Java: use post-process provenance pretty-printing in library-tests

Jami Cogswell · Jami Cogswell · commit bab89c46b60d · 2024-07-28T18:13:58.000-04:00
diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.expected
@@ -1,8 +1,20 @@
+#select
+| UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) | user-provided value |
+| UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) | user-provided value |
+| UrlRedirectJax.java:10:24:10:62 | new URI(...) | UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:10:32:10:61 | getParameter(...) | user-provided value |
+| UrlRedirectJax.java:13:33:13:71 | new URI(...) | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:13:41:13:70 | getParameter(...) | user-provided value |
 edges
-| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44684 MaD:42971 Sink:MaD:42371 |
-| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44684 MaD:42971 Sink:MaD:42372 |
-| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:44684 MaD:42971 Sink:MaD:44713 |
-| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:44684 MaD:42971 Sink:MaD:44714 |
+| UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:4 MaD:3 Sink:MaD:1 |
+| UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:4 MaD:3 Sink:MaD:2 |
+| UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | provenance | Src:MaD:4 MaD:3 Sink:MaD:5 |
+| UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | provenance | Src:MaD:4 MaD:3 Sink:MaD:6 |
+models
+| 1 | Sink: jakarta.ws.rs.core; Response; true; seeOther; ; ; Argument[0]; url-redirection; manual |
+| 2 | Sink: jakarta.ws.rs.core; Response; true; temporaryRedirect; ; ; Argument[0]; url-redirection; manual |
+| 3 | Summary: java.net; URI; false; URI; (String); ; Argument[0]; Argument[this]; taint; manual |
+| 4 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
+| 5 | Sink: javax.ws.rs.core; Response; true; seeOther; ; ; Argument[0]; url-redirection; manual |
+| 6 | Sink: javax.ws.rs.core; Response; true; temporaryRedirect; ; ; Argument[0]; url-redirection; manual |
 nodes
 | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | semmle.label | new URI(...) |
 | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |
@@ -13,8 +25,3 @@ nodes
 | UrlRedirectJax.java:13:33:13:71 | new URI(...) | semmle.label | new URI(...) |
 | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 subpaths
-#select
-| UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJakarta.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:10:32:10:61 | getParameter(...) | user-provided value |
-| UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJakarta.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJakarta.java:13:41:13:70 | getParameter(...) | user-provided value |
-| UrlRedirectJax.java:10:24:10:62 | new URI(...) | UrlRedirectJax.java:10:32:10:61 | getParameter(...) : String | UrlRedirectJax.java:10:24:10:62 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:10:32:10:61 | getParameter(...) | user-provided value |
-| UrlRedirectJax.java:13:33:13:71 | new URI(...) | UrlRedirectJax.java:13:41:13:70 | getParameter(...) : String | UrlRedirectJax.java:13:33:13:71 | new URI(...) | Untrusted URL redirection depends on a $@. | UrlRedirectJax.java:13:41:13:70 | getParameter(...) | user-provided value |
diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref
@@ -1 +1,2 @@
-Security/CWE/CWE-601/UrlRedirect.ql
+query: Security/CWE/CWE-601/UrlRedirect.ql
+postprocess: TestUtilities/PrettyPrintModels.ql

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-Security/CWE/CWE-601/UrlRedirect.ql`
	`1`	`+query: Security/CWE/CWE-601/UrlRedirect.ql`
	`2`	`+postprocess: TestUtilities/PrettyPrintModels.ql`