Add tests

atorralba · Stephan Brandauer · commit 8065714ebe1d · 2023-03-10T12:35:13.000+01:00
diff --git a/java/ql/test/library-tests/frameworks/apache-commons-compress/Test.java b/java/ql/test/library-tests/frameworks/apache-commons-compress/Test.java
@@ -0,0 +1,32 @@
+package generatedtest;
+
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() {
+		return null;
+	}
+
+	void sink(Object o) {}
+
+	public void test() throws Exception {
+		{
+			// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;TarArchiveEntry;(String);;Argument[0];Argument[-1];taint;ai-generated"
+			TarArchiveEntry out = null;
+			String in = (String) source();
+			out = new TarArchiveEntry(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;TarArchiveEntry;(String,boolean);;Argument[0];Argument[-1];taint;ai-generated"
+			TarArchiveEntry out = null;
+			String in = (String) source();
+			out = new TarArchiveEntry(in, false);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}
diff --git a/java/ql/test/library-tests/frameworks/apache-commons-compress/options b/java/ql/test/library-tests/frameworks/apache-commons-compress/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-compress
diff --git a/java/ql/test/library-tests/frameworks/apache-commons-compress/test.expected b/java/ql/test/library-tests/frameworks/apache-commons-compress/test.expected
diff --git a/java/ql/test/library-tests/frameworks/apache-commons-compress/test.ql b/java/ql/test/library-tests/frameworks/apache-commons-compress/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest
diff --git a/java/ql/test/library-tests/frameworks/apache-http/client/Test.java b/java/ql/test/library-tests/frameworks/apache-http/client/Test.java
@@ -0,0 +1,71 @@
+package generatedtest;
+
+import java.net.URI;
+import java.util.List;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.client.utils.URLEncodedUtils;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	<T> T getElement(Iterable<T> it) { return it.iterator().next(); }
+	Object getURIBuilder_pathDefault(Object container) { return null; }
+	Object source() { return null; }
+	void sink(Object o) { }
+
+	public void test() throws Exception {
+
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(String);;Argument[0];Argument[-1];taint;ai-generated"
+			URIBuilder out = null;
+			String in = (String)source();
+			out = new URIBuilder(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;URIBuilder;(URI);;Argument[0];Argument[-1];taint;ai-generated"
+			URIBuilder out = null;
+			URI in = (URI)source();
+			out = new URIBuilder(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];Argument[-1];taint;ai-generated"
+			URIBuilder out = null;
+			String in = (String)source();
+			out.setHost(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;setHost;(String);;Argument[0];ReturnValue;taint;ai-generated"
+			URIBuilder out = null;
+			String in = (String)source();
+			URIBuilder instance = null;
+			out = instance.setHost(in);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;setPath;(String);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
+			URIBuilder out = null;
+			String in = (String)source();
+			out.setPath(in);
+			sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URIBuilder;true;setPathSegments;(List);;Argument[0];Argument[-1].SyntheticField[org.apache.http.client.utils.URIBuilder.path];taint;ai-generated"
+			URIBuilder out = null;
+			List in = (List)source();
+			out.setPathSegments(in);
+			sink(getURIBuilder_pathDefault(out)); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.http.client.utils;URLEncodedUtils;true;parse;(URI,String);;Argument[0];ReturnValue.Element;taint;ai-generated"
+			List out = null;
+			URI in = (URI)source();
+			out = URLEncodedUtils.parse(in, (String)null);
+			sink(getElement(out)); // $ hasTaintFlow
+		}
+
+	}
+
+}
diff --git a/java/ql/test/library-tests/frameworks/apache-http/client/options b/java/ql/test/library-tests/frameworks/apache-http/client/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13
diff --git a/java/ql/test/library-tests/frameworks/apache-http/client/test.expected b/java/ql/test/library-tests/frameworks/apache-http/client/test.expected
diff --git a/java/ql/test/library-tests/frameworks/apache-http/client/test.ext.yml b/java/ql/test/library-tests/frameworks/apache-http/client/test.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: summaryModel
+    data:
+      - ["generatedtest", "Test", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "value", "manual"]
diff --git a/java/ql/test/library-tests/frameworks/apache-http/client/test.ql b/java/ql/test/library-tests/frameworks/apache-http/client/test.ql
@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest
diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java
@@ -101,9 +101,4 @@ void doGet5(InetAddress address)
 		new File(new URI(null, null, null, 0, t, null, null));
 	}
 
-	void doGet6(InetAddress address) throws IOException {
-		String t = address.getHostName();
-		// BAD: accessing local resource with user input
-		getClass().getModule().getResourceAsStream(t);
-	}
 }
diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java
@@ -0,0 +1,34 @@
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URL;
+import org.codehaus.cargo.container.installer.ZipURLInstaller;
+
+public class Test {
+
+    void test(InetAddress address) throws IOException {
+        String t = address.getHostName();
+        // "java.lang;Module;true;getResourceAsStream;(String);;Argument[0];read-file;ai-generated"
+        getClass().getModule().getResourceAsStream(t);
+        // "java.lang;Class;false;getResource;(String);;Argument[0];read-file;ai-generated"
+        getClass().getResource(t);
+        // "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
+        ClassLoader.getSystemResource(t);
+        // "java.io;File;true;createTempFile;(String,String,File);;Argument[2];create-file;ai-generated"
+        File.createTempFile(";", t);
+        // "java.io;File;true;renameTo;(File);;Argument[0];create-file;ai-generated"
+        new File("").renameTo((File) t);
+        // "java.io;FileInputStream;true;FileInputStream;(File);;Argument[0];read-file;ai-generated"
+        new FileInputStream((File) t);
+        // "java.io;FileReader;true;FileReader;(File);;Argument[0];read-file;ai-generated"
+        new FileReader((File) t);
+        // "java.io;FileReader;true;FileReader;(String);;Argument[0];read-file;ai-generated"
+        new FileReader(t);
+        // "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[1];create-file;ai-generated"
+        new ZipURLInstaller((URL) null, t, "");
+        // "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[2];create-file;ai-generated"
+        new ZipURLInstaller((URL) null, "", t);
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hive.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hive.java
diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/mad/Test.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/mad/Test.java
@@ -0,0 +1,37 @@
+import java.sql.DatabaseMetaData;
+
+public class Test {
+    public static Object source() {
+        return null;
+    }
+
+    public void test(DatabaseMetaData dmd) {
+        String taint = (String) source();
+        // java.sql;DatabaseMetaData;true;getColumns;(String,String,String,String);;Argument[2];sql;ai-generated
+        dmd.getCoolumns("", "", taint, ""); // $ sqlInjection
+        // java.sql;DatabaseMetaData;true;getPrimaryKeys;(String,String,String);;Argument[2];sql;ai-generated
+        dmd.getPrimaryKeys("", "", taint); // $ sqlInjection
+    }
+
+    public void test(ObjectStore objStore, HcatDelegator hcatDel) throws Exception {
+        {
+            String taint = (String) source();
+            // "org.apache.hadoop.hive.metastore.api;DefaultConstraintsRequest;true;DefaultConstraintsRequest;(String,String,String);;Argument[1];sql;ai-generated"
+            new DefaultConstraintsRequest("", taint, ""); // $ sqlInjection
+        }
+        {
+            ColumnStatistics taint = (ColumnStatistics) source();
+            // "org.apache.hadoop.hive.metastore;ObjectStore;true;updatePartitionColumnStatistics;(ColumnStatistics,List,String,long);;Argument[0];sql;ai-generated"
+            // @formatter:off
+            // objStore.updatePartitionColumnStatistics(taint, (List<String>) null, (String) null, 0L); // $ sqlInjection
+            // @formatter:on
+            // "org.apache.hadoop.hive.metastore;ObjectStore;true;updatePartitionColumnStatistics;(ColumnStatistics,List);;Argument[0];sql;ai-generated"
+            objStore.updatePartitionColumnStatistics(taint, (List<String>) null); // $ sqlInjection
+        }
+        {
+            ColumnDesc taint = (ColumnDesc) source();
+            // "org.apache.hive.hcatalog.templeton;HcatDelegator;true;addOneColumn;(String,String,String,ColumnDesc);;Argument[3];sql;ai-generated"
+            hcatDel.addOneColumn(null, null, null, taint); // $ sqlInjection
+        }
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-918/mad/Test.java b/java/ql/test/query-tests/security/CWE-918/mad/Test.java
@@ -0,0 +1,22 @@
+import javax.servlet.http.HttpServletRequest;
+import javafx.scene.web.WebEngine;
+import org.codehaus.cargo.container.installer.ZipURLInstaller;
+
+public class Test {
+
+    public static Object source(HttpServletRequest request) {
+        return request.getParameter(null);
+    }
+
+    public void test(WebEngine webEngine) {
+        String taint = source(null);
+        // "javafx.scene.web;WebEngine;false;load;(String);;Argument[0];open-url;ai-generated"
+        webEngine.load(taint); // $ SSRF
+    }
+
+    public void test() {
+        // "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[0];open-url:ai-generated"
+        new ZipURLInstaller((URL) source(), "", ""); // $ SSRF
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-compress`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+import java`
	`2`	`+import TestUtilities.InlineFlowTest`
Original file line number	Diff line number	Diff line change
`@@ -101,9 +101,4 @@ void doGet5(InetAddress address)`
`101`	`101`	`new File(new URI(null, null, null, 0, t, null, null));`
`102`	`102`	`}`
`103`	`103`
`104`		`- void doGet6(InetAddress address) throws IOException {`
`105`		`- String t = address.getHostName();`
`106`		`- // BAD: accessing local resource with user input`
`107`		`- getClass().getModule().getResourceAsStream(t);`
`108`		`- }`
`109`	`104`	`}`