getContentType();
InputStream getContent();
InputStream getContent() throws IOException, IllegalStateException;
boolean isChunked();
boolean isRepeatable();
boolean isStreaming();
long getContentLength();
void consumeContent();
void writeTo(OutputStream p0);
void consumeContent() throws IOException;
void writeTo(OutputStream outstream) throws IOException;
}