[TEST] Java: TrustBoundaryViolations: convert test to qlref

Author: d10c

java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.expected

@@ -0,0 +1,11 @@
+#select
+| TrustBoundaryViolations.java:14:52:14:56 | input | TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | TrustBoundaryViolations.java:14:52:14:56 | input | This servlet reads data from a $@ and writes it to a session variable. | TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | remote source |
+edges
+| TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | TrustBoundaryViolations.java:14:52:14:56 | input | provenance | Src:MaD:2 Sink:MaD:1 |
+models
+| 1 | Sink: javax.servlet.http; HttpSession; true; setAttribute; ; ; Argument[0..1]; trust-boundary-violation; manual |
+| 2 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
+nodes
+| TrustBoundaryViolations.java:11:24:11:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
+| TrustBoundaryViolations.java:14:52:14:56 | input | semmle.label | input |
+subpaths

java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.java

@@ -8,10 +8,10 @@ public class TrustBoundaryViolations extends HttpServlet {
     Validator validator;
 
     public void doGet(HttpServletRequest request, HttpServletResponse response) {
-        String input = request.getParameter("input");
+        String input = request.getParameter("input"); // $ Source
 
         // BAD: The input is written to the session without being sanitized.
-        request.getSession().setAttribute("input", input); // $ hasTaintFlow
+        request.getSession().setAttribute("input", input); // $ Alert
 
         String input2 = request.getParameter("input2");
 

java/ql/test/query-tests/security/CWE-501/TrustBoundaryViolations.ql

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-501/TrustBoundaryViolation.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql