Skip to content

Commit 55401ef

Browse files
owen-mcowen-mc
committed
Add SPURIOUS test for += File.separator 
1 parent 54f3b27 commit 55401ef

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversal.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,4 @@
1414
| PartialPathTraversalTest.java:176:14:176:65 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
1515
| PartialPathTraversalTest.java:194:18:194:87 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
1616
| PartialPathTraversalTest.java:212:14:212:64 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |
17+
| PartialPathTraversalTest.java:234:14:234:54 | startsWith(...) | Partial Path Traversal Vulnerability due to insufficient guard against path traversal. |

java/ql/test/query-tests/security/CWE-023/semmle/tests/PartialPathTraversalTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,14 @@ void foo24(File parent) throws IOException {
228228
}
229229
}
230230

231+
void foo25(File parent) throws IOException {
232+
String path = parent.getCanonicalPath();
233+
path += File.separator;
234+
if (!dir().getCanonicalPath().startsWith(path)) { // $ SPURIOUS: Alert[java/partial-path-traversal-from-remote] Alert[java/partial-path-traversal]
235+
throw new IOException("Invalid directory: " + dir().getCanonicalPath());
236+
}
237+
}
238+
231239
public void doesNotFlagOptimalSafeVersion(File parent) throws IOException {
232240
if (!dir().toPath().normalize().startsWith(parent.toPath())) { // Safe
233241
throw new IOException("Path traversal attempt: " + dir().getCanonicalPath());

0 commit comments

Comments
 (0)