Add test cases

Author: joefarebrother

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml

@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java

@@ -0,0 +1,12 @@
+import java.net.URL;
+import java.net.URLConnection;
+
+class Test{
+    URLConnection test1() throws Exception {
+        return new URL("https://good.example.com").openConnection();
+    }
+
+    URLConnection test2() throws Exception {
+        return new URL("https://bad.example.com").openConnection(); // $hasUntrustedResult
+    }
+}

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options

@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <domain-config>
+        <domain>good.example.com</domain>
+        <pin-set expiration="2038/1/19">
+            <pin digest="SHA-256">...</pin>
+        </pin-set>
+    </domain-config>
+</network-security-config>

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected

@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql

@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml

@@ -0,0 +1,8 @@
+import java.net.URL;
+import java.net.URLConnection;
+
+class Test{
+    URLConnection test2() throws Exception {
+        return new URL("https://example.com").openConnection(); // $hasNoTrustedResult
+    }
+}

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java

@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+
+</network-security-config>