[TEST] Java: UnsafeCertTrust: convert test to qlref

Author: d10c

java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.expected

@@ -0,0 +1,13 @@
+| UnsafeCertTrustTest.java:24:3:24:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:25:3:25:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:26:3:26:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:35:3:35:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:36:3:36:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:37:3:37:11 | sslEngine | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:64:3:64:8 | socket | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:74:3:74:8 | socket | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:84:3:84:8 | socket | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:91:3:91:8 | socket | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:141:3:141:8 | socket | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:153:4:153:60 | useSslProtocol(...) | Unsafe configuration of trusted certificates. |
+| UnsafeCertTrustTest.java:157:4:157:70 | setSslContextFactory(...) | Unsafe configuration of trusted certificates. |

java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.java

@@ -21,9 +21,9 @@ public void testSSLEngineEndpointIdSetNull() throws Exception {
 		SSLParameters sslParameters = sslEngine.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm(null);
 		sslEngine.setSSLParameters(sslParameters);
-		sslEngine.beginHandshake(); // $hasUnsafeCertTrust
-		sslEngine.wrap(new ByteBuffer[] {}, null); // $hasUnsafeCertTrust
-		sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
+		sslEngine.beginHandshake(); // $ Alert
+		sslEngine.wrap(new ByteBuffer[] {}, null); // $ Alert
+		sslEngine.unwrap(null, null, 0, 0); // $ Alert
 	}
 
 	public void testSSLEngineEndpointIdSetEmpty() throws Exception {
@@ -32,9 +32,9 @@ public void testSSLEngineEndpointIdSetEmpty() throws Exception {
 		SSLParameters sslParameters = sslEngine.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("");
 		sslEngine.setSSLParameters(sslParameters);
-		sslEngine.beginHandshake(); // $hasUnsafeCertTrust
-		sslEngine.wrap(new ByteBuffer[] {}, null); // $hasUnsafeCertTrust
-		sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
+		sslEngine.beginHandshake(); // $ Alert
+		sslEngine.wrap(new ByteBuffer[] {}, null); // $ Alert
+		sslEngine.unwrap(null, null, 0, 0); // $ Alert
 	}
 
 	public void testSSLEngineEndpointIdSafe() throws Exception {
@@ -61,7 +61,7 @@ public void testSSLSocketEndpointIdNotSet() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
 		SSLSocket socket = (SSLSocket) socketFactory.createSocket();
-		socket.getOutputStream(); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $ Alert
 	}
 
 	public void testSSLSocketEndpointIdSetNull() throws Exception {
@@ -71,7 +71,7 @@ public void testSSLSocketEndpointIdSetNull() throws Exception {
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm(null);
 		socket.setSSLParameters(sslParameters);
-		socket.getOutputStream(); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $ Alert
 	}
 
 	public void testSSLSocketEndpointIdSetEmpty() throws Exception {
@@ -81,14 +81,14 @@ public void testSSLSocketEndpointIdSetEmpty() throws Exception {
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("");
 		socket.setSSLParameters(sslParameters);
-		socket.getOutputStream(); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $ Alert
 	}
 
 	public void testSSLSocketEndpointIdAfterConnecting() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
 		SSLSocket socket = (SSLSocket) socketFactory.createSocket();
-		socket.getOutputStream(); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $ Alert
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 		socket.setSSLParameters(sslParameters);
@@ -138,7 +138,7 @@ public void testSSLSocketEndpointIdSafeWithSanitizerInCast(boolean safe) throws
 		SSLParameters sslParameters = sslSocket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 		sslSocket.setSSLParameters(sslParameters);
-		socket.getOutputStream(); // $ SPURIOUS: hasUnsafeCertTrust
+		socket.getOutputStream(); // $ SPURIOUS: Alert
 	}
 
 	public void testSocketEndpointIdNotSet() throws Exception {
@@ -150,11 +150,11 @@ public void testSocketEndpointIdNotSet() throws Exception {
 	public void testRabbitMQFactoryEnableHostnameVerificationNotSet() throws Exception {
 		{
 			ConnectionFactory connectionFactory = new ConnectionFactory();
-			connectionFactory.useSslProtocol(SSLContext.getDefault()); // $hasUnsafeCertTrust
+			connectionFactory.useSslProtocol(SSLContext.getDefault()); // $ Alert
 		}
 		{
 			ConnectionFactory connectionFactory = new ConnectionFactory();
-			connectionFactory.setSslContextFactory(new TestSslContextFactory()); // $hasUnsafeCertTrust
+			connectionFactory.setSslContextFactory(new TestSslContextFactory()); // $ Alert
 		}
 	}
 

java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.ql

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-273/UnsafeCertTrust.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql