hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into JsonHijacking

Browse Source
This commit is contained in:
haby0
2021-02-25 16:31:14 +08:00
parent 6fe8bafc7d 2b54c33904
commit 0521ef87da
356 changed files with 16888 additions and 5105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Language Abuse/MissedTernaryOpportunity.ql
View File

@@ -14,7 +14,7 @@
import java
predicate complicatedBranch(Stmt branch) {
exists(ConditionalExpr ce | ce.getParent*() = branch) or
any(ConditionalExpr ce).getParent*() = branch or
count(MethodAccess a | a.getParent*() = branch) > 1
}

2
java/ql/src/Language Abuse/UselessUpcast.ql
View File

@@ -36,7 +36,7 @@ predicate usefulUpcast(CastExpr e) {
)
or
// Upcasts that are performed on an operand of a ternary expression.
exists(ConditionalExpr ce | e = ce.getTrueExpr() or e = ce.getFalseExpr())
e = any(ConditionalExpr ce).getABranchExpr()
or
// Upcasts to raw types.
e.getType() instanceof RawType

5
java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql
View File

@@ -16,10 +16,7 @@ class CharType extends PrimitiveType {
CharType() { this.hasName("char") }
}
private Type getABranchType(ConditionalExpr ce) {
result = ce.getTrueExpr().getType() or
result = ce.getFalseExpr().getType()
}
private Type getABranchType(ConditionalExpr ce) { result = ce.getABranchExpr().getType() }
from ConditionalExpr ce
where

4
java/ql/src/Likely Bugs/Comparison/NoAssignInBooleanExprs.ql
View File

@@ -17,8 +17,8 @@ import semmle.code.java.Statement
/** An expression that is used as a condition. */
class BooleanExpr extends Expr {
BooleanExpr() {
exists(ConditionalStmt s | s.getCondition() = this) or
exists(ConditionalExpr s | s.getCondition() = this)
this = any(ConditionalStmt s).getCondition() or
this = any(ConditionalExpr s).getCondition()
}
}

2
java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll
View File

@@ -11,7 +11,7 @@ private predicate flowsInto(Expr e, Variable v) {
or
exists(CastExpr c | flowsInto(c, v) | e = c.getExpr())
or
exists(ConditionalExpr c | flowsInto(c, v) | e = c.getTrueExpr() or e = c.getFalseExpr())
exists(ConditionalExpr c | flowsInto(c, v) | e = c.getABranchExpr())
}
/**

45
java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.qhelp Normal file
View File

@@ -0,0 +1,45 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p><a href="https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/">Bintray and JCenter are shutting down on February 1st, 2022</a>.
Relying upon repositories that are deprecated or scheduled to be shutdown can have unintended consequences;
for example, artifacts being resolved from a different artifact server or a total failure of the CI build.</p>
<p>When artifact repositories are left unmaintained for a long period of time, vulnerabilities may emerge.
Theoretically, this could allow attackers to inject malicious code into the artifacts that you are resolving and infect build artifacts
that are being produced. This can be used by attackers to perform a
<a href="https://en.wikipedia.org/wiki/Supply_chain_attack">supply chain attack</a>
against your project's users.
</p>
</overview>
<recommendation>
<p>Always use the canonical repository for resolving your dependencies.</p>
</recommendation>
<example>
<p>The following example shows locations in a Maven POM file where artifact repository upload/download is configured.
The use of Bintray in any of these locations is not advised.
</p>
<sample src="bad-bintray-pom.xml" />
</example>
<references>
<li>
JFrog blog:
<a href="https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/">
Into the Sunset on May 1st: Bintray, JCenter, GoCenter, and ChartCenter
</a>
</li>
<!-- LocalWords: CWE maven dependencies artifact jcenter bintray
-->
</references>
</qhelp>

22
java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql Normal file
View File

@@ -0,0 +1,22 @@
/**
* @name Depending upon JCenter/Bintray as an artifact repository
* @description Using a deprecated artifact repository may eventually give attackers access for a supply chain attack.
* @kind problem
* @problem.severity error
* @precision very-high
* @id java/maven/dependency-upon-bintray
* @tags security
* external/cwe/cwe-1104
*/
import java
import semmle.code.xml.MavenPom
predicate isBintrayRepositoryUsage(DeclaredRepository repository) {
repository.getUrl().matches("%.bintray.com%")
}
from DeclaredRepository repository
where isBintrayRepositoryUsage(repository)
select repository,
"Downloading or uploading artifacts to deprecated repository " + repository.getUrl()

54
java/ql/src/Security/CWE/CWE-1104/bad-bintray-pom.xml Normal file
View File

@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.semmle</groupId>
<artifactId>parent</artifactId>
<version>1.0</version>
<packaging>pom</packaging>
<name>Bintray Usage</name>
<description>An example of using bintray to download and upload dependencies</description>
<distributionManagement>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</repository>
<snapshotRepository>
<id>jcenter-snapshots</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</snapshotRepository>
</distributionManagement>
<repositories>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</repository>
</repositories>
<repositories>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use Bintray -->
<url>https://dl.bintray.com/groovy/maven</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>jcenter-plugins</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</pluginRepository>
</pluginRepositories>
</project>

4
java/ql/src/Security/CWE/CWE-190/ArithmeticCommon.qll
View File

@@ -148,9 +148,7 @@ predicate upcastToWiderType(Expr e) {
or
exists(Parameter p | p.getAnArgument() = e and t2 = p.getType())
or
exists(ConditionalExpr cond | cond.getTrueExpr() = e or cond.getFalseExpr() = e |
t2 = cond.getType()
)
exists(ConditionalExpr cond | cond.getABranchExpr() = e | t2 = cond.getType())
)
}

16
java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
View File

@@ -15,22 +15,12 @@
import java
import semmle.code.xml.MavenPom
private class DeclaredRepository extends PomElement {
DeclaredRepository() {
this.getName() = "repository" or
this.getName() = "snapshotRepository" or
this.getName() = "pluginRepository"
}
string getUrl() { result = getAChild("url").(PomElement).getValue() }
predicate isInsecureRepositoryUsage() {
getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
}
predicate isInsecureRepositoryUsage(DeclaredRepository repository) {
repository.getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
}
from DeclaredRepository repository
where repository.isInsecureRepositoryUsage()
where isInsecureRepositoryUsage(repository)
select repository,
"Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository " +
repository.getUrl()

4
java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql
View File

@@ -45,9 +45,7 @@ predicate unboxed(BoxedExpr e) {
or
flowTarget(e).getType() instanceof PrimitiveType
or
exists(ConditionalExpr cond | cond instanceof PrimitiveExpr |
cond.getTrueExpr() = e or cond.getFalseExpr() = e
)
exists(ConditionalExpr cond | cond instanceof PrimitiveExpr | cond.getABranchExpr() = e)
}
/**

13
java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.java Normal file
View File

@@ -0,0 +1,13 @@
public class SensitiveGetQuery extends HttpServlet {
// BAD - Tests sending sensitive information in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String password = request.getParameter("password");
System.out.println("password = " + password);
}
// GOOD - Tests sending sensitive information in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String password = request.getParameter("password");
System.out.println("password = " + password);
}
}

31
java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.qhelp Normal file
View File

@@ -0,0 +1,31 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>Sensitive information such as user passwords should not be transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL therefore increases the risk that they will be captured by an attacker.</p>
</overview>
<recommendation>
<p>Use HTTP POST to send sensitive information as part of the request body; for example, as form data.</p>
</recommendation>
<example>
<p>The following example shows two ways of sending sensitive information. In the 'BAD' case, a password is transmitted using the GET method. In the 'GOOD' case, the password is transmitted using the POST method.</p>
<sample src="SensitiveGetQuery.java" />
</example>
<references>
<li>
CWE:
<a href="https://cwe.mitre.org/data/definitions/598.html">CWE-598: Use of GET Request Method with Sensitive Query Strings</a>
</li>
<li>
PortSwigger (Burp):
<a href="https://portswigger.net/kb/issues/00400300_password-submitted-using-get-method">Password Submitted using GET Method</a>
</li>
<li>
OWASP:
<a href="https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url">Information Exposure through Query Strings in URL</a>
</li>
</references>
</qhelp>

77
java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql Normal file
View File

@@ -0,0 +1,77 @@
/**
* @name Sensitive GET Query
* @description Use of GET request method with sensitive query strings.
* @kind path-problem
* @id java/sensitive-query-with-get
* @tags security
* external/cwe-598
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.SensitiveActions
import DataFlow::PathGraph
/** A variable that holds sensitive information judging by its name. */
class SensitiveInfoExpr extends Expr {
SensitiveInfoExpr() {
exists(Variable v | this = v.getAnAccess() |
v.getName().regexpMatch(getCommonSensitiveInfoRegex()) and
not v.getName().regexpMatch("token.*") // exclude ^token.* since sensitive tokens are usually in the form of accessToken, authToken, ...
)
}
}
/** Holds if `m` is a method of some override of `HttpServlet.doGet`. */
private predicate isGetServletMethod(Method m) {
isServletRequestMethod(m) and m.getName() = "doGet"
}
/** The `doGet` method of `HttpServlet`. */
class DoGetServletMethod extends Method {
DoGetServletMethod() { isGetServletMethod(this) }
}
/** Holds if `ma` is (perhaps indirectly) called from the `doGet` method of `HttpServlet`. */
predicate isReachableFromServletDoGet(MethodAccess ma) {
ma.getEnclosingCallable() instanceof DoGetServletMethod
or
exists(Method pm, MethodAccess pma |
ma.getEnclosingCallable() = pm and
pma.getMethod() = pm and
isReachableFromServletDoGet(pma)
)
}
/** Source of GET servlet requests. */
class RequestGetParamSource extends DataFlow::ExprNode {
RequestGetParamSource() {
exists(MethodAccess ma |
isRequestGetParamMethod(ma) and
ma = this.asExpr() and
isReachableFromServletDoGet(ma)
)
}
}
/** A taint configuration tracking flow from the `ServletRequest` of a GET request handler to an expression whose name suggests it holds security-sensitive data. */
class SensitiveGetQueryConfiguration extends TaintTracking::Configuration {
SensitiveGetQueryConfiguration() { this = "SensitiveGetQueryConfiguration" }
override predicate isSource(DataFlow::Node source) { source instanceof RequestGetParamSource }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SensitiveInfoExpr }
/** Holds if the node is in a servlet method other than `doGet`. */
override predicate isSanitizer(DataFlow::Node node) {
isServletRequestMethod(node.getEnclosingCallable()) and
not isGetServletMethod(node.getEnclosingCallable())
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveGetQueryConfiguration c
where c.hasFlowPath(source, sink)
select sink.getNode(), source, sink,
"$@ uses the GET request method to transmit sensitive information.", source.getNode(),
"This request"

15
java/ql/src/semmle/code/java/ControlFlowGraph.qll
View File

@@ -293,7 +293,7 @@ private module ControlFlowGraphImpl {
exists(ConditionalExpr condexpr |
condexpr.getCondition() = b
or
(condexpr.getTrueExpr() = b or condexpr.getFalseExpr() = b) and
condexpr.getABranchExpr() = b and
inBooleanContext(condexpr)
)
or
@@ -706,8 +706,7 @@ private module ControlFlowGraphImpl {
or
// The last node of a `ConditionalExpr` is in either of its branches.
exists(ConditionalExpr condexpr | condexpr = n |
last(condexpr.getFalseExpr(), last, completion) or
last(condexpr.getTrueExpr(), last, completion)
last(condexpr.getABranchExpr(), last, completion)
)
or
exists(InstanceOfExpr ioe | ioe.isPattern() and ioe = n |
@@ -915,14 +914,10 @@ private module ControlFlowGraphImpl {
)
or
// Control flows to the corresponding branch depending on the boolean completion of the condition.
exists(ConditionalExpr e |
exists(ConditionalExpr e, boolean branch |
last(e.getCondition(), n, completion) and
completion = BooleanCompletion(true, _) and
result = first(e.getTrueExpr())
or
last(e.getCondition(), n, completion) and
completion = BooleanCompletion(false, _) and
result = first(e.getFalseExpr())
completion = BooleanCompletion(branch, _) and
result = first(e.getBranchExpr(branch))
)
or
exists(InstanceOfExpr ioe | ioe.isPattern() |

41
java/ql/src/semmle/code/java/Expr.qll
View File

@@ -184,11 +184,8 @@ class CompileTimeConstantExpr extends Expr {
// Ternary conditional, with compile-time constant condition.
exists(ConditionalExpr ce, boolean condition |
ce = this and
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue()
|
if condition = true
then result = ce.getTrueExpr().(CompileTimeConstantExpr).getStringValue()
else result = ce.getFalseExpr().(CompileTimeConstantExpr).getStringValue()
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue() and
result = ce.getBranchExpr(condition).(CompileTimeConstantExpr).getStringValue()
)
or
exists(Variable v | this = v.getAnAccess() |
@@ -295,11 +292,8 @@ class CompileTimeConstantExpr extends Expr {
// Ternary expressions, where the `true` and `false` expressions are boolean compile-time constants.
exists(ConditionalExpr ce, boolean condition |
ce = this and
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue()
|
if condition = true
then result = ce.getTrueExpr().(CompileTimeConstantExpr).getBooleanValue()
else result = ce.getFalseExpr().(CompileTimeConstantExpr).getBooleanValue()
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue() and
result = ce.getBranchExpr(condition).(CompileTimeConstantExpr).getBooleanValue()
)
or
// Simple or qualified names where the variable is final and the initializer is a constant.
@@ -380,11 +374,8 @@ class CompileTimeConstantExpr extends Expr {
// Ternary conditional, with compile-time constant condition.
exists(ConditionalExpr ce, boolean condition |
ce = this and
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue()
|
if condition = true
then result = ce.getTrueExpr().(CompileTimeConstantExpr).getIntValue()
else result = ce.getFalseExpr().(CompileTimeConstantExpr).getIntValue()
condition = ce.getCondition().(CompileTimeConstantExpr).getBooleanValue() and
result = ce.getBranchExpr(condition).(CompileTimeConstantExpr).getIntValue()
)
or
// If a `Variable` is a `CompileTimeConstantExpr`, its value is its initializer.
@@ -1186,8 +1177,7 @@ class ChooseExpr extends Expr {
/** Gets a result expression of this `switch` or conditional expression. */
Expr getAResultExpr() {
result = this.(ConditionalExpr).getTrueExpr() or
result = this.(ConditionalExpr).getFalseExpr() or
result = this.(ConditionalExpr).getABranchExpr() or
result = this.(SwitchExpr).getAResult()
}
}
@@ -1213,6 +1203,23 @@ class ConditionalExpr extends Expr, @conditionalexpr {
*/
Expr getFalseExpr() { result.isNthChildOf(this, 2) }
/**
* Gets the expression that is evaluated by the specific branch of this
* conditional expression. If `true` that is `getTrueExpr()`, if `false`
* it is `getFalseExpr()`.
*/
Expr getBranchExpr(boolean branch) {
branch = true and result = getTrueExpr()
or
branch = false and result = getFalseExpr()
}
/**
* Gets the expressions that is evaluated by one of the branches (`true`
* or `false` branch) of this conditional expression.
*/
Expr getABranchExpr() { result = getBranchExpr(_) }
/** Gets a printable representation of this expression. */
override string toString() { result = "...?...:..." }

17
java/ql/src/semmle/code/java/controlflow/internal/GuardsLogic.qll
View File

@@ -40,19 +40,14 @@ predicate implies_v1(Guard g1, boolean b1, Guard g2, boolean b2) {
)
or
exists(ConditionalExpr cond, boolean branch, BooleanLiteral boollit, boolean boolval |
cond.getTrueExpr() = boollit and branch = true
or
cond.getFalseExpr() = boollit and branch = false
|
cond.getBranchExpr(branch) = boollit and
cond = g1 and
boolval = boollit.getBooleanValue() and
b1 = boolval.booleanNot() and
(
g2 = cond.getCondition() and b2 = branch.booleanNot()
or
g2 = cond.getTrueExpr() and b2 = b1
or
g2 = cond.getFalseExpr() and b2 = b1
g2 = cond.getABranchExpr() and b2 = b1
)
)
or
@@ -216,9 +211,7 @@ private predicate hasPossibleUnknownValue(SsaVariable v) {
* `ConditionalExpr`s.
*/
private Expr possibleValue(Expr e) {
result = possibleValue(e.(ConditionalExpr).getTrueExpr())
or
result = possibleValue(e.(ConditionalExpr).getFalseExpr())
result = possibleValue(e.(ConditionalExpr).getABranchExpr())
or
result = e and not e instanceof ConditionalExpr
}
@@ -316,9 +309,7 @@ private predicate conditionalAssign(SsaVariable v, Guard guard, boolean branch,
v.(SsaExplicitUpdate).getDefiningExpr().(VariableAssign).getSource() = c and
guard = c.getCondition()
|
branch = true and e = c.getTrueExpr()
or
branch = false and e = c.getFalseExpr()
e = c.getBranchExpr(branch)
)
or
exists(SsaExplicitUpdate upd, SsaPhiNode phi |

519
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll Normal file
View File

@@ -0,0 +1,519 @@
/**
* INTERNAL use only. This is an experimental API subject to change without notice.
*
* Provides classes and predicates for dealing with flow models specified in CSV format.
*
* The CSV specification has the following columns:
* - Sources:
* `namespace; type; subtypes; name; signature; ext; output; kind`
* - Sinks:
* `namespace; type; subtypes; name; signature; ext; input; kind`
* - Summaries:
* `namespace; type; subtypes; name; signature; ext; input; output; kind`
*
* The interpretation of a row is similar to API-graphs with a left-to-right
* reading.
* 1. The `namespace` column selects a package.
* 2. The `type` column selects a type within that package.
* 3. The `subtypes` is a boolean that indicates whether to jump to an
* arbitrary subtype of that type.
* 4. The `name` column optionally selects a specific named member of the type.
* 5. The `signature` column optionally restricts the named member. If
* `signature` is blank then no such filtering is done. The format of the
* signature is a comma-separated list of types enclosed in parentheses. The
* types can be short names or fully qualified names (mixing these two options
* is not allowed within a single signature).
* 6. The `ext` column specifies additional API-graph-like edges. Currently
* there are only two valid values: "" and "Annotated". The empty string has no
* effect. "Annotated" applies if `name` and `signature` were left blank and
* acts by selecting an element that is annotated by the annotation type
* selected by the first 4 columns. This can be another member such as a field
* or method, or a parameter.
* 7. The `input` column specifies how data enters the element selected by the
* first 6 columns, and the `output` column specifies how data leaves the
* element selected by the first 6 columns. An `input` can be either "",
* "Argument", "Argument[n]", "ReturnValue":
* - "": Selects a write to the selected element in case this is a field.
* - "Argument": Selects any argument in a call to the selected element.
* - "Argument[n]": Similar to "Argument" but restricted to a specific numbered
* argument (zero-indexed, and `-1` specifies the qualifier).
* - "ReturnValue": Selects a value being returned by the selected element.
* This requires that the selected element is a method with a body.
*
* An `output` can be either "", "Argument", "Argument[n]", "Parameter",
* "Parameter[n]", or "ReturnValue":
* - "": Selects a read of a selected field, or a selected parameter.
* - "Argument": Selects the post-update value of an argument in a call to the
* selected element. That is, the value of the argument after the call returns.
* - "Argument[n]": Similar to "Argument" but restricted to a specific numbered
* argument (zero-indexed, and `-1` specifies the qualifier).
* - "Parameter": Selects the value of a parameter of the selected element.
* "Parameter" is also allowed in case the selected element is already a
* parameter itself.
* - "Parameter[n]": Similar to "Parameter" but restricted to a specific
* numbered parameter (zero-indexed, and `-1` specifies the value of `this`).
* - "ReturnValue": Selects the return value of a call to the selected element.
* 8. The `kind` column is a tag that can be referenced from QL to determine to
* which classes the interpreted elements should be added. For example, for
* sources "remote" indicates a default remote flow source, and for summaries
* "taint" indicates a default additional taint step and "value" indicates a
* globally applicable value-preserving step.
*/
import java
private import semmle.code.java.dataflow.DataFlow::DataFlow
private import internal.DataFlowPrivate
private predicate sourceModelCsv(string row) {
row =
[
// ServletRequestGetParameterMethod
"javax.servlet;ServletRequest;false;getParameter;(String);;ReturnValue;remote",
"javax.servlet;ServletRequest;false;getParameterValues;(String);;ReturnValue;remote",
"javax.servlet.http;HttpServletRequest;false;getParameter;(String);;ReturnValue;remote",
"javax.servlet.http;HttpServletRequest;false;getParameterValues;(String);;ReturnValue;remote",
// ServletRequestGetParameterMapMethod
"javax.servlet;ServletRequest;false;getParameterMap;();;ReturnValue;remote",
"javax.servlet.http;HttpServletRequest;false;getParameterMap;();;ReturnValue;remote",
// ServletRequestGetParameterNamesMethod
"javax.servlet;ServletRequest;false;getParameterNames;();;ReturnValue;remote",
"javax.servlet.http;HttpServletRequest;false;getParameterNames;();;ReturnValue;remote",
// HttpServletRequestGetQueryStringMethod
"javax.servlet.http;HttpServletRequest;false;getQueryString;();;ReturnValue;remote",
//
// URLConnectionGetInputStreamMethod
"java.net;URLConnection;false;getInputStream;();;ReturnValue;remote",
// SocketGetInputStreamMethod
"java.net;Socket;false;getInputStream;();;ReturnValue;remote",
// BeanValidationSource
"javax.validation;ConstraintValidator;true;isValid;;;Parameter[0];remote"
]
}
private predicate sinkModelCsv(string row) { none() }
private predicate summaryModelCsv(string row) { none() }
/**
* A unit class for adding additional source model rows.
*
* Extend this class to add additional source definitions.
*/
class SourceModelCsv extends Unit {
/** Holds if `row` specifies a source definition. */
abstract predicate row(string row);
}
/**
* A unit class for adding additional sink model rows.
*
* Extend this class to add additional sink definitions.
*/
class SinkModelCsv extends Unit {
/** Holds if `row` specifies a sink definition. */
abstract predicate row(string row);
}
/**
* A unit class for adding additional summary model rows.
*
* Extend this class to add additional flow summary definitions.
*/
class SummaryModelCsv extends Unit {
/** Holds if `row` specifies a summary definition. */
abstract predicate row(string row);
}
private predicate sourceModel(string row) {
sourceModelCsv(row) or
any(SourceModelCsv s).row(row)
}
private predicate sinkModel(string row) {
sinkModelCsv(row) or
any(SinkModelCsv s).row(row)
}
private predicate summaryModel(string row) {
summaryModelCsv(row) or
any(SummaryModelCsv s).row(row)
}
private predicate sourceModel(
string namespace, string type, boolean subtypes, string name, string signature, string ext,
string output, string kind
) {
exists(string row |
sourceModel(row) and
row.splitAt(";", 0) = namespace and
row.splitAt(";", 1) = type and
row.splitAt(";", 2) = subtypes.toString() and
subtypes = [true, false] and
row.splitAt(";", 3) = name and
row.splitAt(";", 4) = signature and
row.splitAt(";", 5) = ext and
row.splitAt(";", 6) = output and
row.splitAt(";", 7) = kind
)
}
private predicate sinkModel(
string namespace, string type, boolean subtypes, string name, string signature, string ext,
string input, string kind
) {
exists(string row |
sinkModel(row) and
row.splitAt(";", 0) = namespace and
row.splitAt(";", 1) = type and
row.splitAt(";", 2) = subtypes.toString() and
subtypes = [true, false] and
row.splitAt(";", 3) = name and
row.splitAt(";", 4) = signature and
row.splitAt(";", 5) = ext and
row.splitAt(";", 6) = input and
row.splitAt(";", 7) = kind
)
}
private predicate summaryModel(
string namespace, string type, boolean subtypes, string name, string signature, string ext,
string input, string output, string kind
) {
exists(string row |
summaryModel(row) and
row.splitAt(";", 0) = namespace and
row.splitAt(";", 1) = type and
row.splitAt(";", 2) = subtypes.toString() and
subtypes = [true, false] and
row.splitAt(";", 3) = name and
row.splitAt(";", 4) = signature and
row.splitAt(";", 5) = ext and
row.splitAt(";", 6) = input and
row.splitAt(";", 7) = output and
row.splitAt(";", 8) = kind
)
}
/** Provides a query predicate to check the CSV data for validation errors. */
module CsvValidation {
/** Holds if some row in a CSV-based flow model appears to contain typos. */
query predicate invalidModelRow(string msg) {
exists(string pred, string namespace, string type, string name, string signature, string ext |
sourceModel(namespace, type, _, name, signature, ext, _, _) and pred = "source"
or
sinkModel(namespace, type, _, name, signature, ext, _, _) and pred = "sink"
or
summaryModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "summary"
|
not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
msg = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
or
not type.regexpMatch("[a-zA-Z0-9_\\$]+") and
msg = "Dubious type \"" + type + "\" in " + pred + " model."
or
not name.regexpMatch("[a-zA-Z0-9_]*") and
msg = "Dubious name \"" + name + "\" in " + pred + " model."
or
not signature.regexpMatch("|\\([a-zA-Z0-9_\\.\\$<>,]*\\)") and
msg = "Dubious signature \"" + signature + "\" in " + pred + " model."
or
not ext.regexpMatch("|Annotated") and
msg = "Unrecognized extra API graph element \"" + ext + "\" in " + pred + " model."
)
or
exists(string pred, string input, string part |
sinkModel(_, _, _, _, _, _, input, _) and pred = "sink"
or
summaryModel(_, _, _, _, _, _, input, _, _) and pred = "summary"
|
specSplit(input, part, _) and
not part.regexpMatch("|Argument|ReturnValue") and
not parseArg(part, _) and
msg = "Unrecognized input specification \"" + part + "\" in " + pred + " model."
)
or
exists(string pred, string output, string part |
sourceModel(_, _, _, _, _, _, output, _) and pred = "source"
or
summaryModel(_, _, _, _, _, _, _, output, _) and pred = "summary"
|
specSplit(output, part, _) and
not part.regexpMatch("|Argument|Parameter|ReturnValue") and
not parseArg(part, _) and
not parseParam(part, _) and
msg = "Unrecognized output specification \"" + part + "\" in " + pred + " model."
)
or
exists(string pred, string row, int expect |
sourceModel(row) and expect = 8 and pred = "source"
or
sinkModel(row) and expect = 8 and pred = "sink"
or
summaryModel(row) and expect = 9 and pred = "summary"
|
exists(int cols |
cols = 1 + max(int n | exists(row.splitAt(";", n))) and
cols != expect and
msg =
"Wrong number of columns in " + pred + " model row, expected " + expect + ", got " + cols +
"."
)
or
exists(string b |
b = row.splitAt(";", 2) and
not b = ["true", "false"] and
msg = "Invalid boolean \"" + b + "\" in " + pred + " model."
)
)
}
}
private predicate elementSpec(
string namespace, string type, boolean subtypes, string name, string signature, string ext
) {
sourceModel(namespace, type, subtypes, name, signature, ext, _, _) or
sinkModel(namespace, type, subtypes, name, signature, ext, _, _) or
summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _)
}
bindingset[namespace, type, subtypes]
private RefType interpretType(string namespace, string type, boolean subtypes) {
exists(RefType t |
t.hasQualifiedName(namespace, type) and
if subtypes = true then result.getASourceSupertype*() = t else result = t
)
}
private string paramsStringPart(Callable c, int i) {
i = -1 and result = "("
or
exists(int n, string p | c.getParameterType(n).toString() = p |
i = 2 * n and result = p
or
i = 2 * n - 1 and result = "," and n != 0
)
or
i = 2 * c.getNumberOfParameters() and result = ")"
}
private string paramsString(Callable c) {
result = concat(int i | | paramsStringPart(c, i) order by i)
}
private Element interpretElement0(
string namespace, string type, boolean subtypes, string name, string signature
) {
elementSpec(namespace, type, subtypes, name, signature, _) and
exists(RefType t | t = interpretType(namespace, type, subtypes) |
exists(Member m |
result = m and
m.getDeclaringType() = t and
m.hasName(name)
|
signature = "" or
m.(Callable).getSignature() = any(string nameprefix) + signature or
paramsString(m) = signature
)
or
result = t and
name = "" and
signature = ""
)
}
private Element interpretElement(
string namespace, string type, boolean subtypes, string name, string signature, string ext
) {
elementSpec(namespace, type, subtypes, name, signature, ext) and
exists(Element e | e = interpretElement0(namespace, type, subtypes, name, signature) |
ext = "" and result = e
or
ext = "Annotated" and result.(Annotatable).getAnAnnotation().getType() = e
)
}
private predicate sourceElement(Element e, string output, string kind) {
exists(
string namespace, string type, boolean subtypes, string name, string signature, string ext
|
sourceModel(namespace, type, subtypes, name, signature, ext, output, kind) and
e = interpretElement(namespace, type, subtypes, name, signature, ext)
)
}
private predicate sinkElement(Element e, string input, string kind) {
exists(
string namespace, string type, boolean subtypes, string name, string signature, string ext
|
sinkModel(namespace, type, subtypes, name, signature, ext, input, kind) and
e = interpretElement(namespace, type, subtypes, name, signature, ext)
)
}
private predicate summaryElement(Element e, string input, string output, string kind) {
exists(
string namespace, string type, boolean subtypes, string name, string signature, string ext
|
summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind) and
e = interpretElement(namespace, type, subtypes, name, signature, ext)
)
}
private string inOutSpec() {
sourceModel(_, _, _, _, _, _, result, _) or
sinkModel(_, _, _, _, _, _, result, _) or
summaryModel(_, _, _, _, _, _, result, _, _) or
summaryModel(_, _, _, _, _, _, _, result, _)
}
private predicate specSplit(string s, string c, int n) {
inOutSpec() = s and s.splitAt(" of ", n) = c
}
private predicate len(string s, int len) { len = 1 + max(int n | specSplit(s, _, n)) }
private string getLast(string s) {
exists(int len |
len(s, len) and
specSplit(s, result, len - 1)
)
}
private predicate parseParam(string c, int n) {
specSplit(_, c, _) and c.regexpCapture("Parameter\\[([-0-9]+)\\]", 1).toInt() = n
}
private predicate parseArg(string c, int n) {
specSplit(_, c, _) and c.regexpCapture("Argument\\[([-0-9]+)\\]", 1).toInt() = n
}
private predicate inputNeedsReference(string c) {
c = "Argument" or
parseArg(c, _)
}
private predicate outputNeedsReference(string c) {
c = "Argument" or
parseArg(c, _) or
c = "ReturnValue"
}
private predicate sourceElementRef(Top ref, string output, string kind) {
exists(Element e |
sourceElement(e, output, kind) and
if outputNeedsReference(getLast(output)) then ref.(Call).getCallee() = e else ref = e
)
}
private predicate sinkElementRef(Top ref, string input, string kind) {
exists(Element e |
sinkElement(e, input, kind) and
if inputNeedsReference(getLast(input)) then ref.(Call).getCallee() = e else ref = e
)
}
private predicate summaryElementRef(Top ref, string input, string output, string kind) {
exists(Element e |
summaryElement(e, input, output, kind) and
if inputNeedsReference(getLast(input)) then ref.(Call).getCallee() = e else ref = e
)
}
private newtype TAstOrNode =
TAst(Top t) or
TNode(Node n)
private predicate interpretOutput(string output, int idx, Top ref, TAstOrNode node) {
(
sourceElementRef(ref, output, _) or
summaryElementRef(ref, _, output, _)
) and
len(output, idx) and
node = TAst(ref)
or
exists(Top mid, string c, Node n |
interpretOutput(output, idx + 1, ref, TAst(mid)) and
specSplit(output, c, idx) and
node = TNode(n)
|
exists(int pos | n.(PostUpdateNode).getPreUpdateNode().(ArgumentNode).argumentOf(mid, pos) |
c = "Argument" or parseArg(c, pos)
)
or
exists(int pos | n.(ParameterNode).isParameterOf(mid, pos) |
c = "Parameter" or parseParam(c, pos)
)
or
(c = "Parameter" or c = "") and
n.asParameter() = mid
or
c = "ReturnValue" and
n.asExpr().(Call) = mid
or
c = "" and
n.asExpr().(FieldRead).getField() = mid
)
}
private predicate interpretInput(string input, int idx, Top ref, TAstOrNode node) {
(
sinkElementRef(ref, input, _) or
summaryElementRef(ref, input, _, _)
) and
len(input, idx) and
node = TAst(ref)
or
exists(Top mid, string c, Node n |
interpretInput(input, idx + 1, ref, TAst(mid)) and
specSplit(input, c, idx) and
node = TNode(n)
|
exists(int pos | n.(ArgumentNode).argumentOf(mid, pos) | c = "Argument" or parseArg(c, pos))
or
exists(ReturnStmt ret |
c = "ReturnValue" and
n.asExpr() = ret.getResult() and
mid = ret.getEnclosingCallable()
)
or
exists(FieldWrite fw |
c = "" and
fw.getField() = mid and
n.asExpr() = fw.getRHS()
)
)
}
/**
* Holds if `node` is specified as a source with the given kind in a CSV flow
* model.
*/
predicate sourceNode(Node node, string kind) {
exists(Top ref, string output |
sourceElementRef(ref, output, kind) and
interpretOutput(output, 0, ref, TNode(node))
)
}
/**
* Holds if `node` is specified as a sink with the given kind in a CSV flow
* model.
*/
predicate sinkNode(Node node, string kind) {
exists(Top ref, string input |
sinkElementRef(ref, input, kind) and
interpretInput(input, 0, ref, TNode(node))
)
}
/**
* Holds if `node1` to `node2` is specified as a flow step with the given kind
* in a CSV flow model.
*/
predicate summaryStep(Node node1, Node node2, string kind) {
exists(Top ref, string input, string output |
summaryElementRef(ref, input, output, kind) and
interpretInput(input, 0, ref, TNode(node1)) and
interpretOutput(output, 0, ref, TNode(node2))
)
}

7
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -24,6 +24,7 @@ import semmle.code.java.frameworks.spring.SpringWebClient
import semmle.code.java.frameworks.Guice
import semmle.code.java.frameworks.struts.StrutsActions
import semmle.code.java.frameworks.Thrift
private import semmle.code.java.dataflow.ExternalFlow
/** A data flow source of remote user input. */
abstract class RemoteFlowSource extends DataFlow::Node {
@@ -31,6 +32,12 @@ abstract class RemoteFlowSource extends DataFlow::Node {
abstract string getSourceType();
}
private class ExternalRemoteFlowSource extends RemoteFlowSource {
ExternalRemoteFlowSource() { sourceNode(this, "remote") }
override string getSourceType() { result = "external" }
}
private class RemoteTaintedMethodAccessSource extends RemoteFlowSource {
RemoteTaintedMethodAccessSource() {
this.asExpr().(MethodAccess).getMethod() instanceof RemoteTaintedMethod

4
java/ql/src/semmle/code/java/dataflow/ModulusAnalysis.qll
View File

@@ -268,9 +268,7 @@ predicate exprModulus(Expr e, Bound b, int val, int mod) {
private predicate condExprBranchModulus(
ConditionalExpr cond, boolean branch, Bound b, int val, int mod
) {
exprModulus(cond.getTrueExpr(), b, val, mod) and branch = true
or
exprModulus(cond.getFalseExpr(), b, val, mod) and branch = false
exprModulus(cond.getBranchExpr(branch), b, val, mod)
}
private predicate addModulus(Expr add, boolean isLeft, Bound b, int val, int mod) {

11
java/ql/src/semmle/code/java/dataflow/Nullness.qll
View File

@@ -191,7 +191,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
// Comparisons in finally blocks are excluded since missing exception edges in the CFG could otherwise yield FPs.
not exists(TryStmt try | try.getFinally() = e.getEnclosingStmt().getEnclosingStmt*()) and
(
exists(ConditionalExpr c | c.getCondition().getAChildExpr*() = e) or
e = any(ConditionalExpr c).getCondition().getAChildExpr*() or
not exists(MethodAccess ma | ma.getAnArgument().getAChildExpr*() = e)
) and
// Don't use a guard as reason if there is a null assignment.
@@ -438,13 +438,8 @@ private predicate varConditionallyNull(SsaExplicitUpdate v, ConditionBlock cond,
v.getDefiningExpr().(VariableAssign).getSource() = condexpr and
condexpr.getCondition() = cond.getCondition()
|
condexpr.getTrueExpr() = nullExpr() and
branch = true and
not condexpr.getFalseExpr() = nullExpr()
or
condexpr.getFalseExpr() = nullExpr() and
branch = false and
not condexpr.getTrueExpr() = nullExpr()
condexpr.getBranchExpr(branch) = nullExpr() and
not condexpr.getBranchExpr(branch.booleanNot()) = nullExpr()
)
or
v.getDefiningExpr().(VariableAssign).getSource() = nullExpr() and

4
java/ql/src/semmle/code/java/dataflow/RangeAnalysis.qll
View File

@@ -874,7 +874,5 @@ private predicate boundedConditionalExpr(
ConditionalExpr cond, Bound b, boolean upper, boolean branch, int delta, boolean fromBackEdge,
int origdelta, Reason reason
) {
branch = true and bounded(cond.getTrueExpr(), b, delta, upper, fromBackEdge, origdelta, reason)
or
branch = false and bounded(cond.getFalseExpr(), b, delta, upper, fromBackEdge, origdelta, reason)
bounded(cond.getBranchExpr(branch), b, delta, upper, fromBackEdge, origdelta, reason)
}

7
java/ql/src/semmle/code/java/dataflow/RangeUtils.qll
View File

@@ -27,10 +27,9 @@ private predicate nonNullSsaFwdStep(SsaVariable v, SsaVariable phi) {
}
private predicate nonNullDefStep(Expr e1, Expr e2) {
exists(ConditionalExpr cond | cond = e2 |
cond.getTrueExpr() = e1 and cond.getFalseExpr() instanceof NullLiteral
or
cond.getFalseExpr() = e1 and cond.getTrueExpr() instanceof NullLiteral
exists(ConditionalExpr cond, boolean branch | cond = e2 |
cond.getBranchExpr(branch) = e1 and
cond.getBranchExpr(branch.booleanNot()) instanceof NullLiteral
)
}

3
java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
View File

@@ -7,6 +7,7 @@ private import DataFlowPrivate
private import semmle.code.java.dataflow.SSA
private import semmle.code.java.dataflow.TypeFlow
private import semmle.code.java.controlflow.Guards
private import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.InstanceAccess
cached
@@ -405,6 +406,8 @@ predicate simpleLocalFlowStep(Node node1, Node node2) {
or
node2.asExpr().(AssignExpr).getSource() = node1.asExpr()
or
summaryStep(node1, node2, "value")
or
exists(MethodAccess ma, Method m |
ma = node2.asExpr() and
m = ma.getMethod() and

3
java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -10,6 +10,7 @@ private import semmle.code.java.dataflow.internal.ContainerFlow
private import semmle.code.java.frameworks.spring.SpringController
private import semmle.code.java.frameworks.spring.SpringHttp
private import semmle.code.java.frameworks.Networking
private import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.FlowSteps
/**
@@ -45,6 +46,8 @@ predicate localAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
localAdditionalTaintUpdateStep(src.asExpr(),
sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr())
or
summaryStep(src, sink, "taint")
or
exists(Argument arg |
src.asExpr() = arg and
arg.isVararg() and

5
java/ql/src/semmle/code/java/deadcode/DeadEnumConstant.qll
View File

@@ -7,10 +7,7 @@ import semmle.code.java.JDKAnnotations
Expr valueFlow(Expr src) {
result = src
or
exists(ConditionalExpr c | result = c |
src = c.getTrueExpr() or
src = c.getFalseExpr()
)
result.(ConditionalExpr).getABranchExpr() = src
}
/**

15
java/ql/src/semmle/code/java/frameworks/Servlets.qll
View File

@@ -322,3 +322,18 @@ class ServletWebXMLListenerType extends RefType {
// - `HttpSessionBindingListener`
}
}
/** Holds if `m` is a request handler method (for example `doGet` or `doPost`). */
predicate isServletRequestMethod(Method m) {
m.getDeclaringType() instanceof ServletClass and
m.getNumberOfParameters() = 2 and
m.getParameter(0).getType() instanceof ServletRequest and
m.getParameter(1).getType() instanceof ServletResponse
}
/** Holds if `ma` is a call that gets a request parameter. */
predicate isRequestGetParamMethod(MethodAccess ma) {
ma.getMethod() instanceof ServletRequestGetParameterMethod or
ma.getMethod() instanceof ServletRequestGetParameterMapMethod or
ma.getMethod() instanceof HttpServletRequestGetQueryStringMethod
}

93
java/ql/src/semmle/code/java/frameworks/apache/Lang.qll
View File

@@ -118,3 +118,96 @@ private class ApacheStringUtilsTaintPreservingMethod extends TaintPreservingCall
not isExcludedParameter(arg)
}
}
/**
* A method declared on Apache Commons Lang's `StrBuilder`, or the same class or its
* renamed version `TextStringBuilder` in Commons Text.
*/
class ApacheStrBuilderCallable extends Callable {
ApacheStrBuilderCallable() {
this.getDeclaringType().hasQualifiedName("org.apache.commons.lang3.text", "StrBuilder") or
this.getDeclaringType()
.hasQualifiedName("org.apache.commons.text", ["StrBuilder", "TextStringBuilder"])
}
}
/**
* An Apache Commons Lang `StrBuilder` method that adds taint to the `StrBuilder`.
*/
private class ApacheStrBuilderTaintingMethod extends ApacheStrBuilderCallable,
TaintPreservingCallable {
ApacheStrBuilderTaintingMethod() {
this instanceof Constructor
or
this.hasName([
"append", "appendAll", "appendFixedWidthPadLeft", "appendFixedWidthPadRight", "appendln",
"appendSeparator", "appendWithSeparators", "insert", "readFrom", "replace", "replaceAll",
"replaceFirst"
])
}
private predicate consumesTaintFromAllArgs() {
// Specifically the append[ln](String, Object...) overloads also consume taint from their other arguments:
this.getName() in ["appendAll", "appendWithSeparators"]
or
this.getName() = ["append", "appendln"] and this.getAParameter().isVarargs()
or
this.getName() = "appendSeparator" and this.getParameterType(1) instanceof TypeString
}
override predicate transfersTaint(int fromArg, int toArg) {
// Taint the qualifier
toArg = -1 and
(
this.getName().matches(["append%", "readFrom"]) and fromArg = 0
or
this.getName() = "insert" and fromArg = 1
or
this.getName().matches("replace%") and
(
if this.getParameterType(0).(PrimitiveType).getName() = "int"
then fromArg = 2
else fromArg = 1
)
or
this.consumesTaintFromAllArgs() and fromArg in [0 .. this.getNumberOfParameters() - 1]
)
}
override predicate returnsTaintFrom(int arg) { this instanceof Constructor and arg = 0 }
}
/**
* An Apache Commons Lang `StrBuilder` method that returns taint from the `StrBuilder`.
*/
private class ApacheStrBuilderTaintGetter extends ApacheStrBuilderCallable, TaintPreservingCallable {
ApacheStrBuilderTaintGetter() {
// Taint getters:
this.hasName([
"asReader", "asTokenizer", "build", "getChars", "leftString", "midString", "rightString",
"subSequence", "substring", "toCharArray", "toString", "toStringBuffer", "toStringBuilder"
])
or
// Fluent methods that return an alias of `this`:
this.getReturnType() = this.getDeclaringType()
}
override predicate returnsTaintFrom(int arg) { arg = -1 }
}
/**
* An Apache Commons Lang `StrBuilder` method that writes taint from the `StrBuilder` to some parameter.
*/
private class ApacheStrBuilderTaintWriter extends ApacheStrBuilderCallable, TaintPreservingCallable {
ApacheStrBuilderTaintWriter() { this.hasName(["appendTo", "getChars"]) }
override predicate transfersTaint(int fromArg, int toArg) {
fromArg = -1 and
// appendTo(Readable) and getChars(char[])
if this.getNumberOfParameters() = 1
then toArg = 0
else
// getChars(int, int, char[], int)
toArg = 2
}
}

13
java/ql/src/semmle/code/xml/MavenPom.qll
View File

@@ -368,6 +368,19 @@ class PomProperty extends PomElement {
PomProperty() { getParent() instanceof PomProperties }
}
/**
* An XML element representing any kind of repository declared inside of a Maven POM XML file.
*/
class DeclaredRepository extends PomElement {
DeclaredRepository() { this.getName() = ["repository", "snapshotRepository", "pluginRepository"] }
/**
* Gets the url for this repository. If the `url` tag is present, this will
* be the string contents of that tag.
*/
string getUrl() { result = getAChild("url").(PomElement).getValue() }
}
/**
* A folder that represents a local Maven repository using the standard layout. Any folder called
* "repository" with a parent name ".m2" is considered to be a Maven repository.

2
java/ql/test/experimental/query-tests/security/CWE-548/A.java Normal file
View File

@@ -0,0 +1,2 @@
public class A {
}

2
java/ql/test/experimental/query-tests/security/CWE-555/A.java Normal file
View File

@@ -0,0 +1,2 @@
public class A {
}

39
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.expected Normal file
View File

@@ -0,0 +1,39 @@
edges
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password |
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password : Object |
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | SensitiveGetQuery2.java:18:40:18:54 | password : Object |
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | SensitiveGetQuery2.java:19:61:19:68 | password |
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password |
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String |
| SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | SensitiveGetQuery4.java:16:37:16:47 | accessToken |
| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String |
| SensitiveGetQuery.java:14:29:14:36 | password : String | SensitiveGetQuery.java:17:40:17:54 | password : String |
| SensitiveGetQuery.java:17:40:17:54 | password : String | SensitiveGetQuery.java:18:61:18:68 | password |
nodes
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | semmle.label | getParameterMap(...) : Map |
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | semmle.label | (...)... : Object |
| SensitiveGetQuery2.java:15:29:15:36 | password | semmle.label | password |
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | semmle.label | password : Object |
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | semmle.label | password : Object |
| SensitiveGetQuery2.java:19:61:19:68 | password | semmle.label | password |
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | semmle.label | getRequestParameter(...) : String |
| SensitiveGetQuery3.java:13:57:13:64 | password | semmle.label | password |
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SensitiveGetQuery4.java:14:24:14:66 | getRequestParameter(...) : String | semmle.label | getRequestParameter(...) : String |
| SensitiveGetQuery4.java:16:37:16:47 | accessToken | semmle.label | accessToken |
| SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SensitiveGetQuery.java:14:29:14:36 | password | semmle.label | password |
| SensitiveGetQuery.java:14:29:14:36 | password : String | semmle.label | password : String |
| SensitiveGetQuery.java:17:40:17:54 | password : String | semmle.label | password : String |
| SensitiveGetQuery.java:18:61:18:68 | password | semmle.label | password |
#select
| SensitiveGetQuery2.java:15:29:15:36 | password | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:15:29:15:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) | This request |
| SensitiveGetQuery2.java:19:61:19:68 | password | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:19:61:19:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) | This request |
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) | This request |
| SensitiveGetQuery4.java:16:37:16:47 | accessToken | SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) : String | SensitiveGetQuery4.java:16:37:16:47 | accessToken | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery4.java:20:10:20:40 | getParameter(...) | This request |
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | This request |
| SensitiveGetQuery.java:18:61:18:68 | password | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:18:61:18:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | This request |

26
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java Normal file
View File

@@ -0,0 +1,26 @@
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery extends HttpServlet {
// BAD - Tests retrieving sensitive information through `request.getParameter()` in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = request.getParameter("username");
String password = request.getParameter("password");
processUserInfo(username, password);
}
void processUserInfo(String username, String password) {
System.out.println("username = " + username+"; password "+password);
}
// GOOD - Tests retrieving sensitive information through `request.getParameter()` in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String password = request.getParameter("password");
System.out.println("password = " + password);
}
}

1
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql

29
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java Normal file
View File

@@ -0,0 +1,29 @@
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery2 extends HttpServlet {
// BAD - Tests retrieving sensitive information through `request.getParameterMap()` in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
Map map = request.getParameterMap();
String username = (String) map.get("username");
String password = (String) map.get("password");
processUserInfo(username, password);
}
void processUserInfo(String username, String password) {
System.out.println("username = " + username+"; password "+password);
}
// GOOD - Tests retrieving sensitive information through `request.getParameterMap()` in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
Map map = request.getParameterMap();
String username = (String) map.get("username");
String password = (String) map.get("password");
processUserInfo(username, password);
}
}

26
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java Normal file
View File

@@ -0,0 +1,26 @@
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery3 extends HttpServlet {
// BAD - Tests retrieving sensitive information through a wrapper call in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");
System.out.println("Username="+username+"; password="+password);
}
String getRequestParameter(HttpServletRequest request, String paramName) {
return request.getParameter(paramName);
}
// GOOD - Tests retrieving sensitive information through a wrapper call in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String password = getRequestParameter(request, "password");
System.out.println("Username="+username+"; password="+password);
}
}

32
java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java Normal file
View File

@@ -0,0 +1,32 @@
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
public class SensitiveGetQuery4 extends HttpServlet {
// BAD - Tests retrieving non-sensitive tokens and sensitive tokens in a GET request.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");
String tokenType = getRequestParameter(request, "tokenType");
String accessToken = getRequestParameter(request, "accessToken");
System.out.println("Username="+username+"; token="+token+"; tokenType="+tokenType);
System.out.println("AccessToken="+accessToken);
}
String getRequestParameter(HttpServletRequest request, String paramName) {
return request.getParameter(paramName);
}
// GOOD - Tests retrieving non-sensitive tokens and sensitive tokens in a POST request.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String username = getRequestParameter(request, "username");
String token = getRequestParameter(request, "token");
String tokenType = getRequestParameter(request, "tokenType");
String accessToken = getRequestParameter(request, "accessToken");
System.out.println("Username="+username+"; token="+token+"; tokenType="+tokenType);
System.out.println("AccessToken="+accessToken);
}
}

1
java/ql/test/experimental/query-tests/security/CWE-598/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4

62
java/ql/test/library-tests/dataflow/external-models/A.java Normal file
View File

@@ -0,0 +1,62 @@
package my.qltest;
public class A {
void foo() {
Object x;
x = src1();
x = src1("");
Sub sub = new Sub();
x = sub.src2();
x = sub.src3();
srcArg(x);
Handler h = srcparam1 -> { };
Handler h2 = new Handler() {
@Override public void handle(Object srcparam2) { }
};
x = taggedSrcMethod();
x = taggedSrcField;
x = srcTwoArg("", "");
}
@Tag
void tagged1(Object taggedMethodParam) {
}
void tagged2(@Tag Object taggedSrcParam) {
}
Object src1() { return null; }
Object src1(String s) { return null; }
Object src2() { return null; }
Object src3() { return null; }
static class Sub extends A {
// inherit src2
@Override Object src3() { return null; }
}
void srcArg(Object src) { }
interface Handler {
void handle(Object src);
}
@interface Tag { }
@Tag
Object taggedSrcMethod() { return null; }
@Tag
Object taggedSrcField;
Object srcTwoArg(String s1, String s2) { return null; }
}

35
java/ql/test/library-tests/dataflow/external-models/B.java Normal file
View File

@@ -0,0 +1,35 @@
package my.qltest;
public class B {
void foo() {
Object arg1 = new Object();
sink1(arg1);
Object argToTagged = new Object();
taggedSinkMethod(argToTagged);
Object fieldWrite = new Object();
taggedField = fieldWrite;
}
Object sinkMethod() {
Object res = new Object();
return res;
}
@Tag
Object taggedSinkMethod() {
Object resTag = new Object();
return resTag;
}
void sink1(Object x) { }
@interface Tag { }
@Tag
void taggedSinkMethod(Object x) { }
@Tag
Object taggedField;
}

36
java/ql/test/library-tests/dataflow/external-models/C.java Normal file
View File

@@ -0,0 +1,36 @@
package my.qltest;
public class C {
void foo() {
Object arg1 = new Object();
stepArgRes(arg1);
Object argIn1 = new Object();
Object argOut1 = new Object();
stepArgArg(argIn1, argOut1);
Object argIn2 = new Object();
Object argOut2 = new Object();
stepArgArg(argIn2, argOut2);
Object arg2 = new Object();
stepArgQual(arg2);
Object arg3 = new Object();
this.stepArgQual(arg3);
this.stepQualRes();
stepQualRes();
Object argOut = new Object();
stepQualArg(argOut);
}
Object stepArgRes(Object x) { return null; }
void stepArgArg(Object in, Object out) { }
void stepArgQual(Object x) { }
Object stepQualRes() { return null; }
void stepQualArg(Object out) { }
}

8
java/ql/test/library-tests/dataflow/external-models/sinks.expected Normal file
View File

@@ -0,0 +1,8 @@
invalidModelRow
#select
| B.java:6:11:6:14 | arg1 | qltest |
| B.java:9:5:9:33 | this <.method> | qltest-arg |
| B.java:9:22:9:32 | argToTagged | qltest-arg |
| B.java:12:19:12:28 | fieldWrite | qltest-nospec |
| B.java:17:12:17:14 | res | qltest |
| B.java:23:12:23:17 | resTag | qltest-retval |

22
java/ql/test/library-tests/dataflow/external-models/sinks.ql Normal file
View File

@@ -0,0 +1,22 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
import CsvValidation
class SinkModelTest extends SinkModelCsv {
override predicate row(string row) {
row =
[
//"package;type;overrides;name;signature;ext;spec;kind",
"my.qltest;B;false;sink1;(Object);;Argument[0];qltest",
"my.qltest;B;false;sinkMethod;();;ReturnValue;qltest",
"my.qltest;B$Tag;false;;;Annotated;ReturnValue;qltest-retval",
"my.qltest;B$Tag;false;;;Annotated;Argument;qltest-arg",
"my.qltest;B$Tag;false;;;Annotated;;qltest-nospec"
]
}
}
from DataFlow::Node node, string kind
where sinkNode(node, kind)
select node, kind

24
java/ql/test/library-tests/dataflow/external-models/srcs.expected Normal file
View File

@@ -0,0 +1,24 @@
invalidModelRow
#select
| A.java:6:9:6:14 | src1(...) | qltest |
| A.java:6:9:6:14 | src1(...) | qltest-all-overloads |
| A.java:7:9:7:16 | src1(...) | qltest |
| A.java:7:9:7:16 | src1(...) | qltest-all-overloads |
| A.java:7:9:7:16 | src1(...) | qltest-alt |
| A.java:10:9:10:18 | src2(...) | qltest |
| A.java:10:9:10:18 | src2(...) | qltest-w-subtypes |
| A.java:11:9:11:18 | src3(...) | qltest-w-subtypes |
| A.java:13:5:13:13 | this <.method> [post update] | qltest-argany |
| A.java:13:12:13:12 | x [post update] | qltest-argany |
| A.java:13:12:13:12 | x [post update] | qltest-argnum |
| A.java:15:17:15:25 | srcparam1 | qltest-param-override |
| A.java:18:36:18:51 | srcparam2 | qltest-param-override |
| A.java:21:9:21:25 | taggedSrcMethod(...) | qltest-retval |
| A.java:22:9:22:22 | taggedSrcField | qltest-nospec |
| A.java:24:9:24:25 | srcTwoArg(...) | qltest-longsig |
| A.java:24:9:24:25 | srcTwoArg(...) | qltest-shortsig |
| A.java:28:8:28:14 | parameter this | qltest-param |
| A.java:28:16:28:39 | taggedMethodParam | qltest-param |
| A.java:31:16:31:41 | taggedSrcParam | qltest-nospec |
| A.java:31:16:31:41 | taggedSrcParam | qltest-param |
| A.java:56:10:56:24 | parameter this | qltest-param |

33
java/ql/test/library-tests/dataflow/external-models/srcs.ql Normal file
View File

@@ -0,0 +1,33 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
import CsvValidation
class SourceModelTest extends SourceModelCsv {
override predicate row(string row) {
row =
[
//"package;type;overrides;name;signature;ext;spec;kind",
"my.qltest;A;false;src1;();;ReturnValue;qltest",
"my.qltest;A;false;src1;(String);;ReturnValue;qltest",
"my.qltest;A;false;src1;(java.lang.String);;ReturnValue;qltest-alt",
"my.qltest;A;false;src1;;;ReturnValue;qltest-all-overloads",
"my.qltest;A;false;src2;();;ReturnValue;qltest",
"my.qltest;A;false;src3;();;ReturnValue;qltest",
"my.qltest;A;true;src2;();;ReturnValue;qltest-w-subtypes",
"my.qltest;A;true;src3;();;ReturnValue;qltest-w-subtypes",
"my.qltest;A;false;srcArg;(Object);;Argument[0];qltest-argnum",
"my.qltest;A;false;srcArg;(Object);;Argument;qltest-argany",
"my.qltest;A$Handler;true;handle;(Object);;Parameter[0];qltest-param-override",
"my.qltest;A$Tag;false;;;Annotated;ReturnValue;qltest-retval",
"my.qltest;A$Tag;false;;;Annotated;Parameter;qltest-param",
"my.qltest;A$Tag;false;;;Annotated;;qltest-nospec",
"my.qltest;A;false;srcTwoArg;(String,String);;ReturnValue;qltest-shortsig",
"my.qltest;A;false;srcTwoArg;(java.lang.String,java.lang.String);;ReturnValue;qltest-longsig"
]
}
}
from DataFlow::Node node, string kind
where sourceNode(node, kind)
select node, kind

10
java/ql/test/library-tests/dataflow/external-models/steps.expected Normal file
View File

@@ -0,0 +1,10 @@
invalidModelRow
#select
| C.java:6:16:6:19 | arg1 | C.java:6:5:6:20 | stepArgRes(...) | qltest |
| C.java:10:16:10:21 | argIn1 | C.java:10:24:10:30 | argOut1 [post update] | qltest |
| C.java:13:16:13:21 | argIn2 | C.java:13:24:13:30 | argOut2 [post update] | qltest |
| C.java:16:17:16:20 | arg2 | C.java:16:5:16:21 | this <.method> [post update] | qltest |
| C.java:18:22:18:25 | arg3 | C.java:18:5:18:8 | this [post update] | qltest |
| C.java:20:5:20:8 | this | C.java:20:5:20:22 | stepQualRes(...) | qltest |
| C.java:21:5:21:17 | this <.method> | C.java:21:5:21:17 | stepQualRes(...) | qltest |
| C.java:24:5:24:23 | this <.method> | C.java:24:17:24:22 | argOut [post update] | qltest |

22
java/ql/test/library-tests/dataflow/external-models/steps.ql Normal file
View File

@@ -0,0 +1,22 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
import CsvValidation
class SummaryModelTest extends SummaryModelCsv {
override predicate row(string row) {
row =
[
//"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
"my.qltest;C;false;stepArgRes;(Object);;Argument[0];ReturnValue;qltest",
"my.qltest;C;false;stepArgArg;(Object,Object);;Argument[0];Argument[1];qltest",
"my.qltest;C;false;stepArgQual;(Object);;Argument[0];Argument[-1];qltest",
"my.qltest;C;false;stepQualRes;();;Argument[-1];ReturnValue;qltest",
"my.qltest;C;false;stepQualArg;(Object);;Argument[-1];Argument[0];qltest"
]
}
}
from DataFlow::Node node1, DataFlow::Node node2, string kind
where summaryStep(node1, node2, kind)
select node1, node2, kind

133
java/ql/test/library-tests/frameworks/apache-commons-lang3/StrBuilderTest.java Normal file
View File

@@ -0,0 +1,133 @@
import org.apache.commons.lang3.text.StrBuilder;
import org.apache.commons.lang3.text.StrMatcher;
import org.apache.commons.lang3.text.StrTokenizer;
import java.io.StringReader;
import java.nio.CharBuffer;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
class StrBuilderTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
StrBuilder cons1 = new StrBuilder(taint()); sink(cons1.toString()); // $hasTaintFlow=y
StrBuilder sb1 = new StrBuilder(); sb1.append(taint().toCharArray()); sink(sb1.toString()); // $hasTaintFlow=y
StrBuilder sb2 = new StrBuilder(); sb2.append(taint().toCharArray(), 0, 0); sink(sb2.toString()); // $hasTaintFlow=y
StrBuilder sb3 = new StrBuilder(); sb3.append(CharBuffer.wrap(taint().toCharArray())); sink(sb3.toString()); // $ MISSING: hasTaintFlow=y
StrBuilder sb4 = new StrBuilder(); sb4.append(CharBuffer.wrap(taint().toCharArray()), 0, 0); sink(sb4.toString()); // $ MISSING: hasTaintFlow=y
StrBuilder sb5 = new StrBuilder(); sb5.append((CharSequence)taint()); sink(sb5.toString()); // $hasTaintFlow=y
StrBuilder sb6 = new StrBuilder(); sb6.append((CharSequence)taint(), 0, 0); sink(sb6.toString()); // $hasTaintFlow=y
StrBuilder sb7 = new StrBuilder(); sb7.append((Object)taint()); sink(sb7.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.append(taint());
StrBuilder sb8 = new StrBuilder(); sb8.append(auxsb); sink(sb8.toString()); // $hasTaintFlow=y
}
StrBuilder sb9 = new StrBuilder(); sb9.append(new StringBuffer(taint())); sink(sb9.toString()); // $hasTaintFlow=y
StrBuilder sb10 = new StrBuilder(); sb10.append(new StringBuffer(taint()), 0, 0); sink(sb10.toString()); // $hasTaintFlow=y
StrBuilder sb11 = new StrBuilder(); sb11.append(new StringBuilder(taint())); sink(sb11.toString()); // $hasTaintFlow=y
StrBuilder sb12 = new StrBuilder(); sb12.append(new StringBuilder(taint()), 0, 0); sink(sb12.toString()); // $hasTaintFlow=y
StrBuilder sb13 = new StrBuilder(); sb13.append(taint()); sink(sb13.toString()); // $hasTaintFlow=y
StrBuilder sb14 = new StrBuilder(); sb14.append(taint(), 0, 0); sink(sb14.toString()); // $hasTaintFlow=y
StrBuilder sb15 = new StrBuilder(); sb15.append(taint(), "format", "args"); sink(sb15.toString()); // $hasTaintFlow=y
StrBuilder sb16 = new StrBuilder(); sb16.append("Format string", taint(), "args"); sink(sb16.toString()); // $hasTaintFlow=y
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
StrBuilder sb17 = new StrBuilder(); sb17.appendAll(taintedList); sink(sb17.toString()); // $hasTaintFlow=y
StrBuilder sb18 = new StrBuilder(); sb18.appendAll(taintedList.iterator()); sink(sb18.toString()); // $hasTaintFlow=y
}
StrBuilder sb19 = new StrBuilder(); sb19.appendAll("clean", taint()); sink(sb19.toString()); // $hasTaintFlow=y
StrBuilder sb20 = new StrBuilder(); sb20.appendAll(taint(), "clean"); sink(sb20.toString()); // $hasTaintFlow=y
StrBuilder sb21 = new StrBuilder(); sb21.appendFixedWidthPadLeft(taint(), 0, ' '); sink(sb21.toString()); // $hasTaintFlow=y
StrBuilder sb22 = new StrBuilder(); sb22.appendFixedWidthPadRight(taint(), 0, ' '); sink(sb22.toString()); // $hasTaintFlow=y
StrBuilder sb23 = new StrBuilder(); sb23.appendln(taint().toCharArray()); sink(sb23.toString()); // $hasTaintFlow=y
StrBuilder sb24 = new StrBuilder(); sb24.appendln(taint().toCharArray(), 0, 0); sink(sb24.toString()); // $hasTaintFlow=y
StrBuilder sb25 = new StrBuilder(); sb25.appendln((Object)taint()); sink(sb25.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.appendln(taint());
StrBuilder sb26 = new StrBuilder(); sb26.appendln(auxsb); sink(sb26.toString()); // $hasTaintFlow=y
}
StrBuilder sb27 = new StrBuilder(); sb27.appendln(new StringBuffer(taint())); sink(sb27.toString()); // $hasTaintFlow=y
StrBuilder sb28 = new StrBuilder(); sb28.appendln(new StringBuffer(taint()), 0, 0); sink(sb28.toString()); // $hasTaintFlow=y
StrBuilder sb29 = new StrBuilder(); sb29.appendln(new StringBuilder(taint())); sink(sb29.toString()); // $hasTaintFlow=y
StrBuilder sb30 = new StrBuilder(); sb30.appendln(new StringBuilder(taint()), 0, 0); sink(sb30.toString()); // $hasTaintFlow=y
StrBuilder sb31 = new StrBuilder(); sb31.appendln(taint()); sink(sb31.toString()); // $hasTaintFlow=y
StrBuilder sb32 = new StrBuilder(); sb32.appendln(taint(), 0, 0); sink(sb32.toString()); // $hasTaintFlow=y
StrBuilder sb33 = new StrBuilder(); sb33.appendln(taint(), "format", "args"); sink(sb33.toString()); // $hasTaintFlow=y
StrBuilder sb34 = new StrBuilder(); sb34.appendln("Format string", taint(), "args"); sink(sb34.toString()); // $hasTaintFlow=y
StrBuilder sb35 = new StrBuilder(); sb35.appendSeparator(taint()); sink(sb35.toString()); // $hasTaintFlow=y
StrBuilder sb36 = new StrBuilder(); sb36.appendSeparator(taint(), 0); sink(sb36.toString()); // $hasTaintFlow=y
StrBuilder sb37 = new StrBuilder(); sb37.appendSeparator(taint(), "default"); sink(sb37.toString()); // $hasTaintFlow=y
StrBuilder sb38 = new StrBuilder(); sb38.appendSeparator("", taint()); sink(sb38.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.appendln(taint());
StrBuilder sb39 = new StrBuilder(); auxsb.appendTo(sb39); sink(sb39.toString()); // $hasTaintFlow=y
}
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
StrBuilder sb40 = new StrBuilder(); sb40.appendWithSeparators(taintedList, ", "); sink(sb40.toString()); // $hasTaintFlow=y
StrBuilder sb41 = new StrBuilder(); sb41.appendWithSeparators(taintedList.iterator(), ", "); sink(sb41.toString()); // $hasTaintFlow=y
List<String> untaintedList = new ArrayList<>();
StrBuilder sb42 = new StrBuilder(); sb42.appendWithSeparators(untaintedList, taint()); sink(sb42.toString()); // $hasTaintFlow=y
StrBuilder sb43 = new StrBuilder(); sb43.appendWithSeparators(untaintedList.iterator(), taint()); sink(sb43.toString()); // $hasTaintFlow=y
String[] taintedArray = new String[] { taint() };
String[] untaintedArray = new String[] {};
StrBuilder sb44 = new StrBuilder(); sb44.appendWithSeparators(taintedArray, ", "); sink(sb44.toString()); // $hasTaintFlow=y
StrBuilder sb45 = new StrBuilder(); sb45.appendWithSeparators(untaintedArray, taint()); sink(sb45.toString()); // $hasTaintFlow=y
}
{
StrBuilder sb46 = new StrBuilder(); sb46.append(taint());
char[] target = new char[100];
sb46.asReader().read(target);
sink(target); // $hasTaintFlow=y
}
StrBuilder sb47 = new StrBuilder(); sb47.append(taint()); sink(sb47.asTokenizer().next()); // $hasTaintFlow=y
StrBuilder sb48 = new StrBuilder(); sb48.append(taint()); sink(sb48.build()); // $hasTaintFlow=y
StrBuilder sb49 = new StrBuilder(); sb49.append(taint()); sink(sb49.getChars(null)); // $hasTaintFlow=y
{
StrBuilder sb50 = new StrBuilder(); sb50.append(taint());
char[] target = new char[100];
sb50.getChars(target);
sink(target); // $hasTaintFlow=y
}
{
StrBuilder sb51 = new StrBuilder(); sb51.append(taint());
char[] target = new char[100];
sb51.getChars(0, 0, target, 0);
sink(target); // $hasTaintFlow=y
}
StrBuilder sb52 = new StrBuilder(); sb52.insert(0, taint().toCharArray()); sink(sb52.toString()); // $hasTaintFlow=y
StrBuilder sb53 = new StrBuilder(); sb53.insert(0, taint().toCharArray(), 0, 0); sink(sb53.toString()); // $hasTaintFlow=y
StrBuilder sb54 = new StrBuilder(); sb54.insert(0, taint()); sink(sb54.toString()); // $hasTaintFlow=y
StrBuilder sb55 = new StrBuilder(); sb55.insert(0, (Object)taint()); sink(sb55.toString()); // $hasTaintFlow=y
StrBuilder sb56 = new StrBuilder(); sb56.append(taint()); sink(sb56.leftString(0)); // $hasTaintFlow=y
StrBuilder sb57 = new StrBuilder(); sb57.append(taint()); sink(sb57.midString(0, 0)); // $hasTaintFlow=y
{
StringReader reader = new StringReader(taint());
StrBuilder sb58 = new StrBuilder(); sb58.readFrom(reader); sink(sb58.toString()); // $hasTaintFlow=y
}
StrBuilder sb59 = new StrBuilder(); sb59.replace(0, 0, taint()); sink(sb59.toString()); // $hasTaintFlow=y
StrBuilder sb60 = new StrBuilder(); sb60.replace(null, taint(), 0, 0, 0); sink(sb60.toString()); // $hasTaintFlow=y
StrBuilder sb61 = new StrBuilder(); sb61.replaceAll((StrMatcher)null, taint()); sink(sb61.toString()); // $hasTaintFlow=y
StrBuilder sb62 = new StrBuilder(); sb62.replaceAll("search", taint()); sink(sb62.toString()); // $hasTaintFlow=y
StrBuilder sb63 = new StrBuilder(); sb63.replaceAll(taint(), "replace"); sink(sb63.toString()); // GOOD (search string doesn't convey taint)
StrBuilder sb64 = new StrBuilder(); sb64.replaceFirst((StrMatcher)null, taint()); sink(sb64.toString()); // $hasTaintFlow=y
StrBuilder sb65 = new StrBuilder(); sb65.replaceFirst("search", taint()); sink(sb65.toString()); // $hasTaintFlow=y
StrBuilder sb66 = new StrBuilder(); sb66.replaceFirst(taint(), "replace"); sink(sb66.toString()); // GOOD (search string doesn't convey taint)
StrBuilder sb67 = new StrBuilder(); sb67.append(taint()); sink(sb67.rightString(0)); // $hasTaintFlow=y
StrBuilder sb68 = new StrBuilder(); sb68.append(taint()); sink(sb68.subSequence(0, 0)); // $hasTaintFlow=y
StrBuilder sb69 = new StrBuilder(); sb69.append(taint()); sink(sb69.substring(0)); // $hasTaintFlow=y
StrBuilder sb70 = new StrBuilder(); sb70.append(taint()); sink(sb70.substring(0, 0)); // $hasTaintFlow=y
StrBuilder sb71 = new StrBuilder(); sb71.append(taint()); sink(sb71.toCharArray()); // $hasTaintFlow=y
StrBuilder sb72 = new StrBuilder(); sb72.append(taint()); sink(sb72.toCharArray(0, 0)); // $hasTaintFlow=y
StrBuilder sb73 = new StrBuilder(); sb73.append(taint()); sink(sb73.toStringBuffer()); // $hasTaintFlow=y
StrBuilder sb74 = new StrBuilder(); sb74.append(taint()); sink(sb74.toStringBuilder()); // $hasTaintFlow=y
}
}

133
java/ql/test/library-tests/frameworks/apache-commons-lang3/StrBuilderTextTest.java Normal file
View File

@@ -0,0 +1,133 @@
import org.apache.commons.text.StrBuilder;
import org.apache.commons.text.StrMatcher;
import org.apache.commons.text.StrTokenizer;
import java.io.StringReader;
import java.nio.CharBuffer;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
class StrBuilderTextTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
StrBuilder cons1 = new StrBuilder(taint()); sink(cons1.toString()); // $hasTaintFlow=y
StrBuilder sb1 = new StrBuilder(); sb1.append(taint().toCharArray()); sink(sb1.toString()); // $hasTaintFlow=y
StrBuilder sb2 = new StrBuilder(); sb2.append(taint().toCharArray(), 0, 0); sink(sb2.toString()); // $hasTaintFlow=y
StrBuilder sb3 = new StrBuilder(); sb3.append(CharBuffer.wrap(taint().toCharArray())); sink(sb3.toString()); // $ MISSING: hasTaintFlow=y
StrBuilder sb4 = new StrBuilder(); sb4.append(CharBuffer.wrap(taint().toCharArray()), 0, 0); sink(sb4.toString()); // $ MISSING: hasTaintFlow=y
StrBuilder sb5 = new StrBuilder(); sb5.append((CharSequence)taint()); sink(sb5.toString()); // $hasTaintFlow=y
StrBuilder sb6 = new StrBuilder(); sb6.append((CharSequence)taint(), 0, 0); sink(sb6.toString()); // $hasTaintFlow=y
StrBuilder sb7 = new StrBuilder(); sb7.append((Object)taint()); sink(sb7.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.append(taint());
StrBuilder sb8 = new StrBuilder(); sb8.append(auxsb); sink(sb8.toString()); // $hasTaintFlow=y
}
StrBuilder sb9 = new StrBuilder(); sb9.append(new StringBuffer(taint())); sink(sb9.toString()); // $hasTaintFlow=y
StrBuilder sb10 = new StrBuilder(); sb10.append(new StringBuffer(taint()), 0, 0); sink(sb10.toString()); // $hasTaintFlow=y
StrBuilder sb11 = new StrBuilder(); sb11.append(new StringBuilder(taint())); sink(sb11.toString()); // $hasTaintFlow=y
StrBuilder sb12 = new StrBuilder(); sb12.append(new StringBuilder(taint()), 0, 0); sink(sb12.toString()); // $hasTaintFlow=y
StrBuilder sb13 = new StrBuilder(); sb13.append(taint()); sink(sb13.toString()); // $hasTaintFlow=y
StrBuilder sb14 = new StrBuilder(); sb14.append(taint(), 0, 0); sink(sb14.toString()); // $hasTaintFlow=y
StrBuilder sb15 = new StrBuilder(); sb15.append(taint(), "format", "args"); sink(sb15.toString()); // $hasTaintFlow=y
StrBuilder sb16 = new StrBuilder(); sb16.append("Format string", taint(), "args"); sink(sb16.toString()); // $hasTaintFlow=y
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
StrBuilder sb17 = new StrBuilder(); sb17.appendAll(taintedList); sink(sb17.toString()); // $hasTaintFlow=y
StrBuilder sb18 = new StrBuilder(); sb18.appendAll(taintedList.iterator()); sink(sb18.toString()); // $hasTaintFlow=y
}
StrBuilder sb19 = new StrBuilder(); sb19.appendAll("clean", taint()); sink(sb19.toString()); // $hasTaintFlow=y
StrBuilder sb20 = new StrBuilder(); sb20.appendAll(taint(), "clean"); sink(sb20.toString()); // $hasTaintFlow=y
StrBuilder sb21 = new StrBuilder(); sb21.appendFixedWidthPadLeft(taint(), 0, ' '); sink(sb21.toString()); // $hasTaintFlow=y
StrBuilder sb22 = new StrBuilder(); sb22.appendFixedWidthPadRight(taint(), 0, ' '); sink(sb22.toString()); // $hasTaintFlow=y
StrBuilder sb23 = new StrBuilder(); sb23.appendln(taint().toCharArray()); sink(sb23.toString()); // $hasTaintFlow=y
StrBuilder sb24 = new StrBuilder(); sb24.appendln(taint().toCharArray(), 0, 0); sink(sb24.toString()); // $hasTaintFlow=y
StrBuilder sb25 = new StrBuilder(); sb25.appendln((Object)taint()); sink(sb25.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.appendln(taint());
StrBuilder sb26 = new StrBuilder(); sb26.appendln(auxsb); sink(sb26.toString()); // $hasTaintFlow=y
}
StrBuilder sb27 = new StrBuilder(); sb27.appendln(new StringBuffer(taint())); sink(sb27.toString()); // $hasTaintFlow=y
StrBuilder sb28 = new StrBuilder(); sb28.appendln(new StringBuffer(taint()), 0, 0); sink(sb28.toString()); // $hasTaintFlow=y
StrBuilder sb29 = new StrBuilder(); sb29.appendln(new StringBuilder(taint())); sink(sb29.toString()); // $hasTaintFlow=y
StrBuilder sb30 = new StrBuilder(); sb30.appendln(new StringBuilder(taint()), 0, 0); sink(sb30.toString()); // $hasTaintFlow=y
StrBuilder sb31 = new StrBuilder(); sb31.appendln(taint()); sink(sb31.toString()); // $hasTaintFlow=y
StrBuilder sb32 = new StrBuilder(); sb32.appendln(taint(), 0, 0); sink(sb32.toString()); // $hasTaintFlow=y
StrBuilder sb33 = new StrBuilder(); sb33.appendln(taint(), "format", "args"); sink(sb33.toString()); // $hasTaintFlow=y
StrBuilder sb34 = new StrBuilder(); sb34.appendln("Format string", taint(), "args"); sink(sb34.toString()); // $hasTaintFlow=y
StrBuilder sb35 = new StrBuilder(); sb35.appendSeparator(taint()); sink(sb35.toString()); // $hasTaintFlow=y
StrBuilder sb36 = new StrBuilder(); sb36.appendSeparator(taint(), 0); sink(sb36.toString()); // $hasTaintFlow=y
StrBuilder sb37 = new StrBuilder(); sb37.appendSeparator(taint(), "default"); sink(sb37.toString()); // $hasTaintFlow=y
StrBuilder sb38 = new StrBuilder(); sb38.appendSeparator("", taint()); sink(sb38.toString()); // $hasTaintFlow=y
{
StrBuilder auxsb = new StrBuilder(); auxsb.appendln(taint());
StrBuilder sb39 = new StrBuilder(); auxsb.appendTo(sb39); sink(sb39.toString()); // $hasTaintFlow=y
}
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
StrBuilder sb40 = new StrBuilder(); sb40.appendWithSeparators(taintedList, ", "); sink(sb40.toString()); // $hasTaintFlow=y
StrBuilder sb41 = new StrBuilder(); sb41.appendWithSeparators(taintedList.iterator(), ", "); sink(sb41.toString()); // $hasTaintFlow=y
List<String> untaintedList = new ArrayList<>();
StrBuilder sb42 = new StrBuilder(); sb42.appendWithSeparators(untaintedList, taint()); sink(sb42.toString()); // $hasTaintFlow=y
StrBuilder sb43 = new StrBuilder(); sb43.appendWithSeparators(untaintedList.iterator(), taint()); sink(sb43.toString()); // $hasTaintFlow=y
String[] taintedArray = new String[] { taint() };
String[] untaintedArray = new String[] {};
StrBuilder sb44 = new StrBuilder(); sb44.appendWithSeparators(taintedArray, ", "); sink(sb44.toString()); // $hasTaintFlow=y
StrBuilder sb45 = new StrBuilder(); sb45.appendWithSeparators(untaintedArray, taint()); sink(sb45.toString()); // $hasTaintFlow=y
}
{
StrBuilder sb46 = new StrBuilder(); sb46.append(taint());
char[] target = new char[100];
sb46.asReader().read(target);
sink(target); // $hasTaintFlow=y
}
StrBuilder sb47 = new StrBuilder(); sb47.append(taint()); sink(sb47.asTokenizer().next()); // $hasTaintFlow=y
StrBuilder sb48 = new StrBuilder(); sb48.append(taint()); sink(sb48.build()); // $hasTaintFlow=y
StrBuilder sb49 = new StrBuilder(); sb49.append(taint()); sink(sb49.getChars(null)); // $hasTaintFlow=y
{
StrBuilder sb50 = new StrBuilder(); sb50.append(taint());
char[] target = new char[100];
sb50.getChars(target);
sink(target); // $hasTaintFlow=y
}
{
StrBuilder sb51 = new StrBuilder(); sb51.append(taint());
char[] target = new char[100];
sb51.getChars(0, 0, target, 0);
sink(target); // $hasTaintFlow=y
}
StrBuilder sb52 = new StrBuilder(); sb52.insert(0, taint().toCharArray()); sink(sb52.toString()); // $hasTaintFlow=y
StrBuilder sb53 = new StrBuilder(); sb53.insert(0, taint().toCharArray(), 0, 0); sink(sb53.toString()); // $hasTaintFlow=y
StrBuilder sb54 = new StrBuilder(); sb54.insert(0, taint()); sink(sb54.toString()); // $hasTaintFlow=y
StrBuilder sb55 = new StrBuilder(); sb55.insert(0, (Object)taint()); sink(sb55.toString()); // $hasTaintFlow=y
StrBuilder sb56 = new StrBuilder(); sb56.append(taint()); sink(sb56.leftString(0)); // $hasTaintFlow=y
StrBuilder sb57 = new StrBuilder(); sb57.append(taint()); sink(sb57.midString(0, 0)); // $hasTaintFlow=y
{
StringReader reader = new StringReader(taint());
StrBuilder sb58 = new StrBuilder(); sb58.readFrom(reader); sink(sb58.toString()); // $hasTaintFlow=y
}
StrBuilder sb59 = new StrBuilder(); sb59.replace(0, 0, taint()); sink(sb59.toString()); // $hasTaintFlow=y
StrBuilder sb60 = new StrBuilder(); sb60.replace(null, taint(), 0, 0, 0); sink(sb60.toString()); // $hasTaintFlow=y
StrBuilder sb61 = new StrBuilder(); sb61.replaceAll((StrMatcher)null, taint()); sink(sb61.toString()); // $hasTaintFlow=y
StrBuilder sb62 = new StrBuilder(); sb62.replaceAll("search", taint()); sink(sb62.toString()); // $hasTaintFlow=y
StrBuilder sb63 = new StrBuilder(); sb63.replaceAll(taint(), "replace"); sink(sb63.toString()); // GOOD (search string doesn't convey taint)
StrBuilder sb64 = new StrBuilder(); sb64.replaceFirst((StrMatcher)null, taint()); sink(sb64.toString()); // $hasTaintFlow=y
StrBuilder sb65 = new StrBuilder(); sb65.replaceFirst("search", taint()); sink(sb65.toString()); // $hasTaintFlow=y
StrBuilder sb66 = new StrBuilder(); sb66.replaceFirst(taint(), "replace"); sink(sb66.toString()); // GOOD (search string doesn't convey taint)
StrBuilder sb67 = new StrBuilder(); sb67.append(taint()); sink(sb67.rightString(0)); // $hasTaintFlow=y
StrBuilder sb68 = new StrBuilder(); sb68.append(taint()); sink(sb68.subSequence(0, 0)); // $hasTaintFlow=y
StrBuilder sb69 = new StrBuilder(); sb69.append(taint()); sink(sb69.substring(0)); // $hasTaintFlow=y
StrBuilder sb70 = new StrBuilder(); sb70.append(taint()); sink(sb70.substring(0, 0)); // $hasTaintFlow=y
StrBuilder sb71 = new StrBuilder(); sb71.append(taint()); sink(sb71.toCharArray()); // $hasTaintFlow=y
StrBuilder sb72 = new StrBuilder(); sb72.append(taint()); sink(sb72.toCharArray(0, 0)); // $hasTaintFlow=y
StrBuilder sb73 = new StrBuilder(); sb73.append(taint()); sink(sb73.toStringBuffer()); // $hasTaintFlow=y
StrBuilder sb74 = new StrBuilder(); sb74.append(taint()); sink(sb74.toStringBuilder()); // $hasTaintFlow=y
}
}

134
java/ql/test/library-tests/frameworks/apache-commons-lang3/TextStringBuilderTest.java Normal file
View File

@@ -0,0 +1,134 @@
import org.apache.commons.text.TextStringBuilder;
import org.apache.commons.text.matcher.StringMatcher;
import org.apache.commons.text.StringTokenizer;
import java.io.StringReader;
import java.nio.CharBuffer;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
class TextStringBuilderTest {
String taint() { return "tainted"; }
void sink(Object o) {}
void test() throws Exception {
TextStringBuilder cons1 = new TextStringBuilder(taint()); sink(cons1.toString()); // $hasTaintFlow=y
TextStringBuilder cons2 = new TextStringBuilder((CharSequence)taint()); sink(cons2.toString()); // $hasTaintFlow=y
TextStringBuilder sb1 = new TextStringBuilder(); sb1.append(taint().toCharArray()); sink(sb1.toString()); // $hasTaintFlow=y
TextStringBuilder sb2 = new TextStringBuilder(); sb2.append(taint().toCharArray(), 0, 0); sink(sb2.toString()); // $hasTaintFlow=y
TextStringBuilder sb3 = new TextStringBuilder(); sb3.append(CharBuffer.wrap(taint().toCharArray())); sink(sb3.toString()); // $ MISSING: hasTaintFlow=y
TextStringBuilder sb4 = new TextStringBuilder(); sb4.append(CharBuffer.wrap(taint().toCharArray()), 0, 0); sink(sb4.toString()); // $ MISSING: hasTaintFlow=y
TextStringBuilder sb5 = new TextStringBuilder(); sb5.append((CharSequence)taint()); sink(sb5.toString()); // $hasTaintFlow=y
TextStringBuilder sb6 = new TextStringBuilder(); sb6.append((CharSequence)taint(), 0, 0); sink(sb6.toString()); // $hasTaintFlow=y
TextStringBuilder sb7 = new TextStringBuilder(); sb7.append((Object)taint()); sink(sb7.toString()); // $hasTaintFlow=y
{
TextStringBuilder auxsb = new TextStringBuilder(); auxsb.append(taint());
TextStringBuilder sb8 = new TextStringBuilder(); sb8.append(auxsb); sink(sb8.toString()); // $hasTaintFlow=y
}
TextStringBuilder sb9 = new TextStringBuilder(); sb9.append(new StringBuffer(taint())); sink(sb9.toString()); // $hasTaintFlow=y
TextStringBuilder sb10 = new TextStringBuilder(); sb10.append(new StringBuffer(taint()), 0, 0); sink(sb10.toString()); // $hasTaintFlow=y
TextStringBuilder sb11 = new TextStringBuilder(); sb11.append(new StringBuilder(taint())); sink(sb11.toString()); // $hasTaintFlow=y
TextStringBuilder sb12 = new TextStringBuilder(); sb12.append(new StringBuilder(taint()), 0, 0); sink(sb12.toString()); // $hasTaintFlow=y
TextStringBuilder sb13 = new TextStringBuilder(); sb13.append(taint()); sink(sb13.toString()); // $hasTaintFlow=y
TextStringBuilder sb14 = new TextStringBuilder(); sb14.append(taint(), 0, 0); sink(sb14.toString()); // $hasTaintFlow=y
TextStringBuilder sb15 = new TextStringBuilder(); sb15.append(taint(), "format", "args"); sink(sb15.toString()); // $hasTaintFlow=y
TextStringBuilder sb16 = new TextStringBuilder(); sb16.append("Format string", taint(), "args"); sink(sb16.toString()); // $hasTaintFlow=y
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
TextStringBuilder sb17 = new TextStringBuilder(); sb17.appendAll(taintedList); sink(sb17.toString()); // $hasTaintFlow=y
TextStringBuilder sb18 = new TextStringBuilder(); sb18.appendAll(taintedList.iterator()); sink(sb18.toString()); // $hasTaintFlow=y
}
TextStringBuilder sb19 = new TextStringBuilder(); sb19.appendAll("clean", taint()); sink(sb19.toString()); // $hasTaintFlow=y
TextStringBuilder sb20 = new TextStringBuilder(); sb20.appendAll(taint(), "clean"); sink(sb20.toString()); // $hasTaintFlow=y
TextStringBuilder sb21 = new TextStringBuilder(); sb21.appendFixedWidthPadLeft(taint(), 0, ' '); sink(sb21.toString()); // $hasTaintFlow=y
TextStringBuilder sb22 = new TextStringBuilder(); sb22.appendFixedWidthPadRight(taint(), 0, ' '); sink(sb22.toString()); // $hasTaintFlow=y
TextStringBuilder sb23 = new TextStringBuilder(); sb23.appendln(taint().toCharArray()); sink(sb23.toString()); // $hasTaintFlow=y
TextStringBuilder sb24 = new TextStringBuilder(); sb24.appendln(taint().toCharArray(), 0, 0); sink(sb24.toString()); // $hasTaintFlow=y
TextStringBuilder sb25 = new TextStringBuilder(); sb25.appendln((Object)taint()); sink(sb25.toString()); // $hasTaintFlow=y
{
TextStringBuilder auxsb = new TextStringBuilder(); auxsb.appendln(taint());
TextStringBuilder sb26 = new TextStringBuilder(); sb26.appendln(auxsb); sink(sb26.toString()); // $hasTaintFlow=y
}
TextStringBuilder sb27 = new TextStringBuilder(); sb27.appendln(new StringBuffer(taint())); sink(sb27.toString()); // $hasTaintFlow=y
TextStringBuilder sb28 = new TextStringBuilder(); sb28.appendln(new StringBuffer(taint()), 0, 0); sink(sb28.toString()); // $hasTaintFlow=y
TextStringBuilder sb29 = new TextStringBuilder(); sb29.appendln(new StringBuilder(taint())); sink(sb29.toString()); // $hasTaintFlow=y
TextStringBuilder sb30 = new TextStringBuilder(); sb30.appendln(new StringBuilder(taint()), 0, 0); sink(sb30.toString()); // $hasTaintFlow=y
TextStringBuilder sb31 = new TextStringBuilder(); sb31.appendln(taint()); sink(sb31.toString()); // $hasTaintFlow=y
TextStringBuilder sb32 = new TextStringBuilder(); sb32.appendln(taint(), 0, 0); sink(sb32.toString()); // $hasTaintFlow=y
TextStringBuilder sb33 = new TextStringBuilder(); sb33.appendln(taint(), "format", "args"); sink(sb33.toString()); // $hasTaintFlow=y
TextStringBuilder sb34 = new TextStringBuilder(); sb34.appendln("Format string", taint(), "args"); sink(sb34.toString()); // $hasTaintFlow=y
TextStringBuilder sb35 = new TextStringBuilder(); sb35.appendSeparator(taint()); sink(sb35.toString()); // $hasTaintFlow=y
TextStringBuilder sb36 = new TextStringBuilder(); sb36.appendSeparator(taint(), 0); sink(sb36.toString()); // $hasTaintFlow=y
TextStringBuilder sb37 = new TextStringBuilder(); sb37.appendSeparator(taint(), "default"); sink(sb37.toString()); // $hasTaintFlow=y
TextStringBuilder sb38 = new TextStringBuilder(); sb38.appendSeparator("", taint()); sink(sb38.toString()); // $hasTaintFlow=y
{
TextStringBuilder auxsb = new TextStringBuilder(); auxsb.appendln(taint());
TextStringBuilder sb39 = new TextStringBuilder(); auxsb.appendTo(sb39); sink(sb39.toString()); // $hasTaintFlow=y
}
{
List<String> taintedList = new ArrayList<>();
taintedList.add(taint());
TextStringBuilder sb40 = new TextStringBuilder(); sb40.appendWithSeparators(taintedList, ", "); sink(sb40.toString()); // $hasTaintFlow=y
TextStringBuilder sb41 = new TextStringBuilder(); sb41.appendWithSeparators(taintedList.iterator(), ", "); sink(sb41.toString()); // $hasTaintFlow=y
List<String> untaintedList = new ArrayList<>();
TextStringBuilder sb42 = new TextStringBuilder(); sb42.appendWithSeparators(untaintedList, taint()); sink(sb42.toString()); // $hasTaintFlow=y
TextStringBuilder sb43 = new TextStringBuilder(); sb43.appendWithSeparators(untaintedList.iterator(), taint()); sink(sb43.toString()); // $hasTaintFlow=y
String[] taintedArray = new String[] { taint() };
String[] untaintedArray = new String[] {};
TextStringBuilder sb44 = new TextStringBuilder(); sb44.appendWithSeparators(taintedArray, ", "); sink(sb44.toString()); // $hasTaintFlow=y
TextStringBuilder sb45 = new TextStringBuilder(); sb45.appendWithSeparators(untaintedArray, taint()); sink(sb45.toString()); // $hasTaintFlow=y
}
{
TextStringBuilder sb46 = new TextStringBuilder(); sb46.append(taint());
char[] target = new char[100];
sb46.asReader().read(target);
sink(target); // $hasTaintFlow=y
}
TextStringBuilder sb47 = new TextStringBuilder(); sb47.append(taint()); sink(sb47.asTokenizer().next()); // $hasTaintFlow=y
TextStringBuilder sb48 = new TextStringBuilder(); sb48.append(taint()); sink(sb48.build()); // $hasTaintFlow=y
TextStringBuilder sb49 = new TextStringBuilder(); sb49.append(taint()); sink(sb49.getChars(null)); // $hasTaintFlow=y
{
TextStringBuilder sb50 = new TextStringBuilder(); sb50.append(taint());
char[] target = new char[100];
sb50.getChars(target);
sink(target); // $hasTaintFlow=y
}
{
TextStringBuilder sb51 = new TextStringBuilder(); sb51.append(taint());
char[] target = new char[100];
sb51.getChars(0, 0, target, 0);
sink(target); // $hasTaintFlow=y
}
TextStringBuilder sb52 = new TextStringBuilder(); sb52.insert(0, taint().toCharArray()); sink(sb52.toString()); // $hasTaintFlow=y
TextStringBuilder sb53 = new TextStringBuilder(); sb53.insert(0, taint().toCharArray(), 0, 0); sink(sb53.toString()); // $hasTaintFlow=y
TextStringBuilder sb54 = new TextStringBuilder(); sb54.insert(0, taint()); sink(sb54.toString()); // $hasTaintFlow=y
TextStringBuilder sb55 = new TextStringBuilder(); sb55.insert(0, (Object)taint()); sink(sb55.toString()); // $hasTaintFlow=y
TextStringBuilder sb56 = new TextStringBuilder(); sb56.append(taint()); sink(sb56.leftString(0)); // $hasTaintFlow=y
TextStringBuilder sb57 = new TextStringBuilder(); sb57.append(taint()); sink(sb57.midString(0, 0)); // $hasTaintFlow=y
{
StringReader reader = new StringReader(taint());
TextStringBuilder sb58 = new TextStringBuilder(); sb58.readFrom(reader); sink(sb58.toString()); // $hasTaintFlow=y
}
TextStringBuilder sb59 = new TextStringBuilder(); sb59.replace(0, 0, taint()); sink(sb59.toString()); // $hasTaintFlow=y
TextStringBuilder sb60 = new TextStringBuilder(); sb60.replace(null, taint(), 0, 0, 0); sink(sb60.toString()); // $hasTaintFlow=y
TextStringBuilder sb61 = new TextStringBuilder(); sb61.replaceAll((StringMatcher)null, taint()); sink(sb61.toString()); // $hasTaintFlow=y
TextStringBuilder sb62 = new TextStringBuilder(); sb62.replaceAll("search", taint()); sink(sb62.toString()); // $hasTaintFlow=y
TextStringBuilder sb63 = new TextStringBuilder(); sb63.replaceAll(taint(), "replace"); sink(sb63.toString()); // GOOD (search string doesn't convey taint)
TextStringBuilder sb64 = new TextStringBuilder(); sb64.replaceFirst((StringMatcher)null, taint()); sink(sb64.toString()); // $hasTaintFlow=y
TextStringBuilder sb65 = new TextStringBuilder(); sb65.replaceFirst("search", taint()); sink(sb65.toString()); // $hasTaintFlow=y
TextStringBuilder sb66 = new TextStringBuilder(); sb66.replaceFirst(taint(), "replace"); sink(sb66.toString()); // GOOD (search string doesn't convey taint)
TextStringBuilder sb67 = new TextStringBuilder(); sb67.append(taint()); sink(sb67.rightString(0)); // $hasTaintFlow=y
TextStringBuilder sb68 = new TextStringBuilder(); sb68.append(taint()); sink(sb68.subSequence(0, 0)); // $hasTaintFlow=y
TextStringBuilder sb69 = new TextStringBuilder(); sb69.append(taint()); sink(sb69.substring(0)); // $hasTaintFlow=y
TextStringBuilder sb70 = new TextStringBuilder(); sb70.append(taint()); sink(sb70.substring(0, 0)); // $hasTaintFlow=y
TextStringBuilder sb71 = new TextStringBuilder(); sb71.append(taint()); sink(sb71.toCharArray()); // $hasTaintFlow=y
TextStringBuilder sb72 = new TextStringBuilder(); sb72.append(taint()); sink(sb72.toCharArray(0, 0)); // $hasTaintFlow=y
TextStringBuilder sb73 = new TextStringBuilder(); sb73.append(taint()); sink(sb73.toStringBuffer()); // $hasTaintFlow=y
TextStringBuilder sb74 = new TextStringBuilder(); sb74.append(taint()); sink(sb74.toStringBuilder()); // $hasTaintFlow=y
}
}

2
java/ql/test/library-tests/frameworks/apache-commons-lang3/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-lang3-3.7
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-lang3-3.7:${testdir}/../../../stubs/apache-commons-text-1.9

2
java/ql/test/query-tests/security/CWE-1104/semmle/tests/A.java Normal file
View File

@@ -0,0 +1,2 @@
public class A {
}

5
java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.expected Normal file
View File

@@ -0,0 +1,5 @@
| bad-bintray-pom.xml:17:9:22:22 | repository | Downloading or uploading artifacts to deprecated repository https://jcenter.bintray.com |
| bad-bintray-pom.xml:23:9:28:30 | snapshotRepository | Downloading or uploading artifacts to deprecated repository https://jcenter.bintray.com |
| bad-bintray-pom.xml:31:9:36:22 | repository | Downloading or uploading artifacts to deprecated repository https://jcenter.bintray.com |
| bad-bintray-pom.xml:39:9:44:22 | repository | Downloading or uploading artifacts to deprecated repository https://dl.bintray.com/groovy/maven |
| bad-bintray-pom.xml:47:9:52:28 | pluginRepository | Downloading or uploading artifacts to deprecated repository https://jcenter.bintray.com |

1
java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql

54
java/ql/test/query-tests/security/CWE-1104/semmle/tests/bad-bintray-pom.xml Normal file
View File

@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.semmle</groupId>
<artifactId>parent</artifactId>
<version>1.0</version>
<packaging>pom</packaging>
<name>Bintray Usage Testing</name>
<description>An example of using bintray as a repository</description>
<distributionManagement>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</repository>
<snapshotRepository>
<id>jcenter-snapshots</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</snapshotRepository>
</distributionManagement>
<repositories>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</repository>
</repositories>
<repositories>
<repository>
<id>jcenter</id>
<name>JCenter</name>
<!-- BAD! Don't use Bintray -->
<url>https://dl.bintray.com/groovy/maven</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>jcenter-plugins</id>
<name>JCenter</name>
<!-- BAD! Don't use JCenter -->
<url>https://jcenter.bintray.com</url>
</pluginRepository>
</pluginRepositories>
</project>

82
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/builder/Builder.java Normal file
View File

@@ -0,0 +1,82 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.lang3.builder;
/**
* <p>
* The Builder interface is designed to designate a class as a <em>builder</em>
* object in the Builder design pattern. Builders are capable of creating and
* configuring objects or results that normally take multiple steps to construct
* or are very complex to derive.
* </p>
*
* <p>
* The builder interface defines a single method, {@link #build()}, that
* classes must implement. The result of this method should be the final
* configured object or result after all building operations are performed.
* </p>
*
* <p>
* It is a recommended practice that the methods supplied to configure the
* object or result being built return a reference to {@code this} so that
* method calls can be chained together.
* </p>
*
* <p>
* Example Builder:
* <pre><code>
* class FontBuilder implements Builder&lt;Font&gt; {
* private Font font;
*
* public FontBuilder(String fontName) {
* this.font = new Font(fontName, Font.PLAIN, 12);
* }
*
* public FontBuilder bold() {
* this.font = this.font.deriveFont(Font.BOLD);
* return this; // Reference returned so calls can be chained
* }
*
* public FontBuilder size(float pointSize) {
* this.font = this.font.deriveFont(pointSize);
* return this; // Reference returned so calls can be chained
* }
*
* // Other Font construction methods
*
* public Font build() {
* return this.font;
* }
* }
* </code></pre>
*
* Example Builder Usage:
* <pre><code>
* Font bold14ptSansSerifFont = new FontBuilder(Font.SANS_SERIF).bold()
* .size(14.0f)
* .build();
* </code></pre>
*
*
* @param <T> the type of object that the builder will construct or compute.
*
* @since 3.0
*/
public interface Builder<T> {
T build();
}

614
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/text/StrBuilder.java Normal file
View File

@@ -0,0 +1,614 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.lang3.text;
import org.apache.commons.lang3.builder.Builder;
import java.io.IOException;
import java.io.Reader;
import java.io.Serializable;
import java.io.Writer;
import java.nio.CharBuffer;
import java.util.Iterator;
import java.util.List;
public class StrBuilder implements CharSequence, Appendable, Serializable, Builder<String> {
public StrBuilder() {
}
public StrBuilder(int initialCapacity) {
}
public StrBuilder(final String str) {
}
public String getNewLineText() {
return null;
}
public StrBuilder setNewLineText(final String newLine) {
return null;
}
public String getNullText() {
return null;
}
public StrBuilder setNullText(String nullText) {
return null;
}
@Override
public int length() {
return 0;
}
public StrBuilder setLength(final int length) {
return null;
}
public int capacity() {
return 0;
}
public StrBuilder ensureCapacity(final int capacity) {
return null;
}
public StrBuilder minimizeCapacity() {
return null;
}
public int size() {
return 0;
}
public boolean isEmpty() {
return false;
}
public StrBuilder clear() {
return null;
}
@Override
public char charAt(final int index) {
return 0;
}
public StrBuilder setCharAt(final int index, final char ch) {
return null;
}
public StrBuilder deleteCharAt(final int index) {
return null;
}
public char[] toCharArray() {
return null;
}
public char[] toCharArray(final int startIndex, int endIndex) {
return null;
}
public char[] getChars(char[] destination) {
return null;
}
public void getChars(final int startIndex, final int endIndex, final char destination[], final int destinationIndex) {
}
public int readFrom(final Readable readable) throws IOException {
return 0;
}
public StrBuilder appendNewLine() {
return null;
}
public StrBuilder appendNull() {
return null;
}
public StrBuilder append(final Object obj) {
return null;
}
@Override
public StrBuilder append(final CharSequence seq) {
return null;
}
@Override
public StrBuilder append(final CharSequence seq, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final String str) {
return null;
}
public StrBuilder append(final String str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final String format, final Object... objs) {
return null;
}
public StrBuilder append(final CharBuffer buf) {
return null;
}
public StrBuilder append(final CharBuffer buf, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final StringBuffer str) {
return null;
}
public StrBuilder append(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final StringBuilder str) {
return null;
}
public StrBuilder append(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final StrBuilder str) {
return null;
}
public StrBuilder append(final StrBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final char[] chars) {
return null;
}
public StrBuilder append(final char[] chars, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final boolean value) {
return null;
}
@Override
public StrBuilder append(final char ch) {
return null;
}
public StrBuilder append(final int value) {
return null;
}
public StrBuilder append(final long value) {
return null;
}
public StrBuilder append(final float value) {
return null;
}
public StrBuilder append(final double value) {
return null;
}
public StrBuilder appendln(final Object obj) {
return null;
}
public StrBuilder appendln(final String str) {
return null;
}
public StrBuilder appendln(final String str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final String format, final Object... objs) {
return null;
}
public StrBuilder appendln(final StringBuffer str) {
return null;
}
public StrBuilder appendln(final StringBuilder str) {
return null;
}
public StrBuilder appendln(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final StrBuilder str) {
return null;
}
public StrBuilder appendln(final StrBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final char[] chars) {
return null;
}
public StrBuilder appendln(final char[] chars, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final boolean value) {
return null;
}
public StrBuilder appendln(final char ch) {
return null;
}
public StrBuilder appendln(final int value) {
return null;
}
public StrBuilder appendln(final long value) {
return null;
}
public StrBuilder appendln(final float value) {
return null;
}
public StrBuilder appendln(final double value) {
return null;
}
public <T> StrBuilder appendAll(final T... array) {
return null;
}
public StrBuilder appendAll(final Iterable<?> iterable) {
return null;
}
public StrBuilder appendAll(final Iterator<?> it) {
return null;
}
public StrBuilder appendWithSeparators(final Object[] array, final String separator) {
return null;
}
public StrBuilder appendWithSeparators(final Iterable<?> iterable, final String separator) {
return null;
}
public StrBuilder appendWithSeparators(final Iterator<?> it, final String separator) {
return null;
}
public StrBuilder appendSeparator(final String separator) {
return null;
}
public StrBuilder appendSeparator(final String standard, final String defaultIfEmpty) {
return null;
}
public StrBuilder appendSeparator(final char separator) {
return null;
}
public StrBuilder appendSeparator(final char standard, final char defaultIfEmpty) {
return null;
}
public StrBuilder appendSeparator(final String separator, final int loopIndex) {
return null;
}
public StrBuilder appendSeparator(final char separator, final int loopIndex) {
return null;
}
public StrBuilder appendPadding(final int length, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadLeft(final Object obj, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadLeft(final int value, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadRight(final Object obj, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadRight(final int value, final int width, final char padChar) {
return null;
}
public StrBuilder insert(final int index, final Object obj) {
return null;
}
public StrBuilder insert(final int index, String str) {
return null;
}
public StrBuilder insert(final int index, final char chars[]) {
return null;
}
public StrBuilder insert(final int index, final char chars[], final int offset, final int length) {
return null;
}
public StrBuilder insert(int index, final boolean value) {
return null;
}
public StrBuilder insert(final int index, final char value) {
return null;
}
public StrBuilder insert(final int index, final int value) {
return null;
}
public StrBuilder insert(final int index, final long value) {
return null;
}
public StrBuilder insert(final int index, final float value) {
return null;
}
public StrBuilder insert(final int index, final double value) {
return null;
}
public StrBuilder delete(final int startIndex, int endIndex) {
return null;
}
public StrBuilder deleteAll(final char ch) {
return null;
}
public StrBuilder deleteFirst(final char ch) {
return null;
}
public StrBuilder deleteAll(final String str) {
return null;
}
public StrBuilder deleteFirst(final String str) {
return null;
}
public StrBuilder deleteAll(final StrMatcher matcher) {
return null;
}
public StrBuilder deleteFirst(final StrMatcher matcher) {
return null;
}
public StrBuilder replace(final int startIndex, int endIndex, final String replaceStr) {
return null;
}
public StrBuilder replaceAll(final char search, final char replace) {
return null;
}
public StrBuilder replaceFirst(final char search, final char replace) {
return null;
}
public StrBuilder replaceAll(final String searchStr, final String replaceStr) {
return null;
}
public StrBuilder replaceFirst(final String searchStr, final String replaceStr) {
return null;
}
public StrBuilder replaceAll(final StrMatcher matcher, final String replaceStr) {
return null;
}
public StrBuilder replaceFirst(final StrMatcher matcher, final String replaceStr) {
return null;
}
public StrBuilder replace(
final StrMatcher matcher, final String replaceStr,
final int startIndex, int endIndex, final int replaceCount) {
return null;
}
public StrBuilder reverse() {
return null;
}
public StrBuilder trim() {
return null;
}
public boolean startsWith(final String str) {
return false;
}
public boolean endsWith(final String str) {
return false;
}
@Override
public CharSequence subSequence(final int startIndex, final int endIndex) {
return null;
}
public String substring(final int start) {
return null;
}
public String substring(final int startIndex, int endIndex) {
return null;
}
public String leftString(final int length) {
return null;
}
public String rightString(final int length) {
return null;
}
public String midString(int index, final int length) {
return null;
}
public boolean contains(final char ch) {
return false;
}
public boolean contains(final String str) {
return false;
}
public boolean contains(final StrMatcher matcher) {
return false;
}
public int indexOf(final char ch) {
return 0;
}
public int indexOf(final char ch, int startIndex) {
return 0;
}
public int indexOf(final String str) {
return 0;
}
public int indexOf(final String str, int startIndex) {
return 0;
}
public int indexOf(final StrMatcher matcher) {
return 0;
}
public int indexOf(final StrMatcher matcher, int startIndex) {
return 0;
}
public int lastIndexOf(final char ch) {
return 0;
}
public int lastIndexOf(final char ch, int startIndex) {
return 0;
}
public int lastIndexOf(final String str) {
return 0;
}
public int lastIndexOf(final String str, int startIndex) {
return 0;
}
public int lastIndexOf(final StrMatcher matcher) {
return 0;
}
public int lastIndexOf(final StrMatcher matcher, int startIndex) {
return 0;
}
public StrTokenizer asTokenizer() {
return null;
}
public Reader asReader() {
return null;
}
public Writer asWriter() {
return null;
}
public void appendTo(final Appendable appendable) throws IOException {
}
public boolean equalsIgnoreCase(final StrBuilder other) {
return false;
}
public boolean equals(final StrBuilder other) {
return false;
}
@Override
public boolean equals(final Object obj) {
return false;
}
@Override
public int hashCode() {
return 0;
}
@Override
public String toString() {
return null;
}
public StringBuffer toStringBuffer() {
return null;
}
public StringBuilder toStringBuilder() {
return null;
}
@Override
public String build() {
return null;
}
}

81
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/text/StrMatcher.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.lang3.text;
import java.util.Arrays;
public abstract class StrMatcher {
public static StrMatcher commaMatcher() {
return null;
}
public static StrMatcher tabMatcher() {
return null;
}
public static StrMatcher spaceMatcher() {
return null;
}
public static StrMatcher splitMatcher() {
return null;
}
public static StrMatcher trimMatcher() {
return null;
}
public static StrMatcher singleQuoteMatcher() {
return null;
}
public static StrMatcher doubleQuoteMatcher() {
return null;
}
public static StrMatcher quoteMatcher() {
return null;
}
public static StrMatcher noneMatcher() {
return null;
}
public static StrMatcher charMatcher(final char ch) {
return null;
}
public static StrMatcher charSetMatcher(final char... chars) {
return null;
}
public static StrMatcher charSetMatcher(final String chars) {
return null;
}
public static StrMatcher stringMatcher(final String str) {
return null;
}
public abstract int isMatch(char[] buffer, int pos, int bufferStart, int bufferEnd);
public int isMatch(final char[] buffer, final int pos) {
return 0;
}
}

242
java/ql/test/stubs/apache-commons-lang3-3.7/org/apache/commons/lang3/text/StrTokenizer.java Normal file
View File

@@ -0,0 +1,242 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.lang3.text;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.ListIterator;
import java.util.NoSuchElementException;
public class StrTokenizer implements ListIterator<String>, Cloneable {
public static StrTokenizer getCSVInstance() {
return null;
}
public static StrTokenizer getCSVInstance(final String input) {
return null;
}
public static StrTokenizer getCSVInstance(final char[] input) {
return null;
}
public static StrTokenizer getTSVInstance() {
return null;
}
public static StrTokenizer getTSVInstance(final String input) {
return null;
}
public static StrTokenizer getTSVInstance(final char[] input) {
return null;
}
public StrTokenizer() {
}
public StrTokenizer(final String input) {
}
public StrTokenizer(final String input, final char delim) {
}
public StrTokenizer(final String input, final String delim) {
}
public StrTokenizer(final String input, final StrMatcher delim) {
}
public StrTokenizer(final String input, final char delim, final char quote) {
}
public StrTokenizer(final String input, final StrMatcher delim, final StrMatcher quote) {
}
public StrTokenizer(final char[] input) {
}
public StrTokenizer(final char[] input, final char delim) {
}
public StrTokenizer(final char[] input, final String delim) {
}
public StrTokenizer(final char[] input, final StrMatcher delim) {
}
public StrTokenizer(final char[] input, final char delim, final char quote) {
}
public StrTokenizer(final char[] input, final StrMatcher delim, final StrMatcher quote) {
}
public int size() {
return 0;
}
public String nextToken() {
return null;
}
public String previousToken() {
return null;
}
public String[] getTokenArray() {
return null;
}
public List<String> getTokenList() {
return null;
}
public StrTokenizer reset() {
return null;
}
public StrTokenizer reset(final String input) {
return null;
}
public StrTokenizer reset(final char[] input) {
return null;
}
@Override
public boolean hasNext() {
return false;
}
@Override
public String next() {
return null;
}
@Override
public int nextIndex() {
return 0;
}
@Override
public boolean hasPrevious() {
return false;
}
@Override
public String previous() {
return null;
}
@Override
public int previousIndex() {
return 0;
}
@Override
public void remove() {
}
@Override
public void set(final String obj) {
}
@Override
public void add(final String obj) {
}
public StrMatcher getDelimiterMatcher() {
return null;
}
public StrTokenizer setDelimiterMatcher(final StrMatcher delim) {
return null;
}
public StrTokenizer setDelimiterChar(final char delim) {
return null;
}
public StrTokenizer setDelimiterString(final String delim) {
return null;
}
public StrMatcher getQuoteMatcher() {
return null;
}
public StrTokenizer setQuoteMatcher(final StrMatcher quote) {
return null;
}
public StrTokenizer setQuoteChar(final char quote) {
return null;
}
public StrMatcher getIgnoredMatcher() {
return null;
}
public StrTokenizer setIgnoredMatcher(final StrMatcher ignored) {
return null;
}
public StrTokenizer setIgnoredChar(final char ignored) {
return null;
}
public StrMatcher getTrimmerMatcher() {
return null;
}
public StrTokenizer setTrimmerMatcher(final StrMatcher trimmer) {
return null;
}
public boolean isEmptyTokenAsNull() {
return false;
}
public StrTokenizer setEmptyTokenAsNull(final boolean emptyAsNull) {
return null;
}
public boolean isIgnoreEmptyTokens() {
return false;
}
public StrTokenizer setIgnoreEmptyTokens(final boolean ignoreEmptyTokens) {
return null;
}
public String getContent() {
return null;
}
@Override
public Object clone() {
return null;
}
@Override
public String toString() {
return null;
}
}

83
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/Builder.java Normal file
View File

@@ -0,0 +1,83 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
/**
* <p>
* The Builder interface is designed to designate a class as a <em>builder</em>
* object in the Builder design pattern. Builders are capable of creating and
* configuring objects or results that normally take multiple steps to construct
* or are very complex to derive.
* </p>
*
* <p>
* The builder interface defines a single method, {@link #build()}, that
* classes must implement. The result of this method should be the final
* configured object or result after all building operations are performed.
* </p>
*
* <p>
* It is a recommended practice that the methods supplied to configure the
* object or result being built return a reference to {@code this} so that
* method calls can be chained together.
* </p>
*
* <p>
* Example Builder:
* </p>
* <pre><code>
* class FontBuilder implements Builder&lt;Font&gt; {
* private Font font;
*
* public FontBuilder(String fontName) {
* this.font = new Font(fontName, Font.PLAIN, 12);
* }
*
* public FontBuilder bold() {
* this.font = this.font.deriveFont(Font.BOLD);
* return this; // Reference returned so calls can be chained
* }
*
* public FontBuilder size(float pointSize) {
* this.font = this.font.deriveFont(pointSize);
* return this; // Reference returned so calls can be chained
* }
*
* // Other Font construction methods
*
* public Font build() {
* return this.font;
* }
* }
* </code></pre>
*
* Example Builder Usage:
* <pre><code>
* Font bold14ptSansSerifFont = new FontBuilder(Font.SANS_SERIF).bold()
* .size(14.0f)
* .build();
* </code></pre>
*
*
* @param <T> the type of object that the builder will construct or compute.
* @since 1.0
*
*/
public interface Builder<T> {
T build();
}

619
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/StrBuilder.java Normal file
View File

@@ -0,0 +1,619 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
import java.io.IOException;
import java.io.Reader;
import java.io.Serializable;
import java.io.Writer;
import java.nio.CharBuffer;
import java.util.Iterator;
import java.util.List;
public class StrBuilder implements CharSequence, Appendable, Serializable, Builder<String> {
public StrBuilder() {
}
public StrBuilder(int initialCapacity) {
}
public StrBuilder(final String str) {
}
public StrBuilder append(final boolean value) {
return null;
}
@Override
public StrBuilder append(final char ch) {
return null;
}
public StrBuilder append(final char[] chars) {
return null;
}
public StrBuilder append(final char[] chars, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final CharBuffer buf) {
return null;
}
public StrBuilder append(final CharBuffer buf, final int startIndex, final int length) {
return null;
}
@Override
public StrBuilder append(final CharSequence seq) {
return null;
}
@Override
public StrBuilder append(final CharSequence seq, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final double value) {
return null;
}
public StrBuilder append(final float value) {
return null;
}
public StrBuilder append(final int value) {
return null;
}
public StrBuilder append(final long value) {
return null;
}
public StrBuilder append(final Object obj) {
return null;
}
public StrBuilder append(final StrBuilder str) {
return null;
}
public StrBuilder append(final StrBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final String str) {
return null;
}
public StrBuilder append(final String str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final String format, final Object... objs) {
return null;
}
public StrBuilder append(final StringBuffer str) {
return null;
}
public StrBuilder append(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public StrBuilder append(final StringBuilder str) {
return null;
}
public StrBuilder append(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendAll(final Iterable<?> iterable) {
return null;
}
public StrBuilder appendAll(final Iterator<?> it) {
return null;
}
public <T> StrBuilder appendAll(@SuppressWarnings("unchecked") final T... array) {
return null;
}
public StrBuilder appendFixedWidthPadLeft(final int value, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadLeft(final Object obj, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadRight(final int value, final int width, final char padChar) {
return null;
}
public StrBuilder appendFixedWidthPadRight(final Object obj, final int width, final char padChar) {
return null;
}
public StrBuilder appendln(final boolean value) {
return null;
}
public StrBuilder appendln(final char ch) {
return null;
}
public StrBuilder appendln(final char[] chars) {
return null;
}
public StrBuilder appendln(final char[] chars, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final double value) {
return null;
}
public StrBuilder appendln(final float value) {
return null;
}
public StrBuilder appendln(final int value) {
return null;
}
public StrBuilder appendln(final long value) {
return null;
}
public StrBuilder appendln(final Object obj) {
return null;
}
public StrBuilder appendln(final StrBuilder str) {
return null;
}
public StrBuilder appendln(final StrBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final String str) {
return null;
}
public StrBuilder appendln(final String str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final String format, final Object... objs) {
return null;
}
public StrBuilder appendln(final StringBuffer str) {
return null;
}
public StrBuilder appendln(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendln(final StringBuilder str) {
return null;
}
public StrBuilder appendln(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public StrBuilder appendNewLine() {
return null;
}
public StrBuilder appendNull() {
return null;
}
public StrBuilder appendPadding(final int length, final char padChar) {
return null;
}
public StrBuilder appendSeparator(final char separator) {
return null;
}
public StrBuilder appendSeparator(final char standard, final char defaultIfEmpty) {
return null;
}
public StrBuilder appendSeparator(final char separator, final int loopIndex) {
return null;
}
public StrBuilder appendSeparator(final String separator) {
return null;
}
public StrBuilder appendSeparator(final String separator, final int loopIndex) {
return null;
}
public StrBuilder appendSeparator(final String standard, final String defaultIfEmpty) {
return null;
}
public void appendTo(final Appendable appendable) throws IOException {
}
public StrBuilder appendWithSeparators(final Iterable<?> iterable, final String separator) {
return null;
}
public StrBuilder appendWithSeparators(final Iterator<?> it, final String separator) {
return null;
}
public StrBuilder appendWithSeparators(final Object[] array, final String separator) {
return null;
}
public Reader asReader() {
return null;
}
public StrTokenizer asTokenizer() {
return null;
}
public Writer asWriter() {
return null;
}
@Override
public String build() {
return null;
}
public int capacity() {
return 0;
}
@Override
public char charAt(final int index) {
return 0;
}
public StrBuilder clear() {
return null;
}
public boolean contains(final char ch) {
return false;
}
public boolean contains(final String str) {
return false;
}
public boolean contains(final StrMatcher matcher) {
return false;
}
public StrBuilder delete(final int startIndex, int endIndex) {
return null;
}
public StrBuilder deleteAll(final char ch) {
return null;
}
public StrBuilder deleteAll(final String str) {
return null;
}
public StrBuilder deleteAll(final StrMatcher matcher) {
return null;
}
public StrBuilder deleteCharAt(final int index) {
return null;
}
public StrBuilder deleteFirst(final char ch) {
return null;
}
public StrBuilder deleteFirst(final String str) {
return null;
}
public StrBuilder deleteFirst(final StrMatcher matcher) {
return null;
}
public boolean endsWith(final String str) {
return false;
}
public StrBuilder ensureCapacity(final int capacity) {
return null;
}
@Override
public boolean equals(final Object obj) {
return false;
}
public boolean equals(final StrBuilder other) {
return false;
}
public boolean equalsIgnoreCase(final StrBuilder other) {
return false;
}
public char[] getChars(char[] destination) {
return null;
}
public void getChars(final int startIndex,
final int endIndex,
final char[] destination,
final int destinationIndex) {
}
public String getNewLineText() {
return null;
}
public String getNullText() {
return null;
}
@Override
public int hashCode() {
return 0;
}
public int indexOf(final char ch) {
return 0;
}
public int indexOf(final char ch, int startIndex) {
return 0;
}
public int indexOf(final String str) {
return 0;
}
public int indexOf(final String str, int startIndex) {
return 0;
}
public int indexOf(final StrMatcher matcher) {
return 0;
}
public int indexOf(final StrMatcher matcher, int startIndex) {
return 0;
}
public StrBuilder insert(int index, final boolean value) {
return null;
}
public StrBuilder insert(final int index, final char value) {
return null;
}
public StrBuilder insert(final int index, final char[] chars) {
return null;
}
public StrBuilder insert(final int index, final char[] chars, final int offset, final int length) {
return null;
}
public StrBuilder insert(final int index, final double value) {
return null;
}
public StrBuilder insert(final int index, final float value) {
return null;
}
public StrBuilder insert(final int index, final int value) {
return null;
}
public StrBuilder insert(final int index, final long value) {
return null;
}
public StrBuilder insert(final int index, final Object obj) {
return null;
}
public StrBuilder insert(final int index, String str) {
return null;
}
public boolean isEmpty() {
return false;
}
public boolean isNotEmpty() {
return false;
}
public int lastIndexOf(final char ch) {
return 0;
}
public int lastIndexOf(final char ch, int startIndex) {
return 0;
}
public int lastIndexOf(final String str) {
return 0;
}
public int lastIndexOf(final String str, int startIndex) {
return 0;
}
public int lastIndexOf(final StrMatcher matcher) {
return 0;
}
public int lastIndexOf(final StrMatcher matcher, int startIndex) {
return 0;
}
public String leftString(final int length) {
return null;
}
@Override
public int length() {
return 0;
}
public String midString(int index, final int length) {
return null;
}
public StrBuilder minimizeCapacity() {
return null;
}
public int readFrom(final Readable readable) throws IOException {
return 0;
}
public StrBuilder replace(final int startIndex, int endIndex, final String replaceStr) {
return null;
}
public StrBuilder replace(
final StrMatcher matcher, final String replaceStr,
final int startIndex, int endIndex, final int replaceCount) {
return null;
}
public StrBuilder replaceAll(final char search, final char replace) {
return null;
}
public StrBuilder replaceAll(final String searchStr, final String replaceStr) {
return null;
}
public StrBuilder replaceAll(final StrMatcher matcher, final String replaceStr) {
return null;
}
public StrBuilder replaceFirst(final char search, final char replace) {
return null;
}
public StrBuilder replaceFirst(final String searchStr, final String replaceStr) {
return null;
}
public StrBuilder replaceFirst(final StrMatcher matcher, final String replaceStr) {
return null;
}
public StrBuilder reverse() {
return null;
}
public String rightString(final int length) {
return null;
}
public StrBuilder setCharAt(final int index, final char ch) {
return null;
}
public StrBuilder setLength(final int length) {
return null;
}
public StrBuilder setNewLineText(final String newLine) {
return null;
}
public StrBuilder setNullText(String nullText) {
return null;
}
public int size() {
return 0;
}
public boolean startsWith(final String str) {
return false;
}
@Override
public CharSequence subSequence(final int startIndex, final int endIndex) {
return null;
}
public String substring(final int start) {
return null;
}
public String substring(final int startIndex, int endIndex) {
return null;
}
public char[] toCharArray() {
return null;
}
public char[] toCharArray(final int startIndex, int endIndex) {
return null;
}
@Override
public String toString() {
return null;
}
public StringBuffer toStringBuffer() {
return null;
}
public StringBuilder toStringBuilder() {
return null;
}
public StrBuilder trim() {
return null;
}
}

78
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/StrMatcher.java Normal file
View File

@@ -0,0 +1,78 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
public abstract class StrMatcher {
public static StrMatcher commaMatcher() {
return null;
}
public static StrMatcher tabMatcher() {
return null;
}
public static StrMatcher spaceMatcher() {
return null;
}
public static StrMatcher splitMatcher() {
return null;
}
public static StrMatcher trimMatcher() {
return null;
}
public static StrMatcher singleQuoteMatcher() {
return null;
}
public static StrMatcher doubleQuoteMatcher() {
return null;
}
public static StrMatcher quoteMatcher() {
return null;
}
public static StrMatcher noneMatcher() {
return null;
}
public static StrMatcher charMatcher(final char ch) {
return null;
}
public static StrMatcher charSetMatcher(final char... chars) {
return null;
}
public static StrMatcher charSetMatcher(final String chars) {
return null;
}
public static StrMatcher stringMatcher(final String str) {
return null;
}
public abstract int isMatch(char[] buffer, int pos, int bufferStart, int bufferEnd);
public int isMatch(final char[] buffer, final int pos) {
return 0;
}
}

238
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/StrTokenizer.java Normal file
View File

@@ -0,0 +1,238 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
import java.util.List;
import java.util.ListIterator;
public class StrTokenizer implements ListIterator<String>, Cloneable {
public static StrTokenizer getCSVInstance() {
return null;
}
public static StrTokenizer getCSVInstance(final char[] input) {
return null;
}
public static StrTokenizer getCSVInstance(final String input) {
return null;
}
public static StrTokenizer getTSVInstance() {
return null;
}
public static StrTokenizer getTSVInstance(final char[] input) {
return null;
}
public static StrTokenizer getTSVInstance(final String input) {
return null;
}
public StrTokenizer() {
}
public StrTokenizer(final char[] input) {
}
public StrTokenizer(final char[] input, final char delim) {
}
public StrTokenizer(final char[] input, final char delim, final char quote) {
}
public StrTokenizer(final char[] input, final String delim) {
}
public StrTokenizer(final char[] input, final StrMatcher delim) {
}
public StrTokenizer(final char[] input, final StrMatcher delim, final StrMatcher quote) {
}
public StrTokenizer(final String input) {
}
public StrTokenizer(final String input, final char delim) {
}
public StrTokenizer(final String input, final char delim, final char quote) {
}
public StrTokenizer(final String input, final String delim) {
}
public StrTokenizer(final String input, final StrMatcher delim) {
}
public StrTokenizer(final String input, final StrMatcher delim, final StrMatcher quote) {
}
@Override
public void add(final String obj) {
}
@Override
public Object clone() {
return null;
}
public String getContent() {
return null;
}
public StrMatcher getDelimiterMatcher() {
return null;
}
public StrMatcher getIgnoredMatcher() {
return null;
}
public StrMatcher getQuoteMatcher() {
return null;
}
public String[] getTokenArray() {
return null;
}
public List<String> getTokenList() {
return null;
}
public StrMatcher getTrimmerMatcher() {
return null;
}
@Override
public boolean hasNext() {
return false;
}
@Override
public boolean hasPrevious() {
return false;
}
public boolean isEmptyTokenAsNull() {
return false;
}
public boolean isIgnoreEmptyTokens() {
return false;
}
@Override
public String next() {
return null;
}
@Override
public int nextIndex() {
return 0;
}
public String nextToken() {
return null;
}
@Override
public String previous() {
return null;
}
@Override
public int previousIndex() {
return 0;
}
public String previousToken() {
return null;
}
@Override
public void remove() {
}
public StrTokenizer reset() {
return null;
}
public StrTokenizer reset(final char[] input) {
return null;
}
public StrTokenizer reset(final String input) {
return null;
}
@Override
public void set(final String obj) {
}
public StrTokenizer setDelimiterChar(final char delim) {
return null;
}
public StrTokenizer setDelimiterMatcher(final StrMatcher delim) {
return null;
}
public StrTokenizer setDelimiterString(final String delim) {
return null;
}
public StrTokenizer setEmptyTokenAsNull(final boolean emptyAsNull) {
return null;
}
public StrTokenizer setIgnoredChar(final char ignored) {
return null;
}
public StrTokenizer setIgnoredMatcher(final StrMatcher ignored) {
return null;
}
public StrTokenizer setIgnoreEmptyTokens(final boolean ignoreEmptyTokens) {
return null;
}
public StrTokenizer setQuoteChar(final char quote) {
return null;
}
public StrTokenizer setQuoteMatcher(final StrMatcher quote) {
return null;
}
public StrTokenizer setTrimmerMatcher(final StrMatcher trimmer) {
return null;
}
public int size() {
return 0;
}
@Override
public String toString() {
return null;
}
}

240
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/StringTokenizer.java Normal file
View File

@@ -0,0 +1,240 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
import java.util.List;
import java.util.ListIterator;
import org.apache.commons.text.matcher.StringMatcher;
public class StringTokenizer implements ListIterator<String>, Cloneable {
public static StringTokenizer getCSVInstance() {
return null;
}
public static StringTokenizer getCSVInstance(final char[] input) {
return null;
}
public static StringTokenizer getCSVInstance(final String input) {
return null;
}
public static StringTokenizer getTSVInstance() {
return null;
}
public static StringTokenizer getTSVInstance(final char[] input) {
return null;
}
public static StringTokenizer getTSVInstance(final String input) {
return null;
}
public StringTokenizer() {
}
public StringTokenizer(final char[] input) {
}
public StringTokenizer(final char[] input, final char delim) {
}
public StringTokenizer(final char[] input, final char delim, final char quote) {
}
public StringTokenizer(final char[] input, final String delim) {
}
public StringTokenizer(final char[] input, final StringMatcher delim) {
}
public StringTokenizer(final char[] input, final StringMatcher delim, final StringMatcher quote) {
}
public StringTokenizer(final String input) {
}
public StringTokenizer(final String input, final char delim) {
}
public StringTokenizer(final String input, final char delim, final char quote) {
}
public StringTokenizer(final String input, final String delim) {
}
public StringTokenizer(final String input, final StringMatcher delim) {
}
public StringTokenizer(final String input, final StringMatcher delim, final StringMatcher quote) {
}
@Override
public void add(final String obj) {
}
@Override
public Object clone() {
return null;
}
public String getContent() {
return null;
}
public StringMatcher getDelimiterMatcher() {
return null;
}
public StringMatcher getIgnoredMatcher() {
return null;
}
public StringMatcher getQuoteMatcher() {
return null;
}
public String[] getTokenArray() {
return null;
}
public List<String> getTokenList() {
return null;
}
public StringMatcher getTrimmerMatcher() {
return null;
}
@Override
public boolean hasNext() {
return false;
}
@Override
public boolean hasPrevious() {
return false;
}
public boolean isEmptyTokenAsNull() {
return false;
}
public boolean isIgnoreEmptyTokens() {
return false;
}
@Override
public String next() {
return null;
}
@Override
public int nextIndex() {
return 0;
}
public String nextToken() {
return null;
}
@Override
public String previous() {
return null;
}
@Override
public int previousIndex() {
return 0;
}
public String previousToken() {
return null;
}
@Override
public void remove() {
}
public StringTokenizer reset() {
return null;
}
public StringTokenizer reset(final char[] input) {
return null;
}
public StringTokenizer reset(final String input) {
return null;
}
@Override
public void set(final String obj) {
}
public StringTokenizer setDelimiterChar(final char delim) {
return null;
}
public StringTokenizer setDelimiterMatcher(final StringMatcher delim) {
return null;
}
public StringTokenizer setDelimiterString(final String delim) {
return null;
}
public StringTokenizer setEmptyTokenAsNull(final boolean emptyAsNull) {
return null;
}
public StringTokenizer setIgnoredChar(final char ignored) {
return null;
}
public StringTokenizer setIgnoredMatcher(final StringMatcher ignored) {
return null;
}
public StringTokenizer setIgnoreEmptyTokens(final boolean ignoreEmptyTokens) {
return null;
}
public StringTokenizer setQuoteChar(final char quote) {
return null;
}
public StringTokenizer setQuoteMatcher(final StringMatcher quote) {
return null;
}
public StringTokenizer setTrimmerMatcher(final StringMatcher trimmer) {
return null;
}
public int size() {
return 0;
}
@Override
public String toString() {
return null;
}
}

655
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/TextStringBuilder.java Normal file
View File

@@ -0,0 +1,655 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text;
import java.io.IOException;
import java.io.Reader;
import java.io.Serializable;
import java.io.Writer;
import java.nio.CharBuffer;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.text.matcher.StringMatcher;
public class TextStringBuilder implements CharSequence, Appendable, Serializable, Builder<String> {
public static TextStringBuilder wrap(final char[] initialBuffer) {
return null;
}
public static TextStringBuilder wrap(final char[] initialBuffer, final int length) {
return null;
}
public TextStringBuilder() {
}
public TextStringBuilder(final CharSequence seq) {
}
public TextStringBuilder(final int initialCapacity) {
}
public TextStringBuilder(final String str) {
}
public TextStringBuilder append(final boolean value) {
return null;
}
@Override
public TextStringBuilder append(final char ch) {
return null;
}
public TextStringBuilder append(final char[] chars) {
return null;
}
public TextStringBuilder append(final char[] chars, final int startIndex, final int length) {
return null;
}
public TextStringBuilder append(final CharBuffer str) {
return null;
}
public TextStringBuilder append(final CharBuffer buf, final int startIndex, final int length) {
return null;
}
@Override
public TextStringBuilder append(final CharSequence seq) {
return null;
}
@Override
public TextStringBuilder append(final CharSequence seq, final int startIndex, final int endIndex) {
return null;
}
public TextStringBuilder append(final double value) {
return null;
}
public TextStringBuilder append(final float value) {
return null;
}
public TextStringBuilder append(final int value) {
return null;
}
public TextStringBuilder append(final long value) {
return null;
}
public TextStringBuilder append(final Object obj) {
return null;
}
public TextStringBuilder append(final String str) {
return null;
}
public TextStringBuilder append(final String str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder append(final String format, final Object... objs) {
return null;
}
public TextStringBuilder append(final StringBuffer str) {
return null;
}
public TextStringBuilder append(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder append(final StringBuilder str) {
return null;
}
public TextStringBuilder append(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder append(final TextStringBuilder str) {
return null;
}
public TextStringBuilder append(final TextStringBuilder str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendAll(final Iterable<?> iterable) {
return null;
}
public TextStringBuilder appendAll(final Iterator<?> it) {
return null;
}
public <T> TextStringBuilder appendAll(@SuppressWarnings("unchecked") final T... array) {
return null;
}
public TextStringBuilder appendFixedWidthPadLeft(final int value, final int width, final char padChar) {
return null;
}
public TextStringBuilder appendFixedWidthPadLeft(final Object obj, final int width, final char padChar) {
return null;
}
public TextStringBuilder appendFixedWidthPadRight(final int value, final int width, final char padChar) {
return null;
}
public TextStringBuilder appendFixedWidthPadRight(final Object obj, final int width, final char padChar) {
return null;
}
public TextStringBuilder appendln(final boolean value) {
return null;
}
public TextStringBuilder appendln(final char ch) {
return null;
}
public TextStringBuilder appendln(final char[] chars) {
return null;
}
public TextStringBuilder appendln(final char[] chars, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendln(final double value) {
return null;
}
public TextStringBuilder appendln(final float value) {
return null;
}
public TextStringBuilder appendln(final int value) {
return null;
}
public TextStringBuilder appendln(final long value) {
return null;
}
public TextStringBuilder appendln(final Object obj) {
return null;
}
public TextStringBuilder appendln(final String str) {
return null;
}
public TextStringBuilder appendln(final String str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendln(final String format, final Object... objs) {
return null;
}
public TextStringBuilder appendln(final StringBuffer str) {
return null;
}
public TextStringBuilder appendln(final StringBuffer str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendln(final StringBuilder str) {
return null;
}
public TextStringBuilder appendln(final StringBuilder str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendln(final TextStringBuilder str) {
return null;
}
public TextStringBuilder appendln(final TextStringBuilder str, final int startIndex, final int length) {
return null;
}
public TextStringBuilder appendNewLine() {
return null;
}
public TextStringBuilder appendNull() {
return null;
}
public TextStringBuilder appendPadding(final int length, final char padChar) {
return null;
}
public TextStringBuilder appendSeparator(final char separator) {
return null;
}
public TextStringBuilder appendSeparator(final char standard, final char defaultIfEmpty) {
return null;
}
public TextStringBuilder appendSeparator(final char separator, final int loopIndex) {
return null;
}
public TextStringBuilder appendSeparator(final String separator) {
return null;
}
public TextStringBuilder appendSeparator(final String separator, final int loopIndex) {
return null;
}
public TextStringBuilder appendSeparator(final String standard, final String defaultIfEmpty) {
return null;
}
public void appendTo(final Appendable appendable) throws IOException {
}
public TextStringBuilder appendWithSeparators(final Iterable<?> iterable, final String separator) {
return null;
}
public TextStringBuilder appendWithSeparators(final Iterator<?> it, final String separator) {
return null;
}
public TextStringBuilder appendWithSeparators(final Object[] array, final String separator) {
return null;
}
public Reader asReader() {
return null;
}
public StringTokenizer asTokenizer() {
return null;
}
public Writer asWriter() {
return null;
}
@Override
public String build() {
return null;
}
public int capacity() {
return 0;
}
@Override
public char charAt(final int index) {
return 0;
}
public TextStringBuilder clear() {
return null;
}
public boolean contains(final char ch) {
return false;
}
public boolean contains(final String str) {
return false;
}
public boolean contains(final StringMatcher matcher) {
return false;
}
public TextStringBuilder delete(final int startIndex, final int endIndex) {
return null;
}
public TextStringBuilder deleteAll(final char ch) {
return null;
}
public TextStringBuilder deleteAll(final String str) {
return null;
}
public TextStringBuilder deleteAll(final StringMatcher matcher) {
return null;
}
public TextStringBuilder deleteCharAt(final int index) {
return null;
}
public TextStringBuilder deleteFirst(final char ch) {
return null;
}
public TextStringBuilder deleteFirst(final String str) {
return null;
}
public TextStringBuilder deleteFirst(final StringMatcher matcher) {
return null;
}
public char drainChar(final int index) {
return 0;
}
public int drainChars(final int startIndex, final int endIndex, final char[] target, final int targetIndex) {
return 0;
}
public boolean endsWith(final String str) {
return false;
}
public TextStringBuilder ensureCapacity(final int capacity) {
return null;
}
@Override
public boolean equals(final Object obj) {
return false;
}
public boolean equals(final TextStringBuilder other) {
return false;
}
public boolean equalsIgnoreCase(final TextStringBuilder other) {
return false;
}
public char[] getChars(char[] target) {
return null;
}
public void getChars(final int startIndex, final int endIndex, final char[] target, final int targetIndex) {
}
public String getNewLineText() {
return null;
}
public String getNullText() {
return null;
}
@Override
public int hashCode() {
return 0;
}
public int indexOf(final char ch) {
return 0;
}
public int indexOf(final char ch, int startIndex) {
return 0;
}
public int indexOf(final String str) {
return 0;
}
public int indexOf(final String str, int startIndex) {
return 0;
}
public int indexOf(final StringMatcher matcher) {
return 0;
}
public int indexOf(final StringMatcher matcher, int startIndex) {
return 0;
}
public TextStringBuilder insert(final int index, final boolean value) {
return null;
}
public TextStringBuilder insert(final int index, final char value) {
return null;
}
public TextStringBuilder insert(final int index, final char[] chars) {
return null;
}
public TextStringBuilder insert(final int index, final char[] chars, final int offset, final int length) {
return null;
}
public TextStringBuilder insert(final int index, final double value) {
return null;
}
public TextStringBuilder insert(final int index, final float value) {
return null;
}
public TextStringBuilder insert(final int index, final int value) {
return null;
}
public TextStringBuilder insert(final int index, final long value) {
return null;
}
public TextStringBuilder insert(final int index, final Object obj) {
return null;
}
public TextStringBuilder insert(final int index, String str) {
return null;
}
public boolean isEmpty() {
return false;
}
public boolean isNotEmpty() {
return false;
}
public boolean isReallocated() {
return false;
}
public int lastIndexOf(final char ch) {
return 0;
}
public int lastIndexOf(final char ch, int startIndex) {
return 0;
}
public int lastIndexOf(final String str) {
return 0;
}
public int lastIndexOf(final String str, int startIndex) {
return 0;
}
public int lastIndexOf(final StringMatcher matcher) {
return 0;
}
public int lastIndexOf(final StringMatcher matcher, int startIndex) {
return 0;
}
public String leftString(final int length) {
return null;
}
@Override
public int length() {
return 0;
}
public String midString(int index, final int length) {
return null;
}
public TextStringBuilder minimizeCapacity() {
return null;
}
public int readFrom(final CharBuffer charBuffer) throws IOException {
return 0;
}
public int readFrom(final Readable readable) throws IOException {
return 0;
}
public int readFrom(final Reader reader) throws IOException {
return 0;
}
public int readFrom(final Reader reader, final int count) throws IOException {
return 0;
}
public TextStringBuilder replace(final int startIndex, int endIndex, final String replaceStr) {
return null;
}
public TextStringBuilder replace(final StringMatcher matcher, final String replaceStr, final int startIndex,
int endIndex, final int replaceCount) {
return null;
}
public TextStringBuilder replaceAll(final char search, final char replace) {
return null;
}
public TextStringBuilder replaceAll(final String searchStr, final String replaceStr) {
return null;
}
public TextStringBuilder replaceAll(final StringMatcher matcher, final String replaceStr) {
return null;
}
public TextStringBuilder replaceFirst(final char search, final char replace) {
return null;
}
public TextStringBuilder replaceFirst(final String searchStr, final String replaceStr) {
return null;
}
public TextStringBuilder replaceFirst(final StringMatcher matcher, final String replaceStr) {
return null;
}
public TextStringBuilder reverse() {
return null;
}
public String rightString(final int length) {
return null;
}
public TextStringBuilder set(final CharSequence str) {
return null;
}
public TextStringBuilder setCharAt(final int index, final char ch) {
return null;
}
public TextStringBuilder setLength(final int length) {
return null;
}
public TextStringBuilder setNewLineText(final String newLine) {
return null;
}
public TextStringBuilder setNullText(String nullText) {
return null;
}
public int size() {
return 0;
}
public boolean startsWith(final String str) {
return false;
}
@Override
public CharSequence subSequence(final int startIndex, final int endIndex) {
return null;
}
public String substring(final int start) {
return null;
}
public String substring(final int startIndex, int endIndex) {
return null;
}
public char[] toCharArray() {
return null;
}
public char[] toCharArray(final int startIndex, int endIndex) {
return null;
}
@Override
public String toString() {
return null;
}
public StringBuffer toStringBuffer() {
return null;
}
public StringBuilder toStringBuilder() {
return null;
}
public TextStringBuilder trim() {
return null;
}
}

44
java/ql/test/stubs/apache-commons-text-1.9/org/apache/commons/text/matcher/StringMatcher.java Normal file
View File

@@ -0,0 +1,44 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.text.matcher;
public interface StringMatcher {
default StringMatcher andThen(final StringMatcher stringMatcher) {
return null;
}
default int isMatch(final char[] buffer, final int pos) {
return 0;
}
int isMatch(char[] buffer, int start, int bufferStart, int bufferEnd);
default int isMatch(final CharSequence buffer, final int pos) {
return 0;
}
default int isMatch(final CharSequence buffer, final int start, final int bufferStart, final int bufferEnd) {
return 0;
}
default int size() {
return 0;
}
}