Java: add tests for org.apache.hc.client5.http.async.methods.model.yml; resolve conflicts

Jami Cogswell · Jami Cogswell · commit 2a23f8766ee8 · 2023-04-13T09:12:54.000-04:00
diff --git a/java/ql/test/query-tests/security/CWE-918/ApacheHttpSSRF.java b/java/ql/test/query-tests/security/CWE-918/ApacheHttpSSRF.java
@@ -18,9 +18,18 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+// version 5-related imports
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.Method;
+import org.apache.hc.client5.http.async.methods.BasicHttpRequests;
+import org.apache.hc.client5.http.async.methods.ConfigurableHttpRequest;
+import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
+import org.apache.hc.client5.http.async.methods.SimpleHttpRequests;
+import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
+
 public class ApacheHttpSSRF extends HttpServlet {
 
-    protected void doGet(HttpServletRequest request, HttpServletResponse response)
+    protected void doGet0(HttpServletRequest request, HttpServletResponse response)
             throws ServletException, IOException {
         try {
 
@@ -61,4 +70,143 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
             // TODO: handle exception
         }
     }
+
+    // org.apache.hc.client5.http.async.methods
+    protected void doGet1(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        try {
+
+            String uriSink = request.getParameter("uri");
+            URI uri = new URI(uriSink);
+
+            String hostSink = request.getParameter("host");
+            HttpHost host = new HttpHost(hostSink);
+
+            // org.apache.hc.client5.http.async.methods.BasicHttpRequests
+            BasicHttpRequests.create(Method.CONNECT, host, "path"); // $ SSRF
+            BasicHttpRequests.create(Method.CONNECT, uri.toString()); // $ SSRF
+            BasicHttpRequests.create(Method.CONNECT, uri); // $ SSRF
+            BasicHttpRequests.create("method", uri.toString()); // $ SSRF
+            BasicHttpRequests.create("method", uri); // $ SSRF
+
+            BasicHttpRequests.delete(host, "path"); // $ SSRF
+            BasicHttpRequests.delete(uri.toString()); // $ SSRF
+            BasicHttpRequests.delete(uri); // $ SSRF
+
+            BasicHttpRequests.get(host, "path"); // $ SSRF
+            BasicHttpRequests.get(uri.toString()); // $ SSRF
+            BasicHttpRequests.get(uri); // $ SSRF
+
+            BasicHttpRequests.head(host, "path"); // $ SSRF
+            BasicHttpRequests.head(uri.toString()); // $ SSRF
+            BasicHttpRequests.head(uri); // $ SSRF
+
+            BasicHttpRequests.options(host, "path"); // $ SSRF
+            BasicHttpRequests.options(uri.toString()); // $ SSRF
+            BasicHttpRequests.options(uri); // $ SSRF
+
+            BasicHttpRequests.patch(host, "path"); // $ SSRF
+            BasicHttpRequests.patch(uri.toString()); // $ SSRF
+            BasicHttpRequests.patch(uri); // $ SSRF
+
+            BasicHttpRequests.post(host, "path"); // $ SSRF
+            BasicHttpRequests.post(uri.toString()); // $ SSRF
+            BasicHttpRequests.post(uri); // $ SSRF
+
+            BasicHttpRequests.put(host, "path"); // $ SSRF
+            BasicHttpRequests.put(uri.toString()); // $ SSRF
+            BasicHttpRequests.put(uri); // $ SSRF
+
+            BasicHttpRequests.trace(host, "path"); // $ SSRF
+            BasicHttpRequests.trace(uri.toString()); // $ SSRF
+            BasicHttpRequests.trace(uri); // $ SSRF
+
+            // org.apache.hc.client5.http.async.methods.ConfigurableHttpRequest
+            new ConfigurableHttpRequest("method", host, "path"); // $ SSRF
+            new ConfigurableHttpRequest("method", uri); // $ SSRF
+
+            // org.apache.hc.client5.http.async.methods.SimpleHttpRequest
+            new SimpleHttpRequest(Method.CONNECT, host, "path"); // $ SSRF
+            new SimpleHttpRequest(Method.CONNECT, uri); // $ SSRF
+            new SimpleHttpRequest("method", host, "path"); // $ SSRF
+            new SimpleHttpRequest("method", uri); // $ SSRF
+
+            SimpleHttpRequest.create(Method.CONNECT, host, "path"); // $ SSRF
+            SimpleHttpRequest.create(Method.CONNECT, uri); // $ SSRF
+            SimpleHttpRequest.create("method", uri.toString()); // $ SSRF
+            SimpleHttpRequest.create("method", uri); // $ SSRF
+
+            // org.apache.hc.client5.http.async.methods.SimpleHttpRequests
+            SimpleHttpRequests.create(Method.CONNECT, host, "path"); // $ SSRF
+            SimpleHttpRequests.create(Method.CONNECT, uri.toString()); // $ SSRF
+            SimpleHttpRequests.create(Method.CONNECT, uri); // $ SSRF
+            SimpleHttpRequests.create("method", uri.toString()); // $ SSRF
+            SimpleHttpRequests.create("method", uri); // $ SSRF
+
+            SimpleHttpRequests.delete(host, "path"); // $ SSRF
+            SimpleHttpRequests.delete(uri.toString()); // $ SSRF
+            SimpleHttpRequests.delete(uri); // $ SSRF
+
+            SimpleHttpRequests.get(host, "path"); // $ SSRF
+            SimpleHttpRequests.get(uri.toString()); // $ SSRF
+            SimpleHttpRequests.get(uri); // $ SSRF
+
+            SimpleHttpRequests.head(host, "path"); // $ SSRF
+            SimpleHttpRequests.head(uri.toString()); // $ SSRF
+            SimpleHttpRequests.head(uri); // $ SSRF
+
+            SimpleHttpRequests.options(host, "path"); // $ SSRF
+            SimpleHttpRequests.options(uri.toString()); // $ SSRF
+            SimpleHttpRequests.options(uri); // $ SSRF
+
+            SimpleHttpRequests.patch(host, "path"); // $ SSRF
+            SimpleHttpRequests.patch(uri.toString()); // $ SSRF
+            SimpleHttpRequests.patch(uri); // $ SSRF
+
+            SimpleHttpRequests.post(host, "path"); // $ SSRF
+            SimpleHttpRequests.post(uri.toString()); // $ SSRF
+            SimpleHttpRequests.post(uri); // $ SSRF
+
+            SimpleHttpRequests.put(host, "path"); // $ SSRF
+            SimpleHttpRequests.put(uri.toString()); // $ SSRF
+            SimpleHttpRequests.put(uri); // $ SSRF
+
+            SimpleHttpRequests.trace(host, "path"); // $ SSRF
+            SimpleHttpRequests.trace(uri.toString()); // $ SSRF
+            SimpleHttpRequests.trace(uri); // $ SSRF
+
+            // org.apache.hc.client5.http.async.methods.SimpleRequestBuilder
+            SimpleRequestBuilder.delete(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.delete(uri); // $ SSRF
+
+            SimpleRequestBuilder.get(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.get(uri); // $ SSRF
+
+            SimpleRequestBuilder.head(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.head(uri); // $ SSRF
+
+            SimpleRequestBuilder.options(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.options(uri); // $ SSRF
+
+            SimpleRequestBuilder.patch(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.patch(uri); // $ SSRF
+
+            SimpleRequestBuilder.post(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.post(uri); // $ SSRF
+
+            SimpleRequestBuilder.put(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.put(uri); // $ SSRF
+
+            SimpleRequestBuilder.get().setHttpHost(host); // $ SSRF
+
+            SimpleRequestBuilder.get().setUri(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.get().setUri(uri); // $ SSRF
+
+            SimpleRequestBuilder.trace(uri.toString()); // $ SSRF
+            SimpleRequestBuilder.trace(uri); // $ SSRF
+
+        } catch (Exception e) {
+            // TODO: handle exception
+        }
+    }
 }
diff --git a/java/ql/test/query-tests/security/CWE-918/options b/java/ql/test/query-tests/security/CWE-918/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang
+//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5-TEMP/

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang
	`1`	+//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5-TEMP/