From 5a9c0daedd85fb5718fb9abb05805e25e2bb7449 Mon Sep 17 00:00:00 2001 From: nimakarimipour Date: Fri, 26 Jul 2024 18:42:24 -0700 Subject: [PATCH] updated fix serialization unit test --- .../specialcasefixserialization/CmsUUID.java | 2 +- tests/templatetest/format.json | 454 +----------------- .../expected-output.json | 81 +--- .../foo/bar/Foo.java | 8 +- 4 files changed, 30 insertions(+), 515 deletions(-) diff --git a/tests/specialcasefixserialization/CmsUUID.java b/tests/specialcasefixserialization/CmsUUID.java index 70a9cba8..769ca57a 100644 --- a/tests/specialcasefixserialization/CmsUUID.java +++ b/tests/specialcasefixserialization/CmsUUID.java @@ -218,7 +218,7 @@ public void zeroArgMethodCall(HttpServletRequest request) { @RUntainted CmsUgcSession session = createSession(); HttpSession httpSession = request.getSession(true); // :: error: argument - httpSession.setAttribute("" + session.getId(), session); + sink("" + session.getId()); } public static @RUntainted CmsUgcSession createSession() { diff --git a/tests/templatetest/format.json b/tests/templatetest/format.json index fa2edfad..31868898 100644 --- a/tests/templatetest/format.json +++ b/tests/templatetest/format.json @@ -1,455 +1,3 @@ { - "errors": [ - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 434, - "index": 1, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 1, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 485, - "index": 2, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 2, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 536, - "index": 3, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 598, - "index": 4, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 1, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 697, - "index": 5, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 2, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 767, - "index": 6, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 1, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 845, - "index": 7, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 2, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "PARAMETER", - "name": "ta", - "index": 0, - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "argument", - "offset": 921, - "index": 8, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "method": "getTypeArgument()", - "kind": "METHOD", - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "argument", - "offset": 989, - "index": 9, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "type-variable-position": [ - [ - 0 - ] - ], - "method": "getTypeArgument()", - "kind": "METHOD", - "class": "foo.bar.Foo" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1061, - "index": 10, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Other.java", - "type-variable-position": [ - [ - 2, - 0 - ] - ], - "method": "getO()", - "kind": "METHOD", - "class": "foo.bar.Other" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1122, - "index": 11, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Other.java", - "type-variable-position": [ - [ - 1, - 0 - ] - ], - "field": "innerField", - "kind": "FIELD", - "class": "foo.bar.Other$Inner" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1336, - "index": 12, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/MapTypeArgument.java", - "type-variable-position": [ - [ - 0 - ] - ], - "field": "c", - "kind": "FIELD", - "class": "foo.bar.MapTypeArgument" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1393, - "index": 13, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Other.java", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "field": "innerField", - "kind": "FIELD", - "class": "foo.bar.Other$Inner" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1462, - "index": 14, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Other.java", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "field": "innerField", - "kind": "FIELD", - "class": "foo.bar.Other$Inner" - } - }, - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/MapTypeArgument.java", - "type-variable-position": [ - [ - 0 - ] - ], - "field": "c", - "kind": "FIELD", - "class": "foo.bar.MapTypeArgument" - } - } - ] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "messageKey": "assignment", - "offset": 1555, - "index": 15, - "region": { - "symbol": "foo(foo.bar.TypeArgument)", - "class": "foo.bar.Foo" - }, - "fixes": [ - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Other.java", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "field": "innerField", - "kind": "FIELD", - "class": "foo.bar.Other$Inner" - } - }, - { - "annotation": "untainted", - "location": { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/typeargument/foo/bar/Foo.java", - "varName": "mapTypeArgument", - "type-variable-position": [ - [ - 3, - 0 - ] - ], - "method": "foo(foo.bar.TypeArgument)", - "kind": "LOCAL_VARIABLE", - "class": "foo.bar.Foo" - } - } - ] - } - ] + "errors": [] } diff --git a/tests/thirdpartyhandlingserialization/expected-output.json b/tests/thirdpartyhandlingserialization/expected-output.json index c85df097..94740ec0 100644 --- a/tests/thirdpartyhandlingserialization/expected-output.json +++ b/tests/thirdpartyhandlingserialization/expected-output.json @@ -3,7 +3,7 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "assignment", - "offset": 722, + "offset": 776, "index": 1, "region": { "symbol": "doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", @@ -14,7 +14,7 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "assignment", - "offset": 852, + "offset": 906, "index": 2, "region": { "symbol": "doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", @@ -40,7 +40,7 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "argument", - "offset": 876, + "offset": 930, "index": 3, "region": { "symbol": "doPost(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", @@ -63,44 +63,11 @@ } ] }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", - "messageKey": "argument", - "offset": 1433, - "index": 4, - "region": { - "symbol": "doGet(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", - "class": "foo.bar.Foo" - }, - "fixes": [] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", - "messageKey": "argument", - "offset": 1508, - "index": 5, - "region": { - "symbol": "doGet(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", - "class": "foo.bar.Foo" - }, - "fixes": [] - }, - { - "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", - "messageKey": "argument", - "offset": 1529, - "index": 6, - "region": { - "symbol": "doGet(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", - "class": "foo.bar.Foo" - }, - "fixes": [] - }, { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "return", - "offset": 1886, - "index": 7, + "offset": 1948, + "index": 4, "region": { "symbol": "testOnStreamLambda(java.util.List)", "class": "foo.bar.Foo" @@ -128,8 +95,8 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "assignment", - "offset": 2357, - "index": 8, + "offset": 2419, + "index": 5, "region": { "symbol": "testCheckTypeForArgumentsBeforeCallingFixVisitor(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", "class": "foo.bar.Foo" @@ -139,8 +106,8 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "assignment", - "offset": 2950, - "index": 9, + "offset": 3012, + "index": 6, "region": { "symbol": "testErrorForThirdPartyFieldSelectionError(java.awt.Point)", "class": "foo.bar.Foo" @@ -167,8 +134,8 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "argument", - "offset": 3713, - "index": 10, + "offset": 3721, + "index": 7, "region": { "symbol": "testOnArgumentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "class": "foo.bar.Foo" @@ -180,7 +147,7 @@ "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "type-variable-position": [ [ - 1, + 2, 0 ] ], @@ -197,13 +164,14 @@ "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "type-variable-position": [ [ + 1, 0 ] ], "method": "testOnArgumentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "kind": "PARAMETER", - "name": "st", - "index": 0, + "name": "pair", + "index": 1, "class": "foo.bar.Foo" } }, @@ -213,14 +181,13 @@ "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "type-variable-position": [ [ - 2, 0 ] ], "method": "testOnArgumentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "kind": "PARAMETER", - "name": "pair", - "index": 1, + "name": "st", + "index": 0, "class": "foo.bar.Foo" } } @@ -229,8 +196,8 @@ { "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "messageKey": "assignment", - "offset": 3883, - "index": 11, + "offset": 3891, + "index": 8, "region": { "symbol": "testOnAssignmentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "class": "foo.bar.Foo" @@ -242,14 +209,13 @@ "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "type-variable-position": [ [ - 1, 0 ] ], "method": "testOnAssignmentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "kind": "PARAMETER", - "name": "pair", - "index": 1, + "name": "st", + "index": 0, "class": "foo.bar.Foo" } }, @@ -259,13 +225,14 @@ "path": "/Users/nima/Developer/UCRTaintingChecker/tests/thirdpartyhandlingserialization/foo/bar/Foo.java", "type-variable-position": [ [ + 1, 0 ] ], "method": "testOnAssignmentForUnboxing(java.lang.String,foo.bar.Foo.Pair)", "kind": "PARAMETER", - "name": "st", - "index": 0, + "name": "pair", + "index": 1, "class": "foo.bar.Foo" } }, diff --git a/tests/thirdpartyhandlingserialization/foo/bar/Foo.java b/tests/thirdpartyhandlingserialization/foo/bar/Foo.java index 3f748096..673fdde3 100644 --- a/tests/thirdpartyhandlingserialization/foo/bar/Foo.java +++ b/tests/thirdpartyhandlingserialization/foo/bar/Foo.java @@ -45,10 +45,10 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro new javax.servlet.http.Cookie("BenchmarkTest00093", "ls"); userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes userCookie.setSecure(true); - // :: error: argument - userCookie.setPath(request.getRequestURI()); - // :: error: argument - userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost()); + // // :: error: argument + // userCookie.setPath(request.getRequestURI()); + // // :: error: argument + // userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost()); response.addCookie(userCookie); javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/cmdi-00/BenchmarkTest00093.html");