Skip to content

Commit 4e93330

Browse files
atorralbaatorralba
committed
Improved tests
Note that a FN test case was added
1 parent 0640b41 commit 4e93330

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

java/ql/test/query-tests/security/CWE-807/semmle/tests/ConditionalBypassTest.java

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,6 @@ public static void test(String user, String password) {
5757
if (adminCookie.getValue() == "false")
5858
login(user, password);
5959
else {
60-
// do something else
6160
login(user, password);
6261
}
6362
}
@@ -69,17 +68,19 @@ public static void test2(String user, String password) {
6968
login(user, password);
7069
else {
7170
// do something else
71+
doIt();
7272
}
7373
login(user, password);
7474
}
7575

7676
public static void test3(String user, String password) {
7777
Cookie adminCookie = getCookies()[0];
78+
// BAD: login may not happen
7879
if (adminCookie.getValue() == "false") // $ hasConditionalBypassTest
7980
login(user, password);
8081
else {
8182
// do something else
82-
// BAD: login may not happen
83+
doIt();
8384
}
8485
return;
8586
}
@@ -97,6 +98,37 @@ public static void test4(String user, String password) {
9798
return;
9899
}
99100

101+
public static void test5(String user, String password) throws Exception {
102+
Cookie adminCookie = getCookies()[0];
103+
// GOOD: exit with Exception if condition is not met
104+
if (adminCookie.getValue() == "false") {
105+
throw new Exception();
106+
}
107+
108+
login(user, password);
109+
}
110+
111+
public static void test6(String user, String password) {
112+
Cookie adminCookie = getCookies()[0];
113+
// GOOD: exit with return if condition is not met
114+
if (adminCookie.getValue() == "false") {
115+
return;
116+
}
117+
118+
login(user, password);
119+
}
120+
121+
public static void test7(String user, String password) {
122+
Cookie adminCookie = getCookies()[0];
123+
// FALSE NEGATIVE: login is bypasseable
124+
if (adminCookie.getValue() == "false") { // $ MISSING: $ hasConditionalBypassTest
125+
login(user, password);
126+
return;
127+
} else {
128+
doIt();
129+
}
130+
}
131+
100132
public static void login(String user, String password) {
101133
// login
102134
}

java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,6 @@ edges
33
nodes
44
| TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | semmle.label | getParameter(...) : String |
55
| TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | semmle.label | ... + ... |
6+
subpaths
67
#select
78
| TaintedPermissionsCheckTest.java:15:7:15:54 | isPermitted(...) | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) : String | TaintedPermissionsCheckTest.java:15:27:15:53 | ... + ... | Permissions check uses user-controlled $@. | TaintedPermissionsCheckTest.java:12:19:12:48 | getParameter(...) | data |

0 commit comments

Comments
 (0)