Adjust test to moved and expanded stubs

Author: smowton

java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected

@@ -1,12 +1,12 @@
 edges
-| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:26:48:26:64 | ... + ... |
-| JSchOSInjectionTest.java:38:30:38:60 | getParameter(...) : String | JSchOSInjectionTest.java:50:32:50:48 | ... + ... |
+| JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... |
+| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... |
 nodes
 | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| JSchOSInjectionTest.java:26:48:26:64 | ... + ... | semmle.label | ... + ... |
-| JSchOSInjectionTest.java:38:30:38:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
-| JSchOSInjectionTest.java:50:32:50:48 | ... + ... | semmle.label | ... + ... |
+| JSchOSInjectionTest.java:27:52:27:68 | ... + ... | semmle.label | ... + ... |
+| JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
+| JSchOSInjectionTest.java:53:36:53:52 | ... + ... | semmle.label | ... + ... |
 subpaths
 #select
-| JSchOSInjectionTest.java:26:48:26:64 | ... + ... | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:26:48:26:64 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) | User-provided value |
-| JSchOSInjectionTest.java:50:32:50:48 | ... + ... | JSchOSInjectionTest.java:38:30:38:60 | getParameter(...) : String | JSchOSInjectionTest.java:50:32:50:48 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:38:30:38:60 | getParameter(...) | User-provided value |
+| JSchOSInjectionTest.java:27:52:27:68 | ... + ... | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) : String | JSchOSInjectionTest.java:27:52:27:68 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:14:30:14:60 | getParameter(...) | User-provided value |
+| JSchOSInjectionTest.java:53:36:53:52 | ... + ... | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) : String | JSchOSInjectionTest.java:53:36:53:52 | ... + ... | $@ flows to here and is used in a command. | JSchOSInjectionTest.java:40:30:40:60 | getParameter(...) | User-provided value |

java/ql/test/experimental/query-tests/security/CWE-078/JSchOSInjectionTest.java

@@ -17,17 +17,19 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
             config.put("StrictHostKeyChecking", "no");
 
             JSch jsch = new JSch();
-            Session session = jsch.getSession(user, host, 22);
-            session.setPassword(password);
-            session.setConfig(config);
-            session.connect();
-
-            Channel channel = session.openChannel("exec");
-            ((ChannelExec) channel).setCommand("ping " + command);
-            channel.setInputStream(null);
-            ((ChannelExec) channel).setErrStream(System.err);
-
-            channel.connect();
+            try {
+                Session session = jsch.getSession(user, host, 22);
+                session.setPassword(password);
+                session.setConfig(config);
+                session.connect();
+
+                Channel channel = session.openChannel("exec");
+                ((ChannelExec) channel).setCommand("ping " + command);
+                channel.setInputStream(null);
+                ((ChannelExec) channel).setErrStream(System.err);
+
+                channel.connect();
+            } catch (JSchException e) { }
     }
 
     protected void doPost(HttpServletRequest request, HttpServletResponse response)
@@ -41,16 +43,18 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             config.put("StrictHostKeyChecking", "no");
 
             JSch jsch = new JSch();
-            Session session = jsch.getSession(user, host, 22);
-            session.setPassword(password);
-            session.setConfig(config);
-            session.connect();
-
-            ChannelExec channel = (ChannelExec)session.openChannel("exec");
-            channel.setCommand("ping " + command);
-            channel.setInputStream(null);
-            channel.setErrStream(System.err);
-
-            channel.connect();
+            try {
+                Session session = jsch.getSession(user, host, 22);
+                session.setPassword(password);
+                session.setConfig(config);
+                session.connect();
+
+                ChannelExec channel = (ChannelExec)session.openChannel("exec");
+                channel.setCommand("ping " + command);
+                channel.setInputStream(null);
+                channel.setErrStream(System.err);
+
+                channel.connect();
+            } catch (JSchException e) { }
     }
-}
+}

java/ql/test/experimental/query-tests/security/CWE-078/options

@@ -1,2 +1,2 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jsch-0.1.55
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jsch-0.1.55