Skip to content

Commit 7f33f57

Browse files
d10cd10c
committed
Java: convert UrlForward test to .qlref
1 parent bf1a699 commit 7f33f57

File tree

4 files changed

+172
-45
lines changed

4 files changed

+172
-45
lines changed

java/ql/test/query-tests/security/CWE-552/UrlForwardTest.expected

Lines changed: 127 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,127 @@
1+
#select
2+
| UrlForwardTest.java:29:27:29:29 | url | UrlForwardTest.java:28:27:28:36 | url : String | UrlForwardTest.java:29:27:29:29 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:28:27:28:36 | url | user-provided value |
3+
| UrlForwardTest.java:35:28:35:30 | url | UrlForwardTest.java:33:27:33:36 | url : String | UrlForwardTest.java:35:28:35:30 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:33:27:33:36 | url | user-provided value |
4+
| UrlForwardTest.java:42:23:42:25 | url | UrlForwardTest.java:41:21:41:30 | url : String | UrlForwardTest.java:42:23:42:25 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:41:21:41:30 | url | user-provided value |
5+
| UrlForwardTest.java:47:48:47:63 | ... + ... | UrlForwardTest.java:46:27:46:36 | url : String | UrlForwardTest.java:47:48:47:63 | ... + ... | Untrusted URL forward depends on a $@. | UrlForwardTest.java:46:27:46:36 | url | user-provided value |
6+
| UrlForwardTest.java:47:61:47:63 | url | UrlForwardTest.java:46:27:46:36 | url : String | UrlForwardTest.java:47:61:47:63 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:46:27:46:36 | url | user-provided value |
7+
| UrlForwardTest.java:63:33:63:35 | url | UrlForwardTest.java:61:19:61:28 | url : String | UrlForwardTest.java:63:33:63:35 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:61:19:61:28 | url | user-provided value |
8+
| UrlForwardTest.java:74:33:74:62 | ... + ... | UrlForwardTest.java:72:19:72:28 | url : String | UrlForwardTest.java:74:33:74:62 | ... + ... | Untrusted URL forward depends on a $@. | UrlForwardTest.java:72:19:72:28 | url | user-provided value |
9+
| UrlForwardTest.java:85:33:85:62 | ... + ... | UrlForwardTest.java:83:19:83:28 | url : String | UrlForwardTest.java:85:33:85:62 | ... + ... | Untrusted URL forward depends on a $@. | UrlForwardTest.java:83:19:83:28 | url | user-provided value |
10+
| UrlForwardTest.java:109:33:109:35 | url | UrlForwardTest.java:106:19:106:32 | urlPath : String | UrlForwardTest.java:109:33:109:35 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:106:19:106:32 | urlPath | user-provided value |
11+
| UrlForwardTest.java:148:33:148:36 | path | UrlForwardTest.java:145:17:145:63 | getServletPath(...) : String | UrlForwardTest.java:148:33:148:36 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:145:17:145:63 | getServletPath(...) | user-provided value |
12+
| UrlForwardTest.java:161:33:161:36 | path | UrlForwardTest.java:158:17:158:63 | getServletPath(...) : String | UrlForwardTest.java:161:33:161:36 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:158:17:158:63 | getServletPath(...) | user-provided value |
13+
| UrlForwardTest.java:193:51:193:59 | returnURL | UrlForwardTest.java:184:22:184:54 | getParameter(...) : String | UrlForwardTest.java:193:51:193:59 | returnURL | Untrusted URL forward depends on a $@. | UrlForwardTest.java:184:22:184:54 | getParameter(...) | user-provided value |
14+
| UrlForwardTest.java:209:56:209:64 | returnURL | UrlForwardTest.java:203:22:203:54 | getParameter(...) : String | UrlForwardTest.java:209:56:209:64 | returnURL | Untrusted URL forward depends on a $@. | UrlForwardTest.java:203:22:203:54 | getParameter(...) | user-provided value |
15+
| UrlForwardTest.java:236:53:236:56 | path | UrlForwardTest.java:232:17:232:44 | getParameter(...) : String | UrlForwardTest.java:236:53:236:56 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:232:17:232:44 | getParameter(...) | user-provided value |
16+
| UrlForwardTest.java:247:53:247:56 | path | UrlForwardTest.java:244:17:244:44 | getParameter(...) : String | UrlForwardTest.java:247:53:247:56 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:244:17:244:44 | getParameter(...) | user-provided value |
17+
| UrlForwardTest.java:261:53:261:76 | toString(...) | UrlForwardTest.java:255:17:255:44 | getParameter(...) : String | UrlForwardTest.java:261:53:261:76 | toString(...) | Untrusted URL forward depends on a $@. | UrlForwardTest.java:255:17:255:44 | getParameter(...) | user-provided value |
18+
| UrlForwardTest.java:273:53:273:76 | toString(...) | UrlForwardTest.java:268:17:268:44 | getParameter(...) : String | UrlForwardTest.java:273:53:273:76 | toString(...) | Untrusted URL forward depends on a $@. | UrlForwardTest.java:268:17:268:44 | getParameter(...) | user-provided value |
19+
| UrlForwardTest.java:284:53:284:56 | path | UrlForwardTest.java:280:17:280:44 | getParameter(...) : String | UrlForwardTest.java:284:53:284:56 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:280:17:280:44 | getParameter(...) | user-provided value |
20+
| UrlForwardTest.java:322:54:322:57 | path | UrlForwardTest.java:319:17:319:44 | getParameter(...) : String | UrlForwardTest.java:322:54:322:57 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:319:17:319:44 | getParameter(...) | user-provided value |
21+
| UrlForwardTest.java:365:53:365:56 | path | UrlForwardTest.java:355:17:355:44 | getParameter(...) : String | UrlForwardTest.java:365:53:365:56 | path | Untrusted URL forward depends on a $@. | UrlForwardTest.java:355:17:355:44 | getParameter(...) | user-provided value |
22+
| UrlForwardTest.java:372:20:372:22 | url | UrlForwardTest.java:371:16:371:41 | getParameter(...) : String | UrlForwardTest.java:372:20:372:22 | url | Untrusted URL forward depends on a $@. | UrlForwardTest.java:371:16:371:41 | getParameter(...) | user-provided value |
23+
| UrlForwardTest.java:384:27:384:56 | getParameter(...) | UrlForwardTest.java:384:27:384:56 | getParameter(...) | UrlForwardTest.java:384:27:384:56 | getParameter(...) | Untrusted URL forward depends on a $@. | UrlForwardTest.java:384:27:384:56 | getParameter(...) | user-provided value |
24+
edges
25+
| UrlForwardTest.java:28:27:28:36 | url : String | UrlForwardTest.java:29:27:29:29 | url | provenance | Sink:MaD:4 |
26+
| UrlForwardTest.java:33:27:33:36 | url : String | UrlForwardTest.java:35:28:35:30 | url | provenance | Sink:MaD:5 |
27+
| UrlForwardTest.java:41:21:41:30 | url : String | UrlForwardTest.java:42:23:42:25 | url | provenance | |
28+
| UrlForwardTest.java:46:27:46:36 | url : String | UrlForwardTest.java:47:48:47:63 | ... + ... | provenance | Sink:MaD:4 |
29+
| UrlForwardTest.java:46:27:46:36 | url : String | UrlForwardTest.java:47:61:47:63 | url | provenance | |
30+
| UrlForwardTest.java:61:19:61:28 | url : String | UrlForwardTest.java:63:33:63:35 | url | provenance | Sink:MaD:2 |
31+
| UrlForwardTest.java:72:19:72:28 | url : String | UrlForwardTest.java:74:33:74:62 | ... + ... | provenance | Sink:MaD:2 |
32+
| UrlForwardTest.java:83:19:83:28 | url : String | UrlForwardTest.java:85:33:85:62 | ... + ... | provenance | Sink:MaD:2 |
33+
| UrlForwardTest.java:106:19:106:32 | urlPath : String | UrlForwardTest.java:109:33:109:35 | url | provenance | Sink:MaD:2 |
34+
| UrlForwardTest.java:145:17:145:63 | getServletPath(...) : String | UrlForwardTest.java:148:33:148:36 | path | provenance | Src:MaD:6 Sink:MaD:2 |
35+
| UrlForwardTest.java:158:17:158:63 | getServletPath(...) : String | UrlForwardTest.java:161:33:161:36 | path | provenance | Src:MaD:6 Sink:MaD:2 |
36+
| UrlForwardTest.java:184:22:184:54 | getParameter(...) : String | UrlForwardTest.java:193:51:193:59 | returnURL | provenance | Src:MaD:7 Sink:MaD:1 |
37+
| UrlForwardTest.java:203:22:203:54 | getParameter(...) : String | UrlForwardTest.java:209:56:209:64 | returnURL | provenance | Src:MaD:7 Sink:MaD:2 |
38+
| UrlForwardTest.java:232:17:232:44 | getParameter(...) : String | UrlForwardTest.java:236:53:236:56 | path | provenance | Src:MaD:7 Sink:MaD:1 |
39+
| UrlForwardTest.java:244:17:244:44 | getParameter(...) : String | UrlForwardTest.java:247:53:247:56 | path | provenance | Src:MaD:7 Sink:MaD:1 |
40+
| UrlForwardTest.java:255:17:255:44 | getParameter(...) : String | UrlForwardTest.java:258:53:258:56 | path : String | provenance | Src:MaD:7 |
41+
| UrlForwardTest.java:258:24:258:57 | resolve(...) : Path | UrlForwardTest.java:258:24:258:69 | normalize(...) : Path | provenance | MaD:9 |
42+
| UrlForwardTest.java:258:24:258:69 | normalize(...) : Path | UrlForwardTest.java:261:53:261:65 | requestedPath : Path | provenance | |
43+
| UrlForwardTest.java:258:53:258:56 | path : String | UrlForwardTest.java:258:24:258:57 | resolve(...) : Path | provenance | MaD:10 |
44+
| UrlForwardTest.java:261:53:261:65 | requestedPath : Path | UrlForwardTest.java:261:53:261:76 | toString(...) | provenance | MaD:11 Sink:MaD:1 |
45+
| UrlForwardTest.java:268:17:268:44 | getParameter(...) : String | UrlForwardTest.java:270:53:270:56 | path : String | provenance | Src:MaD:7 |
46+
| UrlForwardTest.java:270:24:270:57 | resolve(...) : Path | UrlForwardTest.java:270:24:270:69 | normalize(...) : Path | provenance | MaD:9 |
47+
| UrlForwardTest.java:270:24:270:69 | normalize(...) : Path | UrlForwardTest.java:273:53:273:65 | requestedPath : Path | provenance | |
48+
| UrlForwardTest.java:270:53:270:56 | path : String | UrlForwardTest.java:270:24:270:57 | resolve(...) : Path | provenance | MaD:10 |
49+
| UrlForwardTest.java:273:53:273:65 | requestedPath : Path | UrlForwardTest.java:273:53:273:76 | toString(...) | provenance | MaD:11 Sink:MaD:1 |
50+
| UrlForwardTest.java:280:17:280:44 | getParameter(...) : String | UrlForwardTest.java:281:28:281:31 | path : String | provenance | Src:MaD:7 |
51+
| UrlForwardTest.java:281:10:281:41 | decode(...) : String | UrlForwardTest.java:284:53:284:56 | path | provenance | Sink:MaD:1 |
52+
| UrlForwardTest.java:281:28:281:31 | path : String | UrlForwardTest.java:281:10:281:41 | decode(...) : String | provenance | MaD:8 |
53+
| UrlForwardTest.java:319:17:319:44 | getParameter(...) : String | UrlForwardTest.java:322:54:322:57 | path | provenance | Src:MaD:7 Sink:MaD:1 |
54+
| UrlForwardTest.java:355:17:355:44 | getParameter(...) : String | UrlForwardTest.java:360:29:360:32 | path : String | provenance | Src:MaD:7 |
55+
| UrlForwardTest.java:355:17:355:44 | getParameter(...) : String | UrlForwardTest.java:365:53:365:56 | path | provenance | Src:MaD:7 Sink:MaD:1 |
56+
| UrlForwardTest.java:360:11:360:42 | decode(...) : String | UrlForwardTest.java:360:29:360:32 | path : String | provenance | |
57+
| UrlForwardTest.java:360:11:360:42 | decode(...) : String | UrlForwardTest.java:365:53:365:56 | path | provenance | Sink:MaD:1 |
58+
| UrlForwardTest.java:360:29:360:32 | path : String | UrlForwardTest.java:360:11:360:42 | decode(...) : String | provenance | MaD:8 |
59+
| UrlForwardTest.java:371:16:371:41 | getParameter(...) : String | UrlForwardTest.java:372:20:372:22 | url | provenance | Src:MaD:7 Sink:MaD:3 |
60+
models
61+
| 1 | Sink: javax.servlet; ServletContext; true; getRequestDispatcher; (String); ; Argument[0]; url-forward; manual |
62+
| 2 | Sink: javax.servlet; ServletRequest; true; getRequestDispatcher; (String); ; Argument[0]; url-forward; manual |
63+
| 3 | Sink: org.kohsuke.stapler; StaplerResponse; true; forward; (Object,String,StaplerRequest); ; Argument[1]; url-forward; manual |
64+
| 4 | Sink: org.springframework.web.servlet; ModelAndView; false; ModelAndView; ; ; Argument[0]; url-forward; manual |
65+
| 5 | Sink: org.springframework.web.servlet; ModelAndView; false; setViewName; ; ; Argument[0]; url-forward; manual |
66+
| 6 | Source: javax.servlet.http; HttpServletRequest; false; getServletPath; (); ; ReturnValue; remote; manual |
67+
| 7 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
68+
| 8 | Summary: java.net; URLDecoder; false; decode; ; ; Argument[0]; ReturnValue; taint; manual |
69+
| 9 | Summary: java.nio.file; Path; true; normalize; ; ; Argument[this]; ReturnValue; taint; manual |
70+
| 10 | Summary: java.nio.file; Path; true; resolve; ; ; Argument[0]; ReturnValue; taint; manual |
71+
| 11 | Summary: java.nio.file; Path; true; toString; ; ; Argument[this]; ReturnValue; taint; manual |
72+
nodes
73+
| UrlForwardTest.java:28:27:28:36 | url : String | semmle.label | url : String |
74+
| UrlForwardTest.java:29:27:29:29 | url | semmle.label | url |
75+
| UrlForwardTest.java:33:27:33:36 | url : String | semmle.label | url : String |
76+
| UrlForwardTest.java:35:28:35:30 | url | semmle.label | url |
77+
| UrlForwardTest.java:41:21:41:30 | url : String | semmle.label | url : String |
78+
| UrlForwardTest.java:42:23:42:25 | url | semmle.label | url |
79+
| UrlForwardTest.java:46:27:46:36 | url : String | semmle.label | url : String |
80+
| UrlForwardTest.java:47:48:47:63 | ... + ... | semmle.label | ... + ... |
81+
| UrlForwardTest.java:47:61:47:63 | url | semmle.label | url |
82+
| UrlForwardTest.java:61:19:61:28 | url : String | semmle.label | url : String |
83+
| UrlForwardTest.java:63:33:63:35 | url | semmle.label | url |
84+
| UrlForwardTest.java:72:19:72:28 | url : String | semmle.label | url : String |
85+
| UrlForwardTest.java:74:33:74:62 | ... + ... | semmle.label | ... + ... |
86+
| UrlForwardTest.java:83:19:83:28 | url : String | semmle.label | url : String |
87+
| UrlForwardTest.java:85:33:85:62 | ... + ... | semmle.label | ... + ... |
88+
| UrlForwardTest.java:106:19:106:32 | urlPath : String | semmle.label | urlPath : String |
89+
| UrlForwardTest.java:109:33:109:35 | url | semmle.label | url |
90+
| UrlForwardTest.java:145:17:145:63 | getServletPath(...) : String | semmle.label | getServletPath(...) : String |
91+
| UrlForwardTest.java:148:33:148:36 | path | semmle.label | path |
92+
| UrlForwardTest.java:158:17:158:63 | getServletPath(...) : String | semmle.label | getServletPath(...) : String |
93+
| UrlForwardTest.java:161:33:161:36 | path | semmle.label | path |
94+
| UrlForwardTest.java:184:22:184:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
95+
| UrlForwardTest.java:193:51:193:59 | returnURL | semmle.label | returnURL |
96+
| UrlForwardTest.java:203:22:203:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
97+
| UrlForwardTest.java:209:56:209:64 | returnURL | semmle.label | returnURL |
98+
| UrlForwardTest.java:232:17:232:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
99+
| UrlForwardTest.java:236:53:236:56 | path | semmle.label | path |
100+
| UrlForwardTest.java:244:17:244:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
101+
| UrlForwardTest.java:247:53:247:56 | path | semmle.label | path |
102+
| UrlForwardTest.java:255:17:255:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
103+
| UrlForwardTest.java:258:24:258:57 | resolve(...) : Path | semmle.label | resolve(...) : Path |
104+
| UrlForwardTest.java:258:24:258:69 | normalize(...) : Path | semmle.label | normalize(...) : Path |
105+
| UrlForwardTest.java:258:53:258:56 | path : String | semmle.label | path : String |
106+
| UrlForwardTest.java:261:53:261:65 | requestedPath : Path | semmle.label | requestedPath : Path |
107+
| UrlForwardTest.java:261:53:261:76 | toString(...) | semmle.label | toString(...) |
108+
| UrlForwardTest.java:268:17:268:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
109+
| UrlForwardTest.java:270:24:270:57 | resolve(...) : Path | semmle.label | resolve(...) : Path |
110+
| UrlForwardTest.java:270:24:270:69 | normalize(...) : Path | semmle.label | normalize(...) : Path |
111+
| UrlForwardTest.java:270:53:270:56 | path : String | semmle.label | path : String |
112+
| UrlForwardTest.java:273:53:273:65 | requestedPath : Path | semmle.label | requestedPath : Path |
113+
| UrlForwardTest.java:273:53:273:76 | toString(...) | semmle.label | toString(...) |
114+
| UrlForwardTest.java:280:17:280:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
115+
| UrlForwardTest.java:281:10:281:41 | decode(...) : String | semmle.label | decode(...) : String |
116+
| UrlForwardTest.java:281:28:281:31 | path : String | semmle.label | path : String |
117+
| UrlForwardTest.java:284:53:284:56 | path | semmle.label | path |
118+
| UrlForwardTest.java:319:17:319:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
119+
| UrlForwardTest.java:322:54:322:57 | path | semmle.label | path |
120+
| UrlForwardTest.java:355:17:355:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
121+
| UrlForwardTest.java:360:11:360:42 | decode(...) : String | semmle.label | decode(...) : String |
122+
| UrlForwardTest.java:360:29:360:32 | path : String | semmle.label | path : String |
123+
| UrlForwardTest.java:365:53:365:56 | path | semmle.label | path |
124+
| UrlForwardTest.java:371:16:371:41 | getParameter(...) : String | semmle.label | getParameter(...) : String |
125+
| UrlForwardTest.java:372:20:372:22 | url | semmle.label | url |
126+
| UrlForwardTest.java:384:27:384:56 | getParameter(...) | semmle.label | getParameter(...) |
127+
subpaths

0 commit comments

Comments
 (0)