Java: convert XsltInjection test to .qlref

Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.

Author: d10c

java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.expected renamed to java/ql/test/query-tests/security/CWE-074/JndiInjection/JndiInjectionTest.expected

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/shiro-core-1.5.2:${testdir}/../../../../stubs/spring-ldap-2.3.2:${testdir}/../../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../../stubs/apache-commons-logging-1.2

java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.java renamed to java/ql/test/query-tests/security/CWE-074/JndiInjection/JndiInjectionTest.java

@@ -27,91 +27,91 @@
 @Controller
 public class XsltInjectionTest {
   public void testStreamSourceInputStream(Socket socket) throws Exception {
-    StreamSource source = new StreamSource(socket.getInputStream());
-    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $hasXsltInjection
+    StreamSource source = new StreamSource(socket.getInputStream()); // $ Source
+    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testStreamSourceReader(Socket socket) throws Exception {
-    StreamSource source = new StreamSource(new InputStreamReader(socket.getInputStream()));
-    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $hasXsltInjection
+    StreamSource source = new StreamSource(new InputStreamReader(socket.getInputStream())); // $ Source
+    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $ Alert
   }
 
   @RequestMapping
-  public void testStreamSourceInjectedParam(@RequestParam String param) throws Exception {
+  public void testStreamSourceInjectedParam(@RequestParam String param) throws Exception { // $ Source
     String xslt = "<xsl:stylesheet [...]" + param + "</xsl:stylesheet>";
     StreamSource source = new StreamSource(new StringReader(xslt));
-    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $hasXsltInjection
+    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testSAXSourceInputStream(Socket socket) throws Exception {
-    SAXSource source = new SAXSource(new InputSource(socket.getInputStream()));
-    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $hasXsltInjection
+    SAXSource source = new SAXSource(new InputSource(socket.getInputStream())); // $ Source
+    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $ Alert
   }
 
   public void testSAXSourceReader(Socket socket) throws Exception {
     SAXSource source =
-        new SAXSource(null, new InputSource(new InputStreamReader(socket.getInputStream())));
-    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $hasXsltInjection
+        new SAXSource(null, new InputSource(new InputStreamReader(socket.getInputStream()))); // $ Source
+    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testStAXSourceEventReader(Socket socket) throws Exception {
     StAXSource source =
-        new StAXSource(XMLInputFactory.newInstance().createXMLEventReader(socket.getInputStream()));
-    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $hasXsltInjection
+        new StAXSource(XMLInputFactory.newInstance().createXMLEventReader(socket.getInputStream())); // $ Source
+    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testStAXSourceEventStream(Socket socket) throws Exception {
     StAXSource source = new StAXSource(XMLInputFactory.newInstance().createXMLStreamReader(null,
-        new InputStreamReader(socket.getInputStream())));
-    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $hasXsltInjection
+        new InputStreamReader(socket.getInputStream()))); // $ Source
+    TransformerFactory.newInstance().newTemplates(source).newTransformer().transform(null, null); // $ Alert
   }
 
   public void testDOMSource(Socket socket) throws Exception {
     DOMSource source = new DOMSource(
-        DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(socket.getInputStream()));
-    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $hasXsltInjection
+        DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(socket.getInputStream())); // $ Source
+    TransformerFactory.newInstance().newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testDisabledXXE(Socket socket) throws Exception {
-    StreamSource source = new StreamSource(socket.getInputStream());
+    StreamSource source = new StreamSource(socket.getInputStream()); // $ Source
     TransformerFactory factory = TransformerFactory.newInstance();
     factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
     factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
-    factory.newTransformer(source).transform(null, null); // $hasXsltInjection
+    factory.newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testFeatureSecureProcessingDisabled(Socket socket) throws Exception {
-    StreamSource source = new StreamSource(socket.getInputStream());
+    StreamSource source = new StreamSource(socket.getInputStream()); // $ Source
     TransformerFactory factory = TransformerFactory.newInstance();
     factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
-    factory.newTransformer(source).transform(null, null); // $hasXsltInjection
+    factory.newTransformer(source).transform(null, null); // $ Alert
   }
 
   public void testSaxon(Socket socket) throws Exception {
-    StreamSource source = new StreamSource(socket.getInputStream());
+    StreamSource source = new StreamSource(socket.getInputStream()); // $ Source
     XsltCompiler compiler = new Processor(true).newXsltCompiler();
 
-    compiler.compile(source).load().transform(); // $hasXsltInjection
-    compiler.compile(source).load30().transform(null, null); // $hasXsltInjection
-    compiler.compile(source).load30().applyTemplates((Source) null); // $hasXsltInjection
-    compiler.compile(source).load30().applyTemplates((Source) null, null); // $hasXsltInjection
-    compiler.compile(source).load30().applyTemplates((XdmValue) null); // $hasXsltInjection
-    compiler.compile(source).load30().applyTemplates((XdmValue) null, null); // $hasXsltInjection
-    compiler.compile(source).load30().callFunction(null, null); // $hasXsltInjection
-    compiler.compile(source).load30().callFunction(null, null, null); // $hasXsltInjection
-    compiler.compile(source).load30().callTemplate(null); // $hasXsltInjection
-    compiler.compile(source).load30().callTemplate(null, null); // $hasXsltInjection
+    compiler.compile(source).load().transform(); // $ Alert
+    compiler.compile(source).load30().transform(null, null); // $ Alert
+    compiler.compile(source).load30().applyTemplates((Source) null); // $ Alert
+    compiler.compile(source).load30().applyTemplates((Source) null, null); // $ Alert
+    compiler.compile(source).load30().applyTemplates((XdmValue) null); // $ Alert
+    compiler.compile(source).load30().applyTemplates((XdmValue) null, null); // $ Alert
+    compiler.compile(source).load30().callFunction(null, null); // $ Alert
+    compiler.compile(source).load30().callFunction(null, null, null); // $ Alert
+    compiler.compile(source).load30().callTemplate(null); // $ Alert
+    compiler.compile(source).load30().callTemplate(null, null); // $ Alert
   }
 
   @RequestMapping
-  public void testSaxonXsltPackage(@RequestParam String param, Socket socket) throws Exception {
+  public void testSaxonXsltPackage(@RequestParam String param, Socket socket) throws Exception { // $ Source
     URI uri = new URI(param);
-    StreamSource source = new StreamSource(socket.getInputStream());
+    StreamSource source = new StreamSource(socket.getInputStream()); // $ Source
     XsltCompiler compiler = new Processor(true).newXsltCompiler();
 
-    compiler.loadExecutablePackage(uri).load().transform(); // $hasXsltInjection
-    compiler.compilePackage(source).link().load().transform(); // $hasXsltInjection
-    compiler.loadLibraryPackage(uri).link().load().transform(); // $hasXsltInjection
+    compiler.loadExecutablePackage(uri).load().transform(); // $ Alert
+    compiler.compilePackage(source).link().load().transform(); // $ Alert
+    compiler.loadLibraryPackage(uri).link().load().transform(); // $ Alert
   }
 
   public void testOkFeatureSecureProcessing(Socket socket) throws Exception {

java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.qlref renamed to java/ql/test/query-tests/security/CWE-074/JndiInjection/JndiInjectionTest.qlref

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-074/XsltInjection.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

java/ql/test/query-tests/security/CWE-074/JndiInjection/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/shiro-core-1.5.2:${testdir}/../../../../stubs/spring-ldap-2.3.2:${testdir}/../../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../../stubs/apache-commons-logging-1.2