Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7b59617

Browse files
joefarebrotherjoefarebrother
committed
Add unit tests for version 5.x
1 parent cf58a90 commit 7b59617

37 files changed

Lines changed: 2221 additions & 39 deletions

java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ class TypeApacheHttpRequestBuilder extends Class {
4141
}
4242
}
4343

44+
// TODO: Other sources
4445
/**
4546
* The `request` parameter of an implementation of `HttpRequestHandler.handle`.
4647
*/
@@ -264,8 +265,8 @@ private class BufferMethod extends TaintPreservingCallable {
264265
.hasQualifiedName(["org.apache.http.util", "org.apache.hc.core5.util"],
265266
["ByteArrayBuffer", "CharArrayBuffer"]) and
266267
m.hasName([
267-
"append", "buffer", "subSequence", "substring", "substringTrimmed", "toByteArray",
268-
"toCharArray", "toString"
268+
"append", "array", "buffer", "subSequence", "substring", "substringTrimmed",
269+
"toByteArray", "toCharArray", "toString"
269270
])
270271
)
271272
}

java/ql/test/library-tests/frameworks/apache-http/A.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,15 @@
33
import org.apache.http.message.BasicHeader;
44
import org.apache.http.util.*;
55
import org.apache.http.entity.*;
6+
import java.io.IOException;
67

78
class A {
89
static Object taint() { return null; }
910

1011
static void sink(Object o) { }
1112

1213
class Test1 implements HttpRequestHandler {
13-
public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) {
14+
public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) throws IOException {
1415
A.sink(req.getRequestLine());
1516
A.sink(req.getRequestLine().getUri());
1617
A.sink(req.getRequestLine().getMethod());

java/ql/test/library-tests/frameworks/apache-http/B.java

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
import org.apache.hc.core5.http.*;
2+
import org.apache.hc.core5.http.protocol.HttpContext;
3+
import org.apache.hc.core5.http.io.HttpRequestHandler;
4+
import org.apache.hc.core5.http.message.*;
5+
import org.apache.hc.core5.http.io.entity.*;
6+
import org.apache.hc.core5.util.*;
7+
import java.io.IOException;
8+
9+
class B {
10+
static Object taint() { return null; }
11+
12+
static void sink(Object o) { }
13+
14+
class Test1 implements HttpRequestHandler {
15+
public void handle(ClassicHttpRequest req, ClassicHttpResponse res, HttpContext ctx) throws IOException, ParseException {
16+
B.sink(req.getAuthority().getHostName());
17+
B.sink(req.getAuthority().toString());
18+
B.sink(req.getMethod());
19+
B.sink(req.getPath());
20+
B.sink(req.getScheme());
21+
B.sink(req.getRequestUri());
22+
RequestLine line = new RequestLine(req);
23+
B.sink(line.getUri());
24+
B.sink(line.getMethod());
25+
B.sink(req.getHeaders());
26+
B.sink(req.headerIterator());
27+
Header h = req.getHeaders("abc")[3];
28+
B.sink(h.getName());
29+
B.sink(h.getValue());
30+
B.sink(req.getFirstHeader("abc"));
31+
B.sink(req.getLastHeader("abc"));
32+
HttpEntity ent = req.getEntity();
33+
B.sink(ent.getContent());
34+
B.sink(ent.getContentEncoding());
35+
B.sink(ent.getContentType());
36+
B.sink(ent.getTrailerNames());
37+
B.sink(ent.getTrailers().get());
38+
B.sink(EntityUtils.toString(ent));
39+
B.sink(EntityUtils.toByteArray(ent));
40+
B.sink(EntityUtils.parse(ent));
41+
res.setEntity(new StringEntity("<a href='" + req.getRequestUri() + "'>a</a>"));
42+
res.setEntity(new ByteArrayEntity(EntityUtils.toByteArray(ent), ContentType.TEXT_HTML));
43+
res.setEntity(HttpEntities.create("<a href='" + req.getRequestUri() + "'>a</a>"));
44+
res.setHeader("Location", req.getRequestUri());
45+
res.setHeader(new BasicHeader("Location", req.getRequestUri()));
46+
}
47+
}
48+
49+
void test2() {
50+
ByteArrayBuffer bbuf = new ByteArrayBuffer(42);
51+
bbuf.append((byte[]) taint(), 0, 3);
52+
sink(bbuf.array());
53+
sink(bbuf.toByteArray());
54+
55+
CharArrayBuffer cbuf = new CharArrayBuffer(42);
56+
cbuf.append(bbuf.toByteArray(), 0, 3);
57+
sink(cbuf.toCharArray());
58+
sink(cbuf.toString());
59+
sink(cbuf.subSequence(0, 3));
60+
sink(cbuf.substring(0, 3));
61+
sink(cbuf.substringTrimmed(0, 3));
62+
63+
sink(Args.notNull(taint(), "x"));
64+
sink(Args.notEmpty((String) taint(), "x"));
65+
sink(Args.notBlank((String) taint(), "x"));
66+
sink(Args.notNull("x", (String) taint())); // Good
67+
}
68+
}

java/ql/test/library-tests/frameworks/apache-http/flow.expected

Lines changed: 59 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,59 @@
1-
| A.java:13:28:13:42 | req | A.java:14:20:14:39 | getRequestLine(...) |
2-
| A.java:13:28:13:42 | req | A.java:15:20:15:48 | getUri(...) |
3-
| A.java:13:28:13:42 | req | A.java:16:20:16:51 | getMethod(...) |
4-
| A.java:13:28:13:42 | req | A.java:17:20:17:38 | getAllHeaders(...) |
5-
| A.java:13:28:13:42 | req | A.java:19:20:19:28 | next(...) |
6-
| A.java:13:28:13:42 | req | A.java:20:20:20:34 | nextHeader(...) |
7-
| A.java:13:28:13:42 | req | A.java:22:20:22:30 | getName(...) |
8-
| A.java:13:28:13:42 | req | A.java:23:20:23:31 | getValue(...) |
9-
| A.java:13:28:13:42 | req | A.java:25:20:25:31 | getName(...) |
10-
| A.java:13:28:13:42 | req | A.java:26:20:26:32 | getValue(...) |
11-
| A.java:13:28:13:42 | req | A.java:27:20:27:37 | getParameters(...) |
12-
| A.java:13:28:13:42 | req | A.java:28:20:28:58 | getValue(...) |
13-
| A.java:13:28:13:42 | req | A.java:29:20:29:47 | getName(...) |
14-
| A.java:13:28:13:42 | req | A.java:31:20:31:35 | getContent(...) |
15-
| A.java:13:28:13:42 | req | A.java:32:20:32:43 | getContentEncoding(...) |
16-
| A.java:13:28:13:42 | req | A.java:33:20:33:39 | getContentType(...) |
17-
| A.java:13:28:13:42 | req | A.java:34:20:34:44 | toString(...) |
18-
| A.java:13:28:13:42 | req | A.java:35:20:35:47 | toByteArray(...) |
19-
| A.java:13:28:13:42 | req | A.java:36:20:36:53 | getContentCharSet(...) |
20-
| A.java:13:28:13:42 | req | A.java:37:20:37:54 | getContentMimeType(...) |
21-
| A.java:13:28:13:42 | req | A.java:38:27:38:99 | new StringEntity(...) |
22-
| A.java:13:28:13:42 | req | A.java:39:43:39:91 | new ByteArrayEntity(...) |
23-
| A.java:13:28:13:42 | req | A.java:40:39:40:67 | getUri(...) |
24-
| A.java:13:28:13:42 | req | A.java:41:55:41:83 | getUri(...) |
25-
| A.java:31:20:31:35 | getContent(...) | A.java:31:20:31:35 | getContent(...) |
26-
| A.java:47:30:47:36 | taint(...) | A.java:48:14:48:26 | buffer(...) |
27-
| A.java:47:30:47:36 | taint(...) | A.java:49:14:49:31 | toByteArray(...) |
28-
| A.java:47:30:47:36 | taint(...) | A.java:53:14:53:31 | toCharArray(...) |
29-
| A.java:47:30:47:36 | taint(...) | A.java:54:14:54:28 | toString(...) |
30-
| A.java:47:30:47:36 | taint(...) | A.java:55:14:55:35 | subSequence(...) |
31-
| A.java:47:30:47:36 | taint(...) | A.java:56:14:56:33 | substring(...) |
32-
| A.java:47:30:47:36 | taint(...) | A.java:57:14:57:40 | substringTrimmed(...) |
33-
| A.java:59:27:59:33 | taint(...) | A.java:59:14:59:39 | notNull(...) |
34-
| A.java:60:37:60:43 | taint(...) | A.java:60:14:60:49 | notEmpty(...) |
35-
| A.java:61:37:61:43 | taint(...) | A.java:61:14:61:49 | notBlank(...) |
1+
| A.java:14:28:14:42 | req | A.java:15:20:15:39 | getRequestLine(...) |
2+
| A.java:14:28:14:42 | req | A.java:16:20:16:48 | getUri(...) |
3+
| A.java:14:28:14:42 | req | A.java:17:20:17:51 | getMethod(...) |
4+
| A.java:14:28:14:42 | req | A.java:18:20:18:38 | getAllHeaders(...) |
5+
| A.java:14:28:14:42 | req | A.java:20:20:20:28 | next(...) |
6+
| A.java:14:28:14:42 | req | A.java:21:20:21:34 | nextHeader(...) |
7+
| A.java:14:28:14:42 | req | A.java:23:20:23:30 | getName(...) |
8+
| A.java:14:28:14:42 | req | A.java:24:20:24:31 | getValue(...) |
9+
| A.java:14:28:14:42 | req | A.java:26:20:26:31 | getName(...) |
10+
| A.java:14:28:14:42 | req | A.java:27:20:27:32 | getValue(...) |
11+
| A.java:14:28:14:42 | req | A.java:28:20:28:37 | getParameters(...) |
12+
| A.java:14:28:14:42 | req | A.java:29:20:29:58 | getValue(...) |
13+
| A.java:14:28:14:42 | req | A.java:30:20:30:47 | getName(...) |
14+
| A.java:14:28:14:42 | req | A.java:32:20:32:35 | getContent(...) |
15+
| A.java:14:28:14:42 | req | A.java:33:20:33:43 | getContentEncoding(...) |
16+
| A.java:14:28:14:42 | req | A.java:34:20:34:39 | getContentType(...) |
17+
| A.java:14:28:14:42 | req | A.java:35:20:35:44 | toString(...) |
18+
| A.java:14:28:14:42 | req | A.java:36:20:36:47 | toByteArray(...) |
19+
| A.java:14:28:14:42 | req | A.java:37:20:37:53 | getContentCharSet(...) |
20+
| A.java:14:28:14:42 | req | A.java:38:20:38:54 | getContentMimeType(...) |
21+
| A.java:14:28:14:42 | req | A.java:39:27:39:99 | new StringEntity(...) |
22+
| A.java:14:28:14:42 | req | A.java:40:43:40:91 | new ByteArrayEntity(...) |
23+
| A.java:14:28:14:42 | req | A.java:41:39:41:67 | getUri(...) |
24+
| A.java:14:28:14:42 | req | A.java:42:55:42:83 | getUri(...) |
25+
| A.java:32:20:32:35 | getContent(...) | A.java:32:20:32:35 | getContent(...) |
26+
| A.java:48:30:48:36 | taint(...) | A.java:49:14:49:26 | buffer(...) |
27+
| A.java:48:30:48:36 | taint(...) | A.java:50:14:50:31 | toByteArray(...) |
28+
| A.java:48:30:48:36 | taint(...) | A.java:54:14:54:31 | toCharArray(...) |
29+
| A.java:48:30:48:36 | taint(...) | A.java:55:14:55:28 | toString(...) |
30+
| A.java:48:30:48:36 | taint(...) | A.java:56:14:56:35 | subSequence(...) |
31+
| A.java:48:30:48:36 | taint(...) | A.java:57:14:57:33 | substring(...) |
32+
| A.java:48:30:48:36 | taint(...) | A.java:58:14:58:40 | substringTrimmed(...) |
33+
| A.java:60:27:60:33 | taint(...) | A.java:60:14:60:39 | notNull(...) |
34+
| A.java:61:37:61:43 | taint(...) | A.java:61:14:61:49 | notEmpty(...) |
35+
| A.java:62:37:62:43 | taint(...) | A.java:62:14:62:49 | notBlank(...) |
36+
| B.java:15:28:15:49 | req | B.java:19:20:19:32 | getPath(...) |
37+
| B.java:15:28:15:49 | req | B.java:20:20:20:34 | getScheme(...) |
38+
| B.java:15:28:15:49 | req | B.java:21:20:21:38 | getRequestUri(...) |
39+
| B.java:15:28:15:49 | req | B.java:25:20:25:35 | getHeaders(...) |
40+
| B.java:15:28:15:49 | req | B.java:26:20:26:39 | headerIterator(...) |
41+
| B.java:15:28:15:49 | req | B.java:28:20:28:30 | getName(...) |
42+
| B.java:15:28:15:49 | req | B.java:29:20:29:31 | getValue(...) |
43+
| B.java:15:28:15:49 | req | B.java:30:20:30:44 | getFirstHeader(...) |
44+
| B.java:15:28:15:49 | req | B.java:31:20:31:43 | getLastHeader(...) |
45+
| B.java:15:28:15:49 | req | B.java:33:20:33:35 | getContent(...) |
46+
| B.java:15:28:15:49 | req | B.java:35:20:35:39 | getContentType(...) |
47+
| B.java:15:28:15:49 | req | B.java:36:20:36:40 | getTrailerNames(...) |
48+
| B.java:15:28:15:49 | req | B.java:44:39:44:57 | getRequestUri(...) |
49+
| B.java:15:28:15:49 | req | B.java:45:55:45:73 | getRequestUri(...) |
50+
| B.java:51:30:51:36 | taint(...) | B.java:52:14:52:25 | array(...) |
51+
| B.java:51:30:51:36 | taint(...) | B.java:53:14:53:31 | toByteArray(...) |
52+
| B.java:51:30:51:36 | taint(...) | B.java:57:14:57:31 | toCharArray(...) |
53+
| B.java:51:30:51:36 | taint(...) | B.java:58:14:58:28 | toString(...) |
54+
| B.java:51:30:51:36 | taint(...) | B.java:59:14:59:35 | subSequence(...) |
55+
| B.java:51:30:51:36 | taint(...) | B.java:60:14:60:33 | substring(...) |
56+
| B.java:51:30:51:36 | taint(...) | B.java:61:14:61:40 | substringTrimmed(...) |
57+
| B.java:63:27:63:33 | taint(...) | B.java:63:14:63:39 | notNull(...) |
58+
| B.java:64:37:64:43 | taint(...) | B.java:64:14:64:49 | notEmpty(...) |
59+
| B.java:65:37:65:43 | taint(...) | B.java:65:14:65:49 | notBlank(...) |

java/ql/test/library-tests/frameworks/apache-http/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13
1+
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13:${testdir}/../../../stubs/apache-http-5

java/ql/test/stubs/apache-http-5/org/apache/hc/core5/function/Supplier.java

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
/*
2+
* ====================================================================
3+
* Licensed to the Apache Software Foundation (ASF) under one
4+
* or more contributor license agreements. See the NOTICE file
5+
* distributed with this work for additional information
6+
* regarding copyright ownership. The ASF licenses this file
7+
* to you under the Apache License, Version 2.0 (the
8+
* "License"); you may not use this file except in compliance
9+
* with the License. You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing,
14+
* software distributed under the License is distributed on an
15+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
* KIND, either express or implied. See the License for the
17+
* specific language governing permissions and limitations
18+
* under the License.
19+
* ====================================================================
20+
*
21+
* This software consists of voluntary contributions made by many
22+
* individuals on behalf of the Apache Software Foundation. For more
23+
* information on the Apache Software Foundation, please see
24+
* <http://www.apache.org/>.
25+
*
26+
*/
27+
28+
package org.apache.hc.core5.function;
29+
30+
public interface Supplier<T> {
31+
T get();
32+
33+
}

java/ql/test/stubs/apache-http-5/org/apache/hc/core5/http/ClassicHttpRequest.java

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
/*
2+
* ====================================================================
3+
* Licensed to the Apache Software Foundation (ASF) under one
4+
* or more contributor license agreements. See the NOTICE file
5+
* distributed with this work for additional information
6+
* regarding copyright ownership. The ASF licenses this file
7+
* to you under the Apache License, Version 2.0 (the
8+
* "License"); you may not use this file except in compliance
9+
* with the License. You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing,
14+
* software distributed under the License is distributed on an
15+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
* KIND, either express or implied. See the License for the
17+
* specific language governing permissions and limitations
18+
* under the License.
19+
* ====================================================================
20+
*
21+
* This software consists of voluntary contributions made by many
22+
* individuals on behalf of the Apache Software Foundation. For more
23+
* information on the Apache Software Foundation, please see
24+
* <http://www.apache.org/>.
25+
*
26+
*/
27+
28+
package org.apache.hc.core5.http;
29+
30+
/**
31+
* 'Classic' {@link HttpRequest} message that can enclose {@link HttpEntity}.
32+
*
33+
* @since 5.0
34+
*/
35+
public interface ClassicHttpRequest extends HttpRequest, HttpEntityContainer {
36+
}

java/ql/test/stubs/apache-http-5/org/apache/hc/core5/http/ClassicHttpResponse.java

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
/*
2+
* ====================================================================
3+
* Licensed to the Apache Software Foundation (ASF) under one
4+
* or more contributor license agreements. See the NOTICE file
5+
* distributed with this work for additional information
6+
* regarding copyright ownership. The ASF licenses this file
7+
* to you under the Apache License, Version 2.0 (the
8+
* "License"); you may not use this file except in compliance
9+
* with the License. You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing,
14+
* software distributed under the License is distributed on an
15+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
* KIND, either express or implied. See the License for the
17+
* specific language governing permissions and limitations
18+
* under the License.
19+
* ====================================================================
20+
*
21+
* This software consists of voluntary contributions made by many
22+
* individuals on behalf of the Apache Software Foundation. For more
23+
* information on the Apache Software Foundation, please see
24+
* <http://www.apache.org/>.
25+
*
26+
*/
27+
28+
package org.apache.hc.core5.http;
29+
30+
import java.io.Closeable;
31+
32+
public interface ClassicHttpResponse extends HttpResponse, HttpEntityContainer, Closeable {
33+
}

0 commit comments

Comments
 (0)