Added stup for RMIConnectorServer for valid test case

Timo Mueller · Timo Mueller · commit 59ebe08c78b3 · 2021-05-25T16:40:41.000+02:00
diff --git a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.expected b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.expected
@@ -1,18 +1,32 @@
 edges
-| InsecureRmiServerInitialisation.java:32:31:32:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiServerInitialisation.java:34:59:34:61 | env |
-| InsecureRmiServerInitialisation.java:39:31:39:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiServerInitialisation.java:43:59:43:61 | env |
-| InsecureRmiServerInitialisation.java:57:31:57:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiServerInitialisation.java:61:59:61:61 | env |
+| ../../../stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java:23:12:23:29 | this <constr(this)> [post update] : RMIConnectorServer | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) |
+| InsecureRmiJmxEnvironmentConfiguration.java:25:31:25:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:27:34:27:36 | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:33:31:33:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:35:59:35:61 | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:40:31:40:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:44:59:44:61 | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:49:31:49:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:53:34:53:36 | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:58:31:58:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:62:59:62:61 | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:67:31:67:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:71:34:71:36 | env |
 nodes
-| InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | semmle.label | newJMXConnectorServer(...) |
-| InsecureRmiServerInitialisation.java:32:31:32:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
-| InsecureRmiServerInitialisation.java:34:59:34:61 | env | semmle.label | env |
-| InsecureRmiServerInitialisation.java:39:31:39:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
-| InsecureRmiServerInitialisation.java:43:59:43:61 | env | semmle.label | env |
-| InsecureRmiServerInitialisation.java:57:31:57:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
-| InsecureRmiServerInitialisation.java:61:59:61:61 | env | semmle.label | env |
+| ../../../stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java:23:12:23:29 | this <constr(this)> [post update] : RMIConnectorServer | semmle.label | this <constr(this)> [post update] : RMIConnectorServer |
+| InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | semmle.label | newJMXConnectorServer(...) |
+| InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | semmle.label | new RMIConnectorServer(...) |
+| InsecureRmiJmxEnvironmentConfiguration.java:25:31:25:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:27:34:27:36 | env | semmle.label | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:33:31:33:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:35:59:35:61 | env | semmle.label | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:40:31:40:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:44:59:44:61 | env | semmle.label | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:49:31:49:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:53:34:53:36 | env | semmle.label | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:58:31:58:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:62:59:62:61 | env | semmle.label | env |
+| InsecureRmiJmxEnvironmentConfiguration.java:67:31:67:45 | new HashMap<String,Object>(...) : HashMap | semmle.label | new HashMap<String,Object>(...) : HashMap |
+| InsecureRmiJmxEnvironmentConfiguration.java:71:34:71:36 | env | semmle.label | env |
 #select
-| InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | RMI/JMX server initialized with 'null' environment $@. Missing type restriction in RMI authentication method exposes the application to deserialization attacks. | InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | here | InsecureRmiServerInitialisation.java:13:5:13:69 | newJMXConnectorServer(...) | source environment 'Map' |
-| InsecureRmiServerInitialisation.java:34:59:34:61 | env | InsecureRmiServerInitialisation.java:32:31:32:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiServerInitialisation.java:34:59:34:61 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiServerInitialisation.java:34:59:34:61 | env | here | InsecureRmiServerInitialisation.java:32:31:32:45 | new HashMap<String,Object>(...) | source environment 'Map' |
-| InsecureRmiServerInitialisation.java:61:59:61:61 | env | InsecureRmiServerInitialisation.java:57:31:57:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiServerInitialisation.java:61:59:61:61 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiServerInitialisation.java:61:59:61:61 | env | here | InsecureRmiServerInitialisation.java:57:31:57:45 | new HashMap<String,Object>(...) | source environment 'Map' |
-
-TODO RMI Server is missing due to import errors (See test java file)
+| InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | RMI/JMX server initialized with 'null' environment $@. Missing type restriction in RMI authentication method exposes the application to deserialization attacks. | InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | here | InsecureRmiJmxEnvironmentConfiguration.java:13:5:13:69 | newJMXConnectorServer(...) | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | ../../../stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java:23:12:23:29 | this <constr(this)> [post update] : RMIConnectorServer | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | RMI/JMX server initialized with 'null' environment $@. Missing type restriction in RMI authentication method exposes the application to deserialization attacks. | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | here | ../../../stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java:23:12:23:29 | this <constr(this)> [post update] | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | RMI/JMX server initialized with 'null' environment $@. Missing type restriction in RMI authentication method exposes the application to deserialization attacks. | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | here | InsecureRmiJmxEnvironmentConfiguration.java:18:5:18:50 | new RMIConnectorServer(...) | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:27:34:27:36 | env | InsecureRmiJmxEnvironmentConfiguration.java:25:31:25:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:27:34:27:36 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiJmxEnvironmentConfiguration.java:27:34:27:36 | env | here | InsecureRmiJmxEnvironmentConfiguration.java:25:31:25:45 | new HashMap<String,Object>(...) | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:35:59:35:61 | env | InsecureRmiJmxEnvironmentConfiguration.java:33:31:33:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:35:59:35:61 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiJmxEnvironmentConfiguration.java:35:59:35:61 | env | here | InsecureRmiJmxEnvironmentConfiguration.java:33:31:33:45 | new HashMap<String,Object>(...) | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:62:59:62:61 | env | InsecureRmiJmxEnvironmentConfiguration.java:58:31:58:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:62:59:62:61 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiJmxEnvironmentConfiguration.java:62:59:62:61 | env | here | InsecureRmiJmxEnvironmentConfiguration.java:58:31:58:45 | new HashMap<String,Object>(...) | source environment 'Map' |
+| InsecureRmiJmxEnvironmentConfiguration.java:71:34:71:36 | env | InsecureRmiJmxEnvironmentConfiguration.java:67:31:67:45 | new HashMap<String,Object>(...) : HashMap | InsecureRmiJmxEnvironmentConfiguration.java:71:34:71:36 | env | RMI/JMX server initialized with insecure environment $@. The $@ never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method. | InsecureRmiJmxEnvironmentConfiguration.java:71:34:71:36 | env | here | InsecureRmiJmxEnvironmentConfiguration.java:67:31:67:45 | new HashMap<String,Object>(...) | source environment 'Map' |
diff --git a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java
@@ -1,7 +1,7 @@
 import java.io.IOException;
 import javax.management.remote.JMXConnectorServerFactory;
 
-// import javax.management.remote.rmi.RMIConnectorServer; Importing this throws an error, therefore we can't test this
+import javax.management.remote.rmi.RMIConnectorServer;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -15,15 +15,16 @@ public void initInsecureJmxDueToNullEnv() throws IOException {
 
   public void initInsecureRmiDueToNullEnv() throws IOException {
     // Bad initializing env (arg1) with null
-    // new RMIConnectorServer(null, null, null, null); Importing this throws an error, therefore we can't test this
+    new RMIConnectorServer(null, null, null, null);
+
   }
 
   public void initInsecureRmiDueToMissingEnvKeyValue() throws IOException {
     // Bad initializing env (arg1) with missing
     // "jmx.remote.rmi.server.credential.types"
     Map<String, Object> env = new HashMap<>();
     env.put("jmx.remote.x.daemon", "true");
-    // new RMIConnectorServer(null, env, null, null); Importing this throws an error, therefore we can't test this
+    new RMIConnectorServer(null, env, null, null);
   }
 
   public void initInsecureJmxDueToMissingEnvKeyValue() throws IOException {
@@ -49,7 +50,7 @@ public void secureRmiConnnectorServer() throws IOException {
     env.put("jmx.remote.x.daemon", "true");
     env.put("jmx.remote.rmi.server.credential.types",
         new String[] { String[].class.getName(), String.class.getName() });
-    // new RMIConnectorServer(null, env, null, null); Importing this throws an error, therefore we can't test this
+    new RMIConnectorServer(null, env, null, null);
   }
 
   public void secureeJmxConnectorServerConstants() throws IOException {
@@ -60,12 +61,13 @@ public void secureeJmxConnectorServerConstants() throws IOException {
         new String[] { String[].class.getName(), String.class.getName() });
     JMXConnectorServerFactory.newJMXConnectorServer(null, env, null);
   }
+
   public void secureeRmiConnectorServerConstants() throws IOException {
     // Good
     Map<String, Object> env = new HashMap<>();
     env.put("jmx.remote.x.daemon", "true");
     env.put("RMIConnectorServer.SERIAL_FILTER_PATTERN",
         new String[] { String[].class.getName(), String.class.getName() });
-    // new RMIConnectorServer(null, env, null, null); Importing this throws an error, therefore we can't test this
+    new RMIConnectorServer(null, env, null, null);
   }
 }
diff --git a/java/ql/test/experimental/query-tests/security/CWE-665/options b/java/ql/test/experimental/query-tests/security/CWE-665/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../experimental/stubs/javax-management-remote-rmi-0.0.1
diff --git a/java/ql/test/experimental/stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java b/java/ql/test/experimental/stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIConnectorServer.java
@@ -0,0 +1,27 @@
+package javax.management.remote.rmi;
+
+import java.io.IOException;
+import java.util.Map;
+import java.io.IOException;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXServiceURL;
+import javax.management.MBeanServer;
+import javax.management.remote.rmi.RMIServerImpl;
+//import javax.management.remote.JMXConnectorServer;
+
+//public class RMIConnectorServerTEST extends JMXConnectorServer{
+public class RMIConnectorServer extends java.lang.Object {
+    public RMIConnectorServer(JMXServiceURL url, Map<String, ?> environment) throws IOException {
+        // stub;
+    }
+
+    public RMIConnectorServer(JMXServiceURL url, Map<String, ?> environment, MBeanServer mbeanServer)
+            throws IOException {
+        // stub;
+    }
+
+    public RMIConnectorServer(JMXServiceURL url, Map<String, ?> environment, RMIServerImpl rmiServerImpl,
+            MBeanServer mbeanServer) throws IOException {
+        // stub;
+    }
+}
diff --git a/java/ql/test/experimental/stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIServerImpl.java b/java/ql/test/experimental/stubs/javax-management-remote-rmi-0.0.1/javax/management/remote/rmi/RMIServerImpl.java
@@ -0,0 +1,10 @@
+package javax.management.remote.rmi;
+
+import java.util.Map;
+
+public class RMIServerImpl {
+    public RMIServerImpl(Map<String, ?> env) {
+        // stub;
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../experimental/stubs/javax-management-remote-rmi-0.0.1`