From 6fdec47e83f114ce944fb0a3c2c2960aeb5e1df4 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Jul 2025 10:25:58 +0200 Subject: [PATCH] Java: Use MaD in log injection test --- .../query-tests/security/CWE-117/LogInjectionTest.ext.yml | 6 ++++++ .../query-tests/security/CWE-117/LogInjectionTest.java | 2 ++ .../test/query-tests/security/CWE-117/LogInjectionTest.ql | 7 ------- 3 files changed, 8 insertions(+), 7 deletions(-) create mode 100644 java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml new file mode 100644 index 000000000000..12a94a2c7a68 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ext.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["loginjection", "LogInjectionTest", False, "source", "()", "", "ReturnValue", "remote", "manual"] \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java index a28a55cbbba8..4cba286f475d 100644 --- a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java +++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java @@ -1,3 +1,5 @@ +package loginjection; + import java.util.ResourceBundle; import java.util.logging.LogRecord; import java.util.regex.Pattern; diff --git a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql index 4a295d8e8fac..17b1ce73246a 100644 --- a/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql +++ b/java/ql/test/query-tests/security/CWE-117/LogInjectionTest.ql @@ -1,11 +1,4 @@ import java import semmle.code.java.security.LogInjectionQuery import utils.test.InlineFlowTest - -private class TestSource extends RemoteFlowSource { - TestSource() { this.asExpr().(MethodCall).getMethod().hasName("source") } - - override string getSourceType() { result = "test source" } -} - import TaintFlowTest pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy