Java: convert RsaWithoutOaep test to .qlref

d10c · d10c · commit cadfd0dcaa68 · 2025-06-24T16:42:28.000+02:00
diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected
@@ -0,0 +1,12 @@
+#select
+| RsaWithoutOaepTest.java:5:44:5:62 | "RSA/ECB/NoPadding" | RsaWithoutOaepTest.java:5:44:5:62 | "RSA/ECB/NoPadding" | RsaWithoutOaepTest.java:5:44:5:62 | "RSA/ECB/NoPadding" | This specification is used to $@ without OAEP padding. | RsaWithoutOaepTest.java:5:44:5:62 | "RSA/ECB/NoPadding" | initialize an RSA cipher |
+| RsaWithoutOaepTest.java:15:32:15:50 | "RSA/ECB/NoPadding" : String | RsaWithoutOaepTest.java:15:32:15:50 | "RSA/ECB/NoPadding" : String | RsaWithoutOaepTest.java:11:35:11:38 | spec | This specification is used to $@ without OAEP padding. | RsaWithoutOaepTest.java:11:35:11:38 | spec | initialize an RSA cipher |
+edges
+| RsaWithoutOaepTest.java:10:29:10:39 | spec : String | RsaWithoutOaepTest.java:11:35:11:38 | spec | provenance |  |
+| RsaWithoutOaepTest.java:15:32:15:50 | "RSA/ECB/NoPadding" : String | RsaWithoutOaepTest.java:10:29:10:39 | spec : String | provenance |  |
+nodes
+| RsaWithoutOaepTest.java:5:44:5:62 | "RSA/ECB/NoPadding" | semmle.label | "RSA/ECB/NoPadding" |
+| RsaWithoutOaepTest.java:10:29:10:39 | spec : String | semmle.label | spec : String |
+| RsaWithoutOaepTest.java:11:35:11:38 | spec | semmle.label | spec |
+| RsaWithoutOaepTest.java:15:32:15:50 | "RSA/ECB/NoPadding" : String | semmle.label | "RSA/ECB/NoPadding" : String |
+subpaths
diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java
@@ -2,16 +2,16 @@
 
 class RsaWithoutOaep {
     public void test() throws Exception {
-        Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasTaintFlow
+        Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $ Alert
 
-        Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 
+        Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
     }
 
     public Cipher getCipher(String spec) throws Exception {
-        return Cipher.getInstance(spec); // $hasTaintFlow
+        return Cipher.getInstance(spec); // $ Sink
     }
 
     public void test2() throws Exception {
-        Cipher rsa = getCipher("RSA/ECB/NoPadding");
+        Cipher rsa = getCipher("RSA/ECB/NoPadding"); // $ Alert
     }
-}
+}
diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql
diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.qlref b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-780/RsaWithoutOaep.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

Original file line number	Diff line number	Diff line change
`@@ -2,16 +2,16 @@`
`2`	`2`
`3`	`3`	`class RsaWithoutOaep {`
`4`	`4`	`public void test() throws Exception {`
`5`		`- Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasTaintFlow`
	`5`	`+ Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $ Alert`
`6`	`6`
`7`		`- Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");`
	`7`	`+ Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`public Cipher getCipher(String spec) throws Exception {`
`11`		`- return Cipher.getInstance(spec); // $hasTaintFlow`
	`11`	`+ return Cipher.getInstance(spec); // $ Sink`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`public void test2() throws Exception {`
`15`		`- Cipher rsa = getCipher("RSA/ECB/NoPadding");`
	`15`	`+ Cipher rsa = getCipher("RSA/ECB/NoPadding"); // $ Alert`
`16`	`16`	`}`
`17`		`-}`
	`17`	`+}`