From c1bbe3e8025fae89d1b7ef40bc510763cab69fcd Mon Sep 17 00:00:00 2001 From: san-zrl Date: Tue, 19 May 2026 17:18:01 +0200 Subject: [PATCH] fixed obsotete license staments Signed-off-by: san-zrl --- .../rules/benchmark/BenchmarkTest00003.java | 119 ----------------- .../rules/benchmark/BenchmarkTest00009.java | 124 ------------------ ...ingExactTypesExceptParametersTestFile.java | 18 --- ...BufferedAsymmetricBlockCipherTestFile.java | 18 --- .../BcHandshakeKDFFunctionTestFile.java | 18 --- .../benchmark/BenchmarkTest00003Test.java | 105 --------------- .../benchmark/BenchmarkTest00009Test.java | 105 --------------- 7 files changed, 507 deletions(-) delete mode 100644 java/src/test/files/rules/benchmark/BenchmarkTest00003.java delete mode 100644 java/src/test/files/rules/benchmark/BenchmarkTest00009.java delete mode 100644 java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00003Test.java delete mode 100644 java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00009Test.java diff --git a/java/src/test/files/rules/benchmark/BenchmarkTest00003.java b/java/src/test/files/rules/benchmark/BenchmarkTest00003.java deleted file mode 100644 index 2d59bbe28..000000000 --- a/java/src/test/files/rules/benchmark/BenchmarkTest00003.java +++ /dev/null @@ -1,119 +0,0 @@ -/** - * OWASP Benchmark v1.2 - * - *

This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For - * details, please see https://owasp.org/www-project-benchmark/. - * - *

The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms - * of the GNU General Public License as published by the Free Software Foundation, version 2. - * - *

The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY - * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * @author Dave Wichers - * @created 2015 - */ -package org.owasp.benchmark.testcode; - -import java.io.IOException; -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -@WebServlet(value = "/hash-00/BenchmarkTest00003") -public class BenchmarkTest00003 extends HttpServlet { - - private static final long serialVersionUID = 1L; - - @Override - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - javax.servlet.http.Cookie userCookie = - new javax.servlet.http.Cookie("BenchmarkTest00003", "someSecret"); - userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes - userCookie.setSecure(true); - userCookie.setPath(request.getRequestURI()); - userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost()); - response.addCookie(userCookie); - javax.servlet.RequestDispatcher rd = - request.getRequestDispatcher("/hash-00/BenchmarkTest00003.html"); - rd.include(request, response); - } - - @Override - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - // some code - response.setContentType("text/html;charset=UTF-8"); - - javax.servlet.http.Cookie[] theCookies = request.getCookies(); - - String param = "noCookieValueSupplied"; - if (theCookies != null) { - for (javax.servlet.http.Cookie theCookie : theCookies) { - if (theCookie.getName().equals("BenchmarkTest00003")) { - param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8"); - break; - } - } - } - - try { - java.util.Properties benchmarkprops = new java.util.Properties(); - benchmarkprops.load( - this.getClass().getClassLoader().getResourceAsStream("benchmark.properties")); - String algorithm = benchmarkprops.getProperty("hashAlg1", "SHA512"); - java.security.MessageDigest md = java.security.MessageDigest.getInstance(algorithm); // Noncompliant {{(MessageDigest) SHA512}} - byte[] input = {(byte) '?'}; - Object inputParam = param; - if (inputParam instanceof String) input = ((String) inputParam).getBytes(); - if (inputParam instanceof java.io.InputStream) { - byte[] strInput = new byte[1000]; - int i = ((java.io.InputStream) inputParam).read(strInput); - if (i == -1) { - response.getWriter() - .println( - "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); - return; - } - input = java.util.Arrays.copyOf(strInput, i); - } - md.update(input); - - byte[] result = md.digest(); - java.io.File fileTarget = - new java.io.File( - new java.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR), - "passwordFile.txt"); - java.io.FileWriter fw = - new java.io.FileWriter(fileTarget, true); // the true will append the new data - fw.write( - "hash_value=" - + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) - + "\n"); - fw.close(); - response.getWriter() - .println( - "Sensitive value '" - + org.owasp - .esapi - .ESAPI - .encoder() - .encodeForHTML(new String(input)) - + "' hashed and stored
"); - - } catch (java.security.NoSuchAlgorithmException e) { - System.out.println("Problem executing hash - TestCase"); - throw new ServletException(e); - } - - response.getWriter() - .println( - "Hash Test java.security.MessageDigest.getInstance(java.lang.String) executed"); - } -} \ No newline at end of file diff --git a/java/src/test/files/rules/benchmark/BenchmarkTest00009.java b/java/src/test/files/rules/benchmark/BenchmarkTest00009.java deleted file mode 100644 index 0f0ca07b9..000000000 --- a/java/src/test/files/rules/benchmark/BenchmarkTest00009.java +++ /dev/null @@ -1,124 +0,0 @@ -/** - * OWASP Benchmark v1.2 - * - *

This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For - * details, please see https://owasp.org/www-project-benchmark/. - * - *

The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms - * of the GNU General Public License as published by the Free Software Foundation, version 2. - * - *

The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY - * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * @author Dave Wichers - * @created 2015 - */ -package org.owasp.benchmark.testcode; - -import java.io.IOException; -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -@WebServlet(value = "/hash-00/BenchmarkTest00009") -public class BenchmarkTest00009 extends HttpServlet { - - private static final long serialVersionUID = 1L; - - @Override - public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - doPost(request, response); - } - - @Override - public void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - // some code - response.setContentType("text/html;charset=UTF-8"); - - String param = ""; - java.util.Enumeration names = request.getHeaderNames(); - while (names.hasMoreElements()) { - String name = (String) names.nextElement(); - - if (org.owasp.benchmark.helpers.Utils.commonHeaders.contains(name)) { - continue; // If standard header, move on to next one - } - - java.util.Enumeration values = request.getHeaders(name); - if (values != null && values.hasMoreElements()) { - param = name; // Grabs the name of the first non-standard header as the parameter - // value - break; - } - } - // Note: We don't URL decode header names because people don't normally do that - - java.security.Provider[] provider = java.security.Security.getProviders(); - java.security.MessageDigest md; - - try { - if (provider.length > 1) { - - md = java.security.MessageDigest.getInstance("sha-384", provider[0]); // Noncompliant {{(MessageDigest) SHA384}} - } else { - md = java.security.MessageDigest.getInstance("sha-384", "SUN"); // Noncompliant {{(MessageDigest) SHA384}} - } - byte[] input = {(byte) '?'}; - Object inputParam = param; - if (inputParam instanceof String) input = ((String) inputParam).getBytes(); - if (inputParam instanceof java.io.InputStream) { - byte[] strInput = new byte[1000]; - int i = ((java.io.InputStream) inputParam).read(strInput); - if (i == -1) { - response.getWriter() - .println( - "This input source requires a POST, not a GET. Incompatible UI for the InputStream source."); - return; - } - input = java.util.Arrays.copyOf(strInput, i); - } - md.update(input); - - byte[] result = md.digest(); - java.io.File fileTarget = - new java.io.File( - new java.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR), - "passwordFile.txt"); - java.io.FileWriter fw = - new java.io.FileWriter(fileTarget, true); // the true will append the new data - fw.write( - "hash_value=" - + org.owasp.esapi.ESAPI.encoder().encodeForBase64(result, true) - + "\n"); - fw.close(); - response.getWriter() - .println( - "Sensitive value '" - + org.owasp - .esapi - .ESAPI - .encoder() - .encodeForHTML(new String(input)) - + "' hashed and stored
"); - - } catch (java.security.NoSuchAlgorithmException e) { - System.out.println( - "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); - throw new ServletException(e); - } catch (java.security.NoSuchProviderException e) { - System.out.println( - "Problem executing hash - TestCase java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)"); - throw new ServletException(e); - } - - response.getWriter() - .println( - "Hash Test java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider) executed"); - } -} \ No newline at end of file diff --git a/java/src/test/files/rules/detection/DetectionRuleMatchingExactTypesExceptParametersTestFile.java b/java/src/test/files/rules/detection/DetectionRuleMatchingExactTypesExceptParametersTestFile.java index 5877329b4..55c1d4a7d 100644 --- a/java/src/test/files/rules/detection/DetectionRuleMatchingExactTypesExceptParametersTestFile.java +++ b/java/src/test/files/rules/detection/DetectionRuleMatchingExactTypesExceptParametersTestFile.java @@ -1,21 +1,3 @@ -/* - * SonarQube Cryptography Plugin - * Copyright (C) 2024 IBM - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ package com.ibm.example; public class DetectionRuleMatchingExactTypesExceptParametersTestFile { diff --git a/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTestFile.java b/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTestFile.java index 0fe9c9f90..136f06438 100644 --- a/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTestFile.java +++ b/java/src/test/files/rules/detection/bc/asymmetricblockcipher/BcBufferedAsymmetricBlockCipherTestFile.java @@ -1,21 +1,3 @@ -/* - * SonarQube Cryptography Plugin - * Copyright (C) 2024 IBM - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ package com.ibm.plugin.rules.detection.bc.asymmetricblockcipher; import org.bouncycastle.crypto.AsymmetricBlockCipher; diff --git a/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java b/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java index 846ce77d9..88948fa78 100644 --- a/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java +++ b/java/src/test/files/rules/detection/bc/derivationfunction/BcHandshakeKDFFunctionTestFile.java @@ -1,21 +1,3 @@ -/* - * SonarQube Cryptography Plugin - * Copyright (C) 2024 IBM - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 3 of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ package com.ibm.plugin.rules.detection.bc.derivationfunction; import java.security.SecureRandom; diff --git a/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00003Test.java b/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00003Test.java deleted file mode 100644 index 929bbf268..000000000 --- a/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00003Test.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Sonar Cryptography Plugin - * Copyright (C) 2025 PQCA - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to you under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.ibm.plugin.rules.benchmark; - -import static org.assertj.core.api.Assertions.assertThat; - -import com.ibm.engine.detection.DetectionStore; -import com.ibm.engine.model.Algorithm; -import com.ibm.engine.model.IValue; -import com.ibm.engine.model.context.DigestContext; -import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.DigestSize; -import com.ibm.mapper.model.INode; -import com.ibm.mapper.model.MessageDigest; -import com.ibm.mapper.model.Oid; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.plugin.TestBase; -import java.util.List; -import javax.annotation.Nonnull; -import org.junit.jupiter.api.Test; -import org.sonar.java.checks.verifier.CheckVerifier; -import org.sonar.plugins.java.api.JavaCheck; -import org.sonar.plugins.java.api.JavaFileScannerContext; -import org.sonar.plugins.java.api.semantic.Symbol; -import org.sonar.plugins.java.api.tree.Tree; - -class BenchmarkTest00003Test extends TestBase { - - @Test - void test() { - CheckVerifier.newVerifier() - .onFile("src/test/files/rules/benchmark/BenchmarkTest00003.java") - .withChecks(this) - .verifyIssues(); - } - - @Override - public void asserts( - int findingId, - @Nonnull DetectionStore detectionStore, - @Nonnull List nodes) { - /* - * Detection Store - */ - - assertThat(detectionStore.getDetectionValues()).hasSize(1); - assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(DigestContext.class); - IValue value0 = detectionStore.getDetectionValues().get(0); - assertThat(value0).isInstanceOf(Algorithm.class); - assertThat(value0.asString()).isEqualTo("SHA512"); - - /* - * Translation - */ - - assertThat(nodes).hasSize(1); - - // MessageDigest - INode messageDigestNode = nodes.get(0); - assertThat(messageDigestNode.getKind()).isEqualTo(MessageDigest.class); - assertThat(messageDigestNode.getChildren()).hasSize(4); - assertThat(messageDigestNode.asString()).isEqualTo("SHA512"); - - // Oid under MessageDigest - INode oidNode = messageDigestNode.getChildren().get(Oid.class); - assertThat(oidNode).isNotNull(); - assertThat(oidNode.getChildren()).isEmpty(); - assertThat(oidNode.asString()).isEqualTo("2.16.840.1.101.3.4.2.3"); - - // BlockSize under MessageDigest - INode blockSizeNode = messageDigestNode.getChildren().get(BlockSize.class); - assertThat(blockSizeNode).isNotNull(); - assertThat(blockSizeNode.getChildren()).isEmpty(); - assertThat(blockSizeNode.asString()).isEqualTo("1024"); - - // Digest under MessageDigest - INode digestNode = messageDigestNode.getChildren().get(Digest.class); - assertThat(digestNode).isNotNull(); - assertThat(digestNode.getChildren()).isEmpty(); - assertThat(digestNode.asString()).isEqualTo("DIGEST"); - - // DigestSize under MessageDigest - INode digestSizeNode = messageDigestNode.getChildren().get(DigestSize.class); - assertThat(digestSizeNode).isNotNull(); - assertThat(digestSizeNode.getChildren()).isEmpty(); - assertThat(digestSizeNode.asString()).isEqualTo("512"); - } -} diff --git a/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00009Test.java b/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00009Test.java deleted file mode 100644 index 504af346c..000000000 --- a/java/src/test/java/com/ibm/plugin/rules/benchmark/BenchmarkTest00009Test.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Sonar Cryptography Plugin - * Copyright (C) 2025 PQCA - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to you under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.ibm.plugin.rules.benchmark; - -import static org.assertj.core.api.Assertions.assertThat; - -import com.ibm.engine.detection.DetectionStore; -import com.ibm.engine.model.Algorithm; -import com.ibm.engine.model.IValue; -import com.ibm.engine.model.context.DigestContext; -import com.ibm.mapper.model.BlockSize; -import com.ibm.mapper.model.DigestSize; -import com.ibm.mapper.model.INode; -import com.ibm.mapper.model.MessageDigest; -import com.ibm.mapper.model.Oid; -import com.ibm.mapper.model.functionality.Digest; -import com.ibm.plugin.TestBase; -import java.util.List; -import javax.annotation.Nonnull; -import org.junit.jupiter.api.Test; -import org.sonar.java.checks.verifier.CheckVerifier; -import org.sonar.plugins.java.api.JavaCheck; -import org.sonar.plugins.java.api.JavaFileScannerContext; -import org.sonar.plugins.java.api.semantic.Symbol; -import org.sonar.plugins.java.api.tree.Tree; - -class BenchmarkTest00009Test extends TestBase { - - @Test - void test() { - CheckVerifier.newVerifier() - .onFile("src/test/files/rules/benchmark/BenchmarkTest00009.java") - .withChecks(this) - .verifyIssues(); - } - - @Override - public void asserts( - int findingId, - @Nonnull DetectionStore detectionStore, - @Nonnull List nodes) { - /* - * Detection Store - */ - - assertThat(detectionStore.getDetectionValues()).hasSize(1); - assertThat(detectionStore.getDetectionValueContext()).isInstanceOf(DigestContext.class); - IValue value0 = detectionStore.getDetectionValues().get(0); - assertThat(value0).isInstanceOf(Algorithm.class); - assertThat(value0.asString()).isEqualTo("sha-384"); - - /* - * Translation - */ - - assertThat(nodes).hasSize(1); - - // MessageDigest - INode messageDigestNode1 = nodes.get(0); - assertThat(messageDigestNode1.getKind()).isEqualTo(MessageDigest.class); - assertThat(messageDigestNode1.getChildren()).hasSize(4); - assertThat(messageDigestNode1.asString()).isEqualTo("SHA384"); - - // BlockSize under MessageDigest - INode blockSizeNode1 = messageDigestNode1.getChildren().get(BlockSize.class); - assertThat(blockSizeNode1).isNotNull(); - assertThat(blockSizeNode1.getChildren()).isEmpty(); - assertThat(blockSizeNode1.asString()).isEqualTo("1024"); - - // DigestSize under MessageDigest - INode digestSizeNode1 = messageDigestNode1.getChildren().get(DigestSize.class); - assertThat(digestSizeNode1).isNotNull(); - assertThat(digestSizeNode1.getChildren()).isEmpty(); - assertThat(digestSizeNode1.asString()).isEqualTo("384"); - - // Digest under MessageDigest - INode digestNode1 = messageDigestNode1.getChildren().get(Digest.class); - assertThat(digestNode1).isNotNull(); - assertThat(digestNode1.getChildren()).isEmpty(); - assertThat(digestNode1.asString()).isEqualTo("DIGEST"); - - // Oid under MessageDigest - INode oidNode1 = messageDigestNode1.getChildren().get(Oid.class); - assertThat(oidNode1).isNotNull(); - assertThat(oidNode1.getChildren()).isEmpty(); - assertThat(oidNode1.asString()).isEqualTo("2.16.840.1.101.3.4.2.2"); - } -}