java: add more tests for java/maven/non-https-url

Author: esbena

java/ql/test/query-tests/security/CWE-829/semmle/tests/InsecureDependencyResolution.expected

@@ -1,4 +1,8 @@
 | insecure-pom.xml:19:9:24:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
 | insecure-pom.xml:25:9:30:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
-| insecure-pom.xml:33:9:38:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
-| insecure-pom.xml:41:9:46:28 | pluginRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
+| insecure-pom.xml:31:9:36:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost.example |
+| insecure-pom.xml:39:9:44:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
+| insecure-pom.xml:47:9:52:28 | pluginRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
+| secure-pom.xml:31:9:36:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost/snaphots |
+| secure-pom.xml:37:9:42:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost:82 |
+| secure-pom.xml:51:9:55:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost:${deploy.webserver.port}/repo |

java/ql/test/query-tests/security/CWE-829/semmle/tests/insecure-pom.xml

@@ -28,6 +28,12 @@
             <!-- BAD! Use HTTPS -->
             <url>http://insecure-repository.example</url>
         </snapshotRepository>
+        <snapshotRepository>
+            <id>insecure-snapshots</id>
+            <name>Insecure Repository Snapshots</name>
+            <!-- BAD! Use HTTPS -->
+            <url>http://localhost.example</url>
+        </snapshotRepository>
     </distributionManagement>
     <repositories>
         <repository>

java/ql/test/query-tests/security/CWE-829/semmle/tests/secure-pom.xml

@@ -28,6 +28,18 @@
             <!-- GOOD! Use HTTPS -->
             <url>https://insecure-repository.example</url>
         </snapshotRepository>
+        <snapshotRepository>
+            <id>insecure-snapshots</id>
+            <name>Secure Repository Snapshots</name>
+            <!-- GOOD! Use HTTP, but for localhost -->
+            <url>http://localhost/snaphots</url>
+        </snapshotRepository>
+        <snapshotRepository>
+            <id>insecure-snapshots</id>
+            <name>Secure Repository Snapshots</name>
+            <!-- GOOD! Use HTTP, but for localhost -->
+            <url>http://localhost:82</url>
+        </snapshotRepository>
     </distributionManagement>
     <repositories>
         <repository>
@@ -36,6 +48,11 @@
             <!-- GOOD! Use HTTPS -->
             <url>https://insecure-repository.example</url>
         </repository>
+        <repository>
+	        <id>test</id>
+	        <!-- GOOD! Use HTTP, but for localhost -->
+	        <url>http://localhost:${deploy.webserver.port}/repo</url>
+        </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>