Skip to content

Commit bf1a699

Browse files
d10cd10c
committed
Java: convert CWE-522 tests to .qlref
1 parent 4412335 commit bf1a699

12 files changed

+243
-67
lines changed

java/ql/test/query-tests/security/CWE-522/InsecureBasicAuth/InsecureBasicAuthTest.expected

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
#select
2+
| InsecureBasicAuthTest.java:28:4:28:7 | post | InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | InsecureBasicAuthTest.java:28:4:28:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:25:40:25:48 | "http://" | HTTP URL |
3+
| InsecureBasicAuthTest.java:46:4:46:6 | get | InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuthTest.java:46:4:46:6 | get | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" | HTTP URL |
4+
| InsecureBasicAuthTest.java:70:4:70:7 | post | InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:70:4:70:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
5+
| InsecureBasicAuthTest.java:95:4:95:7 | post | InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:95:4:95:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
6+
| InsecureBasicAuthTest.java:120:4:120:7 | post | InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | InsecureBasicAuthTest.java:120:4:120:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:117:27:117:32 | "http" | HTTP URL |
7+
| InsecureBasicAuthTest.java:143:4:143:7 | post | InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:143:4:143:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
8+
| InsecureBasicAuthTest.java:167:4:167:7 | post | InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:167:4:167:7 | post | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
9+
| InsecureBasicAuthTest.java:192:4:192:7 | conn | InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:192:4:192:7 | conn | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" | HTTP URL |
10+
| InsecureBasicAuthTest.java:219:4:219:7 | conn | InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | InsecureBasicAuthTest.java:219:4:219:7 | conn | Insecure basic authentication from a $@. | InsecureBasicAuthTest.java:214:22:214:27 | "http" | HTTP URL |
11+
edges
12+
| InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:28:4:28:7 | post | provenance | |
13+
| InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | provenance | |
14+
| InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | provenance | Config |
15+
| InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | provenance | |
16+
| InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | InsecureBasicAuthTest.java:46:4:46:6 | get | provenance | |
17+
| InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | provenance | Config |
18+
| InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | provenance | |
19+
| InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:70:4:70:7 | post | provenance | |
20+
| InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | provenance | Config |
21+
| InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | provenance | MaD:2 |
22+
| InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | provenance | |
23+
| InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | provenance | |
24+
| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | provenance | Config |
25+
| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | provenance | MaD:1 |
26+
| InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:95:4:95:7 | post | provenance | |
27+
| InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | provenance | Config |
28+
| InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | InsecureBasicAuthTest.java:120:4:120:7 | post | provenance | |
29+
| InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | provenance | Config |
30+
| InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | provenance | Config |
31+
| InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | provenance | |
32+
| InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | InsecureBasicAuthTest.java:143:4:143:7 | post | provenance | |
33+
| InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | provenance | Config |
34+
| InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | provenance | |
35+
| InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | provenance | |
36+
| InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | provenance | MaD:4 |
37+
| InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | InsecureBasicAuthTest.java:167:4:167:7 | post | provenance | |
38+
| InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | provenance | Config |
39+
| InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | provenance | |
40+
| InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | InsecureBasicAuthTest.java:189:49:189:51 | url : URL | provenance | |
41+
| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | provenance | Config |
42+
| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | provenance | MaD:3 |
43+
| InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | InsecureBasicAuthTest.java:192:4:192:7 | conn | provenance | |
44+
| InsecureBasicAuthTest.java:189:49:189:51 | url : URL | InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | provenance | Config |
45+
| InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | provenance | |
46+
| InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | provenance | |
47+
| InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | InsecureBasicAuthTest.java:216:49:216:51 | url : URL | provenance | |
48+
| InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | provenance | Config |
49+
| InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | InsecureBasicAuthTest.java:219:4:219:7 | conn | provenance | |
50+
| InsecureBasicAuthTest.java:216:49:216:51 | url : URL | InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | provenance | Config |
51+
| InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | provenance | |
52+
models
53+
| 1 | Summary: java.net; URI; false; URI; (String); ; Argument[0]; Argument[this]; taint; manual |
54+
| 2 | Summary: java.net; URI; false; create; ; ; Argument[0]; ReturnValue; taint; manual |
55+
| 3 | Summary: java.net; URL; false; URL; (String); ; Argument[0]; Argument[this]; taint; manual |
56+
| 4 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual |
57+
nodes
58+
| InsecureBasicAuthTest.java:25:27:25:87 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
59+
| InsecureBasicAuthTest.java:25:40:25:48 | "http://" : String | semmle.label | "http://" : String |
60+
| InsecureBasicAuthTest.java:25:40:25:86 | ... + ... : String | semmle.label | ... + ... : String |
61+
| InsecureBasicAuthTest.java:28:4:28:7 | post | semmle.label | post |
62+
| InsecureBasicAuthTest.java:43:20:43:65 | "http://www.example.com:8000/payment/retrieve" : String | semmle.label | "http://www.example.com:8000/payment/retrieve" : String |
63+
| InsecureBasicAuthTest.java:44:18:44:36 | new HttpGet(...) : HttpGet | semmle.label | new HttpGet(...) : HttpGet |
64+
| InsecureBasicAuthTest.java:44:30:44:35 | urlStr : String | semmle.label | urlStr : String |
65+
| InsecureBasicAuthTest.java:46:4:46:6 | get | semmle.label | get |
66+
| InsecureBasicAuthTest.java:66:20:66:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
67+
| InsecureBasicAuthTest.java:67:27:67:58 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
68+
| InsecureBasicAuthTest.java:67:40:67:57 | create(...) : URI | semmle.label | create(...) : URI |
69+
| InsecureBasicAuthTest.java:67:51:67:56 | uriStr : String | semmle.label | uriStr : String |
70+
| InsecureBasicAuthTest.java:70:4:70:7 | post | semmle.label | post |
71+
| InsecureBasicAuthTest.java:90:20:90:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
72+
| InsecureBasicAuthTest.java:91:14:91:28 | new URI(...) : URI | semmle.label | new URI(...) : URI |
73+
| InsecureBasicAuthTest.java:91:22:91:27 | uriStr : String | semmle.label | uriStr : String |
74+
| InsecureBasicAuthTest.java:92:27:92:43 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
75+
| InsecureBasicAuthTest.java:92:40:92:42 | uri : URI | semmle.label | uri : URI |
76+
| InsecureBasicAuthTest.java:95:4:95:7 | post | semmle.label | post |
77+
| InsecureBasicAuthTest.java:117:6:117:79 | new HttpPost(...) : HttpPost | semmle.label | new HttpPost(...) : HttpPost |
78+
| InsecureBasicAuthTest.java:117:19:117:78 | new URI(...) : URI | semmle.label | new URI(...) : URI |
79+
| InsecureBasicAuthTest.java:117:27:117:32 | "http" : String | semmle.label | "http" : String |
80+
| InsecureBasicAuthTest.java:120:4:120:7 | post | semmle.label | post |
81+
| InsecureBasicAuthTest.java:139:20:139:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
82+
| InsecureBasicAuthTest.java:140:28:140:63 | new BasicHttpRequest(...) : BasicHttpRequest | semmle.label | new BasicHttpRequest(...) : BasicHttpRequest |
83+
| InsecureBasicAuthTest.java:140:57:140:62 | uriStr : String | semmle.label | uriStr : String |
84+
| InsecureBasicAuthTest.java:143:4:143:7 | post | semmle.label | post |
85+
| InsecureBasicAuthTest.java:162:20:162:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
86+
| InsecureBasicAuthTest.java:163:30:163:71 | new BasicRequestLine(...) : BasicRequestLine | semmle.label | new BasicRequestLine(...) : BasicRequestLine |
87+
| InsecureBasicAuthTest.java:163:59:163:64 | uriStr : String | semmle.label | uriStr : String |
88+
| InsecureBasicAuthTest.java:164:28:164:60 | new BasicHttpRequest(...) : BasicHttpRequest | semmle.label | new BasicHttpRequest(...) : BasicHttpRequest |
89+
| InsecureBasicAuthTest.java:164:49:164:59 | requestLine : BasicRequestLine | semmle.label | requestLine : BasicRequestLine |
90+
| InsecureBasicAuthTest.java:167:4:167:7 | post | semmle.label | post |
91+
| InsecureBasicAuthTest.java:187:20:187:69 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
92+
| InsecureBasicAuthTest.java:188:14:188:28 | new URL(...) : URL | semmle.label | new URL(...) : URL |
93+
| InsecureBasicAuthTest.java:188:22:188:27 | urlStr : String | semmle.label | urlStr : String |
94+
| InsecureBasicAuthTest.java:189:29:189:68 | (...)... : HttpURLConnection | semmle.label | (...)... : HttpURLConnection |
95+
| InsecureBasicAuthTest.java:189:49:189:51 | url : URL | semmle.label | url : URL |
96+
| InsecureBasicAuthTest.java:189:49:189:68 | openConnection(...) : URLConnection | semmle.label | openConnection(...) : URLConnection |
97+
| InsecureBasicAuthTest.java:192:4:192:7 | conn | semmle.label | conn |
98+
| InsecureBasicAuthTest.java:214:22:214:27 | "http" : String | semmle.label | "http" : String |
99+
| InsecureBasicAuthTest.java:215:14:215:42 | new URL(...) : URL | semmle.label | new URL(...) : URL |
100+
| InsecureBasicAuthTest.java:215:22:215:29 | protocol : String | semmle.label | protocol : String |
101+
| InsecureBasicAuthTest.java:216:29:216:68 | (...)... : HttpURLConnection | semmle.label | (...)... : HttpURLConnection |
102+
| InsecureBasicAuthTest.java:216:49:216:51 | url : URL | semmle.label | url : URL |
103+
| InsecureBasicAuthTest.java:216:49:216:68 | openConnection(...) : URLConnection | semmle.label | openConnection(...) : URLConnection |
104+
| InsecureBasicAuthTest.java:219:4:219:7 | conn | semmle.label | conn |
105+
subpaths

0 commit comments

Comments
 (0)