From ce387e19df2027365c5453da8b1895eb447195c4 Mon Sep 17 00:00:00 2001 From: elsapet Date: Fri, 9 Feb 2024 17:08:49 +0200 Subject: [PATCH] feat: add secure test --- tests/java/lang/apache_commons_collection/test.js | 11 ++++++++++- .../testdata/insecure/main.java | 2 +- .../testdata/secure/main.java | 9 +++++++++ .../testdata/secure/maven-dependencies.json | 10 ++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 tests/java/lang/apache_commons_collection/testdata/secure/main.java create mode 100644 tests/java/lang/apache_commons_collection/testdata/secure/maven-dependencies.json diff --git a/tests/java/lang/apache_commons_collection/test.js b/tests/java/lang/apache_commons_collection/test.js index 5089fc8b9..ffa0cfcb3 100644 --- a/tests/java/lang/apache_commons_collection/test.js +++ b/tests/java/lang/apache_commons_collection/test.js @@ -7,7 +7,16 @@ const { ruleId, ruleFile, testBase } = getEnvironment(__dirname) describe(ruleId, () => { const invoke = createNewInvoker(ruleId, ruleFile, testBase) - test("apache_commons_collection", () => { + test("apache_commons_collection_secure", () => { + const testCase = "secure/" + + const results = invoke(testCase) + + expect(results.Missing).toEqual([]) + expect(results.Extra).toEqual([]) + }) + + test("apache_commons_collection_insecure", () => { const testCase = "insecure/" const results = invoke(testCase) diff --git a/tests/java/lang/apache_commons_collection/testdata/insecure/main.java b/tests/java/lang/apache_commons_collection/testdata/insecure/main.java index c56b7b771..08d4b97d8 100644 --- a/tests/java/lang/apache_commons_collection/testdata/insecure/main.java +++ b/tests/java/lang/apache_commons_collection/testdata/insecure/main.java @@ -2,7 +2,7 @@ public class Foo { public static void bad(String[] args) throws Exception { - // bearer:expected java_lang_apache_commons_collection + // ok - version 3.2.2 + InvokerTransformer transformer = new InvokerTransformer("exec", new Class[]{String.class}, new Object[]{"calc.exe"}); Object result = transformer.transform(null); } diff --git a/tests/java/lang/apache_commons_collection/testdata/secure/main.java b/tests/java/lang/apache_commons_collection/testdata/secure/main.java new file mode 100644 index 000000000..c56b7b771 --- /dev/null +++ b/tests/java/lang/apache_commons_collection/testdata/secure/main.java @@ -0,0 +1,9 @@ +import org.apache.commons.collections3; + +public class Foo { + public static void bad(String[] args) throws Exception { + // bearer:expected java_lang_apache_commons_collection + InvokerTransformer transformer = new InvokerTransformer("exec", new Class[]{String.class}, new Object[]{"calc.exe"}); + Object result = transformer.transform(null); + } +} diff --git a/tests/java/lang/apache_commons_collection/testdata/secure/maven-dependencies.json b/tests/java/lang/apache_commons_collection/testdata/secure/maven-dependencies.json new file mode 100644 index 000000000..68c78b6fb --- /dev/null +++ b/tests/java/lang/apache_commons_collection/testdata/secure/maven-dependencies.json @@ -0,0 +1,10 @@ +[{ + "groupId": "org.apache.commons", + "artifactId": "commons-collections3", + "version": "3.2.2" +}, +{ + "groupId": "test1", + "artifactId": "testartifact1", + "version": "1.0.beta" +}] \ No newline at end of file