Skip to content

Commit fa65a9b

Browse files
d10cd10c
committed
Java: convert MvelInjection test to .qlref
1 parent 9cd5706 commit fa65a9b

File tree

6 files changed

+152
-34
lines changed

6 files changed

+152
-34
lines changed

java/ql/test/query-tests/security/CWE-094/MvelInjection/MvelInjectionTest.expected

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,133 @@
1+
#select
2+
| MvelInjectionTest.java:24:15:24:26 | read(...) | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:24:15:24:26 | read(...) | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
3+
| MvelInjectionTest.java:29:28:29:37 | expression | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:29:28:29:37 | expression | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
4+
| MvelInjectionTest.java:35:5:35:13 | statement | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:35:5:35:13 | statement | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
5+
| MvelInjectionTest.java:36:5:36:13 | statement | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:36:5:36:13 | statement | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
6+
| MvelInjectionTest.java:42:5:42:14 | expression | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:42:5:42:14 | expression | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
7+
| MvelInjectionTest.java:48:5:48:14 | expression | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:48:5:48:14 | expression | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
8+
| MvelInjectionTest.java:56:5:56:18 | compiledScript | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:56:5:56:18 | compiledScript | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
9+
| MvelInjectionTest.java:59:21:59:26 | script | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:59:21:59:26 | script | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
10+
| MvelInjectionTest.java:67:5:67:10 | script | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:67:5:67:10 | script | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
11+
| MvelInjectionTest.java:71:26:71:37 | read(...) | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:71:26:71:37 | read(...) | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
12+
| MvelInjectionTest.java:75:29:75:74 | compileTemplate(...) | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:75:29:75:74 | compileTemplate(...) | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
13+
| MvelInjectionTest.java:80:29:80:46 | compile(...) | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:80:29:80:46 | compile(...) | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
14+
| MvelInjectionTest.java:86:32:86:41 | expression | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:86:32:86:41 | expression | MVEL expression depends on a $@. | MvelInjectionTest.java:90:27:90:49 | getInputStream(...) | user-provided value |
15+
edges
16+
| MvelInjectionTest.java:28:31:28:66 | compileExpression(...) : Serializable | MvelInjectionTest.java:29:28:29:37 | expression | provenance | Sink:MaD:11 |
17+
| MvelInjectionTest.java:28:54:28:65 | read(...) : String | MvelInjectionTest.java:28:31:28:66 | compileExpression(...) : Serializable | provenance | Config |
18+
| MvelInjectionTest.java:33:35:33:70 | new ExpressionCompiler(...) : ExpressionCompiler | MvelInjectionTest.java:34:37:34:44 | compiler : ExpressionCompiler | provenance | |
19+
| MvelInjectionTest.java:33:58:33:69 | read(...) : String | MvelInjectionTest.java:33:35:33:70 | new ExpressionCompiler(...) : ExpressionCompiler | provenance | Config |
20+
| MvelInjectionTest.java:34:37:34:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:34:37:34:54 | compile(...) : CompiledExpression | provenance | Config |
21+
| MvelInjectionTest.java:34:37:34:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:35:5:35:13 | statement | provenance | Sink:MaD:5 |
22+
| MvelInjectionTest.java:34:37:34:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:36:5:36:13 | statement | provenance | Sink:MaD:2 |
23+
| MvelInjectionTest.java:40:35:40:70 | new ExpressionCompiler(...) : ExpressionCompiler | MvelInjectionTest.java:41:37:41:44 | compiler : ExpressionCompiler | provenance | |
24+
| MvelInjectionTest.java:40:58:40:69 | read(...) : String | MvelInjectionTest.java:40:35:40:70 | new ExpressionCompiler(...) : ExpressionCompiler | provenance | Config |
25+
| MvelInjectionTest.java:41:37:41:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:41:37:41:54 | compile(...) : CompiledExpression | provenance | Config |
26+
| MvelInjectionTest.java:41:37:41:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:42:5:42:14 | expression | provenance | Sink:MaD:4 |
27+
| MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | MvelInjectionTest.java:48:5:48:14 | expression | provenance | Sink:MaD:3 |
28+
| MvelInjectionTest.java:47:35:47:46 | read(...) : String | MvelInjectionTest.java:47:35:47:60 | toCharArray(...) : char[] | provenance | MaD:16 |
29+
| MvelInjectionTest.java:47:35:47:60 | toCharArray(...) : char[] | MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | provenance | Config |
30+
| MvelInjectionTest.java:52:20:52:31 | read(...) : String | MvelInjectionTest.java:55:52:55:56 | input : String | provenance | |
31+
| MvelInjectionTest.java:55:37:55:57 | compile(...) : CompiledScript | MvelInjectionTest.java:56:5:56:18 | compiledScript | provenance | Sink:MaD:1 |
32+
| MvelInjectionTest.java:55:52:55:56 | input : String | MvelInjectionTest.java:55:37:55:57 | compile(...) : CompiledScript | provenance | Config |
33+
| MvelInjectionTest.java:55:52:55:56 | input : String | MvelInjectionTest.java:58:49:58:53 | input : String | provenance | |
34+
| MvelInjectionTest.java:58:27:58:54 | compiledScript(...) : Serializable | MvelInjectionTest.java:59:21:59:26 | script | provenance | Sink:MaD:7 |
35+
| MvelInjectionTest.java:58:49:58:53 | input : String | MvelInjectionTest.java:58:27:58:54 | compiledScript(...) : Serializable | provenance | Config |
36+
| MvelInjectionTest.java:64:35:64:70 | new ExpressionCompiler(...) : ExpressionCompiler | MvelInjectionTest.java:65:37:65:44 | compiler : ExpressionCompiler | provenance | |
37+
| MvelInjectionTest.java:64:58:64:69 | read(...) : String | MvelInjectionTest.java:64:35:64:70 | new ExpressionCompiler(...) : ExpressionCompiler | provenance | Config |
38+
| MvelInjectionTest.java:65:37:65:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:65:37:65:54 | compile(...) : CompiledExpression | provenance | Config |
39+
| MvelInjectionTest.java:65:37:65:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:66:64:66:72 | statement : CompiledExpression | provenance | |
40+
| MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | MvelInjectionTest.java:67:5:67:10 | script | provenance | Sink:MaD:6 |
41+
| MvelInjectionTest.java:66:64:66:72 | statement : CompiledExpression | MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | provenance | Config |
42+
| MvelInjectionTest.java:75:62:75:73 | read(...) : String | MvelInjectionTest.java:75:29:75:74 | compileTemplate(...) | provenance | Config Sink:MaD:9 |
43+
| MvelInjectionTest.java:79:33:79:66 | new TemplateCompiler(...) : TemplateCompiler | MvelInjectionTest.java:80:29:80:36 | compiler : TemplateCompiler | provenance | |
44+
| MvelInjectionTest.java:79:54:79:65 | read(...) : String | MvelInjectionTest.java:79:33:79:66 | new TemplateCompiler(...) : TemplateCompiler | provenance | Config |
45+
| MvelInjectionTest.java:80:29:80:36 | compiler : TemplateCompiler | MvelInjectionTest.java:80:29:80:46 | compile(...) | provenance | Config Sink:MaD:9 |
46+
| MvelInjectionTest.java:84:35:84:70 | new ExpressionCompiler(...) : ExpressionCompiler | MvelInjectionTest.java:85:37:85:44 | compiler : ExpressionCompiler | provenance | |
47+
| MvelInjectionTest.java:84:58:84:69 | read(...) : String | MvelInjectionTest.java:84:35:84:70 | new ExpressionCompiler(...) : ExpressionCompiler | provenance | Config |
48+
| MvelInjectionTest.java:85:37:85:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:85:37:85:54 | compile(...) : CompiledExpression | provenance | Config |
49+
| MvelInjectionTest.java:85:37:85:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:86:32:86:41 | expression | provenance | Sink:MaD:12 |
50+
| MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | MvelInjectionTest.java:92:15:92:16 | is : InputStream | provenance | Src:MaD:13 |
51+
| MvelInjectionTest.java:92:15:92:16 | is : InputStream | MvelInjectionTest.java:92:23:92:27 | bytes [post update] : byte[] | provenance | MaD:14 |
52+
| MvelInjectionTest.java:92:23:92:27 | bytes [post update] : byte[] | MvelInjectionTest.java:93:25:93:29 | bytes : byte[] | provenance | |
53+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:24:15:24:26 | read(...) | provenance | Sink:MaD:10 |
54+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:28:54:28:65 | read(...) : String | provenance | |
55+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:33:58:33:69 | read(...) : String | provenance | |
56+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:40:58:40:69 | read(...) : String | provenance | |
57+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:47:35:47:46 | read(...) : String | provenance | |
58+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:52:20:52:31 | read(...) : String | provenance | |
59+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:64:58:64:69 | read(...) : String | provenance | |
60+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:71:26:71:37 | read(...) | provenance | Sink:MaD:8 |
61+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:75:62:75:73 | read(...) : String | provenance | |
62+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:79:54:79:65 | read(...) : String | provenance | |
63+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | MvelInjectionTest.java:84:58:84:69 | read(...) : String | provenance | |
64+
| MvelInjectionTest.java:93:25:93:29 | bytes : byte[] | MvelInjectionTest.java:93:14:93:36 | new String(...) : String | provenance | MaD:15 |
65+
models
66+
| 1 | Sink: javax.script; CompiledScript; false; eval; ; ; Argument[this]; mvel-injection; manual |
67+
| 2 | Sink: org.mvel2.compiler; Accessor; false; getValue; ; ; Argument[this]; mvel-injection; manual |
68+
| 3 | Sink: org.mvel2.compiler; CompiledAccExpression; false; getValue; ; ; Argument[this]; mvel-injection; manual |
69+
| 4 | Sink: org.mvel2.compiler; CompiledExpression; false; getDirectValue; ; ; Argument[this]; mvel-injection; manual |
70+
| 5 | Sink: org.mvel2.compiler; ExecutableStatement; false; getValue; ; ; Argument[this]; mvel-injection; manual |
71+
| 6 | Sink: org.mvel2.jsr223; MvelCompiledScript; false; eval; ; ; Argument[this]; mvel-injection; manual |
72+
| 7 | Sink: org.mvel2.jsr223; MvelScriptEngine; false; evaluate; ; ; Argument[0]; mvel-injection; manual |
73+
| 8 | Sink: org.mvel2.templates; TemplateRuntime; false; eval; ; ; Argument[0]; mvel-injection; manual |
74+
| 9 | Sink: org.mvel2.templates; TemplateRuntime; false; execute; ; ; Argument[0]; mvel-injection; manual |
75+
| 10 | Sink: org.mvel2; MVEL; false; eval; ; ; Argument[0]; mvel-injection; manual |
76+
| 11 | Sink: org.mvel2; MVEL; false; executeExpression; ; ; Argument[0]; mvel-injection; manual |
77+
| 12 | Sink: org.mvel2; MVELRuntime; false; execute; ; ; Argument[1]; mvel-injection; manual |
78+
| 13 | Source: java.net; Socket; false; getInputStream; (); ; ReturnValue; remote; manual |
79+
| 14 | Summary: java.io; InputStream; true; read; (byte[]); ; Argument[this]; Argument[0]; taint; manual |
80+
| 15 | Summary: java.lang; String; false; String; ; ; Argument[0]; Argument[this]; taint; manual |
81+
| 16 | Summary: java.lang; String; false; toCharArray; ; ; Argument[this]; ReturnValue; taint; manual |
82+
nodes
83+
| MvelInjectionTest.java:24:15:24:26 | read(...) | semmle.label | read(...) |
84+
| MvelInjectionTest.java:28:31:28:66 | compileExpression(...) : Serializable | semmle.label | compileExpression(...) : Serializable |
85+
| MvelInjectionTest.java:28:54:28:65 | read(...) : String | semmle.label | read(...) : String |
86+
| MvelInjectionTest.java:29:28:29:37 | expression | semmle.label | expression |
87+
| MvelInjectionTest.java:33:35:33:70 | new ExpressionCompiler(...) : ExpressionCompiler | semmle.label | new ExpressionCompiler(...) : ExpressionCompiler |
88+
| MvelInjectionTest.java:33:58:33:69 | read(...) : String | semmle.label | read(...) : String |
89+
| MvelInjectionTest.java:34:37:34:44 | compiler : ExpressionCompiler | semmle.label | compiler : ExpressionCompiler |
90+
| MvelInjectionTest.java:34:37:34:54 | compile(...) : CompiledExpression | semmle.label | compile(...) : CompiledExpression |
91+
| MvelInjectionTest.java:35:5:35:13 | statement | semmle.label | statement |
92+
| MvelInjectionTest.java:36:5:36:13 | statement | semmle.label | statement |
93+
| MvelInjectionTest.java:40:35:40:70 | new ExpressionCompiler(...) : ExpressionCompiler | semmle.label | new ExpressionCompiler(...) : ExpressionCompiler |
94+
| MvelInjectionTest.java:40:58:40:69 | read(...) : String | semmle.label | read(...) : String |
95+
| MvelInjectionTest.java:41:37:41:44 | compiler : ExpressionCompiler | semmle.label | compiler : ExpressionCompiler |
96+
| MvelInjectionTest.java:41:37:41:54 | compile(...) : CompiledExpression | semmle.label | compile(...) : CompiledExpression |
97+
| MvelInjectionTest.java:42:5:42:14 | expression | semmle.label | expression |
98+
| MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | semmle.label | new CompiledAccExpression(...) : CompiledAccExpression |
99+
| MvelInjectionTest.java:47:35:47:46 | read(...) : String | semmle.label | read(...) : String |
100+
| MvelInjectionTest.java:47:35:47:60 | toCharArray(...) : char[] | semmle.label | toCharArray(...) : char[] |
101+
| MvelInjectionTest.java:48:5:48:14 | expression | semmle.label | expression |
102+
| MvelInjectionTest.java:52:20:52:31 | read(...) : String | semmle.label | read(...) : String |
103+
| MvelInjectionTest.java:55:37:55:57 | compile(...) : CompiledScript | semmle.label | compile(...) : CompiledScript |
104+
| MvelInjectionTest.java:55:52:55:56 | input : String | semmle.label | input : String |
105+
| MvelInjectionTest.java:56:5:56:18 | compiledScript | semmle.label | compiledScript |
106+
| MvelInjectionTest.java:58:27:58:54 | compiledScript(...) : Serializable | semmle.label | compiledScript(...) : Serializable |
107+
| MvelInjectionTest.java:58:49:58:53 | input : String | semmle.label | input : String |
108+
| MvelInjectionTest.java:59:21:59:26 | script | semmle.label | script |
109+
| MvelInjectionTest.java:64:35:64:70 | new ExpressionCompiler(...) : ExpressionCompiler | semmle.label | new ExpressionCompiler(...) : ExpressionCompiler |
110+
| MvelInjectionTest.java:64:58:64:69 | read(...) : String | semmle.label | read(...) : String |
111+
| MvelInjectionTest.java:65:37:65:44 | compiler : ExpressionCompiler | semmle.label | compiler : ExpressionCompiler |
112+
| MvelInjectionTest.java:65:37:65:54 | compile(...) : CompiledExpression | semmle.label | compile(...) : CompiledExpression |
113+
| MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | semmle.label | new MvelCompiledScript(...) : MvelCompiledScript |
114+
| MvelInjectionTest.java:66:64:66:72 | statement : CompiledExpression | semmle.label | statement : CompiledExpression |
115+
| MvelInjectionTest.java:67:5:67:10 | script | semmle.label | script |
116+
| MvelInjectionTest.java:71:26:71:37 | read(...) | semmle.label | read(...) |
117+
| MvelInjectionTest.java:75:29:75:74 | compileTemplate(...) | semmle.label | compileTemplate(...) |
118+
| MvelInjectionTest.java:75:62:75:73 | read(...) : String | semmle.label | read(...) : String |
119+
| MvelInjectionTest.java:79:33:79:66 | new TemplateCompiler(...) : TemplateCompiler | semmle.label | new TemplateCompiler(...) : TemplateCompiler |
120+
| MvelInjectionTest.java:79:54:79:65 | read(...) : String | semmle.label | read(...) : String |
121+
| MvelInjectionTest.java:80:29:80:36 | compiler : TemplateCompiler | semmle.label | compiler : TemplateCompiler |
122+
| MvelInjectionTest.java:80:29:80:46 | compile(...) | semmle.label | compile(...) |
123+
| MvelInjectionTest.java:84:35:84:70 | new ExpressionCompiler(...) : ExpressionCompiler | semmle.label | new ExpressionCompiler(...) : ExpressionCompiler |
124+
| MvelInjectionTest.java:84:58:84:69 | read(...) : String | semmle.label | read(...) : String |
125+
| MvelInjectionTest.java:85:37:85:44 | compiler : ExpressionCompiler | semmle.label | compiler : ExpressionCompiler |
126+
| MvelInjectionTest.java:85:37:85:54 | compile(...) : CompiledExpression | semmle.label | compile(...) : CompiledExpression |
127+
| MvelInjectionTest.java:86:32:86:41 | expression | semmle.label | expression |
128+
| MvelInjectionTest.java:90:27:90:49 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
129+
| MvelInjectionTest.java:92:15:92:16 | is : InputStream | semmle.label | is : InputStream |
130+
| MvelInjectionTest.java:92:23:92:27 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
131+
| MvelInjectionTest.java:93:14:93:36 | new String(...) : String | semmle.label | new String(...) : String |
132+
| MvelInjectionTest.java:93:25:93:29 | bytes : byte[] | semmle.label | bytes : byte[] |
133+
subpaths

0 commit comments

Comments
 (0)