Skip to content

Commit

Permalink
Java: move tests to lib
Browse files Browse the repository at this point in the history
  • Loading branch information
Jami Cogswell authored and Jami Cogswell committed Feb 25, 2025
1 parent ac328fd commit 45d12fe
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 47 deletions.
28 changes: 28 additions & 0 deletions java/ql/test/library-tests/pathsanitizer/Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,4 +604,32 @@ public void fileConstructorSanitizer() throws Exception {
sink(normalized); // $ hasTaintFlow
}
}

private void directoryCharsValidation(String path) throws Exception {
// TODO
}

public void directoryCharsSanitizer() throws Exception {
{
String source = (String) source();
// Ensures that directory characters (/, \ and ..) cannot possibly be in the payload
if (source.matches("[0-9a-fA-F]{20,}")) {
sink(source); // Safe
} else {
sink(source); // $ hasTaintFlow
}
}
{
String source = (String) source();
// Removes all ".." sequences and path separators from the payload
source = source.replaceAll("\\.\\.|[/\\\\]", "");
sink(source); // Safe
}
{
String source = (String) source();
// Removes all ".." sequences and path separators from the payload
source = source.replaceAll("\\.", "").replaceAll("/", "");
sink(source); // Safe
}
}
}
47 changes: 0 additions & 47 deletions java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,51 +87,4 @@ public void sendUserFileGood4(Socket sock, String user) throws IOException {
fileLine = fileReader.readLine();
}
}

// TODO : New tests

public void sendUserFileGood5(Socket sock, String user) throws IOException {
BufferedReader filenameReader = new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
// GOOD: remove all ".." sequences and path separators from the filename
String filename = filenameReader.readLine().replaceAll("\\.", "").replaceAll("/", "");
BufferedReader fileReader = new BufferedReader(new FileReader(filename)); // GOOD
String fileLine = fileReader.readLine();
while(fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());
fileLine = fileReader.readLine();
}
}

public void sendUserFileGood6(Socket sock, String user) throws IOException {
BufferedReader filenameReader = new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
String filename = filenameReader.readLine();
// GOOD: remove all ".." sequences and path separators from the filename
filename = filename.replaceAll("\\.\\.|[/\\\\]", "");
BufferedReader fileReader = new BufferedReader(new FileReader(filename)); // GOOD
String fileLine = fileReader.readLine();
while(fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());
fileLine = fileReader.readLine();
}
}

public void sendUserFileGood7(Socket sock, String user) throws Exception {
BufferedReader filenameReader =
new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
String filename = filenameReader.readLine();

// GOOD: ensure that that /, \ and .. cannot possibly be in the payload
if (filename.matches("[0-9a-fA-F]{20,}")) {
final Path pathObject = FileSystems.getDefault().getPath(filename); // summary now, see https://github.com/github/codeql/commit/19cb7adb6db17a3131b7db93482abc6a0d93ceff#diff-4b91db1bd2a19ab607f83fbe858f0ceffd942d1fb246739c731112367c865f88L8

BufferedReader fileReader = new BufferedReader(new FileReader(pathObject.toString())); // GOOD
String fileLine = fileReader.readLine();
while (fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());
fileLine = fileReader.readLine();
}
}

}

}

0 comments on commit 45d12fe

Please sign in to comment.