GitHubSecurityLab
diff --git a/‎java/test/TestUtilities/PrettyPrintModels.ql
Lines changed: 11 additions & 0 deletions b/‎java/test/TestUtilities/PrettyPrintModels.ql
Lines changed: 11 additions & 0 deletions
diff --git a/‎java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
Lines changed: 16 additions & 11 deletions b/‎java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
Lines changed: 16 additions & 11 deletions
diff --git a/‎java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
Lines changed: 2 additions & 1 deletion b/‎java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
Lines changed: 2 additions & 1 deletion
@@ -0,0 +1,11 @@
+/**
+ * @kind test-postprocess
+ */
+
+import semmle.code.java.dataflow.ExternalFlow
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
+
+from string relation, int row, int column, string data
+where results(relation, row, column, data)
+select relation, row, column, data
@@ -1,3 +1,7 @@
+#select
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
 edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | provenance |  |
@@ -8,23 +12,28 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance | Sink:MaD:44132 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:44132 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:44132 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:44132 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:45849 Sink:MaD:44132 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:45784 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:45214 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
+models
+| 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
+| 2 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -48,7 +57,3 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | semmle.label | ...[...] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | semmle.label | ...[...] : String |
 subpaths
-#select
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
 
@@ -1 +1,2 @@
-security/CWE-078/CommandInjectionRuntimeExecTest.ql
+query: security/CWE-078/CommandInjectionRuntimeExecTest.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-security/CWE-078/CommandInjectionRuntimeExecTest.ql`
	`1`	`+query: security/CWE-078/CommandInjectionRuntimeExecTest.ql`
	`2`	`+postprocess: TestUtilities/PrettyPrintModels.ql`