Merge branch 'github:main' into main

Author: krishnprakash

java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll

@@ -323,6 +323,10 @@ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { isUnsafeDeserializationSanitizer(node) }
 
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    result = sink.(UnsafeDeserializationSink).getMethodCall().getLocation()
+  }
 }
 
 module UnsafeDeserializationFlow = TaintTracking::Global<UnsafeDeserializationConfig>;

java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll

@@ -47,18 +47,6 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig {
     node instanceof SimpleTypeSanitizer or
     node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod
   }
-
-  predicate observeDiffInformedIncrementalMode() { any() }
-
-  Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp |
-      regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
-    |
-      result = sink.getLocation()
-      or
-      result = regexp.getLocation()
-    )
-  }
 }
 
 module PolynomialRedosFlow = TaintTracking::Global<PolynomialRedosConfig>;

java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected

@@ -10,10 +10,10 @@
 public class TaintedPath {
     public void sendUserFile(Socket sock, String user) throws IOException {
         BufferedReader filenameReader =
-                new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
+                new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8")); // $ Source
         String filename = filenameReader.readLine();
         // BAD: read from a file without checking its path
-        BufferedReader fileReader = new BufferedReader(new FileReader(filename)); // $ hasTaintFlow
+        BufferedReader fileReader = new BufferedReader(new FileReader(filename)); // $ Alert
         String fileLine = fileReader.readLine();
         while (fileLine != null) {
             sock.getOutputStream().write(fileLine.getBytes());

java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.java

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-022/TaintedPath.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.ql

@@ -1,16 +1,16 @@
-| PartialPathTraversalTest.java:10:14:10:73 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:17:9:17:72 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:29:14:29:58 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:35:14:35:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:42:14:42:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:49:14:49:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:53:14:53:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:61:14:61:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:64:14:64:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:75:14:75:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:94:14:94:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:102:14:102:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:105:14:105:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:173:14:173:63 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:191:18:191:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
-| PartialPathTraversalTest.java:209:14:209:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:13:14:13:75 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:20:9:20:74 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:32:14:32:60 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:38:14:38:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:45:14:45:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:52:14:52:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:56:14:56:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:64:14:64:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:67:14:67:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:78:14:78:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:97:14:97:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:105:14:105:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:108:14:108:66 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:176:14:176:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:194:18:194:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
+| PartialPathTraversalTest.java:212:14:212:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |