Fix MAD provenance in tests

Alvaro Muñoz · GeekMasher · commit 21bf69837d26 · 2024-06-13T19:41:38.000+01:00
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected b/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
@@ -8,19 +8,19 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44347 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:42664 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44282 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44346 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:43017 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44281 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:43716 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected b/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected
@@ -8,19 +8,19 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:43017 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44347 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:42664 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44282 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44346 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:43017 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44281 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:43716 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
diff --git a/java/test/security/CWE-532/SensitiveInformation.expected b/java/test/security/CWE-532/SensitiveInformation.expected
@@ -1,11 +1,11 @@
 edges
-| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:18:26:18:55 | ... + ... |
-| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:19:28:19:31 | attr |
-| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:20:66:20:69 | attr : String |
-| SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:17:23:17:62 | (...)... : String |
-| SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | SensitiveInformation.java:26:19:26:30 | responseBody |
-| SensitiveInformation.java:20:66:20:69 | attr : String | SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] |
-| SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String |
+| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:18:26:18:55 | ... + ... | provenance |  Sink:MaD:42906 |
+| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:19:28:19:31 | attr | provenance |  Sink:MaD:42909 |
+| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:20:66:20:69 | attr : String | provenance |  |
+| SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:17:23:17:62 | (...)... : String | provenance |  |
+| SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | SensitiveInformation.java:26:19:26:30 | responseBody | provenance |  Sink:MaD:42920 |
+| SensitiveInformation.java:20:66:20:69 | attr : String | SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | provenance | MaD:43090 |
+| SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | provenance | MaD:43723 |
 nodes
 | SensitiveInformation.java:17:23:17:62 | (...)... : String | semmle.label | (...)... : String |
 | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | semmle.label | getAttribute(...) : Object |
diff --git a/java/test/security/CWE-611/XXELocal.expected b/java/test/security/CWE-611/XXELocal.expected
@@ -1,7 +1,7 @@
 edges
-| XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:16:51:16:61 | inputStream : FileInputStream | provenance | Src:MaD:42645  |
+| XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:16:51:16:61 | inputStream : FileInputStream | provenance | Src:MaD:42998  |
 | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | XXELocal.java:24:25:24:35 | inputSource | provenance |  |
-| XXELocal.java:16:51:16:61 | inputStream : FileInputStream | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | provenance | MaD:49768 |
+| XXELocal.java:16:51:16:61 | inputStream : FileInputStream | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | provenance | MaD:49767 |
 nodes
 | XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
 | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource |
