Skip to content

Commit 0445509

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: update test cases and add stubs
1 parent 6890434 commit 0445509

File tree

116 files changed

+2332
-781
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

116 files changed

+2332
-781
lines changed

java/ql/test/query-tests/security/CWE-918/ApacheHttp5SSRF.java renamed to java/ql/test/query-tests/security/CWE-918/ApacheHttpSSRFVersion5.java

Lines changed: 10 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,24 @@
11
import java.io.IOException;
22
import java.net.URI;
3-
4-
import org.apache.hc.core5.http.HttpHost;
5-
import org.apache.hc.core5.http.Method;
6-
73
import javax.servlet.ServletException;
84
import javax.servlet.http.HttpServlet;
95
import javax.servlet.http.HttpServletRequest;
106
import javax.servlet.http.HttpServletResponse;
117

12-
// org.apache.hc.client5.http.async.methods
8+
import org.apache.hc.core5.http.HttpHost;
9+
import org.apache.hc.core5.http.Method;
10+
import org.apache.hc.core5.http.impl.bootstrap.HttpAsyncRequester;
11+
import org.apache.hc.core5.http.impl.io.DefaultClassicHttpRequestFactory;
12+
import org.apache.hc.core5.http.impl.nio.DefaultHttpRequestFactory;
13+
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
14+
import org.apache.hc.core5.http.message.BasicClassicHttpRequest;
15+
import org.apache.hc.core5.http.message.BasicHttpRequest;
16+
import org.apache.hc.core5.http.message.HttpRequestWrapper;
1317
import org.apache.hc.client5.http.async.methods.BasicHttpRequests;
1418
import org.apache.hc.client5.http.async.methods.ConfigurableHttpRequest;
1519
import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
1620
import org.apache.hc.client5.http.async.methods.SimpleHttpRequests;
1721
import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
18-
19-
// org.apache.hc.client5.http.classic.methods
2022
import org.apache.hc.client5.http.classic.methods.ClassicHttpRequests;
2123
import org.apache.hc.client5.http.classic.methods.HttpDelete;
2224
import org.apache.hc.client5.http.classic.methods.HttpGet;
@@ -27,21 +29,9 @@
2729
import org.apache.hc.client5.http.classic.methods.HttpPut;
2830
import org.apache.hc.client5.http.classic.methods.HttpTrace;
2931
import org.apache.hc.client5.http.classic.methods.HttpUriRequestBase;
30-
3132
import org.apache.hc.client5.http.fluent.Request;
3233

33-
import org.apache.hc.core5.http.impl.bootstrap.HttpAsyncRequester;
34-
import org.apache.hc.core5.http.impl.io.DefaultClassicHttpRequestFactory;
35-
import org.apache.hc.core5.http.impl.nio.DefaultHttpRequestFactory;
36-
37-
import org.apache.hc.core5.http.io.support.ClassicRequestBuilder;
38-
39-
import org.apache.hc.core5.http.message.BasicClassicHttpRequest;
40-
import org.apache.hc.core5.http.message.BasicHttpRequest;
41-
import org.apache.hc.core5.http.message.HttpRequestWrapper;
42-
43-
44-
public class ApacheHttp5SSRF extends HttpServlet {
34+
public class ApacheHttpSSRFVersion5 extends HttpServlet {
4535

4636
// org.apache.hc.client5.http.async.methods
4737
protected void doGet1(HttpServletRequest request, HttpServletResponse response)
@@ -309,7 +299,6 @@ protected void doGet4(HttpServletRequest request, HttpServletResponse response)
309299
HttpHost host = new HttpHost(hostSink);
310300

311301
// org.apache.hc.core5.http.impl.bootstrap
312-
//AsyncRequesterBootstrap asyncReq = new AsyncRequesterBootstrap();
313302
HttpAsyncRequester httpAsyncReq = new HttpAsyncRequester(null, null, null, null, null, null);
314303
httpAsyncReq.connect(host, null); // $ SSRF
315304
httpAsyncReq.connect(host, null, null, null); // $ SSRF

java/ql/test/query-tests/security/CWE-918/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5-TEMP/
1+
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/BasicHttpRequests.java

Lines changed: 42 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/ConfigurableHttpRequest.java

Lines changed: 21 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/SimpleBody.java

Lines changed: 16 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/SimpleHttpRequest.java

Lines changed: 36 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/SimpleHttpRequests.java

Lines changed: 42 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/async/methods/SimpleRequestBuilder.java

Lines changed: 80 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/classic/HttpClient.java

Lines changed: 22 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)