Examples of com.denimgroup.threadfix.framework.engine.DefaultCodePoint

• com.denimgroup.threadfix.framework.engine.DefaultCodePoint

    EndpointQuery generateCodePoints(String... lines) {
        List<CodePoint> codePoints = list();

        for (String line : lines) {
            codePoints.add(new DefaultCodePoint("test", 1, line));
        }

        return EndpointQueryBuilder.start()
                .setCodePoints(codePoints)
                .generateQuery();

  public void testBasicModelParsing() {

    for (ParameterParser parser : allParsers) {
      // These are from the PetClinic Fortify results
      List<? extends CodePoint> basicModelElements = Arrays.asList(
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
            "public String processFindForm(Owner owner, BindingResult result, Model model) {"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
            "Collection<Owner> results = this.clinicService.findOwnerByLastName(owner.getLastName());"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
            "Collection<Owner> results = this.clinicService.findOwnerByLastName(owner.getLastName());"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
            "return ownerRepository.findByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
            "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
        );

      EndpointQuery finding = EndpointQueryBuilder.start()
          .setCodePoints(basicModelElements)

  public void testRequestParamParsing1() {

    for (ParameterParser parser : allParsers) {
      // These are doctored to test other methods of passing Spring parameters
      List<DefaultCodePoint> chainedRequestParamElements1 = Arrays.asList(
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
          "public String processFindForm(@RequestParam(\"testParam\") String lastName, Model model) {"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
          "return ownerRepository.findByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
          "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
        );

      EndpointQuery finding = EndpointQueryBuilder.start()
          .setCodePoints(chainedRequestParamElements1)

  public void testRequestParamParsing2() {

    for (ParameterParser parser : allParsers) {
      // These are doctored to test other methods of passing Spring parameters
      List<DefaultCodePoint> chainedRequestParamElements2 = Arrays.asList(
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
          "public String processFindForm(@RequestParam String lastName, Model model) {"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
          "return ownerRepository.findByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
          "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
        );

      EndpointQuery finding = EndpointQueryBuilder.start()
          .setCodePoints(chainedRequestParamElements2)

  @Test
  public void testPathVariableParsing1() {
    for (ParameterParser parser : allParsers) {
      // These are doctored to test other methods of passing Spring parameters
      List<DefaultCodePoint> chainedPathVariableElements1 = Arrays.asList(
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
          "public String processFindForm(@PathVariable(\"testParam\") String lastName, Model model) {"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
          "return ownerRepository.findByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
          "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
        );

      EndpointQuery finding = EndpointQueryBuilder.start()
          .setCodePoints(chainedPathVariableElements1)

  @Test
  public void testPathVariableParsing2() {
    for (ParameterParser parser : allParsers) {
      // These are doctored to test other methods of passing Spring parameters
      List<DefaultCodePoint> pathVariableElements2 = Arrays.asList(
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
          "public String processFindForm(@PathVariable String lastName, Model model) {"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
          "return ownerRepository.findByLastName(lastName);"),
        new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
          "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
        );

      EndpointQuery finding = EndpointQueryBuilder.start()
          .setCodePoints(pathVariableElements2)

  @Test
  public void testChainedModelParsing() {

    // These are doctored to test a corner case
    List<DefaultCodePoint> chainedModelElements = Arrays.asList(
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
          "public String processFindForm(Pet pet, BindingResult result, Model model) {"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(pet.getOwner().getLastName());"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
          "Collection<Owner> results = this.clinicService.findOwnerByLastName(pet.getOwner().getLastName());"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
          "return ownerRepository.findByLastName(lastName);"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
          "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
      );

    EndpointQuery finding = EndpointQueryBuilder.start()
        .setCodePoints(chainedModelElements)

  public void testMatchingSourceAndSink() {

        for (ParameterParser parser : allParsers) {
            // These are doctored to match real data we've seen
            List<DefaultCodePoint> chainedRequestParamElements1 = Arrays.asList(
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
                            "public String processFindForm(@RequestParam String lastName, @RequestParam String firstName) {"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
                            "Collection<Owner> results = this.clinicService.findOwnerByLastName(lastName);"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
                            "return ownerRepository.findByLastName(lastName);"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
                            "\"SELECT id FROM owners WHERE last_name like '\" + lastName + \"%' or first_name like '\" + firstName + \"%'\",")
            );

            EndpointQuery finding = EndpointQueryBuilder.start()
                    .setCodePoints(chainedRequestParamElements1)
                    .generateQuery();

            String result = parser.parse(finding);
            assertTrue("Parameter was " + result + " instead of lastName", "lastName".equals(result));

            // These are doctored to match real data we've seen
            List<DefaultCodePoint> chainedRequestParamElements2 = Arrays.asList(
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
                            "public String processFindForm(@RequestParam String lastName, @RequestParam String firstName) {"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 94,
                            "Collection<Owner> results = this.clinicService.findOwnerByFirstName(firstName);"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 73,
                            "return ownerRepository.findByFirstName(firstName);"),
                    new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
                            "\"SELECT id FROM owners WHERE last_name like '\" + lastName + \"%' or first_name like '\" + firstName + \"%'\",")
            );

            finding = EndpointQueryBuilder.start()
                    .setCodePoints(chainedRequestParamElements2)

  @Test
  public void testChainedMultiLevelModelParsing() {

    // These are doctored to test a corner case
    List<DefaultCodePoint> chainedMultiLevelModelElements = Arrays.asList(
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java",85,
        "public String processFindForm(Pet pet, BindingResult result, Model model) {"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
        "Collection<Owner> results = this.clinicService.findOwnerByLastName(pet.getOwner());"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/web/OwnerController.java", 93,
        "Collection<Owner> results = this.clinicService.findOwnerByLastName(pet.getOwner());"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/service/ClinicServiceImpl.java", 72,
        "return ownerRepository.findByLastName(owner.getLastName());"),
      new DefaultCodePoint("java/org/springframework/samples/petclinic/repository/jdbc/JdbcOwnerRepositoryImpl.java", 84,
        "\"SELECT id, first_name, last_name, address, city, telephone FROM owners WHERE last_name like '\" + lastName + \"%'\",")
      );

    EndpointQuery finding = EndpointQueryBuilder.start()
        .setCodePoints(chainedMultiLevelModelElements)