Merge pull request #76 from GitHubSecurityLab/java/updatetests

Java: Update existing tests and pretty print MaD output.
GitHubSecurityLab · Nov 7, 2024 · 056237c · 056237c
2 parents e6ed81e + 0122215
commit 056237c
Show file tree

Hide file tree

Showing 11 changed files with 82 additions and 48 deletions.
diff --git a/java/test/TestUtilities/PrettyPrintModels.ql b/java/test/TestUtilities/PrettyPrintModels.ql
@@ -0,0 +1,11 @@
+/**
+ * @kind test-postprocess
+ */
+
+import semmle.code.java.dataflow.ExternalFlow
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
+
+from string relation, int row, int column, string data
+where results(relation, row, column, data)
+select relation, row, column, data
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected b/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
@@ -1,3 +1,7 @@
+#select
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
 edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | provenance |  |
@@ -8,24 +12,28 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44347 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:42664 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44282 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:43716 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
+models
+| 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
+| 2 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -42,15 +50,10 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | semmle.label | commandArray2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | semmle.label | concat(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | semmle.label | toArray(...) |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | semmle.label | toArray(...) : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | semmle.label | stream(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | semmle.label | new String[] : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | semmle.label | ...[...] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | semmle.label | ...[...] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | semmle.label | ...[...] : String |
 subpaths
-#select
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref b/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
@@ -1 +1,2 @@
-security/CWE-078/CommandInjectionRuntimeExecTest.ql
+query: security/CWE-078/CommandInjectionRuntimeExecTest.ql
+postprocess: TestUtilities/PrettyPrintModels.ql