diff --git a/.github/workflows/atm-check-query-suite.yml b/.github/workflows/atm-check-query-suite.yml index 7317746fe62..ed93a6f8f2f 100644 --- a/.github/workflows/atm-check-query-suite.yml +++ b/.github/workflows/atm-check-query-suite.yml @@ -13,7 +13,7 @@ on: jobs: atm-check-query-suite: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-xl steps: - uses: actions/checkout@v3 @@ -23,6 +23,12 @@ jobs: with: channel: release + - name: Cache compilation cache + id: query-cache + uses: ./.github/actions/cache-query-compilation + with: + key: atm-suite + - name: Install ATM model run: | set -exu @@ -50,10 +56,13 @@ jobs: echo "SARIF_PATH=${SARIF_PATH}" >> "${GITHUB_ENV}" codeql database analyze \ + --threads=0 \ + --ram 50000 \ --format sarif-latest \ --output "${SARIF_PATH}" \ --sarif-group-rules-by-pack \ -vv \ + --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \ -- \ "${DB_PATH}" \ "${QUERY_PACK}/${QUERY_SUITE}" diff --git a/config/identical-files.json b/config/identical-files.json index 3c332d1d0da..80c265e8b5f 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -531,11 +531,6 @@ "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll", "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll" ], - "Hostname Regexp queries": [ - "javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll", - "python/ql/src/Security/CWE-020/HostnameRegexpShared.qll", - "ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll" - ], "ApiGraphModels": [ "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll", "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll", diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 132d1bf3537..6fa6f76aabd 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.6 + +No user-facing changes. + ## 0.4.5 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md b/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md new file mode 100644 index 00000000000..2bf899cffe5 --- /dev/null +++ b/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter. diff --git a/cpp/ql/lib/change-notes/released/0.4.6.md b/cpp/ql/lib/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..8e652998eca --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.4.6.md @@ -0,0 +1,3 @@ +## 0.4.6 + +No user-facing changes. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 585ab2170e5..ee8913624dc 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.4.6-dev +version: 0.5.0-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll index f9da97ad1dd..881c8894e3d 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll @@ -53,7 +53,7 @@ private class ArgvSource extends LocalFlowSource { exists(Function main, Parameter argv | main.hasGlobalName("main") and main.getParameter(1) = argv and - argv.getAnAccess() in [this.asExpr(), this.asIndirectExpr()] + this.asParameter(_) = argv ) } diff --git a/cpp/ql/src/AlertSuppression.ql b/cpp/ql/src/AlertSuppression.ql index 14766a1e51a..62086b6982a 100644 --- a/cpp/ql/src/AlertSuppression.ql +++ b/cpp/ql/src/AlertSuppression.ql @@ -5,78 +5,35 @@ * @id cpp/alert-suppression */ -import cpp +private import codeql.suppression.AlertSuppression as AS +private import semmle.code.cpp.Element -/** - * An alert suppression comment. - */ -class SuppressionComment extends Comment { - string annotation; - string text; +class SingleLineComment extends Comment { + private string text; - SuppressionComment() { - ( - this instanceof CppStyleComment and - // strip the beginning slashes - text = this.getContents().suffix(2) - or - this instanceof CStyleComment and - // strip both the beginning /* and the end */ the comment - exists(string text0 | - text0 = this.getContents().suffix(2) and - text = text0.prefix(text0.length() - 2) - ) and - // The /* */ comment must be a single-line comment - not text.matches("%\n%") + SingleLineComment() { + this instanceof CppStyleComment and + // strip the beginning slashes + text = this.getContents().suffix(2) + or + this instanceof CStyleComment and + // strip both the beginning /* and the end */ the comment + exists(string text0 | + text0 = this.getContents().suffix(2) and + text = text0.prefix(text0.length() - 2) ) and - ( - // match `lgtm[...]` anywhere in the comment - annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _) - or - // match `lgtm` at the start of the comment and after semicolon - annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim() - ) + // The /* */ comment must be a single-line comment + not text.matches("%\n%") + } + + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } /** Gets the text in this comment, excluding the leading //. */ string getText() { result = text } - - /** Gets the suppression annotation in this comment. */ - string getAnnotation() { result = annotation } - - /** - * Holds if this comment applies to the range from column `startcolumn` of line `startline` - * to column `endcolumn` of line `endline` in file `filepath`. - */ - predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) { - this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and - startcolumn = 1 - } - - /** Gets the scope of this suppression. */ - SuppressionScope getScope() { result = this } } -/** - * The scope of an alert suppression comment. - */ -class SuppressionScope extends ElementBase instanceof SuppressionComment { - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - super.covers(filepath, startline, startcolumn, endline, endcolumn) - } -} - -from SuppressionComment c -select c, // suppression comment - c.getText(), // text of suppression comment (excluding delimiters) - c.getAnnotation(), // text of suppression annotation - c.getScope() // scope of suppression +import AS::Make diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index c50e54bd80f..5cfd60bc84c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.6 + +No user-facing changes. + ## 0.4.5 No user-facing changes. diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 147cf73066a..d94241b749e 100644 --- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -81,8 +81,6 @@ class TaintedPathConfiguration extends TaintTracking::Configuration { ) } - override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) } - override predicate isSanitizer(DataFlow::Node node) { node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType or diff --git a/cpp/ql/src/change-notes/released/0.4.6.md b/cpp/ql/src/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..8e652998eca --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.4.6.md @@ -0,0 +1,3 @@ +## 0.4.6 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 75d3e65c592..9739b6d1cd1 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,11 +1,12 @@ name: codeql/cpp-queries -version: 0.4.6-dev +version: 0.5.0-dev groups: - cpp - queries dependencies: codeql/cpp-all: ${workspace} codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} suites: codeql-suites extractor: cpp defaultSuiteFile: codeql-suites/cpp-code-scanning.qls diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected index cb2956b2a76..279d941d881 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected @@ -1,21 +1,21 @@ edges -| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | -| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | -| test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | -| test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | -| test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | -| test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | +| test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | nodes -| test.cpp:23:20:23:23 | argv | semmle.label | argv | -| test.cpp:23:20:23:23 | argv indirection | semmle.label | argv indirection | -| test.cpp:23:20:23:23 | argv indirection | semmle.label | argv indirection | +| test.cpp:22:27:22:30 | argv | semmle.label | argv | +| test.cpp:22:27:22:30 | argv indirection | semmle.label | argv indirection | +| test.cpp:22:27:22:30 | argv indirection | semmle.label | argv indirection | | test.cpp:29:13:29:20 | filePath | semmle.label | filePath | | test.cpp:29:13:29:20 | filePath | semmle.label | filePath | subpaths #select -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | -| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | +| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv indirection | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. | diff --git a/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected b/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected index 3236b7f6183..a03e25ebb87 100644 --- a/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected +++ b/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected @@ -1,58 +1,58 @@ -| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | // lgtm | -| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | -| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | -| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | // lgtm[@tag:nullness] | -| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | -| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | -| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | -| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | // lgtm: blah blah | -| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | -| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | -| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | /* lgtm */ | -| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | // lgtm[] | -| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | //lgtm | -| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | //\tlgtm | -| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | -| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | // foo; lgtm | -| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | -| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | -| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | -| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | // LGTM! | -| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | -| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | -| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | -| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | -| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | -| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | /* lgtm[] */ | -| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | -| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | -| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | -| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | // lgtm | -| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | -| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | -| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | -| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | -| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | -| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | -| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | // lgtm: blah blah | -| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | -| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | -| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | /* lgtm */ | -| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | // lgtm[] | -| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | //lgtm | -| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | //\tlgtm | -| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | -| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | // foo; lgtm | -| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | -| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | -| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | -| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | // LGTM! | -| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | -| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | -| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | -| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | -| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | -| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | /* lgtm[] */ | -| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | -| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | -| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | +| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range | +| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range | +| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range | +| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range | +| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range | +| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range | +| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range | +| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range | +| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range | +| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range | +| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range | +| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range | +| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range | +| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range | +| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range | +| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range | +| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range | +| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range | +| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range | +| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range | +| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range | +| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range | +| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range | +| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range | +| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range | +| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range | +| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range | +| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range | +| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range | +| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range | +| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range | +| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range | +| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range | +| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range | +| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range | +| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range | +| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range | +| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range | +| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range | +| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range | +| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range | +| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range | +| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range | +| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range | +| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range | +| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range | +| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range | +| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range | +| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range | +| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range | +| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range | +| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range | +| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range | +| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range | +| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range | +| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range | +| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range | +| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected index 4d3ac48d18a..32e1b97f97d 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected @@ -1,36 +1,32 @@ edges -| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | Convert indirection | -| test.c:9:23:9:26 | argv indirection | test.c:17:11:17:18 | Convert indirection | -| test.c:9:23:9:26 | argv indirection | test.c:17:11:17:18 | Convert indirection | -| test.c:31:22:31:25 | argv indirection | test.c:32:11:32:18 | Convert indirection | -| test.c:31:22:31:25 | argv indirection | test.c:32:11:32:18 | Convert indirection | +| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection | +| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | +| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | +| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | +| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | +| test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | +| test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection | | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection | -| test.c:57:10:57:13 | argv indirection | test.c:57:10:57:16 | access to array indirection | -| test.c:57:10:57:13 | argv indirection | test.c:57:10:57:16 | access to array indirection | nodes -| test.c:9:23:9:26 | argv | semmle.label | argv | -| test.c:9:23:9:26 | argv indirection | semmle.label | argv indirection | -| test.c:9:23:9:26 | argv indirection | semmle.label | argv indirection | +| test.c:8:27:8:30 | argv | semmle.label | argv | +| test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection | +| test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection | | test.c:17:11:17:18 | Convert indirection | semmle.label | Convert indirection | -| test.c:31:22:31:25 | argv indirection | semmle.label | argv indirection | -| test.c:31:22:31:25 | argv indirection | semmle.label | argv indirection | | test.c:32:11:32:18 | Convert indirection | semmle.label | Convert indirection | | test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument | | test.c:38:11:38:18 | Convert indirection | semmle.label | Convert indirection | | test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument | | test.c:44:11:44:18 | Convert indirection | semmle.label | Convert indirection | -| test.c:57:10:57:13 | argv indirection | semmle.label | argv indirection | -| test.c:57:10:57:13 | argv indirection | semmle.label | argv indirection | | test.c:57:10:57:16 | access to array indirection | semmle.label | access to array indirection | subpaths #select -| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (a command-line argument) | -| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv indirection | user input (a command-line argument) | -| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv indirection | user input (a command-line argument) | -| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv indirection | user input (a command-line argument) | -| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv indirection | user input (a command-line argument) | +| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) | +| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | +| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | +| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | +| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | | test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) | | test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) | -| test.c:57:10:57:16 | access to array | test.c:57:10:57:13 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:57:10:57:13 | argv indirection | user input (a command-line argument) | -| test.c:57:10:57:16 | access to array | test.c:57:10:57:13 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:57:10:57:13 | argv indirection | user input (a command-line argument) | +| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | +| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected index d89f527fc7d..03c15cb4263 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected @@ -1,6 +1,6 @@ edges -| test.cpp:16:20:16:23 | argv indirection | test.cpp:22:45:22:52 | Load indirection | -| test.cpp:16:20:16:23 | argv indirection | test.cpp:22:45:22:52 | Load indirection | +| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | Load indirection | +| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | Load indirection | | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | Convert indirection | | test.cpp:22:45:22:52 | Load indirection | test.cpp:22:13:22:20 | sprintf output argument | | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | Load indirection | @@ -101,8 +101,8 @@ edges | test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument | | test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument | nodes -| test.cpp:16:20:16:23 | argv indirection | semmle.label | argv indirection | -| test.cpp:16:20:16:23 | argv indirection | semmle.label | argv indirection | +| test.cpp:15:27:15:30 | argv indirection | semmle.label | argv indirection | +| test.cpp:15:27:15:30 | argv indirection | semmle.label | argv indirection | | test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument | | test.cpp:22:45:22:52 | Load indirection | semmle.label | Load indirection | | test.cpp:23:12:23:19 | Convert indirection | semmle.label | Convert indirection | @@ -211,8 +211,8 @@ subpaths | test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument | | test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument | #select -| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument | -| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument | +| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument | +| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument | | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument | | test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument | | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected index b4e73c5df09..8006b5b61a0 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected @@ -50,7 +50,6 @@ | tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer | | tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array | | tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array | -| tests.cpp:586:6:586:12 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array | | tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer | | unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer | | unions.cpp:27:2:27:7 | call to memset | This 'memset' operation accesses 100 bytes but the $@ is only 10 bytes. | unions.cpp:15:7:15:11 | small | destination buffer | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected index b732783819a..b87fe7f0256 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected @@ -1,7 +1,16 @@ edges -| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | -| overflowdestination.cpp:27:9:27:12 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | -| overflowdestination.cpp:27:9:27:12 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | +| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv | +| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection | +| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection | +| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection | +| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv | +| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv | +| main.cpp:7:33:7:36 | Load indirection | overflowdestination.cpp:23:45:23:48 | argv indirection | +| main.cpp:7:33:7:36 | Load indirection | overflowdestination.cpp:23:45:23:48 | argv indirection | +| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv | +| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | +| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | +| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src | | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:52:9:52:12 | memcpy output argument | | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | @@ -61,9 +70,15 @@ edges | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | nodes -| overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv | -| overflowdestination.cpp:27:9:27:12 | argv indirection | semmle.label | argv indirection | -| overflowdestination.cpp:27:9:27:12 | argv indirection | semmle.label | argv indirection | +| main.cpp:6:27:6:30 | argv | semmle.label | argv | +| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection | +| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection | +| main.cpp:7:33:7:36 | Load indirection | semmle.label | Load indirection | +| main.cpp:7:33:7:36 | Load indirection | semmle.label | Load indirection | +| main.cpp:7:33:7:36 | argv | semmle.label | argv | +| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv | +| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection | +| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection | | overflowdestination.cpp:30:17:30:20 | arg1 | semmle.label | arg1 | | overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument | | overflowdestination.cpp:46:15:46:17 | src | semmle.label | src | @@ -121,9 +136,9 @@ subpaths | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | #select -| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | -| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | -| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | +| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | +| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | +| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | | overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | src2 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp new file mode 100644 index 00000000000..78f94af22cf --- /dev/null +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp @@ -0,0 +1,12 @@ +int overflowdesination_main(int argc, char **argv); +int test_buffer_overrun_main(int argc, char **argv); +int tests_restrict_main(int argc, char **argv); +int tests_main(int argc, char **argv); + +int main(int argc, char **argv) { + overflowdesination_main(argc, argv); + test_buffer_overrun_main(argc, argv); + tests_restrict_main(argc, argv); + tests_main(argc, argv); + return 0; +} diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp index 2a939f83a73..8b785b5a662 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp @@ -20,7 +20,7 @@ inline size_t min(size_t a, size_t b) { } } -int main(int argc, char* argv[]) { +int overflowdesination_main(int argc, char* argv[]) { char param[20]; char *arg1; diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp index d05ed0c94a7..8554f8c62fb 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp @@ -29,7 +29,7 @@ void test_buffer_overrun_in_while_loop_using_array_indexing() } } -int main(int argc, char *argv[]) +int test_buffer_overrun_main(int argc, char *argv[]) { test_buffer_overrun_in_for_loop(); test_buffer_overrun_in_while_loop_using_pointer_arithmetic(); diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp index 570430d771c..66a603da5e7 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp @@ -603,7 +603,7 @@ void test22(bool b, const char* source) { memcpy(dest, source, n); // GOOD } -int main(int argc, char *argv[]) +int tests_main(int argc, char *argv[]) { long long arr17[19]; diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c index 9b6990db535..96a5571bf65 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c @@ -12,7 +12,7 @@ void test1() memcpy(largebuf, smallbuf, 2); // BAD: source over-read } -int main(int argc, char *argv[]) +int tests_restrict_main(int argc, char *argv[]) { test1(); diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected index 9c7ec646724..54afc5c030e 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected @@ -1,16 +1,16 @@ edges -| test1.c:8:16:8:19 | argv | test1.c:9:9:9:9 | i | -| test1.c:8:16:8:19 | argv | test1.c:11:9:11:9 | i | -| test1.c:8:16:8:19 | argv | test1.c:12:9:12:9 | i | -| test1.c:8:16:8:19 | argv | test1.c:13:9:13:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:9:9:9:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:9:9:9:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:11:9:11:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:11:9:11:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:12:9:12:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:12:9:12:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:13:9:13:9 | i | -| test1.c:8:16:8:19 | argv indirection | test1.c:13:9:13:9 | i | +| test1.c:7:26:7:29 | argv | test1.c:9:9:9:9 | i | +| test1.c:7:26:7:29 | argv | test1.c:11:9:11:9 | i | +| test1.c:7:26:7:29 | argv | test1.c:12:9:12:9 | i | +| test1.c:7:26:7:29 | argv | test1.c:13:9:13:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:9:9:9:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:9:9:9:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:11:9:11:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:11:9:11:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:12:9:12:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:12:9:12:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:13:9:13:9 | i | +| test1.c:7:26:7:29 | argv indirection | test1.c:13:9:13:9 | i | | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i | | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i | | test1.c:12:9:12:9 | i | test1.c:40:16:40:16 | i | @@ -20,9 +20,9 @@ edges | test1.c:40:16:40:16 | i | test1.c:41:11:41:11 | i | | test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j | nodes -| test1.c:8:16:8:19 | argv | semmle.label | argv | -| test1.c:8:16:8:19 | argv indirection | semmle.label | argv indirection | -| test1.c:8:16:8:19 | argv indirection | semmle.label | argv indirection | +| test1.c:7:26:7:29 | argv | semmle.label | argv | +| test1.c:7:26:7:29 | argv indirection | semmle.label | argv indirection | +| test1.c:7:26:7:29 | argv indirection | semmle.label | argv indirection | | test1.c:9:9:9:9 | i | semmle.label | i | | test1.c:11:9:11:9 | i | semmle.label | i | | test1.c:12:9:12:9 | i | semmle.label | i | @@ -37,15 +37,15 @@ nodes | test1.c:53:15:53:15 | j | semmle.label | j | subpaths #select -| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | -| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv indirection | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv indirection | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | -| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv indirection | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv indirection | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:41:11:41:11 | i | test1.c:8:16:8:19 | argv | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | -| test1.c:41:11:41:11 | i | test1.c:8:16:8:19 | argv indirection | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:41:11:41:11 | i | test1.c:8:16:8:19 | argv indirection | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument | -| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv indirection | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | -| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv indirection | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv indirection | a command-line argument | +| test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument | +| test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv indirection | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv indirection | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument | +| test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv indirection | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv indirection | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:41:11:41:11 | i | test1.c:7:26:7:29 | argv | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument | +| test1.c:41:11:41:11 | i | test1.c:7:26:7:29 | argv indirection | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:41:11:41:11 | i | test1.c:7:26:7:29 | argv indirection | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument | +| test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv indirection | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | +| test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv indirection | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv indirection | a command-line argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected index 5bf97619a26..2213cd863af 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected @@ -1,22 +1,22 @@ edges -| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | -| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | -| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | -| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | -| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | -| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:43:38:43:44 | tainted | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:43:38:43:44 | tainted | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:44:38:44:63 | ... * ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:44:38:44:63 | ... * ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:46:38:46:63 | ... + ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:46:38:46:63 | ... + ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:49:32:49:35 | size | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:49:32:49:35 | size | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:50:26:50:29 | size | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:50:26:50:29 | size | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:53:35:53:60 | ... * ... | -| test.cpp:40:21:40:24 | argv indirection | test.cpp:53:35:53:60 | ... * ... | +| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | +| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | +| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | +| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | +| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | +| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:43:38:43:44 | tainted | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:43:38:43:44 | tainted | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:44:38:44:63 | ... * ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:44:38:44:63 | ... * ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:46:38:46:63 | ... + ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:46:38:46:63 | ... + ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:50:26:50:29 | size | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:50:26:50:29 | size | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | +| test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | | test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... | | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | @@ -47,9 +47,9 @@ edges | test.cpp:338:19:338:24 | call to getenv | test.cpp:342:25:342:43 | ... * ... | | test.cpp:338:19:338:32 | call to getenv indirection | test.cpp:342:25:342:43 | ... * ... | nodes -| test.cpp:40:21:40:24 | argv | semmle.label | argv | -| test.cpp:40:21:40:24 | argv indirection | semmle.label | argv indirection | -| test.cpp:40:21:40:24 | argv indirection | semmle.label | argv indirection | +| test.cpp:39:27:39:30 | argv | semmle.label | argv | +| test.cpp:39:27:39:30 | argv indirection | semmle.label | argv indirection | +| test.cpp:39:27:39:30 | argv indirection | semmle.label | argv indirection | | test.cpp:43:38:43:44 | tainted | semmle.label | tainted | | test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... | | test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... | @@ -93,24 +93,24 @@ nodes | test.cpp:342:25:342:43 | ... * ... | semmle.label | ... * ... | subpaths #select -| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv indirection | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv indirection | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) | -| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | -| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv indirection | user input (a command-line argument) | +| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv indirection | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv indirection | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) | +| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | +| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) | | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) | | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:31 | call to getenv indirection | user input (an environment variable) | | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected index 180a7a3b1a6..6e6a86460f4 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected @@ -1,19 +1,19 @@ edges | test2.cpp:110:8:110:15 | gets output argument | test2.cpp:110:3:110:6 | call to gets | -| test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | -| test.cpp:54:17:54:20 | argv indirection | test.cpp:58:25:58:29 | input | -| test.cpp:54:17:54:20 | argv indirection | test.cpp:58:25:58:29 | input | +| test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | +| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | +| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | nodes | test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets | | test2.cpp:110:8:110:15 | gets output argument | semmle.label | gets output argument | -| test.cpp:54:17:54:20 | argv | semmle.label | argv | -| test.cpp:54:17:54:20 | argv indirection | semmle.label | argv indirection | -| test.cpp:54:17:54:20 | argv indirection | semmle.label | argv indirection | +| test.cpp:53:27:53:30 | argv | semmle.label | argv | +| test.cpp:53:27:53:30 | argv indirection | semmle.label | argv indirection | +| test.cpp:53:27:53:30 | argv indirection | semmle.label | argv indirection | | test.cpp:58:25:58:29 | input | semmle.label | input | subpaths #select | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) | | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:8:110:15 | gets output argument | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:8:110:15 | gets output argument | user input (string read by gets) | -| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv | user input (a command-line argument) | -| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv indirection | user input (a command-line argument) | -| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv indirection | user input (a command-line argument) | +| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) | +| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) | +| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) | diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index d34f03b0e37..8d5d8f7df35 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.6 + +No user-facing changes. + ## 1.3.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md new file mode 100644 index 00000000000..ce7baecf210 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md @@ -0,0 +1,3 @@ +## 1.3.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 1e1845ea66d..0a0b0986311 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.5 +lastReleaseVersion: 1.3.6 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index d10c89a3f5c..3db26da98de 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.3.6-dev +version: 1.4.0-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index d34f03b0e37..8d5d8f7df35 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.6 + +No user-facing changes. + ## 1.3.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md new file mode 100644 index 00000000000..ce7baecf210 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md @@ -0,0 +1,3 @@ +## 1.3.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 1e1845ea66d..0a0b0986311 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.5 +lastReleaseVersion: 1.3.6 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 98c95da4b03..9d3c5a80b02 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.3.6-dev +version: 1.4.0-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 438927d036b..0dbf4820b2a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.6 + +No user-facing changes. + ## 0.4.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/0.4.6.md b/csharp/ql/lib/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..8e652998eca --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.4.6.md @@ -0,0 +1,3 @@ +## 0.4.6 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 05eb16f3750..75d3cd21610 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.4.6-dev +version: 0.5.0-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats index 2d1c330c7d2..c2017892642 100644 --- a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats +++ b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats @@ -948,6 +948,14 @@ @with_expr 101 + + @list_pattern_expr + 0 + + + @slice_pattern_expr + 0 + @xmldtd 40 diff --git a/csharp/ql/src/AlertSuppression.ql b/csharp/ql/src/AlertSuppression.ql index cfa8dbae832..0eeca2648ea 100644 --- a/csharp/ql/src/AlertSuppression.ql +++ b/csharp/ql/src/AlertSuppression.ql @@ -5,68 +5,20 @@ * @id cs/alert-suppression */ -import csharp +private import codeql.suppression.AlertSuppression as AS +private import semmle.code.csharp.Comments -/** - * An alert suppression comment. - */ -class SuppressionComment extends CommentLine { - string annotation; - - SuppressionComment() { +class SingleLineComment extends CommentLine { + SingleLineComment() { // Must be either `// ...` or `/* ... */` on a single line. - this.getRawText().regexpMatch("//.*|/\\*.*\\*/") and - exists(string text | text = this.getText() | - // match `lgtm[...]` anywhere in the comment - annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _) - or - // match `lgtm` at the start of the comment and after semicolon - annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim() - ) + this.getRawText().regexpMatch("//.*|/\\*.*\\*/") } - /** Gets the suppression annotation in this comment. */ - string getAnnotation() { result = annotation } - - /** - * Holds if this comment applies to the range from column `startcolumn` of line `startline` - * to column `endcolumn` of line `endline` in file `filepath`. - */ - predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) { - this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and - startcolumn = 1 - } - - /** Gets the scope of this suppression. */ - SuppressionScope getScope() { this = result.getSuppressionComment() } -} - -/** - * The scope of an alert suppression comment. - */ -class SuppressionScope extends @commentline instanceof SuppressionComment { - /** Gets a suppression comment with this scope. */ - SuppressionComment getSuppressionComment() { result = this } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn ) { - super.covers(filepath, startline, startcolumn, endline, endcolumn) + this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } - - /** Gets a textual representation of this element. */ - string toString() { result = "suppression range" } } -from SuppressionComment c -select c, // suppression comment - c.getText(), // text of suppression comment (excluding delimiters) - c.getAnnotation(), // text of suppression annotation - c.getScope() // scope of suppression +import AS::Make diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 57d44189f70..8110355ef6a 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.6 + +No user-facing changes. + ## 0.4.5 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.4.6.md b/csharp/ql/src/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..8e652998eca --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.4.6.md @@ -0,0 +1,3 @@ +## 0.4.6 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index f7da9740b21..0f0e31abef5 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.4.6-dev +version: 0.5.0-dev groups: - csharp - queries @@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/csharp-code-scanning.qls dependencies: codeql/csharp-all: ${workspace} codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} diff --git a/csharp/ql/test/query-tests/AlertSuppression/.gitattributes b/csharp/ql/test/query-tests/AlertSuppression/.gitattributes new file mode 100644 index 00000000000..ab4be0ef713 --- /dev/null +++ b/csharp/ql/test/query-tests/AlertSuppression/.gitattributes @@ -0,0 +1 @@ +AlertSuppressionWindows.cs eol=crlf diff --git a/docs/query-classification-and-display.md b/docs/query-classification-and-display.md deleted file mode 100644 index 8f819512b3c..00000000000 --- a/docs/query-classification-and-display.md +++ /dev/null @@ -1,101 +0,0 @@ -# Query classification and display - -## Attributable Queries - -The results of some queries are unsuitable for attribution to individual -developers. Most of them have a threshold value on which they trigger, -for example all metric violations and statistics based queries. The -results of such queries would all be attributed to the person pushing -the value over (or under) the threshold. Some queries only trigger when -another one doesn't. An example of this is the MaybeNull query which -only triggers if the AlwaysNull query doesn't. A small change in the -data flow could make an alert switch from AlwaysNull to MaybeNull (or -vice versa). As a result we attribute both a fix and an introduction to -the developer that changed the data flow. For this particular example -the funny attribution results are more a nuisance than a real problem; -the overall alert count remains unchanged. However, for the duplicate -and similar code queries the effects can be much more severe, as they -come in versions for "duplicate file" and "duplicate function" among -many others, where "duplicate function" only triggers if "duplicate -file" didn't. As a result adding some code to a duplicate file might -result in a "fix" of a "duplicate file" alert and an introduction of -many "duplicate function" alerts. This would be highly unfair. -Currently, only the duplicate and similar code queries exhibit this -"exchanging one for many" alerts when trying to attribute their results. -Therefore we currently exclude all duplicate code related alerts from -attribution. - -The following queries are excluded from attribution: - -- Metric violations, i.e. the ones with metadata properties like -  `@(error|warning|recommendation)-(to|from)` -- Queries with tag `non-attributable` - -This check is applied when the results of a single attribution are -loaded into the datastore. This means that any change to this behaviour -will only take effect on newly attributed revisions but the historical -data remains unchanged. - -## Query severity and precision - -We currently classify queries on two axes, with some additional tags. -Those axes are severity and precision, and are defined using the -query-metadata properties `@problem.severity` and `@precision`. - -For severity, we have the following categories: - -- Error -- Warning -- Recommendation - -These categories may change in the future. - -For precision, we have the following categories: - -- very-high -- high -- medium -- low - -As [usual](https://en.wikipedia.org/wiki/Precision_and_recall), -precision is defined as the percentage of query results that are true -positives, i.e., precision = number of true positives / (number of true -positives + number of false positives). There is no hard-and-fast rule -for which precision ranges correspond to which categories. - -We expect these categories to remain unchanged for the foreseeable -future. - -### A note on precision - -Intuitively, precision measures how well the query performs at finding the -results it is supposed to find, i.e., how well it implements its -(informal, unwritten) rule. So how precise a query is depends very much -on what we consider that rule to be. We generally try to sharpen our -rules to focus on results that a developer might actually be interested -in. - -## Which queries to run and display on LGTM - -The following queries are run: - -Precision: | very-high | high | medium | low ----------------|-----------|---------|---------|---- -Error | **Yes** | **Yes** | **Yes** | No -Warning | **Yes** | **Yes** | **Yes** | No -Recommendation | **Yes** | **Yes** | No | No - -The following queries have their results displayed by default: - -Precision: | very-high | high | medium | low ----------------|-----------|---------|--------|---- -Error | **Yes** | **Yes** | No | No -Warning | **Yes** | **Yes** | No | No -Recommendation | **Yes** | No | No | No - -Results for queries that are run but not displayed by default can be -made visible by editing the project configuration. - -Queries from custom query packs (in-repo or site-wide) are always run -and displayed by default. They can be hidden by editing the project -config, and "disabled" by removing them from the query pack. diff --git a/docs/supported-queries.md b/docs/supported-queries.md index 2393ade24f5..59521265a1c 100644 --- a/docs/supported-queries.md +++ b/docs/supported-queries.md @@ -34,12 +34,8 @@ The process must begin with the first step and must conclude with the final step Test the query on a number of large real-world projects to make sure it doesn't give too many false positive results. Adjust the `@precision` and `@problem.severity` attributes in accordance with the real-world results you observe. See the advice on query metadata below. - You can use the LGTM.com [query console](https://lgtm.com/query) to get an overview of true and false positive results on a large number of projects. The simplest way to do this is to: - - 1. [Create a list of prominent projects](https://lgtm.com/help/lgtm/managing-project-lists) on LGTM. - 2. In the query console, [run your query against your custom project list](https://lgtm.com/help/lgtm/using-query-console). - 3. Save links to your query console results and include them in discussions on issues and pull requests. - + GitHub is running a private beta test of a new feature for testing CodeQL queries at scale from VS Code. To request access to the beta program, please respond to this [GitHub Discussion](https://github.com/orgs/community/discussions/40453). + 5. **Test and improve performance** There must be a balance between the execution time of a query and the value of its results: queries that are highly valuable and broadly applicable can be allowed to take longer to run. In all cases, you need to address any easy-to-fix performance issues before the query is put into production. @@ -62,8 +58,6 @@ The process must begin with the first step and must conclude with the final step - The severity is one of `error`, `warning`, or `recommendation`. - The precision is one of `very-high`, `high`, `medium` or `low`. It may take a few iterations to get this right. - - Currently, LGTM runs all `error` or `warning` queries with a `very-high`, `high`, or `medium` precision. In addition, `recommendation` queries with `very-high` or `high` precision are run. - - However, results from `error` and `warning` queries with `medium` precision, as well as `recommendation` queries with `high` precision, are not shown by default. c. All queries need an `@id`. diff --git a/go/CONTRIBUTING.md b/go/CONTRIBUTING.md index 1b4868b9dba..e9f234d27f4 100644 --- a/go/CONTRIBUTING.md +++ b/go/CONTRIBUTING.md @@ -44,7 +44,7 @@ Follow the steps below to help other users understand what your query does, and 4. **Make sure the `select` statement is compatible with the query type** - The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and Visual Studio Code. + The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in query results. For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com. 5. **Write a query help file** diff --git a/go/README.md b/go/README.md index 6569eec3da9..b7c4d5cb98e 100644 --- a/go/README.md +++ b/go/README.md @@ -1,8 +1,7 @@ # Go analysis support for CodeQL -This open-source repository contains the extractor, CodeQL libraries, and queries that power Go -support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) -makes available to its customers worldwide. +This sub-folder contains the extractor, CodeQL libraries, and queries that power Go +support for CodeQL. It contains two major components: - an extractor, itself written in Go, that parses Go source code and converts it into a database @@ -10,11 +9,6 @@ It contains two major components: - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be used to analyze such a database to find coding mistakes or security vulnerabilities. -The goal of this project is to provide comprehensive static analysis support for Go in CodeQL. - -For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL -repository](https://github.com/github/codeql). - ## Installation Clone this repository. @@ -30,15 +24,9 @@ Code workspace. To analyze a Go codebase, either use the [CodeQL command-line interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or -download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the +download a pre-built database from [GitHub.com](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#downloading-databases-from-github-com). You can then run any of the queries contained in this repository either on the command line or using the VS Code extension. -Note that the [lgtm.com](https://github.com/github/codeql/tree/lgtm.com) branch of this -repository corresponds to the version of the queries that is currently deployed on LGTM.com. -The [main](https://github.com/github/codeql/tree/main) branch may contain changes that -have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before -running queries on them. - ## Contributions Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index a24d1c5919b..ba72eb8950a 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.6 + +No user-facing changes. + ## 0.3.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/0.3.6.md b/go/ql/lib/change-notes/released/0.3.6.md new file mode 100644 index 00000000000..0c7a392e88f --- /dev/null +++ b/go/ql/lib/change-notes/released/0.3.6.md @@ -0,0 +1,3 @@ +## 0.3.6 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 468917f2543..7bbaa8987dd 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index b9088307812..a3b398f3a0b 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.3.6-dev +version: 0.4.0-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/AlertSuppression.ql b/go/ql/src/AlertSuppression.ql index d264052bd23..632499136a8 100644 --- a/go/ql/src/AlertSuppression.ql +++ b/go/ql/src/AlertSuppression.ql @@ -5,73 +5,14 @@ * @id go/alert-suppression */ -import go +private import codeql.suppression.AlertSuppression as AS +private import semmle.go.Comments as G -/** - * An alert suppression comment. - */ -class SuppressionComment extends Locatable { - string text; - string annotation; - - SuppressionComment() { - text = this.(Comment).getText() and +class SingleLineComment extends G::Comment { + SingleLineComment() { // suppression comments must be single-line - not text.matches("%\n%") and - ( - // match `lgtm[...]` anywhere in the comment - annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _) - or - // match `lgtm` at the start of the comment and after semicolon - annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim() - ) + not this.getText().matches("%\n%") } - - /** Gets the text of this suppression comment, not including delimiters. */ - string getText() { result = text } - - /** Gets the suppression annotation in this comment. */ - string getAnnotation() { result = annotation } - - /** - * Holds if this comment applies to the range from column `startcolumn` of line `startline` - * to column `endcolumn` of line `endline` in file `filepath`. - */ - predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) { - this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and - startcolumn = 1 - } - - /** Gets the scope of this suppression. */ - SuppressionScope getScope() { this = result.getSuppressionComment() } } -/** - * The scope of an alert suppression comment. - */ -class SuppressionScope extends @locatable instanceof SuppressionComment { - /** Gets a suppression comment with this scope. */ - SuppressionComment getSuppressionComment() { result = this } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - super.covers(filepath, startline, startcolumn, endline, endcolumn) - } - - /** Gets a textual representation of this element. */ - string toString() { result = "suppression range" } -} - -from SuppressionComment c -select c, // suppression comment - c.getText(), // text of suppression comment (excluding delimiters) - c.getAnnotation(), // text of suppression annotation - c.getScope() // scope of suppression +import AS::Make diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 0ab2f98312a..aed077e28d9 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.6 + +No user-facing changes. + ## 0.3.5 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.3.6.md b/go/ql/src/change-notes/released/0.3.6.md new file mode 100644 index 00000000000..0c7a392e88f --- /dev/null +++ b/go/ql/src/change-notes/released/0.3.6.md @@ -0,0 +1,3 @@ +## 0.3.6 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 468917f2543..7bbaa8987dd 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 7d586cfb931..e6976602e89 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.3.6-dev +version: 0.4.0-dev groups: - go - queries @@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/go-code-scanning.qls dependencies: codeql/go-all: ${workspace} codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} diff --git a/go/ql/test/query-tests/AlertSuppression/.gitattributes b/go/ql/test/query-tests/AlertSuppression/.gitattributes new file mode 100644 index 00000000000..d71f241c6e8 --- /dev/null +++ b/go/ql/test/query-tests/AlertSuppression/.gitattributes @@ -0,0 +1 @@ +tstWindows.go eol=crlf diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt index faa83139bbb..5990fb3389d 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt @@ -1194,8 +1194,6 @@ open class KotlinFileExtractor( // n + o'th parameter, where `o` is the parameter offset caused by adding any dispatch receiver to the parameter list. // Note we don't need to add the extension receiver here because `useValueParameter` always assumes an extension receiver // will be prepended if one exists. - // Note we have to get the real function ID here before entering this block, because otherwise we'll misrepresent the signature of a generic - // function without its type variables -- for example, trying to address `f(T, List)` as `f(Object, List)`. val realFunctionId = useFunction(f) DeclarationStackAdjuster(f, OverriddenFunctionAttributes(id, id, locId, nonSyntheticParams, typeParameters = listOf(), isStatic = true)).use { val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2) @@ -5796,9 +5794,6 @@ open class KotlinFileExtractor( fun findOverriddenAttributes(f: IrFunction) = stack.lastOrNull { it.first == f } ?.second - - fun findFirst(f: (Pair) -> Boolean) = - stack.findLast(f) } data class OverriddenFunctionAttributes( diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index cc335d3f8cb..fe55fdba256 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -643,26 +643,6 @@ open class KotlinUsesExtractor( RETURN, GENERIC_ARGUMENT, OTHER } - private fun isOnDeclarationStackWithoutTypeParameters(f: IrFunction) = - this is KotlinFileExtractor && this.declarationStack.findOverriddenAttributes(f)?.typeParameters?.isEmpty() == true - - private fun isStaticFunctionOnStackBeforeClass(c: IrClass) = - this is KotlinFileExtractor && (this.declarationStack.findFirst { it.first == c || it.second?.isStatic == true })?.second?.isStatic == true - - private fun isUnavailableTypeParameter(t: IrType) = - t is IrSimpleType && t.classifier.owner.let { owner -> - owner is IrTypeParameter && owner.parent.let { parent -> - when (parent) { - is IrFunction -> isOnDeclarationStackWithoutTypeParameters(parent) - is IrClass -> isStaticFunctionOnStackBeforeClass(parent) - else -> false - } - } - } - - private fun argIsUnavailableTypeParameter(t: IrTypeArgument) = - t is IrTypeProjection && isUnavailableTypeParameter(t.type) - private fun useSimpleType(s: IrSimpleType, context: TypeContext): TypeResults { if (s.abbreviation != null) { // TODO: Extract this information @@ -735,13 +715,11 @@ open class KotlinUsesExtractor( } owner is IrClass -> { - val args = if (s.isRawType() || s.arguments.any { argIsUnavailableTypeParameter(it) }) null else s.arguments + val args = if (s.isRawType()) null else s.arguments return useSimpleTypeClass(owner, args, s.isNullable()) } owner is IrTypeParameter -> { - if (isUnavailableTypeParameter(s)) - return useType(erase(s), context) val javaResult = useTypeParameter(owner) val aClassId = makeClass("kotlin", "TypeParam") // TODO: Wrong val kotlinResult = if (true) TypeResult(fakeKotlinType(), "TODO", "TODO") else @@ -1474,7 +1452,13 @@ open class KotlinUsesExtractor( param.parent.let { (it as? IrFunction)?.let { fn -> if (this is KotlinFileExtractor) - this.declarationStack.findOverriddenAttributes(fn)?.id + this.declarationStack.findOverriddenAttributes(fn)?.takeUnless { + // When extracting the `static fun f$default(...)` that accompanies `fun f(val x: T? = defaultExpr, ...)`, + // `f$default` has no type parameters, and so there is no `f$default::T` to refer to. + // We have no good way to extract references to `T` in `defaultExpr`, so we just fall back on describing it + // in terms of `f::T`, even though that type variable ought to be out of scope here. + attribs -> attribs.typeParameters?.isEmpty() == true + }?.id else null } ?: diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 56dfcebfb1f..21b8949ce62 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.6 + +No user-facing changes. + ## 0.4.5 No user-facing changes. diff --git a/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md b/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md new file mode 100644 index 00000000000..b58bcd39d89 --- /dev/null +++ b/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* We now correctly handle empty block comments, like `/**/`. Previously these could be mistaken for Javadoc comments and led to attribution of Javadoc tags to the wrong declaration. diff --git a/java/ql/lib/change-notes/released/0.4.6.md b/java/ql/lib/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..8e652998eca --- /dev/null +++ b/java/ql/lib/change-notes/released/0.4.6.md @@ -0,0 +1,3 @@ +## 0.4.6 + +No user-facing changes. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 72dfa9440e6..3219ed8b7dc 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.4.6-dev +version: 0.5.0-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/Javadoc.qll b/java/ql/lib/semmle/code/java/Javadoc.qll index 23137d3619f..f14d8776ddc 100644 --- a/java/ql/lib/semmle/code/java/Javadoc.qll +++ b/java/ql/lib/semmle/code/java/Javadoc.qll @@ -33,7 +33,11 @@ class Javadoc extends JavadocParent, @javadoc { string getAuthor() { result = this.getATag("@author").getChild(0).toString() } override string toString() { - result = this.toStringPrefix() + this.getChild(0) + this.toStringPostfix() + exists(string childStr | + if exists(this.getChild(0)) then childStr = this.getChild(0).toString() else childStr = "" + | + result = this.toStringPrefix() + childStr + this.toStringPostfix() + ) } private string toStringPrefix() { @@ -48,7 +52,7 @@ class Javadoc extends JavadocParent, @javadoc { if isEolComment(this) then result = "" else ( - if strictcount(this.getAChild()) = 1 then result = " */" else result = " ... */" + if strictcount(this.getAChild()) > 1 then result = " ... */" else result = " */" ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll index b514ca94be7..dadcef4158e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll @@ -39,6 +39,14 @@ class WebViewGetUrlMethod extends Method { } } +/** The method `addJavascriptInterface` of the class `android.webkit.WebView` */ +class WebViewAddJavascriptInterfaceMethod extends Method { + WebViewAddJavascriptInterfaceMethod() { + this.getDeclaringType() instanceof TypeWebView and + this.hasName("addJavascriptInterface") + } +} + /** * A method allowing any-local-file and cross-origin access in the class `android.webkit.WebSettings`. */ diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll index 1b01be0377b..cb770ffe48a 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll @@ -85,6 +85,9 @@ module Impl implements RegexTreeViewSig { /** Gets the associated regex. */ abstract Regex getRegex(); + + /** Gets the last child term of this element. */ + RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) } } /** @@ -558,6 +561,17 @@ module Impl implements RegexTreeViewSig { } } + /** + * A character escape in a regular expression. + * + * Example: + * + * ``` + * \. + * ``` + */ + class RegExpCharEscape = RegExpEscape; + /** * A word boundary, that is, a regular expression term of the form `\b`. */ @@ -565,6 +579,13 @@ module Impl implements RegexTreeViewSig { RegExpWordBoundary() { this.getChar() = "\\b" } } + /** + * A non-word boundary, that is, a regular expression term of the form `\B`. + */ + class RegExpNonWordBoundary extends RegExpSpecialChar { + RegExpNonWordBoundary() { this.getChar() = "\\B" } + } + /** * Gets the hex number for the `hex` char. */ @@ -868,6 +889,9 @@ module Impl implements RegexTreeViewSig { predicate isNamedGroupOfLiteral(RegExpLiteral lit, string name) { lit = this.getLiteral() and name = this.getName() } + + /** Holds if this is a capture group. */ + predicate isCapture() { exists(this.getNumber()) } } /** @@ -917,6 +941,21 @@ module Impl implements RegexTreeViewSig { override string getPrimaryQLClass() { result = "RegExpDot" } } + /** + * A term that matches a specific position between characters in the string. + * + * Example: + * + * ``` + * ^ + * ``` + */ + class RegExpAnchor extends RegExpSpecialChar { + RegExpAnchor() { this.getChar() = ["$", "^"] } + + override string getPrimaryQLClass() { result = "RegExpAnchor" } + } + /** * A dollar assertion `$` matching the end of a line. * @@ -926,7 +965,7 @@ module Impl implements RegexTreeViewSig { * $ * ``` */ - class RegExpDollar extends RegExpSpecialChar { + class RegExpDollar extends RegExpAnchor { RegExpDollar() { this.getChar() = "$" } override string getPrimaryQLClass() { result = "RegExpDollar" } @@ -941,7 +980,7 @@ module Impl implements RegexTreeViewSig { * ^ * ``` */ - class RegExpCaret extends RegExpSpecialChar { + class RegExpCaret extends RegExpAnchor { RegExpCaret() { this.getChar() = "^" } override string getPrimaryQLClass() { result = "RegExpCaret" } diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll new file mode 100644 index 00000000000..70dc1a7a328 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll @@ -0,0 +1,140 @@ +/** Definitions for the Android Missing Certificate Pinning query. */ + +import java +import semmle.code.xml.AndroidManifest +import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.frameworks.Networking +import semmle.code.java.security.Encryption +import semmle.code.java.security.HttpsUrls + +/** An Android Network Security Configuration XML file. */ +class AndroidNetworkSecurityConfigFile extends XmlFile { + AndroidNetworkSecurityConfigFile() { + exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName | + confAttr.getElement() = app and + confAttr.getValue() = "@xml/" + confName and + this.getRelativePath().matches("%res/xml/" + confName + ".xml") and + this.getARootElement().getName() = "network-security-config" + ) + } +} + +/** Holds if this database is of an Android application. */ +predicate isAndroid() { exists(AndroidManifestXmlFile m) } + +/** Holds if the given domain name is trusted by the Network Security Configuration XML file. */ +private predicate trustedDomainViaXml(string domainName) { + exists( + AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain, + XmlElement trust + | + domConf.getFile() = confFile and + domConf.getName() = "domain-config" and + domain.getParent() = domConf and + domain.getName() = "domain" and + domain.getACharactersSet().getCharacters() = domainName and + trust.getParent() = domConf and + trust.getName() = ["trust-anchors", "pin-set"] + ) +} + +/** Holds if the given domain name is trusted by an OkHttp `CertificatePinner`. */ +private predicate trustedDomainViaOkHttp(string domainName) { + exists(CompileTimeConstantExpr domainExpr, MethodAccess certPinnerAdd | + domainExpr.getStringValue().replaceAll("*.", "") = domainName and // strip wildcard patterns like *.example.com + certPinnerAdd.getMethod().hasQualifiedName("okhttp3", "CertificatePinner$Builder", "add") and + DataFlow::localExprFlow(domainExpr, certPinnerAdd.getArgument(0)) + ) +} + +/** Holds if the given domain name is trusted by some certificate pinning implementation. */ +predicate trustedDomain(string domainName) { + trustedDomainViaXml(domainName) + or + trustedDomainViaOkHttp(domainName) +} + +/** + * Holds if `setSocketFactory` is a call to `HttpsURLConnection.setSSLSocketFactory` or `HttpsURLConnection.setDefaultSSLSocketFactory` + * that uses a socket factory derived from a `TrustManager`. + * `default` is true if the default SSL socket factory for all URLs is being set. + */ +private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) { + exists(MethodAccess getSocketFactory, MethodAccess initSslContext | + exists(Method m | setSocketFactory.getMethod() = m | + default = true and m instanceof SetDefaultConnectionFactoryMethod + or + default = false and m instanceof SetConnectionFactoryMethod + ) and + initSslContext.getMethod().getDeclaringType() instanceof SslContext and + initSslContext.getMethod().hasName("init") and + getSocketFactory.getMethod().getASourceOverriddenMethod*() instanceof GetSocketFactory and + not initSslContext.getArgument(1) instanceof NullLiteral and + DataFlow::localExprFlow(initSslContext.getQualifier(), getSocketFactory.getQualifier()) and + DataFlow::localExprFlow(getSocketFactory, setSocketFactory.getArgument(0)) + ) +} + +/** + * Holds if the given expression is an qualifier to a `URL.openConnection` or `URL.openStream` call + * that is trusted due to its SSL socket factory being set. + */ +private predicate trustedUrlConnection(Expr url) { + exists(MethodAccess openCon | + openCon.getMethod().getASourceOverriddenMethod*() instanceof UrlOpenConnectionMethod and + url = openCon.getQualifier() and + exists(MethodAccess setSocketFactory | + trustedSocketFactory(setSocketFactory, false) and + TaintTracking::localExprTaint(openCon, setSocketFactory.getQualifier()) + ) + ) + or + trustedSocketFactory(_, true) and + exists(MethodAccess open, Method m | + m instanceof UrlOpenConnectionMethod or m instanceof UrlOpenStreamMethod + | + open.getMethod().getASourceOverriddenMethod*() = m and + url = open.getQualifier() + ) +} + +private class MissingPinningSink extends DataFlow::Node { + MissingPinningSink() { + this instanceof UrlOpenSink and + not trustedUrlConnection(this.asExpr()) + } +} + +/** Configuration for finding uses of non trusted URLs. */ +private class UntrustedUrlConfig extends TaintTracking::Configuration { + UntrustedUrlConfig() { this = "UntrustedUrlConfig" } + + override predicate isSource(DataFlow::Node node) { + trustedDomain(_) and + exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() | + lit.matches("%://%") and // it's a URL + not exists(string dom | trustedDomain(dom) and lit.matches("%" + dom + "%")) + ) + } + + override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink } +} + +/** Holds if `node` is a network communication call for which certificate pinning is not implemented. */ +predicate missingPinning(DataFlow::Node node, string domain) { + isAndroid() and + node instanceof MissingPinningSink and + ( + not trustedDomain(_) and domain = "" + or + exists(UntrustedUrlConfig conf, DataFlow::Node src | + conf.hasFlow(src, node) and + domain = getDomain(src.asExpr()) + ) + ) +} + +/** Gets the domain name from the given string literal */ +private string getDomain(CompileTimeConstantExpr expr) { + result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)(/.*)?", 2) +} diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index 3a91ad342dd..c0c35103331 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -143,6 +143,7 @@ class CreateSslEngineMethod extends Method { } } +/** The `setConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */ class SetConnectionFactoryMethod extends Method { SetConnectionFactoryMethod() { this.hasName("setSSLSocketFactory") and @@ -150,6 +151,14 @@ class SetConnectionFactoryMethod extends Method { } } +/** The `setDefaultConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */ +class SetDefaultConnectionFactoryMethod extends Method { + SetDefaultConnectionFactoryMethod() { + this.hasName("setDefaultSSLSocketFactory") and + this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection + } +} + class SetHostnameVerifierMethod extends Method { SetHostnameVerifierMethod() { this.hasName("setHostnameVerifier") and diff --git a/java/ql/src/AlertSuppression.ql b/java/ql/src/AlertSuppression.ql index d37bd174692..99893d741b4 100644 --- a/java/ql/src/AlertSuppression.ql +++ b/java/ql/src/AlertSuppression.ql @@ -5,77 +5,17 @@ * @id java/alert-suppression */ -import java +private import codeql.suppression.AlertSuppression as AS +private import semmle.code.java.Javadoc -/** - * An alert suppression comment. - */ -class SuppressionComment extends Javadoc { - string annotation; - - SuppressionComment() { - // suppression comments must be single-line - ( - isEolComment(this) - or - isNormalComment(this) and exists(int line | this.hasLocationInfo(_, line, _, line, _)) - ) and - exists(string text | text = this.getChild(0).getText() | - // match `lgtm[...]` anywhere in the comment - annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _) - or - // match `lgtm` at the start of the comment and after semicolon - annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim() - ) +class SingleLineComment extends Javadoc { + SingleLineComment() { + isEolComment(this) + or + isNormalComment(this) and exists(int line | this.hasLocationInfo(_, line, _, line, _)) } - /** - * Gets the text of this suppression comment. - */ string getText() { result = this.getChild(0).getText() } - - /** Gets the suppression annotation in this comment. */ - string getAnnotation() { result = annotation } - - /** - * Holds if this comment applies to the range from column `startcolumn` of line `startline` - * to column `endcolumn` of line `endline` in file `filepath`. - */ - predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) { - this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and - startcolumn = 1 - } - - /** Gets the scope of this suppression. */ - SuppressionScope getScope() { this = result.getSuppressionComment() } } -/** - * The scope of an alert suppression comment. - */ -class SuppressionScope extends @javadoc instanceof SuppressionComment { - /** Gets a suppression comment with this scope. */ - SuppressionComment getSuppressionComment() { result = this } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - super.covers(filepath, startline, startcolumn, endline, endcolumn) - } - - /** Gets a textual representation of this element. */ - string toString() { result = "suppression range" } -} - -from SuppressionComment c -select c, // suppression comment - c.getText(), // text of suppression comment (excluding delimiters) - c.getAnnotation(), // text of suppression annotation - c.getScope() // scope of suppression +import AS::Make diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 5de970b8981..7bab127cafc 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.6 + +### Minor Analysis Improvements + +* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results. + ## 0.4.5 No user-facing changes. diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp new file mode 100644 index 00000000000..7917a96839d --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp @@ -0,0 +1,40 @@ + + + +

+ Calling the addJavascriptInterface method of + the android.webkit.WebView class allows the web pages of a + WebView to access a Java object's methods via JavaScript. +

+ +

+ Objects exposed to JavaScript are available in all frames of the + WebView. +

+ + + +

+ If you need to expose Java objects to JavaScript, guarantee that no + untrusted third-party content is loaded into the WebView. +

+ + + +

+ In the following (bad) example, a Java object is exposed to JavaScript. +

+ + + + + + +
  • + Android Documentation: addJavascriptInterface +
    • +     + +     diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql new file mode 100644 index 00000000000..1b6412138b1 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql @@ -0,0 +1,18 @@ +/** + * @name Access Java object methods through JavaScript exposure + * @id java/android-webview-addjavascriptinterface + * @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application. + * @kind problem + * @problem.severity warning + * @security-severity 6.1 + * @precision medium + * @tags security + * external/cwe/cwe-079 + */ + +import java +import semmle.code.java.frameworks.android.WebView + +from MethodAccess ma +where ma.getMethod() instanceof WebViewAddJavascriptInterfaceMethod +select ma, "JavaScript interface to Java object added in Android WebView." diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java new file mode 100644 index 00000000000..fb4e1182a5a --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java @@ -0,0 +1,23 @@ +import android.webkit.JavascriptInterface; +import android.database.sqlite.SQLiteOpenHelper; + +class ExposedObject extends SQLiteOpenHelper { + @JavascriptInterface + public String studentEmail(String studentName) { + // SQL injection + String query = "SELECT email FROM students WHERE studentname = '" + studentName + "'"; + + Cursor cursor = db.rawQuery(query, null); + cursor.moveToFirst(); + String email = cursor.getString(0); + + return email; + } +} + +webview.getSettings().setJavaScriptEnabled(true); +webview.addJavaScriptInterface(new ExposedObject(), "exposedObject"); +webview.loadData("", "text/html", null); + +String name = "Robert'; DROP TABLE students; --"; +webview.loadUrl("javascript:alert(exposedObject.studentEmail(\""+ name +"\"))"); diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp new file mode 100644 index 00000000000..007777372b5 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp @@ -0,0 +1,48 @@ + + + +

    +Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default. +In Android applications, it is reccomended to use certificate pinning when communicating over the network, +in order to minimize the risk of machine-in-the-middle attacks from a compromised CA. +

    +     + + +

    +The easiest way to implement certificate pinning is to declare your pins in a network-security-config XML file. +This will automatically provide certificate pinning for any network connection made by the app. +

    +

    +Another way to implement certificate pinning is to use the `CertificatePinner` class from the `okhttp` library. +

    +

    +A final way to implement certificate pinning is to use a TrustManager, initialized from a KeyStore loaded with only the necessary certificates. +

    + +     + + +

    +In the first (bad) case below, a network call is performed with no certificate pinning implemented. +The other (good) cases demonstrate the different ways to implement certificate pinning. +

    + + + +     + + +
  • + OWASP Mobile Security: Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4). +
    • +
  • + Android Developers: Network security configuration. +
    • +
  • + OkHttp: CertificatePinner. +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql new file mode 100644 index 00000000000..d42f956fc3d --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql @@ -0,0 +1,22 @@ +/** + * @name Android missing certificate pinning + * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications. + * @kind problem + * @problem.severity warning + * @security-severity 5.9 + * @precision medium + * @id java/android/missing-certificate-pinning + * @tags security + * external/cwe/cwe-295 + */ + +import java +import semmle.code.java.security.AndroidCertificatePinningQuery + +from DataFlow::Node node, string domain, string msg +where + missingPinning(node, domain) and + if domain = "" + then msg = "(no explicitly trusted domains)" + else msg = "(" + domain + " is not trusted by a pin)" +select node, "This network call does not implement certificate pinning. " + msg diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java new file mode 100644 index 00000000000..22b6f176f66 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java @@ -0,0 +1,2 @@ +// BAD - By default, this network call does not use certificate pinning +URLConnection conn = new URL("https://example.com").openConnection(); \ No newline at end of file diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml new file mode 100644 index 00000000000..dd656b97ba2 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml @@ -0,0 +1,21 @@ + + + + + + + ... + + + + + + + + good.example.com + + ... + + + \ No newline at end of file diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java new file mode 100644 index 00000000000..dd172f2fe9f --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java @@ -0,0 +1,26 @@ +// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner +CertificatePinner certificatePinner = new CertificatePinner.Builder() + .add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") + .build(); +OkHttpClient client = new OkHttpClient.Builder() + .certificatePinner(certificatePinner) + .build(); + +client.newCall(new Request.Builder().url("https://example.com").build()).execute(); + + + +// GOOD: Certificate pinning implemented via a TrustManager +KeyStore keyStore = KeyStore.getInstance("BKS"); +keyStore.load(resources.openRawResource(R.raw.cert), null); + +TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); +tmf.init(keyStore); + +SSLContext sslContext = SSLContext.getInstance("TLS"); +sslContext.init(null, tmf.getTrustManagers(), null); + +URL url = new URL("http://www.example.com/"); +HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); + +urlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md b/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md new file mode 100644 index 00000000000..ad2c46585f2 --- /dev/null +++ b/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md @@ -0,0 +1,5 @@ +--- +category: newQuery +--- +* Added a new query `java/android-webview-addjavascriptinterface` to detect the use of `addJavascriptInterface`, which can lead to cross-site scripting. + diff --git a/java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md b/java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md new file mode 100644 index 00000000000..3ec8f19aa18 --- /dev/null +++ b/java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `java/android/missing-certificate-pinning`, to find network calls where certificate pinning is not implemented. \ No newline at end of file diff --git a/java/ql/src/change-notes/released/0.4.6.md b/java/ql/src/change-notes/released/0.4.6.md new file mode 100644 index 00000000000..ae160f06a20 --- /dev/null +++ b/java/ql/src/change-notes/released/0.4.6.md @@ -0,0 +1,5 @@ +## 0.4.6 + +### Minor Analysis Improvements + +* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 466cd01cf4e..2b842473675 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.5 +lastReleaseVersion: 0.4.6 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 00070f5ccf2..87a5d3d62d0 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.4.6-dev +version: 0.5.0-dev groups: - java - queries @@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/java-code-scanning.qls dependencies: codeql/java-all: ${workspace} codeql/suite-helpers: ${workspace} + codeql/util: ${workspace} diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected index 13bd441dfcd..dcce5baa1da 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected @@ -1337,7 +1337,7 @@ test.kt: # 145| 0: [AssignExpr] ...=... # 145| 0: [VarAccess] p4 # 145| 1: [MethodAccess] listOf(...) -# 145| -2: [TypeAccess] Object +# 145| -2: [TypeAccess] T # 145| -1: [TypeAccess] CollectionsKt # 145| 0: [VarAccess] p2 # 145| 3: [IfStmt] if (...) @@ -1360,7 +1360,7 @@ test.kt: # 145| 0: [AssignExpr] ...=... # 145| 0: [VarAccess] p6 # 145| 1: [MethodAccess] listOf(...) -# 145| -2: [TypeAccess] Object +# 145| -2: [TypeAccess] S # 145| -1: [TypeAccess] CollectionsKt # 145| 0: [VarAccess] p1 # 145| 5: [ReturnStmt] return ... diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected index e69de29bb2d..e6ed6dd1432 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected @@ -0,0 +1,36 @@ +| test.kt:124:3:126:3 | ...=... | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | ...=... | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | p1 | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | p2 | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | p2 | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | p3 | test.kt:122:19:122:19 | T | +| test.kt:124:3:126:3 | p3 | test.kt:122:19:122:19 | T | +| test.kt:124:22:124:22 | p1 | test.kt:122:19:122:19 | T | +| test.kt:135:3:135:43 | ...=... | test.kt:122:19:122:19 | T | +| test.kt:135:3:135:43 | p1 | test.kt:122:19:122:19 | T | +| test.kt:135:3:135:43 | p2 | test.kt:122:19:122:19 | T | +| test.kt:135:3:135:43 | p2 | test.kt:122:19:122:19 | T | +| test.kt:135:3:135:43 | testReturn(...) | test.kt:122:19:122:19 | T | +| test.kt:145:3:147:3 | ...=... | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:3:147:3 | ...=... | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:3:147:3 | ...=... | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | ...=... | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | ...=... | test.kt:145:8:145:12 | S | +| test.kt:145:3:147:3 | p1 | test.kt:145:8:145:12 | S | +| test.kt:145:3:147:3 | p2 | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | p2 | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | p3 | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | p3 | test.kt:143:27:143:27 | T | +| test.kt:145:3:147:3 | p4 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:3:147:3 | p4 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:3:147:3 | p5 | test.kt:145:8:145:12 | S | +| test.kt:145:3:147:3 | p5 | test.kt:145:8:145:12 | S | +| test.kt:145:3:147:3 | p6 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:3:147:3 | p6 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:30:145:30 | p1 | test.kt:145:8:145:12 | S | +| test.kt:145:66:145:74 | T | test.kt:143:27:143:27 | T | +| test.kt:145:66:145:74 | listOf(...) | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:73:145:73 | p2 | test.kt:143:27:143:27 | T | +| test.kt:145:111:145:119 | S | test.kt:145:8:145:12 | S | +| test.kt:145:111:145:119 | listOf(...) | file:///modules/java.base/java/util/List.class:0:0:0:0 | List | +| test.kt:145:118:145:118 | p1 | test.kt:145:8:145:12 | S | diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql index 9bb2ad44c15..9818700479e 100644 --- a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql +++ b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql @@ -5,6 +5,8 @@ class InstantiatedType extends ParameterizedType { } // This checks that all type parameter references are erased in the context of a $default function. +// Note this is currently expected to fail since for the time being we extract type variable references +// even where they should be out of scope. predicate containsTypeVariables(Type t) { t instanceof TypeVariable or containsTypeVariables(t.(InstantiatedType).getATypeArgument()) or diff --git a/java/ql/test/library-tests/comments/PrintAst.expected b/java/ql/test/library-tests/comments/PrintAst.expected index be018582311..22280572238 100644 --- a/java/ql/test/library-tests/comments/PrintAst.expected +++ b/java/ql/test/library-tests/comments/PrintAst.expected @@ -14,6 +14,18 @@ Test.java: # 21| 3: [Method] test # 21| 3: [TypeAccess] void # 21| 5: [BlockStmt] { ... } +# 23| 4: [Method] method1 +# 23| 3: [TypeAccess] void +# 23| 5: [BlockStmt] { ... } +# 24| 5: [Method] method2 +# 24| 3: [TypeAccess] void +# 24| 5: [BlockStmt] { ... } +# 28| 6: [Method] method3 +#-----| 0: (Javadoc) +# 25| 1: [Javadoc] /** JavaDoc for method3 */ +# 26| 0: [JavadocText] JavaDoc for method3 +# 28| 3: [TypeAccess] void +# 28| 5: [BlockStmt] { ... } TestWindows.java: # 0| [CompilationUnit] TestWindows # 5| 1: [Class] TestWindows diff --git a/java/ql/test/library-tests/comments/Test.java b/java/ql/test/library-tests/comments/Test.java index 4f4fdb5b8f3..54e8a4e6ec3 100644 --- a/java/ql/test/library-tests/comments/Test.java +++ b/java/ql/test/library-tests/comments/Test.java @@ -19,4 +19,11 @@ class Test { // an end-of-line comment with trailing whitespace //an end-of-line comment without a leading space void test() {} // an end-of-line comment with preceding code + + void method1() { /**/ } // A block comment containing the /** JavaDoc prefix } + void method2() { } + /** + * JavaDoc for method3 + */ + void method3() { } } diff --git a/java/ql/test/library-tests/comments/toString.expected b/java/ql/test/library-tests/comments/toString.expected index f54af1cc996..27a8b6f8273 100644 --- a/java/ql/test/library-tests/comments/toString.expected +++ b/java/ql/test/library-tests/comments/toString.expected @@ -8,6 +8,9 @@ | Test.java:19:2:19:59 | // an end-of-line comment with trailing whitespace | | Test.java:20:2:20:49 | //an end-of-line comment without a leading space | | Test.java:21:17:21:61 | // an end-of-line comment with preceding code | +| Test.java:23:26:23:29 | /* */ | +| Test.java:23:33:23:86 | // A block comment containing the /** JavaDoc prefix } | +| Test.java:25:9:27:11 | /** JavaDoc for method3 */ | | TestWindows.java:1:1:4:3 | /** A JavaDoc comment ... */ | | TestWindows.java:6:2:6:45 | /** A JavaDoc comment with a single line. */ | | TestWindows.java:8:3:8:27 | // a single-line comment | diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected new file mode 100644 index 00000000000..6974a4a8511 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected @@ -0,0 +1 @@ +| WebViewAddJavascriptInterface.java:10:9:10:61 | addJavascriptInterface(...) | JavaScript interface to Java object added in Android WebView. | diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java new file mode 100644 index 00000000000..50fc3847705 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java @@ -0,0 +1,12 @@ +package com.example.test; + +import android.webkit.WebView; + +class WebViewAddJavascriptInterface { + class Greeter { + } + + public void addGreeter(WebView view) { + view.addJavascriptInterface(new Greeter(), "greeter"); + } +} diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref new file mode 100644 index 00000000000..1161c47dda6 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref @@ -0,0 +1 @@ +Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml new file mode 100644 index 00000000000..da5cdabce67 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java new file mode 100644 index 00000000000..ed141d80521 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java @@ -0,0 +1,12 @@ +import java.net.URL; +import java.net.URLConnection; + +class Test{ + URLConnection test1() throws Exception { + return new URL("https://good.example.com").openConnection(); + } + + URLConnection test2() throws Exception { + return new URL("https://bad.example.com").openConnection(); // $hasUntrustedResult + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options new file mode 100644 index 00000000000..7d1644b057b --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options @@ -0,0 +1 @@ +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0 \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml new file mode 100644 index 00000000000..e2810ff7e1a --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml @@ -0,0 +1,9 @@ + + + + good.example.com + + ... + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql new file mode 100644 index 00000000000..91a23044730 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql @@ -0,0 +1,19 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.AndroidCertificatePinningQuery + +class Test extends InlineExpectationsTest { + Test() { this = "AndroidMissingCertificatePinningTest" } + + override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] } + + override predicate hasActualResult(Location loc, string el, string tag, string value) { + exists(DataFlow::Node node | + missingPinning(node, _) and + loc = node.getLocation() and + el = node.toString() and + value = "" and + if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult" + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml new file mode 100644 index 00000000000..da5cdabce67 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java new file mode 100644 index 00000000000..9f68c503b46 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java @@ -0,0 +1,8 @@ +import java.net.URL; +import java.net.URLConnection; + +class Test{ + URLConnection test2() throws Exception { + return new URL("https://example.com").openConnection(); // $hasNoTrustedResult + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options new file mode 100644 index 00000000000..7d1644b057b --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options @@ -0,0 +1 @@ +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0 \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml new file mode 100644 index 00000000000..3fd128a05a2 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql new file mode 100644 index 00000000000..6dc626a59e0 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql @@ -0,0 +1,23 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.AndroidCertificatePinningQuery + +class Test extends InlineExpectationsTest { + Test() { this = "AndroidMissingCertificatePinningTest" } + + override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] } + + override predicate hasActualResult(Location loc, string el, string tag, string value) { + exists(DataFlow::Node node | + missingPinning(node, _) and + loc = node.getLocation() and + el = node.toString() and + value = "" and + ( + if exists(string x | trustedDomain(x)) + then tag = "hasUntrustedResult" + else tag = "hasNoTrustedResult" + ) + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml new file mode 100644 index 00000000000..da5cdabce67 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java new file mode 100644 index 00000000000..6a8ff8ed9d8 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java @@ -0,0 +1,17 @@ +import okhttp3.OkHttpClient; +import okhttp3.CertificatePinner; +import okhttp3.Request; + +class Test{ + void test1() throws Exception { + CertificatePinner certificatePinner = new CertificatePinner.Builder() + .add("good.example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") + .build(); + OkHttpClient client = new OkHttpClient.Builder() + .certificatePinner(certificatePinner) + .build(); + + client.newCall(new Request.Builder().url("https://good.example.com").build()).execute(); + client.newCall(new Request.Builder().url("https://bad.example.com").build()).execute(); // $hasUntrustedResult + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options new file mode 100644 index 00000000000..1983e5973d9 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options @@ -0,0 +1 @@ +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/okhttp-4.9.3 \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml new file mode 100644 index 00000000000..3fd128a05a2 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql new file mode 100644 index 00000000000..6dc626a59e0 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql @@ -0,0 +1,23 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.AndroidCertificatePinningQuery + +class Test extends InlineExpectationsTest { + Test() { this = "AndroidMissingCertificatePinningTest" } + + override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] } + + override predicate hasActualResult(Location loc, string el, string tag, string value) { + exists(DataFlow::Node node | + missingPinning(node, _) and + loc = node.getLocation() and + el = node.toString() and + value = "" and + ( + if exists(string x | trustedDomain(x)) + then tag = "hasUntrustedResult" + else tag = "hasNoTrustedResult" + ) + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml new file mode 100644 index 00000000000..da5cdabce67 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java new file mode 100644 index 00000000000..16f953ea106 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java @@ -0,0 +1,7 @@ +package com.example; + +class R { + static final class raw { + static final int cert = 0; + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java new file mode 100644 index 00000000000..fd745a0ca1c --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java @@ -0,0 +1,32 @@ +package com.example; + +import java.net.URL; +import java.net.URLConnection; +import java.security.KeyStore; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import android.content.res.Resources; + +class Test{ + void test1(Resources resources) throws Exception { + KeyStore keyStore = KeyStore.getInstance("BKS"); + keyStore.load(resources.openRawResource(R.raw.cert), null); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(keyStore); + + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, tmf.getTrustManagers(), null); + + URL url = new URL("http://www.example.com/"); + HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); + + urlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); + } + + void test2() throws Exception { + URL url = new URL("http://www.example.com/"); + HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); // $hasNoTrustedResult + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options new file mode 100644 index 00000000000..7d1644b057b --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options @@ -0,0 +1 @@ +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0 \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml new file mode 100644 index 00000000000..3fd128a05a2 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql new file mode 100644 index 00000000000..6dc626a59e0 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql @@ -0,0 +1,23 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.AndroidCertificatePinningQuery + +class Test extends InlineExpectationsTest { + Test() { this = "AndroidMissingCertificatePinningTest" } + + override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] } + + override predicate hasActualResult(Location loc, string el, string tag, string value) { + exists(DataFlow::Node node | + missingPinning(node, _) and + loc = node.getLocation() and + el = node.toString() and + value = "" and + ( + if exists(string x | trustedDomain(x)) + then tag = "hasUntrustedResult" + else tag = "hasNoTrustedResult" + ) + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml new file mode 100644 index 00000000000..da5cdabce67 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java new file mode 100644 index 00000000000..16f953ea106 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java @@ -0,0 +1,7 @@ +package com.example; + +class R { + static final class raw { + static final int cert = 0; + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java new file mode 100644 index 00000000000..00aa99775c1 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java @@ -0,0 +1,35 @@ +package com.example; + +import java.net.URL; +import java.net.URLConnection; +import java.io.InputStream; +import java.security.KeyStore; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import android.content.res.Resources; + +class Test{ + void init(Resources resources) throws Exception { + KeyStore keyStore = KeyStore.getInstance("BKS"); + keyStore.load(resources.openRawResource(R.raw.cert), null); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(keyStore); + + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, tmf.getTrustManagers(), null); + + HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); + } + + URLConnection test1() throws Exception { + URL url = new URL("http://www.example.com/"); + return url.openConnection(); + } + + InputStream test2() throws Exception { + URL url = new URL("http://www.example.com/"); + return url.openStream(); + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options new file mode 100644 index 00000000000..7d1644b057b --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options @@ -0,0 +1 @@ +// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0 \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml new file mode 100644 index 00000000000..3fd128a05a2 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql new file mode 100644 index 00000000000..6dc626a59e0 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql @@ -0,0 +1,23 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.AndroidCertificatePinningQuery + +class Test extends InlineExpectationsTest { + Test() { this = "AndroidMissingCertificatePinningTest" } + + override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] } + + override predicate hasActualResult(Location loc, string el, string tag, string value) { + exists(DataFlow::Node node | + missingPinning(node, _) and + loc = node.getLocation() and + el = node.toString() and + value = "" and + ( + if exists(string x | trustedDomain(x)) + then tag = "hasUntrustedResult" + else tag = "hasNoTrustedResult" + ) + ) + } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java new file mode 100644 index 00000000000..ddab28a7fc8 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.net.SocketFactory for testing purposes + +package javax.net; + +import java.net.InetAddress; +import java.net.Socket; + +abstract public class SocketFactory +{ + protected SocketFactory(){} + public Socket createSocket(){ return null; } + public abstract Socket createSocket(InetAddress p0, int p1); + public abstract Socket createSocket(InetAddress p0, int p1, InetAddress p2, int p3); + public abstract Socket createSocket(String p0, int p1); + public abstract Socket createSocket(String p0, int p1, InetAddress p2, int p3); + public static SocketFactory getDefault(){ return null; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java new file mode 100644 index 00000000000..c692761701e --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java @@ -0,0 +1,24 @@ +// Generated automatically from javax.net.ssl.HandshakeCompletedEvent for testing purposes + +package javax.net.ssl; + +import java.security.Principal; +import java.security.cert.Certificate; +import java.util.EventObject; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.security.cert.X509Certificate; + +public class HandshakeCompletedEvent extends EventObject +{ + protected HandshakeCompletedEvent() { super(null); } // manually corrected + public Certificate[] getLocalCertificates(){ return null; } + public Certificate[] getPeerCertificates(){ return null; } + public HandshakeCompletedEvent(SSLSocket p0, SSLSession p1){ super(null); } // manually corrected + public Principal getLocalPrincipal(){ return null; } + public Principal getPeerPrincipal(){ return null; } + public SSLSession getSession(){ return null; } + public SSLSocket getSocket(){ return null; } + public String getCipherSuite(){ return null; } + public X509Certificate[] getPeerCertificateChain(){ return null; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java new file mode 100644 index 00000000000..c920530baef --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java @@ -0,0 +1,11 @@ +// Generated automatically from javax.net.ssl.HandshakeCompletedListener for testing purposes + +package javax.net.ssl; + +import java.util.EventListener; +import javax.net.ssl.HandshakeCompletedEvent; + +public interface HandshakeCompletedListener extends EventListener +{ + void handshakeCompleted(HandshakeCompletedEvent p0); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java new file mode 100644 index 00000000000..891b2623061 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java @@ -0,0 +1,10 @@ +// Generated automatically from javax.net.ssl.HostnameVerifier for testing purposes + +package javax.net.ssl; + +import javax.net.ssl.SSLSession; + +public interface HostnameVerifier +{ + boolean verify(String p0, SSLSession p1); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java new file mode 100644 index 00000000000..4a346519f18 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java @@ -0,0 +1,13 @@ +// Generated automatically from javax.net.ssl.SNIMatcher for testing purposes + +package javax.net.ssl; + +import javax.net.ssl.SNIServerName; + +abstract public class SNIMatcher +{ + protected SNIMatcher() {} + protected SNIMatcher(int p0){} + public abstract boolean matches(SNIServerName p0); + public final int getType(){ return 0; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java new file mode 100644 index 00000000000..119f884b2e6 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java @@ -0,0 +1,15 @@ +// Generated automatically from javax.net.ssl.SNIServerName for testing purposes + +package javax.net.ssl; + + +abstract public class SNIServerName +{ + protected SNIServerName() {} + protected SNIServerName(int p0, byte[] p1){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final byte[] getEncoded(){ return null; } + public final int getType(){ return 0; } + public int hashCode(){ return 0; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java new file mode 100644 index 00000000000..522fde0d61f --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java @@ -0,0 +1,36 @@ +// Generated automatically from javax.net.ssl.SSLParameters for testing purposes + +package javax.net.ssl; + +import java.security.AlgorithmConstraints; +import java.util.Collection; +import java.util.List; +import javax.net.ssl.SNIMatcher; +import javax.net.ssl.SNIServerName; + +public class SSLParameters +{ + public AlgorithmConstraints getAlgorithmConstraints(){ return null; } + public SSLParameters(){} + public SSLParameters(String[] p0){} + public SSLParameters(String[] p0, String[] p1){} + public String getEndpointIdentificationAlgorithm(){ return null; } + public String[] getApplicationProtocols(){ return null; } + public String[] getCipherSuites(){ return null; } + public String[] getProtocols(){ return null; } + public boolean getNeedClientAuth(){ return false; } + public boolean getWantClientAuth(){ return false; } + public final Collection getSNIMatchers(){ return null; } + public final List getServerNames(){ return null; } + public final boolean getUseCipherSuitesOrder(){ return false; } + public final void setSNIMatchers(Collection p0){} + public final void setServerNames(List p0){} + public final void setUseCipherSuitesOrder(boolean p0){} + public void setAlgorithmConstraints(AlgorithmConstraints p0){} + public void setApplicationProtocols(String[] p0){} + public void setCipherSuites(String[] p0){} + public void setEndpointIdentificationAlgorithm(String p0){} + public void setNeedClientAuth(boolean p0){} + public void setProtocols(String[] p0){} + public void setWantClientAuth(boolean p0){} +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java new file mode 100644 index 00000000000..9afb7abecb3 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java @@ -0,0 +1,33 @@ +// Generated automatically from javax.net.ssl.SSLSession for testing purposes + +package javax.net.ssl; + +import java.security.Principal; +import java.security.cert.Certificate; +import javax.net.ssl.SSLSessionContext; +import javax.security.cert.X509Certificate; + +public interface SSLSession +{ + Certificate[] getLocalCertificates(); + Certificate[] getPeerCertificates(); + Object getValue(String p0); + Principal getLocalPrincipal(); + Principal getPeerPrincipal(); + SSLSessionContext getSessionContext(); + String getCipherSuite(); + String getPeerHost(); + String getProtocol(); + String[] getValueNames(); + X509Certificate[] getPeerCertificateChain(); + boolean isValid(); + byte[] getId(); + int getApplicationBufferSize(); + int getPacketBufferSize(); + int getPeerPort(); + long getCreationTime(); + long getLastAccessedTime(); + void invalidate(); + void putValue(String p0, Object p1); + void removeValue(String p0); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java new file mode 100644 index 00000000000..c0d9c6ef650 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java @@ -0,0 +1,16 @@ +// Generated automatically from javax.net.ssl.SSLSessionContext for testing purposes + +package javax.net.ssl; + +import java.util.Enumeration; +import javax.net.ssl.SSLSession; + +public interface SSLSessionContext +{ + Enumeration getIds(); + SSLSession getSession(byte[] p0); + int getSessionCacheSize(); + int getSessionTimeout(); + void setSessionCacheSize(int p0); + void setSessionTimeout(int p0); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java new file mode 100644 index 00000000000..2145c1b8c37 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java @@ -0,0 +1,45 @@ +// Generated automatically from javax.net.ssl.SSLSocket for testing purposes + +package javax.net.ssl; + +import java.net.InetAddress; +import java.net.Socket; +import java.util.List; +import java.util.function.BiFunction; +import javax.net.ssl.HandshakeCompletedListener; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSession; + +abstract public class SSLSocket extends Socket +{ + protected SSLSocket(){} + protected SSLSocket(InetAddress p0, int p1){} + protected SSLSocket(InetAddress p0, int p1, InetAddress p2, int p3){} + protected SSLSocket(String p0, int p1){} + protected SSLSocket(String p0, int p1, InetAddress p2, int p3){} + public BiFunction, String> getHandshakeApplicationProtocolSelector(){ return null; } + public SSLParameters getSSLParameters(){ return null; } + public SSLSession getHandshakeSession(){ return null; } + public String getApplicationProtocol(){ return null; } + public String getHandshakeApplicationProtocol(){ return null; } + public abstract SSLSession getSession(); + public abstract String[] getEnabledCipherSuites(); + public abstract String[] getEnabledProtocols(); + public abstract String[] getSupportedCipherSuites(); + public abstract String[] getSupportedProtocols(); + public abstract boolean getEnableSessionCreation(); + public abstract boolean getNeedClientAuth(); + public abstract boolean getUseClientMode(); + public abstract boolean getWantClientAuth(); + public abstract void addHandshakeCompletedListener(HandshakeCompletedListener p0); + public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener p0); + public abstract void setEnableSessionCreation(boolean p0); + public abstract void setEnabledCipherSuites(String[] p0); + public abstract void setEnabledProtocols(String[] p0); + public abstract void setNeedClientAuth(boolean p0); + public abstract void setUseClientMode(boolean p0); + public abstract void setWantClientAuth(boolean p0); + public abstract void startHandshake(); + public void setHandshakeApplicationProtocolSelector(BiFunction, String> p0){} + public void setSSLParameters(SSLParameters p0){} +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java new file mode 100644 index 00000000000..47c40526842 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.net.ssl.SSLSocketFactory for testing purposes + +package javax.net.ssl; + +import java.io.InputStream; +import java.net.Socket; +import javax.net.SocketFactory; + +abstract public class SSLSocketFactory extends SocketFactory +{ + public SSLSocketFactory(){} + public Socket createSocket(Socket p0, InputStream p1, boolean p2){ return null; } + public abstract Socket createSocket(Socket p0, String p1, int p2, boolean p3); + public abstract String[] getDefaultCipherSuites(); + public abstract String[] getSupportedCipherSuites(); + public static SocketFactory getDefault(){ return null; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java new file mode 100644 index 00000000000..6698b99ac42 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java @@ -0,0 +1,8 @@ +// Generated automatically from javax.net.ssl.TrustManager for testing purposes + +package javax.net.ssl; + + +public interface TrustManager +{ +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java new file mode 100644 index 00000000000..45a0aa5867a --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java @@ -0,0 +1,13 @@ +// Generated automatically from javax.net.ssl.X509TrustManager for testing purposes + +package javax.net.ssl; + +import java.security.cert.X509Certificate; +import javax.net.ssl.TrustManager; + +public interface X509TrustManager extends TrustManager +{ + X509Certificate[] getAcceptedIssuers(); + void checkClientTrusted(X509Certificate[] p0, String p1); + void checkServerTrusted(X509Certificate[] p0, String p1); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java new file mode 100644 index 00000000000..56545088a1b --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.security.cert.Certificate for testing purposes + +package javax.security.cert; + +import java.security.PublicKey; + +abstract public class Certificate +{ + public Certificate(){} + public abstract PublicKey getPublicKey(); + public abstract String toString(); + public abstract byte[] getEncoded(); + public abstract void verify(PublicKey p0); + public abstract void verify(PublicKey p0, String p1); + public boolean equals(Object p0){ return false; } + public int hashCode(){ return 0; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java new file mode 100644 index 00000000000..ab526d827a3 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java @@ -0,0 +1,27 @@ +// Generated automatically from javax.security.cert.X509Certificate for testing purposes + +package javax.security.cert; + +import java.io.InputStream; +import java.math.BigInteger; +import java.security.Principal; +import java.util.Date; +import javax.security.cert.Certificate; + +abstract public class X509Certificate extends Certificate +{ + public X509Certificate(){} + public abstract BigInteger getSerialNumber(); + public abstract Date getNotAfter(); + public abstract Date getNotBefore(); + public abstract Principal getIssuerDN(); + public abstract Principal getSubjectDN(); + public abstract String getSigAlgName(); + public abstract String getSigAlgOID(); + public abstract byte[] getSigAlgParams(); + public abstract int getVersion(); + public abstract void checkValidity(); + public abstract void checkValidity(Date p0); + public static X509Certificate getInstance(InputStream p0){ return null; } + public static X509Certificate getInstance(byte[] p0){ return null; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java new file mode 100644 index 00000000000..87ed291f07d --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java @@ -0,0 +1,14 @@ +// Generated automatically from kotlin.collections.IntIterator for testing purposes + +package kotlin.collections; + +import java.util.Iterator; +import kotlin.jvm.internal.markers.KMappedMarker; + +abstract public class IntIterator implements Iterator, KMappedMarker +{ + public IntIterator(){} + public abstract int nextInt(); + public final Integer next(){ return null; } + public void remove(){} +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java new file mode 100644 index 00000000000..775d4d8369b --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java @@ -0,0 +1,10 @@ +// Generated automatically from kotlin.jvm.functions.Function1 for testing purposes + +package kotlin.jvm.functions; + +import kotlin.Function; + +public interface Function1 extends Function +{ + R invoke(P1 p0); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java new file mode 100644 index 00000000000..36880bd56db --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java @@ -0,0 +1,12 @@ +// Generated automatically from kotlin.ranges.ClosedRange for testing purposes + +package kotlin.ranges; + + +public interface ClosedRange> +{ + T getEndInclusive(); + T getStart(); + boolean contains(T p0); + boolean isEmpty(); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java new file mode 100644 index 00000000000..3cf69027397 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java @@ -0,0 +1,26 @@ +// Generated automatically from kotlin.ranges.IntProgression for testing purposes + +package kotlin.ranges; + +import kotlin.collections.IntIterator; +import kotlin.jvm.internal.markers.KMappedMarker; + +public class IntProgression implements Iterable, KMappedMarker +{ + protected IntProgression() {} + public IntIterator iterator(){ return null; } + public IntProgression(int p0, int p1, int p2){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public boolean isEmpty(){ return false; } + public final int getFirst(){ return 0; } + public final int getLast(){ return 0; } + public final int getStep(){ return 0; } + public int hashCode(){ return 0; } + public static IntProgression.Companion Companion = null; + static public class Companion + { + protected Companion() {} + public final IntProgression fromClosedRange(int p0, int p1, int p2){ return null; } + } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java new file mode 100644 index 00000000000..eebf2a6fd34 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java @@ -0,0 +1,25 @@ +// Generated automatically from kotlin.ranges.IntRange for testing purposes + +package kotlin.ranges; + +import kotlin.ranges.ClosedRange; +import kotlin.ranges.IntProgression; + +public class IntRange extends IntProgression implements ClosedRange +{ + protected IntRange() {} + public IntRange(int p0, int p1){} + public Integer getEndInclusive(){ return null; } + public Integer getStart(){ return null; } + public String toString(){ return null; } + public boolean contains(Integer p0){ return false; } // manually corrected + public boolean equals(Object p0){ return false; } + public boolean isEmpty(){ return false; } + public int hashCode(){ return 0; } + public static IntRange.Companion Companion = null; + static public class Companion + { + protected Companion() {} + public final IntRange getEMPTY(){ return null; } + } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java new file mode 100644 index 00000000000..6f57a5a443a --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java @@ -0,0 +1,10 @@ +// Generated automatically from kotlin.sequences.Sequence for testing purposes + +package kotlin.sequences; + +import java.util.Iterator; + +public interface Sequence +{ + Iterator iterator(); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java new file mode 100644 index 00000000000..8ec20898544 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java @@ -0,0 +1,10 @@ +// Generated automatically from kotlin.text.FlagEnum for testing purposes + +package kotlin.text; + + +interface FlagEnum +{ + int getMask(); + int getValue(); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java new file mode 100644 index 00000000000..e90a0ea9264 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java @@ -0,0 +1,19 @@ +// Generated automatically from kotlin.text.MatchGroup for testing purposes + +package kotlin.text; + +import kotlin.ranges.IntRange; + +public class MatchGroup +{ + protected MatchGroup() {} + public MatchGroup(String p0, IntRange p1){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final IntRange component2(){ return null; } + public final IntRange getRange(){ return null; } + public final MatchGroup copy(String p0, IntRange p1){ return null; } + public final String component1(){ return null; } + public final String getValue(){ return null; } + public int hashCode(){ return 0; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java new file mode 100644 index 00000000000..ca401ed1a98 --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java @@ -0,0 +1,12 @@ +// Generated automatically from kotlin.text.MatchGroupCollection for testing purposes + +package kotlin.text; + +import java.util.Collection; +import kotlin.jvm.internal.markers.KMappedMarker; +import kotlin.text.MatchGroup; + +public interface MatchGroupCollection extends Collection, KMappedMarker +{ + MatchGroup get(int p0); +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java new file mode 100644 index 00000000000..888b629712c --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java @@ -0,0 +1,24 @@ +// Generated automatically from kotlin.text.MatchResult for testing purposes + +package kotlin.text; + +import java.util.List; +import kotlin.ranges.IntRange; +import kotlin.text.MatchGroupCollection; + +public interface MatchResult +{ + IntRange getRange(); + List getGroupValues(); + MatchGroupCollection getGroups(); + MatchResult next(); + MatchResult.Destructured getDestructured(); + String getValue(); + static public class Destructured + { + protected Destructured() {} + public Destructured(MatchResult p0){} + public final List toList(){ return null; } + public final MatchResult getMatch(){ return null; } + } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java new file mode 100644 index 00000000000..f587f461b2e --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java @@ -0,0 +1,42 @@ +// Generated automatically from kotlin.text.Regex for testing purposes + +package kotlin.text; + +import java.io.Serializable; +import java.util.List; +import java.util.Set; +import java.util.regex.Pattern; +import kotlin.jvm.functions.Function1; +import kotlin.sequences.Sequence; +import kotlin.text.MatchResult; +import kotlin.text.RegexOption; + +public class Regex implements Serializable +{ + protected Regex() {} + public Regex(Pattern p0){} + public Regex(String p0){} + public Regex(String p0, RegexOption p1){} + public Regex(String p0, Set p1){} + public String toString(){ return null; } + public final List split(CharSequence p0, int p1){ return null; } + public final MatchResult find(CharSequence p0, int p1){ return null; } + public final MatchResult matchEntire(CharSequence p0){ return null; } + public final Pattern toPattern(){ return null; } + public final Sequence findAll(CharSequence p0, int p1){ return null; } + public final Set getOptions(){ return null; } + public final String getPattern(){ return null; } + public final String replace(CharSequence p0, Function1 p1){ return null; } + public final String replace(CharSequence p0, String p1){ return null; } + public final String replaceFirst(CharSequence p0, String p1){ return null; } + public final boolean containsMatchIn(CharSequence p0){ return false; } + public final boolean matches(CharSequence p0){ return false; } + public static Regex.Companion Companion = null; + static public class Companion + { + protected Companion() {} + public final Regex fromLiteral(String p0){ return null; } + public final String escape(String p0){ return null; } + public final String escapeReplacement(String p0){ return null; } + } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java new file mode 100644 index 00000000000..7cc222eb40a --- /dev/null +++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java @@ -0,0 +1,12 @@ +// Generated automatically from kotlin.text.RegexOption for testing purposes + +package kotlin.text; + + +public enum RegexOption +{ + CANON_EQ, COMMENTS, DOT_MATCHES_ALL, IGNORE_CASE, LITERAL, MULTILINE, UNIX_LINES; + private RegexOption() {} + public int getMask(){ return 0; } + public int getValue(){ return 0; } +} diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java index aa50e384773..b28b7349323 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java @@ -15,70 +15,23 @@ import okhttp3.Dns; import okhttp3.HttpUrl; import okhttp3.Protocol; -public class Address { +public class Address +{ protected Address() {} - - public Address(String p0, int p1, Dns p2, SocketFactory p3, SSLSocketFactory p4, - HostnameVerifier p5, CertificatePinner p6, Authenticator p7, Proxy p8, - List p9, List p10, ProxySelector p11) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final Authenticator proxyAuthenticator() { - return null; - } - - public final CertificatePinner certificatePinner() { - return null; - } - - public final Dns dns() { - return null; - } - - public final HostnameVerifier hostnameVerifier() { - return null; - } - - public final HttpUrl url() { - return null; - } - - public final List connectionSpecs() { - return null; - } - - public final List protocols() { - return null; - } - - public final Proxy proxy() { - return null; - } - - public final ProxySelector proxySelector() { - return null; - } - - public final SSLSocketFactory sslSocketFactory() { - return null; - } - - public final SocketFactory socketFactory() { - return null; - } - - public final boolean equalsNonHost$okhttp(Address p0) { - return false; - } - - public int hashCode() { - return 0; - } + public Address(String p0, int p1, Dns p2, SocketFactory p3, SSLSocketFactory p4, HostnameVerifier p5, CertificatePinner p6, Authenticator p7, Proxy p8, List p9, List p10, ProxySelector p11){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final Authenticator proxyAuthenticator(){ return null; } + public final CertificatePinner certificatePinner(){ return null; } + public final Dns dns(){ return null; } + public final HostnameVerifier hostnameVerifier(){ return null; } + public final HttpUrl url(){ return null; } + public final List connectionSpecs(){ return null; } + public final List protocols(){ return null; } + public final Proxy proxy(){ return null; } + public final ProxySelector proxySelector(){ return null; } + public final SSLSocketFactory sslSocketFactory(){ return null; } + public final SocketFactory socketFactory(){ return null; } + public final boolean equalsNonHost$okhttp(Address p0){ return false; } + public int hashCode(){ return 0; } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java index 789ff82e4f8..51980a27f0e 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java @@ -16,122 +16,46 @@ import okhttp3.internal.cache.DiskLruCache; import okhttp3.internal.io.FileSystem; import okio.BufferedSource; -public class Cache implements Closeable, Flushable { +public class Cache implements Closeable, Flushable +{ protected Cache() {} - - public Cache(File p0, long p1) {} - - public Cache(File p0, long p1, FileSystem p2) {} - - public final CacheRequest put$okhttp(Response p0) { - return null; - } - - public final DiskLruCache getCache$okhttp() { - return null; - } - - public final File directory() { - return null; - } - - public final Iterator urls() { - return null; - } - - public final Response get$okhttp(Request p0) { - return null; - } - - public final boolean isClosed() { - return false; - } - - public final int getWriteAbortCount$okhttp() { - return 0; - } - - public final int getWriteSuccessCount$okhttp() { - return 0; - } - - public final int hitCount() { - return 0; - } - - public final int networkCount() { - return 0; - } - - public final int requestCount() { - return 0; - } - - public final int writeAbortCount() { - return 0; - } - - public final int writeSuccessCount() { - return 0; - } - - public final long maxSize() { - return 0; - } - - public final long size() { - return 0; - } - - public final void delete() {} - - public final void evictAll() {} - - public final void initialize() {} - - public final void remove$okhttp(Request p0) {} - - public final void setWriteAbortCount$okhttp(int p0) {} - - public final void setWriteSuccessCount$okhttp(int p0) {} - - public final void trackConditionalCacheHit$okhttp() {} - - public final void trackResponse$okhttp(CacheStrategy p0) {} - - public final void update$okhttp(Response p0, Response p1) {} - + public Cache(File p0, long p1){} + public Cache(File p0, long p1, FileSystem p2){} + public final CacheRequest put$okhttp(Response p0){ return null; } + public final DiskLruCache getCache$okhttp(){ return null; } + public final File directory(){ return null; } + public final Iterator urls(){ return null; } + public final Response get$okhttp(Request p0){ return null; } + public final boolean isClosed(){ return false; } + public final int getWriteAbortCount$okhttp(){ return 0; } + public final int getWriteSuccessCount$okhttp(){ return 0; } + public final int hitCount(){ return 0; } + public final int networkCount(){ return 0; } + public final int requestCount(){ return 0; } + public final int writeAbortCount(){ return 0; } + public final int writeSuccessCount(){ return 0; } + public final long maxSize(){ return 0; } + public final long size(){ return 0; } + public final void delete(){} + public final void evictAll(){} + public final void initialize(){} + public final void remove$okhttp(Request p0){} + public final void setWriteAbortCount$okhttp(int p0){} + public final void setWriteSuccessCount$okhttp(int p0){} + public final void trackConditionalCacheHit$okhttp(){} + public final void trackResponse$okhttp(CacheStrategy p0){} + public final void update$okhttp(Response p0, Response p1){} public static Cache.Companion Companion = null; - - public static String key(HttpUrl p0) { - return null; - } - - public void close() {} - - public void flush() {} - - static public class Companion { + public static String key(HttpUrl p0){ return null; } + public void close(){} + public void flush(){} + static public class Companion + { protected Companion() {} - - public final Headers varyHeaders(Response p0) { - return null; - } - - public final String key(HttpUrl p0) { - return null; - } - - public final boolean hasVaryAll(Response p0) { - return false; - } - - public final boolean varyMatches(Response p0, Headers p1, Request p2) { - return false; - } - - public final int readInt$okhttp(BufferedSource p0) { - return 0; - } + public final Headers varyHeaders(Response p0){ return null; } + public final String key(HttpUrl p0){ return null; } + public final boolean hasVaryAll(Response p0){ return false; } + public final boolean varyMatches(Response p0, Headers p1, Request p2){ return false; } + public final int readInt$okhttp(BufferedSource p0){ return 0; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java index 564f1cad733..80282b01ec3 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java @@ -4,75 +4,29 @@ package okhttp3; import okhttp3.Headers; -public class CacheControl { +public class CacheControl +{ protected CacheControl() {} - - public String toString() { - return null; - } - - public final boolean immutable() { - return false; - } - - public final boolean isPrivate() { - return false; - } - - public final boolean isPublic() { - return false; - } - - public final boolean mustRevalidate() { - return false; - } - - public final boolean noCache() { - return false; - } - - public final boolean noStore() { - return false; - } - - public final boolean noTransform() { - return false; - } - - public final boolean onlyIfCached() { - return false; - } - - public final int maxAgeSeconds() { - return 0; - } - - public final int maxStaleSeconds() { - return 0; - } - - public final int minFreshSeconds() { - return 0; - } - - public final int sMaxAgeSeconds() { - return 0; - } - + public String toString(){ return null; } + public final boolean immutable(){ return false; } + public final boolean isPrivate(){ return false; } + public final boolean isPublic(){ return false; } + public final boolean mustRevalidate(){ return false; } + public final boolean noCache(){ return false; } + public final boolean noStore(){ return false; } + public final boolean noTransform(){ return false; } + public final boolean onlyIfCached(){ return false; } + public final int maxAgeSeconds(){ return 0; } + public final int maxStaleSeconds(){ return 0; } + public final int minFreshSeconds(){ return 0; } + public final int sMaxAgeSeconds(){ return 0; } public static CacheControl FORCE_CACHE = null; public static CacheControl FORCE_NETWORK = null; - - public static CacheControl parse(Headers p0) { - return null; - } - + public static CacheControl parse(Headers p0){ return null; } public static CacheControl.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} - - public final CacheControl parse(Headers p0) { - return null; - } + public final CacheControl parse(Headers p0){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java index 15e83d72f46..09e607247f4 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java @@ -28,6 +28,13 @@ public class CertificatePinner public static CertificatePinner DEFAULT = null; public static CertificatePinner.Companion Companion = null; public static String pin(Certificate p0){ return null; } + static public class Builder + { + public Builder(){} + public final CertificatePinner build(){ return null; } + public final CertificatePinner.Builder add(String p0, String... p1){ return null; } + public final List getPins(){ return null; } + } static public class Companion { protected Companion() {} diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java index f64fe1436b4..1d9ea8eff1c 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java @@ -5,42 +5,17 @@ package okhttp3; import java.nio.charset.Charset; import java.util.Map; -public class Challenge { +public class Challenge +{ protected Challenge() {} - - public Challenge(String p0, Map p1) {} - - public Challenge(String p0, String p1) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final Challenge withCharset(Charset p0) { - return null; - } - - public final Charset charset() { - return null; - } - - public final Map authParams() { - return null; - } - - public final String realm() { - return null; - } - - public final String scheme() { - return null; - } - - public int hashCode() { - return 0; - } + public Challenge(String p0, Map p1){} + public Challenge(String p0, String p1){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final Challenge withCharset(Charset p0){ return null; } + public final Charset charset(){ return null; } + public final Map authParams(){ return null; } + public final String realm(){ return null; } + public final String scheme(){ return null; } + public int hashCode(){ return 0; } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java index 24d10e5da04..656be7117c4 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java @@ -4,17 +4,11 @@ package okhttp3; import java.util.Comparator; -public class CipherSuite { +public class CipherSuite +{ protected CipherSuite() {} - - public String toString() { - return null; - } - - public final String javaName() { - return null; - } - + public String toString(){ return null; } + public final String javaName(){ return null; } public static CipherSuite TLS_AES_128_CCM_8_SHA256 = null; public static CipherSuite TLS_AES_128_CCM_SHA256 = null; public static CipherSuite TLS_AES_128_GCM_SHA256 = null; @@ -134,22 +128,12 @@ public class CipherSuite { public static CipherSuite TLS_RSA_WITH_RC4_128_MD5 = null; public static CipherSuite TLS_RSA_WITH_RC4_128_SHA = null; public static CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = null; - - public static CipherSuite forJavaName(String p0) { - return null; - } - + public static CipherSuite forJavaName(String p0){ return null; } public static CipherSuite.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} - - public final CipherSuite forJavaName(String p0) { - return null; - } - - public final Comparator getORDER_BY_NAME$okhttp() { - return null; - } + public final CipherSuite forJavaName(String p0){ return null; } + public final Comparator getORDER_BY_NAME$okhttp(){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java index 9f8d14b4714..59c04bc0910 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java @@ -7,52 +7,26 @@ import javax.net.ssl.SSLSocket; import okhttp3.CipherSuite; import okhttp3.TlsVersion; -public class ConnectionSpec { +public class ConnectionSpec +{ protected ConnectionSpec() {} - - public ConnectionSpec(boolean p0, boolean p1, String[] p2, String[] p3) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final List cipherSuites() { - return null; - } - - public final List tlsVersions() { - return null; - } - - public final boolean isCompatible(SSLSocket p0) { - return false; - } - - public final boolean isTls() { - return false; - } - - public final boolean supportsTlsExtensions() { - return false; - } - - public final void apply$okhttp(SSLSocket p0, boolean p1) {} - - public int hashCode() { - return 0; - } - + public ConnectionSpec(boolean p0, boolean p1, String[] p2, String[] p3){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final List cipherSuites(){ return null; } + public final List tlsVersions(){ return null; } + public final boolean isCompatible(SSLSocket p0){ return false; } + public final boolean isTls(){ return false; } + public final boolean supportsTlsExtensions(){ return false; } + public final void apply$okhttp(SSLSocket p0, boolean p1){} + public int hashCode(){ return 0; } public static ConnectionSpec CLEARTEXT = null; public static ConnectionSpec COMPATIBLE_TLS = null; public static ConnectionSpec MODERN_TLS = null; public static ConnectionSpec RESTRICTED_TLS = null; public static ConnectionSpec.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java index 3ffd4a2a270..f9e8c481a77 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java @@ -6,88 +6,31 @@ import java.util.List; import okhttp3.Headers; import okhttp3.HttpUrl; -public class Cookie { +public class Cookie +{ protected Cookie() {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final String domain() { - return null; - } - - public final String name() { - return null; - } - - public final String path() { - return null; - } - - public final String toString$okhttp(boolean p0) { - return null; - } - - public final String value() { - return null; - } - - public final boolean hostOnly() { - return false; - } - - public final boolean httpOnly() { - return false; - } - - public final boolean matches(HttpUrl p0) { - return false; - } - - public final boolean persistent() { - return false; - } - - public final boolean secure() { - return false; - } - - public final long expiresAt() { - return 0; - } - - public int hashCode() { - return 0; - } - - public static Cookie parse(HttpUrl p0, String p1) { - return null; - } - + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final String domain(){ return null; } + public final String name(){ return null; } + public final String path(){ return null; } + public final String toString$okhttp(boolean p0){ return null; } + public final String value(){ return null; } + public final boolean hostOnly(){ return false; } + public final boolean httpOnly(){ return false; } + public final boolean matches(HttpUrl p0){ return false; } + public final boolean persistent(){ return false; } + public final boolean secure(){ return false; } + public final long expiresAt(){ return 0; } + public int hashCode(){ return 0; } + public static Cookie parse(HttpUrl p0, String p1){ return null; } public static Cookie.Companion Companion = null; - - public static List parseAll(HttpUrl p0, Headers p1) { - return null; - } - - static public class Companion { + public static List parseAll(HttpUrl p0, Headers p1){ return null; } + static public class Companion + { protected Companion() {} - - public final Cookie parse$okhttp(long p0, HttpUrl p1, String p2) { - return null; - } - - public final Cookie parse(HttpUrl p0, String p1) { - return null; - } - - public final List parseAll(HttpUrl p0, Headers p1) { - return null; - } + public final Cookie parse$okhttp(long p0, HttpUrl p1, String p2){ return null; } + public final Cookie parse(HttpUrl p0, String p1){ return null; } + public final List parseAll(HttpUrl p0, Headers p1){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java index ca74ca9e775..9e2acffb284 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java @@ -7,56 +7,24 @@ import java.util.concurrent.ExecutorService; import okhttp3.Call; import okhttp3.internal.connection.RealCall; -public class Dispatcher { - public Dispatcher() {} - - public Dispatcher(ExecutorService p0) {} - - public final ExecutorService executorService() { - return null; - } - - public final List queuedCalls() { - return null; - } - - public final List runningCalls() { - return null; - } - - public final Runnable getIdleCallback() { - return null; - } - - public final int getMaxRequests() { - return 0; - } - - public final int getMaxRequestsPerHost() { - return 0; - } - - public final int queuedCallsCount() { - return 0; - } - - public final int runningCallsCount() { - return 0; - } - - public final void cancelAll() {} - - public final void enqueue$okhttp(RealCall.AsyncCall p0) {} - - public final void executed$okhttp(RealCall p0) {} - - public final void finished$okhttp(RealCall p0) {} - - public final void finished$okhttp(RealCall.AsyncCall p0) {} - - public final void setIdleCallback(Runnable p0) {} - - public final void setMaxRequests(int p0) {} - - public final void setMaxRequestsPerHost(int p0) {} +public class Dispatcher +{ + public Dispatcher(){} + public Dispatcher(ExecutorService p0){} + public final ExecutorService executorService(){ return null; } + public final List queuedCalls(){ return null; } + public final List runningCalls(){ return null; } + public final Runnable getIdleCallback(){ return null; } + public final int getMaxRequests(){ return 0; } + public final int getMaxRequestsPerHost(){ return 0; } + public final int queuedCallsCount(){ return 0; } + public final int runningCallsCount(){ return 0; } + public final void cancelAll(){} + public final void enqueue$okhttp(RealCall.AsyncCall p0){} + public final void executed$okhttp(RealCall p0){} + public final void finished$okhttp(RealCall p0){} + public final void finished$okhttp(RealCall.AsyncCall p0){} + public final void setIdleCallback(Runnable p0){} + public final void setMaxRequests(int p0){} + public final void setMaxRequestsPerHost(int p0){} } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java index 2f97dee0c4c..b0ef923700c 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java @@ -10,69 +10,26 @@ import kotlin.jvm.functions.Function0; import okhttp3.CipherSuite; import okhttp3.TlsVersion; -public class Handshake { +public class Handshake +{ protected Handshake() {} - - public Handshake(TlsVersion p0, CipherSuite p1, List p2, - Function0> p3) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final CipherSuite cipherSuite() { - return null; - } - - public final List localCertificates() { - return null; - } - - public final List peerCertificates() { - return null; - } - - public final Principal localPrincipal() { - return null; - } - - public final Principal peerPrincipal() { - return null; - } - - public final TlsVersion tlsVersion() { - return null; - } - - public int hashCode() { - return 0; - } - - public static Handshake get(SSLSession p0) { - return null; - } - - public static Handshake get(TlsVersion p0, CipherSuite p1, List p2, - List p3) { - return null; - } - + public Handshake(TlsVersion p0, CipherSuite p1, List p2, Function0> p3){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final CipherSuite cipherSuite(){ return null; } + public final List localCertificates(){ return null; } + public final List peerCertificates(){ return null; } + public final Principal localPrincipal(){ return null; } + public final Principal peerPrincipal(){ return null; } + public final TlsVersion tlsVersion(){ return null; } + public int hashCode(){ return 0; } + public static Handshake get(SSLSession p0){ return null; } + public static Handshake get(TlsVersion p0, CipherSuite p1, List p2, List p3){ return null; } public static Handshake.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} - - public final Handshake get(SSLSession p0) { - return null; - } - - public final Handshake get(TlsVersion p0, CipherSuite p1, List p2, - List p3) { - return null; - } + public final Handshake get(SSLSession p0){ return null; } + public final Handshake get(TlsVersion p0, CipherSuite p1, List p2, List p3){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java index 5fef4d9606d..d33e5834d4e 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java @@ -8,156 +8,46 @@ import java.nio.charset.Charset; import java.util.List; import java.util.Set; -public class HttpUrl { +public class HttpUrl +{ protected HttpUrl() {} - - public HttpUrl(String p0, String p1, String p2, String p3, int p4, List p5, - List p6, String p7, String p8) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final HttpUrl resolve(String p0) { - return null; - } - - public final HttpUrl.Builder newBuilder() { - return null; - } - - public final HttpUrl.Builder newBuilder(String p0) { - return null; - } - - public final List encodedPathSegments() { - return null; - } - - public final List pathSegments() { - return null; - } - - public final List queryParameterValues(String p0) { - return null; - } - - public final Set queryParameterNames() { - return null; - } - - public final String encodedFragment() { - return null; - } - - public final String encodedPassword() { - return null; - } - - public final String encodedPath() { - return null; - } - - public final String encodedQuery() { - return null; - } - - public final String encodedUsername() { - return null; - } - - public final String fragment() { - return null; - } - - public final String host() { - return null; - } - - public final String password() { - return null; - } - - public final String query() { - return null; - } - - public final String queryParameter(String p0) { - return null; - } - - public final String queryParameterName(int p0) { - return null; - } - - public final String queryParameterValue(int p0) { - return null; - } - - public final String redact() { - return null; - } - - public final String scheme() { - return null; - } - - public final String topPrivateDomain() { - return null; - } - - public final String username() { - return null; - } - - public final URI uri() { - return null; - } - - public final URL url() { - return null; - } - - public final boolean isHttps() { - return false; - } - - public final int pathSize() { - return 0; - } - - public final int port() { - return 0; - } - - public final int querySize() { - return 0; - } - - public int hashCode() { - return 0; - } - - public static HttpUrl get(String p0) { - return null; - } - - public static HttpUrl get(URI p0) { - return null; - } - - public static HttpUrl get(URL p0) { - return null; - } - - public static HttpUrl parse(String p0) { - return null; - } - + public HttpUrl(String p0, String p1, String p2, String p3, int p4, List p5, List p6, String p7, String p8){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final HttpUrl resolve(String p0){ return null; } + public final HttpUrl.Builder newBuilder(){ return null; } + public final HttpUrl.Builder newBuilder(String p0){ return null; } + public final List encodedPathSegments(){ return null; } + public final List pathSegments(){ return null; } + public final List queryParameterValues(String p0){ return null; } + public final Set queryParameterNames(){ return null; } + public final String encodedFragment(){ return null; } + public final String encodedPassword(){ return null; } + public final String encodedPath(){ return null; } + public final String encodedQuery(){ return null; } + public final String encodedUsername(){ return null; } + public final String fragment(){ return null; } + public final String host(){ return null; } + public final String password(){ return null; } + public final String query(){ return null; } + public final String queryParameter(String p0){ return null; } + public final String queryParameterName(int p0){ return null; } + public final String queryParameterValue(int p0){ return null; } + public final String redact(){ return null; } + public final String scheme(){ return null; } + public final String topPrivateDomain(){ return null; } + public final String username(){ return null; } + public final URI uri(){ return null; } + public final URL url(){ return null; } + public final boolean isHttps(){ return false; } + public final int pathSize(){ return 0; } + public final int port(){ return 0; } + public final int querySize(){ return 0; } + public int hashCode(){ return 0; } + public static HttpUrl get(String p0){ return null; } + public static HttpUrl get(URI p0){ return null; } + public static HttpUrl get(URL p0){ return null; } + public static HttpUrl parse(String p0){ return null; } public static HttpUrl.Companion Companion = null; public static String FORM_ENCODE_SET = null; public static String FRAGMENT_ENCODE_SET = null; @@ -170,221 +60,73 @@ public class HttpUrl { public static String QUERY_COMPONENT_REENCODE_SET = null; public static String QUERY_ENCODE_SET = null; public static String USERNAME_ENCODE_SET = null; - - public static int defaultPort(String p0) { - return 0; - } - - static public class Builder { - public Builder() {} - - public String toString() { - return null; - } - - public final HttpUrl build() { - return null; - } - - public final HttpUrl.Builder addEncodedPathSegment(String p0) { - return null; - } - - public final HttpUrl.Builder addEncodedPathSegments(String p0) { - return null; - } - - public final HttpUrl.Builder addEncodedQueryParameter(String p0, String p1) { - return null; - } - - public final HttpUrl.Builder addPathSegment(String p0) { - return null; - } - - public final HttpUrl.Builder addPathSegments(String p0) { - return null; - } - - public final HttpUrl.Builder addQueryParameter(String p0, String p1) { - return null; - } - - public final HttpUrl.Builder encodedFragment(String p0) { - return null; - } - - public final HttpUrl.Builder encodedPassword(String p0) { - return null; - } - - public final HttpUrl.Builder encodedPath(String p0) { - return null; - } - - public final HttpUrl.Builder encodedQuery(String p0) { - return null; - } - - public final HttpUrl.Builder encodedUsername(String p0) { - return null; - } - - public final HttpUrl.Builder fragment(String p0) { - return null; - } - - public final HttpUrl.Builder host(String p0) { - return null; - } - - public final HttpUrl.Builder parse$okhttp(HttpUrl p0, String p1) { - return null; - } - - public final HttpUrl.Builder password(String p0) { - return null; - } - - public final HttpUrl.Builder port(int p0) { - return null; - } - - public final HttpUrl.Builder query(String p0) { - return null; - } - - public final HttpUrl.Builder reencodeForUri$okhttp() { - return null; - } - - public final HttpUrl.Builder removeAllEncodedQueryParameters(String p0) { - return null; - } - - public final HttpUrl.Builder removeAllQueryParameters(String p0) { - return null; - } - - public final HttpUrl.Builder removePathSegment(int p0) { - return null; - } - - public final HttpUrl.Builder scheme(String p0) { - return null; - } - - public final HttpUrl.Builder setEncodedPathSegment(int p0, String p1) { - return null; - } - - public final HttpUrl.Builder setEncodedQueryParameter(String p0, String p1) { - return null; - } - - public final HttpUrl.Builder setPathSegment(int p0, String p1) { - return null; - } - - public final HttpUrl.Builder setQueryParameter(String p0, String p1) { - return null; - } - - public final HttpUrl.Builder username(String p0) { - return null; - } - - public final List getEncodedPathSegments$okhttp() { - return null; - } - - public final List getEncodedQueryNamesAndValues$okhttp() { - return null; - } - - public final String getEncodedFragment$okhttp() { - return null; - } - - public final String getEncodedPassword$okhttp() { - return null; - } - - public final String getEncodedUsername$okhttp() { - return null; - } - - public final String getHost$okhttp() { - return null; - } - - public final String getScheme$okhttp() { - return null; - } - - public final int getPort$okhttp() { - return 0; - } - - public final void setEncodedFragment$okhttp(String p0) {} - - public final void setEncodedPassword$okhttp(String p0) {} - - public final void setEncodedQueryNamesAndValues$okhttp(List p0) {} - - public final void setEncodedUsername$okhttp(String p0) {} - - public final void setHost$okhttp(String p0) {} - - public final void setPort$okhttp(int p0) {} - - public final void setScheme$okhttp(String p0) {} - + public static int defaultPort(String p0){ return 0; } + static public class Builder + { + public Builder(){} + public String toString(){ return null; } + public final HttpUrl build(){ return null; } + public final HttpUrl.Builder addEncodedPathSegment(String p0){ return null; } + public final HttpUrl.Builder addEncodedPathSegments(String p0){ return null; } + public final HttpUrl.Builder addEncodedQueryParameter(String p0, String p1){ return null; } + public final HttpUrl.Builder addPathSegment(String p0){ return null; } + public final HttpUrl.Builder addPathSegments(String p0){ return null; } + public final HttpUrl.Builder addQueryParameter(String p0, String p1){ return null; } + public final HttpUrl.Builder encodedFragment(String p0){ return null; } + public final HttpUrl.Builder encodedPassword(String p0){ return null; } + public final HttpUrl.Builder encodedPath(String p0){ return null; } + public final HttpUrl.Builder encodedQuery(String p0){ return null; } + public final HttpUrl.Builder encodedUsername(String p0){ return null; } + public final HttpUrl.Builder fragment(String p0){ return null; } + public final HttpUrl.Builder host(String p0){ return null; } + public final HttpUrl.Builder parse$okhttp(HttpUrl p0, String p1){ return null; } + public final HttpUrl.Builder password(String p0){ return null; } + public final HttpUrl.Builder port(int p0){ return null; } + public final HttpUrl.Builder query(String p0){ return null; } + public final HttpUrl.Builder reencodeForUri$okhttp(){ return null; } + public final HttpUrl.Builder removeAllEncodedQueryParameters(String p0){ return null; } + public final HttpUrl.Builder removeAllQueryParameters(String p0){ return null; } + public final HttpUrl.Builder removePathSegment(int p0){ return null; } + public final HttpUrl.Builder scheme(String p0){ return null; } + public final HttpUrl.Builder setEncodedPathSegment(int p0, String p1){ return null; } + public final HttpUrl.Builder setEncodedQueryParameter(String p0, String p1){ return null; } + public final HttpUrl.Builder setPathSegment(int p0, String p1){ return null; } + public final HttpUrl.Builder setQueryParameter(String p0, String p1){ return null; } + public final HttpUrl.Builder username(String p0){ return null; } + public final List getEncodedPathSegments$okhttp(){ return null; } + public final List getEncodedQueryNamesAndValues$okhttp(){ return null; } + public final String getEncodedFragment$okhttp(){ return null; } + public final String getEncodedPassword$okhttp(){ return null; } + public final String getEncodedUsername$okhttp(){ return null; } + public final String getHost$okhttp(){ return null; } + public final String getScheme$okhttp(){ return null; } + public final int getPort$okhttp(){ return 0; } + public final void setEncodedFragment$okhttp(String p0){} + public final void setEncodedPassword$okhttp(String p0){} + public final void setEncodedQueryNamesAndValues$okhttp(List p0){} + public final void setEncodedUsername$okhttp(String p0){} + public final void setHost$okhttp(String p0){} + public final void setPort$okhttp(int p0){} + public final void setScheme$okhttp(String p0){} public static HttpUrl.Builder.Companion Companion = null; public static String INVALID_HOST = null; - - static public class Companion { + static public class Companion + { protected Companion() {} } } - static public class Companion { + static public class Companion + { protected Companion() {} - - public final HttpUrl get(String p0) { - return null; - } - - public final HttpUrl get(URI p0) { - return null; - } - - public final HttpUrl get(URL p0) { - return null; - } - - public final HttpUrl parse(String p0) { - return null; - } - - public final List toQueryNamesAndValues$okhttp(String p0) { - return null; - } - - public final String canonicalize$okhttp(String p0, int p1, int p2, String p3, boolean p4, - boolean p5, boolean p6, boolean p7, Charset p8) { - return null; - } - - public final String percentDecode$okhttp(String p0, int p1, int p2, boolean p3) { - return null; - } - - public final int defaultPort(String p0) { - return 0; - } - - public final void toPathString$okhttp(List p0, StringBuilder p1) {} - - public final void toQueryString$okhttp(List p0, StringBuilder p1) {} + public final HttpUrl get(String p0){ return null; } + public final HttpUrl get(URI p0){ return null; } + public final HttpUrl get(URL p0){ return null; } + public final HttpUrl parse(String p0){ return null; } + public final List toQueryNamesAndValues$okhttp(String p0){ return null; } + public final String canonicalize$okhttp(String p0, int p1, int p2, String p3, boolean p4, boolean p5, boolean p6, boolean p7, Charset p8){ return null; } + public final String percentDecode$okhttp(String p0, int p1, int p2, boolean p3){ return null; } + public final int defaultPort(String p0){ return 0; } + public final void toPathString$okhttp(List p0, StringBuilder p1){} + public final void toQueryString$okhttp(List p0, StringBuilder p1){} } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java index 2b3a2f0117a..e16108d4253 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java @@ -4,60 +4,24 @@ package okhttp3; import java.nio.charset.Charset; -public class MediaType { +public class MediaType +{ protected MediaType() {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final Charset charset() { - return null; - } - - public final Charset charset(Charset p0) { - return null; - } - - public final String parameter(String p0) { - return null; - } - - public final String subtype() { - return null; - } - - public final String type() { - return null; - } - - public int hashCode() { - return 0; - } - - public static MediaType get(String p0) { - return null; - } - - public static MediaType parse(String p0) { - return null; - } - + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final Charset charset(){ return null; } + public final Charset charset(Charset p0){ return null; } + public final String parameter(String p0){ return null; } + public final String subtype(){ return null; } + public final String type(){ return null; } + public int hashCode(){ return 0; } + public static MediaType get(String p0){ return null; } + public static MediaType parse(String p0){ return null; } public static MediaType.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} - - public final MediaType get(String p0) { - return null; - } - - public final MediaType parse(String p0) { - return null; - } + public final MediaType get(String p0){ return null; } + public final MediaType parse(String p0){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java index 2af0180eb36..35626e283e0 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java @@ -11,7 +11,6 @@ import javax.net.SocketFactory; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.X509TrustManager; -import kotlin.jvm.functions.Function1; import okhttp3.Authenticator; import okhttp3.Cache; import okhttp3.Call; @@ -25,504 +24,154 @@ import okhttp3.EventListener; import okhttp3.Interceptor; import okhttp3.Protocol; import okhttp3.Request; -import okhttp3.Response; import okhttp3.WebSocket; import okhttp3.WebSocketListener; import okhttp3.internal.connection.RouteDatabase; import okhttp3.internal.tls.CertificateChainCleaner; -public class OkHttpClient implements Call.Factory, Cloneable, WebSocket.Factory { - public Call newCall(Request p0) { - return null; - } - - public Object clone() { - return null; - } - - public OkHttpClient() {} - - public OkHttpClient(OkHttpClient.Builder p0) {} - - public OkHttpClient.Builder newBuilder() { - return null; - } - - public WebSocket newWebSocket(Request p0, WebSocketListener p1) { - return null; - } - - public final Authenticator authenticator() { - return null; - } - - public final Authenticator proxyAuthenticator() { - return null; - } - - public final Cache cache() { - return null; - } - - public final CertificateChainCleaner certificateChainCleaner() { - return null; - } - - public final CertificatePinner certificatePinner() { - return null; - } - - public final ConnectionPool connectionPool() { - return null; - } - - public final CookieJar cookieJar() { - return null; - } - - public final Dispatcher dispatcher() { - return null; - } - - public final Dns dns() { - return null; - } - - public final EventListener.Factory eventListenerFactory() { - return null; - } - - public final HostnameVerifier hostnameVerifier() { - return null; - } - - public final List connectionSpecs() { - return null; - } - - public final List interceptors() { - return null; - } - - public final List networkInterceptors() { - return null; - } - - public final List protocols() { - return null; - } - - public final Proxy proxy() { - return null; - } - - public final ProxySelector proxySelector() { - return null; - } - - public final RouteDatabase getRouteDatabase() { - return null; - } - - public final SSLSocketFactory sslSocketFactory() { - return null; - } - - public final SocketFactory socketFactory() { - return null; - } - - public final X509TrustManager x509TrustManager() { - return null; - } - - public final boolean followRedirects() { - return false; - } - - public final boolean followSslRedirects() { - return false; - } - - public final boolean retryOnConnectionFailure() { - return false; - } - - public final int callTimeoutMillis() { - return 0; - } - - public final int connectTimeoutMillis() { - return 0; - } - - public final int pingIntervalMillis() { - return 0; - } - - public final int readTimeoutMillis() { - return 0; - } - - public final int writeTimeoutMillis() { - return 0; - } - - public final long minWebSocketMessageToCompress() { - return 0; - } - +public class OkHttpClient implements Call.Factory, Cloneable, WebSocket.Factory +{ + public Call newCall(Request p0){ return null; } + public Object clone(){ return null; } + public OkHttpClient(){} + public OkHttpClient(OkHttpClient.Builder p0){} + public OkHttpClient.Builder newBuilder(){ return null; } + public WebSocket newWebSocket(Request p0, WebSocketListener p1){ return null; } + public final Authenticator authenticator(){ return null; } + public final Authenticator proxyAuthenticator(){ return null; } + public final Cache cache(){ return null; } + public final CertificateChainCleaner certificateChainCleaner(){ return null; } + public final CertificatePinner certificatePinner(){ return null; } + public final ConnectionPool connectionPool(){ return null; } + public final CookieJar cookieJar(){ return null; } + public final Dispatcher dispatcher(){ return null; } + public final Dns dns(){ return null; } + public final EventListener.Factory eventListenerFactory(){ return null; } + public final HostnameVerifier hostnameVerifier(){ return null; } + public final List connectionSpecs(){ return null; } + public final List interceptors(){ return null; } + public final List networkInterceptors(){ return null; } + public final List protocols(){ return null; } + public final Proxy proxy(){ return null; } + public final ProxySelector proxySelector(){ return null; } + public final RouteDatabase getRouteDatabase(){ return null; } + public final SSLSocketFactory sslSocketFactory(){ return null; } + public final SocketFactory socketFactory(){ return null; } + public final X509TrustManager x509TrustManager(){ return null; } + public final boolean followRedirects(){ return false; } + public final boolean followSslRedirects(){ return false; } + public final boolean retryOnConnectionFailure(){ return false; } + public final int callTimeoutMillis(){ return 0; } + public final int connectTimeoutMillis(){ return 0; } + public final int pingIntervalMillis(){ return 0; } + public final int readTimeoutMillis(){ return 0; } + public final int writeTimeoutMillis(){ return 0; } + public final long minWebSocketMessageToCompress(){ return 0; } public static OkHttpClient.Companion Companion = null; - - static public class Builder { - public Builder() {} - - public Builder(OkHttpClient p0) {} - - public final Authenticator getAuthenticator$okhttp() { - return null; - } - - public final Authenticator getProxyAuthenticator$okhttp() { - return null; - } - - public final Cache getCache$okhttp() { - return null; - } - - public final CertificateChainCleaner getCertificateChainCleaner$okhttp() { - return null; - } - - public final CertificatePinner getCertificatePinner$okhttp() { - return null; - } - - public final ConnectionPool getConnectionPool$okhttp() { - return null; - } - - public final CookieJar getCookieJar$okhttp() { - return null; - } - - public final Dispatcher getDispatcher$okhttp() { - return null; - } - - public final Dns getDns$okhttp() { - return null; - } - - public final EventListener.Factory getEventListenerFactory$okhttp() { - return null; - } - - public final HostnameVerifier getHostnameVerifier$okhttp() { - return null; - } - - public final List getConnectionSpecs$okhttp() { - return null; - } - - public final List getInterceptors$okhttp() { - return null; - } - - public final List getNetworkInterceptors$okhttp() { - return null; - } - - public final List interceptors() { - return null; - } - - public final List networkInterceptors() { - return null; - } - - public final List getProtocols$okhttp() { - return null; - } - - public final OkHttpClient build() { - return null; - } - - public final OkHttpClient.Builder addInterceptor( - Function1 p0) { - return null; - } - - public final OkHttpClient.Builder addNetworkInterceptor( - Function1 p0) { - return null; - } - - public final OkHttpClient.Builder addInterceptor(Interceptor p0) { - return null; - } - - public final OkHttpClient.Builder addNetworkInterceptor(Interceptor p0) { - return null; - } - - public final OkHttpClient.Builder authenticator(Authenticator p0) { - return null; - } - - public final OkHttpClient.Builder cache(Cache p0) { - return null; - } - - public final OkHttpClient.Builder callTimeout(Duration p0) { - return null; - } - - public final OkHttpClient.Builder callTimeout(long p0, TimeUnit p1) { - return null; - } - - public final OkHttpClient.Builder certificatePinner(CertificatePinner p0) { - return null; - } - - public final OkHttpClient.Builder connectTimeout(Duration p0) { - return null; - } - - public final OkHttpClient.Builder connectTimeout(long p0, TimeUnit p1) { - return null; - } - - public final OkHttpClient.Builder connectionPool(ConnectionPool p0) { - return null; - } - - public final OkHttpClient.Builder connectionSpecs(List p0) { - return null; - } - - public final OkHttpClient.Builder cookieJar(CookieJar p0) { - return null; - } - - public final OkHttpClient.Builder dispatcher(Dispatcher p0) { - return null; - } - - public final OkHttpClient.Builder dns(Dns p0) { - return null; - } - - public final OkHttpClient.Builder eventListener(EventListener p0) { - return null; - } - - public final OkHttpClient.Builder eventListenerFactory(EventListener.Factory p0) { - return null; - } - - public final OkHttpClient.Builder followRedirects(boolean p0) { - return null; - } - - public final OkHttpClient.Builder followSslRedirects(boolean p0) { - return null; - } - - public final OkHttpClient.Builder hostnameVerifier(HostnameVerifier p0) { - return null; - } - - public final OkHttpClient.Builder minWebSocketMessageToCompress(long p0) { - return null; - } - - public final OkHttpClient.Builder pingInterval(Duration p0) { - return null; - } - - public final OkHttpClient.Builder pingInterval(long p0, TimeUnit p1) { - return null; - } - - public final OkHttpClient.Builder protocols(List p0) { - return null; - } - - public final OkHttpClient.Builder proxy(Proxy p0) { - return null; - } - - public final OkHttpClient.Builder proxyAuthenticator(Authenticator p0) { - return null; - } - - public final OkHttpClient.Builder proxySelector(ProxySelector p0) { - return null; - } - - public final OkHttpClient.Builder readTimeout(Duration p0) { - return null; - } - - public final OkHttpClient.Builder readTimeout(long p0, TimeUnit p1) { - return null; - } - - public final OkHttpClient.Builder retryOnConnectionFailure(boolean p0) { - return null; - } - - public final OkHttpClient.Builder socketFactory(SocketFactory p0) { - return null; - } - - public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0) { - return null; - } - - public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0, - X509TrustManager p1) { - return null; - } - - public final OkHttpClient.Builder writeTimeout(Duration p0) { - return null; - } - - public final OkHttpClient.Builder writeTimeout(long p0, TimeUnit p1) { - return null; - } - - public final Proxy getProxy$okhttp() { - return null; - } - - public final ProxySelector getProxySelector$okhttp() { - return null; - } - - public final RouteDatabase getRouteDatabase$okhttp() { - return null; - } - - public final SSLSocketFactory getSslSocketFactoryOrNull$okhttp() { - return null; - } - - public final SocketFactory getSocketFactory$okhttp() { - return null; - } - - public final X509TrustManager getX509TrustManagerOrNull$okhttp() { - return null; - } - - public final boolean getFollowRedirects$okhttp() { - return false; - } - - public final boolean getFollowSslRedirects$okhttp() { - return false; - } - - public final boolean getRetryOnConnectionFailure$okhttp() { - return false; - } - - public final int getCallTimeout$okhttp() { - return 0; - } - - public final int getConnectTimeout$okhttp() { - return 0; - } - - public final int getPingInterval$okhttp() { - return 0; - } - - public final int getReadTimeout$okhttp() { - return 0; - } - - public final int getWriteTimeout$okhttp() { - return 0; - } - - public final long getMinWebSocketMessageToCompress$okhttp() { - return 0; - } - - public final void setAuthenticator$okhttp(Authenticator p0) {} - - public final void setCache$okhttp(Cache p0) {} - - public final void setCallTimeout$okhttp(int p0) {} - - public final void setCertificateChainCleaner$okhttp(CertificateChainCleaner p0) {} - - public final void setCertificatePinner$okhttp(CertificatePinner p0) {} - - public final void setConnectTimeout$okhttp(int p0) {} - - public final void setConnectionPool$okhttp(ConnectionPool p0) {} - - public final void setConnectionSpecs$okhttp(List p0) {} - - public final void setCookieJar$okhttp(CookieJar p0) {} - - public final void setDispatcher$okhttp(Dispatcher p0) {} - - public final void setDns$okhttp(Dns p0) {} - - public final void setEventListenerFactory$okhttp(EventListener.Factory p0) {} - - public final void setFollowRedirects$okhttp(boolean p0) {} - - public final void setFollowSslRedirects$okhttp(boolean p0) {} - - public final void setHostnameVerifier$okhttp(HostnameVerifier p0) {} - - public final void setMinWebSocketMessageToCompress$okhttp(long p0) {} - - public final void setPingInterval$okhttp(int p0) {} - - public final void setProtocols$okhttp(List p0) {} - - public final void setProxy$okhttp(Proxy p0) {} - - public final void setProxyAuthenticator$okhttp(Authenticator p0) {} - - public final void setProxySelector$okhttp(ProxySelector p0) {} - - public final void setReadTimeout$okhttp(int p0) {} - - public final void setRetryOnConnectionFailure$okhttp(boolean p0) {} - - public final void setRouteDatabase$okhttp(RouteDatabase p0) {} - - public final void setSocketFactory$okhttp(SocketFactory p0) {} - - public final void setSslSocketFactoryOrNull$okhttp(SSLSocketFactory p0) {} - - public final void setWriteTimeout$okhttp(int p0) {} - - public final void setX509TrustManagerOrNull$okhttp(X509TrustManager p0) {} + static public class Builder + { + public Builder(){} + public Builder(OkHttpClient p0){} + public final Authenticator getAuthenticator$okhttp(){ return null; } + public final Authenticator getProxyAuthenticator$okhttp(){ return null; } + public final Cache getCache$okhttp(){ return null; } + public final CertificateChainCleaner getCertificateChainCleaner$okhttp(){ return null; } + public final CertificatePinner getCertificatePinner$okhttp(){ return null; } + public final ConnectionPool getConnectionPool$okhttp(){ return null; } + public final CookieJar getCookieJar$okhttp(){ return null; } + public final Dispatcher getDispatcher$okhttp(){ return null; } + public final Dns getDns$okhttp(){ return null; } + public final EventListener.Factory getEventListenerFactory$okhttp(){ return null; } + public final HostnameVerifier getHostnameVerifier$okhttp(){ return null; } + public final List getConnectionSpecs$okhttp(){ return null; } + public final List getInterceptors$okhttp(){ return null; } + public final List getNetworkInterceptors$okhttp(){ return null; } + public final List interceptors(){ return null; } + public final List networkInterceptors(){ return null; } + public final List getProtocols$okhttp(){ return null; } + public final OkHttpClient build(){ return null; } + public final OkHttpClient.Builder addInterceptor(Interceptor p0){ return null; } + public final OkHttpClient.Builder addNetworkInterceptor(Interceptor p0){ return null; } + public final OkHttpClient.Builder authenticator(Authenticator p0){ return null; } + public final OkHttpClient.Builder cache(Cache p0){ return null; } + public final OkHttpClient.Builder callTimeout(Duration p0){ return null; } + public final OkHttpClient.Builder callTimeout(long p0, TimeUnit p1){ return null; } + public final OkHttpClient.Builder certificatePinner(CertificatePinner p0){ return null; } + public final OkHttpClient.Builder connectTimeout(Duration p0){ return null; } + public final OkHttpClient.Builder connectTimeout(long p0, TimeUnit p1){ return null; } + public final OkHttpClient.Builder connectionPool(ConnectionPool p0){ return null; } + public final OkHttpClient.Builder connectionSpecs(List p0){ return null; } + public final OkHttpClient.Builder cookieJar(CookieJar p0){ return null; } + public final OkHttpClient.Builder dispatcher(Dispatcher p0){ return null; } + public final OkHttpClient.Builder dns(Dns p0){ return null; } + public final OkHttpClient.Builder eventListener(EventListener p0){ return null; } + public final OkHttpClient.Builder eventListenerFactory(EventListener.Factory p0){ return null; } + public final OkHttpClient.Builder followRedirects(boolean p0){ return null; } + public final OkHttpClient.Builder followSslRedirects(boolean p0){ return null; } + public final OkHttpClient.Builder hostnameVerifier(HostnameVerifier p0){ return null; } + public final OkHttpClient.Builder minWebSocketMessageToCompress(long p0){ return null; } + public final OkHttpClient.Builder pingInterval(Duration p0){ return null; } + public final OkHttpClient.Builder pingInterval(long p0, TimeUnit p1){ return null; } + public final OkHttpClient.Builder protocols(List p0){ return null; } + public final OkHttpClient.Builder proxy(Proxy p0){ return null; } + public final OkHttpClient.Builder proxyAuthenticator(Authenticator p0){ return null; } + public final OkHttpClient.Builder proxySelector(ProxySelector p0){ return null; } + public final OkHttpClient.Builder readTimeout(Duration p0){ return null; } + public final OkHttpClient.Builder readTimeout(long p0, TimeUnit p1){ return null; } + public final OkHttpClient.Builder retryOnConnectionFailure(boolean p0){ return null; } + public final OkHttpClient.Builder socketFactory(SocketFactory p0){ return null; } + public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0){ return null; } + public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0, X509TrustManager p1){ return null; } + public final OkHttpClient.Builder writeTimeout(Duration p0){ return null; } + public final OkHttpClient.Builder writeTimeout(long p0, TimeUnit p1){ return null; } + public final Proxy getProxy$okhttp(){ return null; } + public final ProxySelector getProxySelector$okhttp(){ return null; } + public final RouteDatabase getRouteDatabase$okhttp(){ return null; } + public final SSLSocketFactory getSslSocketFactoryOrNull$okhttp(){ return null; } + public final SocketFactory getSocketFactory$okhttp(){ return null; } + public final X509TrustManager getX509TrustManagerOrNull$okhttp(){ return null; } + public final boolean getFollowRedirects$okhttp(){ return false; } + public final boolean getFollowSslRedirects$okhttp(){ return false; } + public final boolean getRetryOnConnectionFailure$okhttp(){ return false; } + public final int getCallTimeout$okhttp(){ return 0; } + public final int getConnectTimeout$okhttp(){ return 0; } + public final int getPingInterval$okhttp(){ return 0; } + public final int getReadTimeout$okhttp(){ return 0; } + public final int getWriteTimeout$okhttp(){ return 0; } + public final long getMinWebSocketMessageToCompress$okhttp(){ return 0; } + public final void setAuthenticator$okhttp(Authenticator p0){} + public final void setCache$okhttp(Cache p0){} + public final void setCallTimeout$okhttp(int p0){} + public final void setCertificateChainCleaner$okhttp(CertificateChainCleaner p0){} + public final void setCertificatePinner$okhttp(CertificatePinner p0){} + public final void setConnectTimeout$okhttp(int p0){} + public final void setConnectionPool$okhttp(ConnectionPool p0){} + public final void setConnectionSpecs$okhttp(List p0){} + public final void setCookieJar$okhttp(CookieJar p0){} + public final void setDispatcher$okhttp(Dispatcher p0){} + public final void setDns$okhttp(Dns p0){} + public final void setEventListenerFactory$okhttp(EventListener.Factory p0){} + public final void setFollowRedirects$okhttp(boolean p0){} + public final void setFollowSslRedirects$okhttp(boolean p0){} + public final void setHostnameVerifier$okhttp(HostnameVerifier p0){} + public final void setMinWebSocketMessageToCompress$okhttp(long p0){} + public final void setPingInterval$okhttp(int p0){} + public final void setProtocols$okhttp(List p0){} + public final void setProxy$okhttp(Proxy p0){} + public final void setProxyAuthenticator$okhttp(Authenticator p0){} + public final void setProxySelector$okhttp(ProxySelector p0){} + public final void setReadTimeout$okhttp(int p0){} + public final void setRetryOnConnectionFailure$okhttp(boolean p0){} + public final void setRouteDatabase$okhttp(RouteDatabase p0){} + public final void setSocketFactory$okhttp(SocketFactory p0){} + public final void setSslSocketFactoryOrNull$okhttp(SSLSocketFactory p0){} + public final void setWriteTimeout$okhttp(int p0){} + public final void setX509TrustManagerOrNull$okhttp(X509TrustManager p0){} } - static public class Companion { + static public class Companion + { protected Companion() {} - - public final List getDEFAULT_CONNECTION_SPECS$okhttp() { - return null; - } - - public final List getDEFAULT_PROTOCOLS$okhttp() { - return null; - } + public final List getDEFAULT_CONNECTION_SPECS$okhttp(){ return null; } + public final List getDEFAULT_PROTOCOLS$okhttp(){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java index f00e4c89c40..a43a1d4e852 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java @@ -10,173 +10,55 @@ import okhttp3.Headers; import okhttp3.HttpUrl; import okhttp3.RequestBody; -public class Request { +public class Request +{ protected Request() {} - - public Request(HttpUrl p0, String p1, Headers p2, RequestBody p3, - Map, ? extends Object> p4) {} - - public String toString() { - return null; - } - - public final T tag(Class p0) { - return null; - } - - public final CacheControl cacheControl() { - return null; - } - - public final Headers headers() { - return null; - } - - public final HttpUrl url() { - return null; - } - - public final List headers(String p0) { - return null; - } - - public final Map, Object> getTags$okhttp() { - return null; - } - - public final Object tag() { - return null; - } - - public final Request.Builder newBuilder() { - return null; - } - - public final RequestBody body() { - return null; - } - - public final String header(String p0) { - return null; - } - - public final String method() { - return null; - } - - public final boolean isHttps() { - return false; - } - - static public class Builder { - public Request.Builder tag(Class p0, T p1) { - return null; - } - - public Builder() {} - - public Builder(Request p0) {} - - public Request build() { - return null; - } - - public Request.Builder addHeader(String p0, String p1) { - return null; - } - - public Request.Builder cacheControl(CacheControl p0) { - return null; - } - - public Request.Builder delete(RequestBody p0) { - return null; - } - - public Request.Builder get() { - return null; - } - - public Request.Builder head() { - return null; - } - - public Request.Builder header(String p0, String p1) { - return null; - } - - public Request.Builder headers(Headers p0) { - return null; - } - - public Request.Builder method(String p0, RequestBody p1) { - return null; - } - - public Request.Builder patch(RequestBody p0) { - return null; - } - - public Request.Builder post(RequestBody p0) { - return null; - } - - public Request.Builder put(RequestBody p0) { - return null; - } - - public Request.Builder removeHeader(String p0) { - return null; - } - - public Request.Builder tag(Object p0) { - return null; - } - - public Request.Builder url(HttpUrl p0) { - return null; - } - - public Request.Builder url(String p0) { - return null; - } - - public Request.Builder url(URL p0) { - return null; - } - - public final Headers.Builder getHeaders$okhttp() { - return null; - } - - public final HttpUrl getUrl$okhttp() { - return null; - } - - public final Map, Object> getTags$okhttp() { - return null; - } - - public final Request.Builder delete() { - return null; - } - - public final RequestBody getBody$okhttp() { - return null; - } - - public final String getMethod$okhttp() { - return null; - } - - public final void setBody$okhttp(RequestBody p0) {} - - public final void setHeaders$okhttp(Headers.Builder p0) {} - - public final void setMethod$okhttp(String p0) {} - - public final void setTags$okhttp(Map, Object> p0) {} - - public final void setUrl$okhttp(HttpUrl p0) {} + public Request(HttpUrl p0, String p1, Headers p2, RequestBody p3, Map, ? extends Object> p4){} + public String toString(){ return null; } + public final T tag(Class p0){ return null; } + public final CacheControl cacheControl(){ return null; } + public final Headers headers(){ return null; } + public final HttpUrl url(){ return null; } + public final List headers(String p0){ return null; } + public final Map, Object> getTags$okhttp(){ return null; } + public final Object tag(){ return null; } + public final Request.Builder newBuilder(){ return null; } + public final RequestBody body(){ return null; } + public final String header(String p0){ return null; } + public final String method(){ return null; } + public final boolean isHttps(){ return false; } + static public class Builder + { + public Request.Builder tag(Class p0, T p1){ return null; } + public Builder(){} + public Builder(Request p0){} + public Request build(){ return null; } + public Request.Builder addHeader(String p0, String p1){ return null; } + public Request.Builder cacheControl(CacheControl p0){ return null; } + public Request.Builder delete(RequestBody p0){ return null; } + public Request.Builder get(){ return null; } + public Request.Builder head(){ return null; } + public Request.Builder header(String p0, String p1){ return null; } + public Request.Builder headers(Headers p0){ return null; } + public Request.Builder method(String p0, RequestBody p1){ return null; } + public Request.Builder patch(RequestBody p0){ return null; } + public Request.Builder post(RequestBody p0){ return null; } + public Request.Builder put(RequestBody p0){ return null; } + public Request.Builder removeHeader(String p0){ return null; } + public Request.Builder tag(Object p0){ return null; } + public Request.Builder url(HttpUrl p0){ return null; } + public Request.Builder url(String p0){ return null; } + public Request.Builder url(URL p0){ return null; } + public final Headers.Builder getHeaders$okhttp(){ return null; } + public final HttpUrl getUrl$okhttp(){ return null; } + public final Map, Object> getTags$okhttp(){ return null; } + public final Request.Builder delete(){ return null; } + public final RequestBody getBody$okhttp(){ return null; } + public final String getMethod$okhttp(){ return null; } + public final void setBody$okhttp(RequestBody p0){} + public final void setHeaders$okhttp(Headers.Builder p0){} + public final void setMethod$okhttp(String p0){} + public final void setTags$okhttp(Map, Object> p0){} + public final void setUrl$okhttp(HttpUrl p0){} } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java index a13ed203c53..56a8c3d085a 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java @@ -13,258 +13,81 @@ import okhttp3.Request; import okhttp3.ResponseBody; import okhttp3.internal.connection.Exchange; -public class Response implements Closeable { +public class Response implements Closeable +{ protected Response() {} - - public Response(Request p0, Protocol p1, String p2, int p3, Handshake p4, Headers p5, - ResponseBody p6, Response p7, Response p8, Response p9, long p10, long p11, - Exchange p12) {} - - public String toString() { - return null; - } - - public final CacheControl cacheControl() { - return null; - } - - public final Exchange exchange() { - return null; - } - - public final Handshake handshake() { - return null; - } - - public final Headers headers() { - return null; - } - - public final Headers trailers() { - return null; - } - - public final List challenges() { - return null; - } - - public final List headers(String p0) { - return null; - } - - public final Protocol protocol() { - return null; - } - - public final Request request() { - return null; - } - - public final Response cacheResponse() { - return null; - } - - public final Response networkResponse() { - return null; - } - - public final Response priorResponse() { - return null; - } - - public final Response.Builder newBuilder() { - return null; - } - - public final ResponseBody body() { - return null; - } - - public final ResponseBody peekBody(long p0) { - return null; - } - - public final String header(String p0) { - return null; - } - - public final String header(String p0, String p1) { - return null; - } - - public final String message() { - return null; - } - - public final boolean isRedirect() { - return false; - } - - public final boolean isSuccessful() { - return false; - } - - public final int code() { - return 0; - } - - public final long receivedResponseAtMillis() { - return 0; - } - - public final long sentRequestAtMillis() { - return 0; - } - - public void close() {} - - static public class Builder { - public Builder() {} - - public Builder(Response p0) {} - - public Response build() { - return null; - } - - public Response.Builder addHeader(String p0, String p1) { - return null; - } - - public Response.Builder body(ResponseBody p0) { - return null; - } - - public Response.Builder cacheResponse(Response p0) { - return null; - } - - public Response.Builder code(int p0) { - return null; - } - - public Response.Builder handshake(Handshake p0) { - return null; - } - - public Response.Builder header(String p0, String p1) { - return null; - } - - public Response.Builder headers(Headers p0) { - return null; - } - - public Response.Builder message(String p0) { - return null; - } - - public Response.Builder networkResponse(Response p0) { - return null; - } - - public Response.Builder priorResponse(Response p0) { - return null; - } - - public Response.Builder protocol(Protocol p0) { - return null; - } - - public Response.Builder receivedResponseAtMillis(long p0) { - return null; - } - - public Response.Builder removeHeader(String p0) { - return null; - } - - public Response.Builder request(Request p0) { - return null; - } - - public Response.Builder sentRequestAtMillis(long p0) { - return null; - } - - public final Exchange getExchange$okhttp() { - return null; - } - - public final Handshake getHandshake$okhttp() { - return null; - } - - public final Headers.Builder getHeaders$okhttp() { - return null; - } - - public final Protocol getProtocol$okhttp() { - return null; - } - - public final Request getRequest$okhttp() { - return null; - } - - public final Response getCacheResponse$okhttp() { - return null; - } - - public final Response getNetworkResponse$okhttp() { - return null; - } - - public final Response getPriorResponse$okhttp() { - return null; - } - - public final ResponseBody getBody$okhttp() { - return null; - } - - public final String getMessage$okhttp() { - return null; - } - - public final int getCode$okhttp() { - return 0; - } - - public final long getReceivedResponseAtMillis$okhttp() { - return 0; - } - - public final long getSentRequestAtMillis$okhttp() { - return 0; - } - - public final void initExchange$okhttp(Exchange p0) {} - - public final void setBody$okhttp(ResponseBody p0) {} - - public final void setCacheResponse$okhttp(Response p0) {} - - public final void setCode$okhttp(int p0) {} - - public final void setExchange$okhttp(Exchange p0) {} - - public final void setHandshake$okhttp(Handshake p0) {} - - public final void setHeaders$okhttp(Headers.Builder p0) {} - - public final void setMessage$okhttp(String p0) {} - - public final void setNetworkResponse$okhttp(Response p0) {} - - public final void setPriorResponse$okhttp(Response p0) {} - - public final void setProtocol$okhttp(Protocol p0) {} - - public final void setReceivedResponseAtMillis$okhttp(long p0) {} - - public final void setRequest$okhttp(Request p0) {} - - public final void setSentRequestAtMillis$okhttp(long p0) {} + public Response(Request p0, Protocol p1, String p2, int p3, Handshake p4, Headers p5, ResponseBody p6, Response p7, Response p8, Response p9, long p10, long p11, Exchange p12){} + public String toString(){ return null; } + public final CacheControl cacheControl(){ return null; } + public final Exchange exchange(){ return null; } + public final Handshake handshake(){ return null; } + public final Headers headers(){ return null; } + public final Headers trailers(){ return null; } + public final List challenges(){ return null; } + public final List headers(String p0){ return null; } + public final Protocol protocol(){ return null; } + public final Request request(){ return null; } + public final Response cacheResponse(){ return null; } + public final Response networkResponse(){ return null; } + public final Response priorResponse(){ return null; } + public final Response.Builder newBuilder(){ return null; } + public final ResponseBody body(){ return null; } + public final ResponseBody peekBody(long p0){ return null; } + public final String header(String p0){ return null; } + public final String header(String p0, String p1){ return null; } + public final String message(){ return null; } + public final boolean isRedirect(){ return false; } + public final boolean isSuccessful(){ return false; } + public final int code(){ return 0; } + public final long receivedResponseAtMillis(){ return 0; } + public final long sentRequestAtMillis(){ return 0; } + public void close(){} + static public class Builder + { + public Builder(){} + public Builder(Response p0){} + public Response build(){ return null; } + public Response.Builder addHeader(String p0, String p1){ return null; } + public Response.Builder body(ResponseBody p0){ return null; } + public Response.Builder cacheResponse(Response p0){ return null; } + public Response.Builder code(int p0){ return null; } + public Response.Builder handshake(Handshake p0){ return null; } + public Response.Builder header(String p0, String p1){ return null; } + public Response.Builder headers(Headers p0){ return null; } + public Response.Builder message(String p0){ return null; } + public Response.Builder networkResponse(Response p0){ return null; } + public Response.Builder priorResponse(Response p0){ return null; } + public Response.Builder protocol(Protocol p0){ return null; } + public Response.Builder receivedResponseAtMillis(long p0){ return null; } + public Response.Builder removeHeader(String p0){ return null; } + public Response.Builder request(Request p0){ return null; } + public Response.Builder sentRequestAtMillis(long p0){ return null; } + public final Exchange getExchange$okhttp(){ return null; } + public final Handshake getHandshake$okhttp(){ return null; } + public final Headers.Builder getHeaders$okhttp(){ return null; } + public final Protocol getProtocol$okhttp(){ return null; } + public final Request getRequest$okhttp(){ return null; } + public final Response getCacheResponse$okhttp(){ return null; } + public final Response getNetworkResponse$okhttp(){ return null; } + public final Response getPriorResponse$okhttp(){ return null; } + public final ResponseBody getBody$okhttp(){ return null; } + public final String getMessage$okhttp(){ return null; } + public final int getCode$okhttp(){ return 0; } + public final long getReceivedResponseAtMillis$okhttp(){ return 0; } + public final long getSentRequestAtMillis$okhttp(){ return 0; } + public final void initExchange$okhttp(Exchange p0){} + public final void setBody$okhttp(ResponseBody p0){} + public final void setCacheResponse$okhttp(Response p0){} + public final void setCode$okhttp(int p0){} + public final void setExchange$okhttp(Exchange p0){} + public final void setHandshake$okhttp(Handshake p0){} + public final void setHeaders$okhttp(Headers.Builder p0){} + public final void setMessage$okhttp(String p0){} + public final void setNetworkResponse$okhttp(Response p0){} + public final void setPriorResponse$okhttp(Response p0){} + public final void setProtocol$okhttp(Protocol p0){} + public final void setReceivedResponseAtMillis$okhttp(long p0){} + public final void setRequest$okhttp(Request p0){} + public final void setSentRequestAtMillis$okhttp(long p0){} } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java index bff177b55a0..c0d18dadece 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java @@ -6,36 +6,15 @@ import java.net.InetSocketAddress; import java.net.Proxy; import okhttp3.Address; -public class Route { +public class Route +{ protected Route() {} - - public Route(Address p0, Proxy p1, InetSocketAddress p2) {} - - public String toString() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public final Address address() { - return null; - } - - public final InetSocketAddress socketAddress() { - return null; - } - - public final Proxy proxy() { - return null; - } - - public final boolean requiresTunnel() { - return false; - } - - public int hashCode() { - return 0; - } + public Route(Address p0, Proxy p1, InetSocketAddress p2){} + public String toString(){ return null; } + public boolean equals(Object p0){ return false; } + public final Address address(){ return null; } + public final InetSocketAddress socketAddress(){ return null; } + public final Proxy proxy(){ return null; } + public final boolean requiresTunnel(){ return false; } + public int hashCode(){ return 0; } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java index fdcfdc9ab6d..33514eff350 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java @@ -3,26 +3,16 @@ package okhttp3; -public enum TlsVersion { +public enum TlsVersion +{ SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2, TLS_1_3; - private TlsVersion() {} - - public final String javaName() { - return null; - } - - public static TlsVersion forJavaName(String p0) { - return null; - } - + public final String javaName(){ return null; } + public static TlsVersion forJavaName(String p0){ return null; } public static TlsVersion.Companion Companion = null; - - static public class Companion { + static public class Companion + { protected Companion() {} - - public final TlsVersion forJavaName(String p0) { - return null; - } + public final TlsVersion forJavaName(String p0){ return null; } } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java b/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java index 3a270f5e9eb..1a9a2d0f66f 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java @@ -17,453 +17,131 @@ import okio.Sink; import okio.Source; import okio.Timeout; -public class Buffer implements BufferedSink, BufferedSource, ByteChannel, Cloneable { - public Buffer buffer() { - return null; - } - - public Buffer clone() { - return null; - } - - public Buffer emit() { - return null; - } - - public Buffer emitCompleteSegments() { - return null; - } - - public Buffer getBuffer() { - return null; - } - - public Buffer write(ByteString p0) { - return null; - } - - public Buffer write(ByteString p0, int p1, int p2) { - return null; - } - - public Buffer write(Source p0, long p1) { - return null; - } - - public Buffer write(byte[] p0) { - return null; - } - - public Buffer write(byte[] p0, int p1, int p2) { - return null; - } - - public Buffer writeByte(int p0) { - return null; - } - - public Buffer writeDecimalLong(long p0) { - return null; - } - - public Buffer writeHexadecimalUnsignedLong(long p0) { - return null; - } - - public Buffer writeInt(int p0) { - return null; - } - - public Buffer writeIntLe(int p0) { - return null; - } - - public Buffer writeLong(long p0) { - return null; - } - - public Buffer writeLongLe(long p0) { - return null; - } - - public Buffer writeShort(int p0) { - return null; - } - - public Buffer writeShortLe(int p0) { - return null; - } - - public Buffer writeString(String p0, Charset p1) { - return null; - } - - public Buffer writeString(String p0, int p1, int p2, Charset p3) { - return null; - } - - public Buffer writeUtf8(String p0) { - return null; - } - - public Buffer writeUtf8(String p0, int p1, int p2) { - return null; - } - - public Buffer writeUtf8CodePoint(int p0) { - return null; - } - - public Buffer() {} - - public BufferedSource peek() { - return null; - } - - public ByteString readByteString() { - return null; - } - - public ByteString readByteString(long p0) { - return null; - } - - public InputStream inputStream() { - return null; - } - - public OutputStream outputStream() { - return null; - } - +public class Buffer implements BufferedSink, BufferedSource, ByteChannel, Cloneable +{ + public Buffer buffer(){ return null; } + public Buffer clone(){ return null; } + public Buffer emit(){ return null; } + public Buffer emitCompleteSegments(){ return null; } + public Buffer getBuffer(){ return null; } + public Buffer write(ByteString p0){ return null; } + public Buffer write(ByteString p0, int p1, int p2){ return null; } + public Buffer write(Source p0, long p1){ return null; } + public Buffer write(byte[] p0){ return null; } + public Buffer write(byte[] p0, int p1, int p2){ return null; } + public Buffer writeByte(int p0){ return null; } + public Buffer writeDecimalLong(long p0){ return null; } + public Buffer writeHexadecimalUnsignedLong(long p0){ return null; } + public Buffer writeInt(int p0){ return null; } + public Buffer writeIntLe(int p0){ return null; } + public Buffer writeLong(long p0){ return null; } + public Buffer writeLongLe(long p0){ return null; } + public Buffer writeShort(int p0){ return null; } + public Buffer writeShortLe(int p0){ return null; } + public Buffer writeString(String p0, Charset p1){ return null; } + public Buffer writeString(String p0, int p1, int p2, Charset p3){ return null; } + public Buffer writeUtf8(String p0){ return null; } + public Buffer writeUtf8(String p0, int p1, int p2){ return null; } + public Buffer writeUtf8CodePoint(int p0){ return null; } + public Buffer(){} + public BufferedSource peek(){ return null; } + public ByteString readByteString(){ return null; } + public ByteString readByteString(long p0){ return null; } + public InputStream inputStream(){ return null; } + public OutputStream outputStream(){ return null; } public Segment head = null; - - public String readString(Charset p0) { - return null; - } - - public String readString(long p0, Charset p1) { - return null; - } - - public String readUtf8() { - return null; - } - - public String readUtf8(long p0) { - return null; - } - - public String readUtf8Line() { - return null; - } - - public String readUtf8LineStrict() { - return null; - } - - public String readUtf8LineStrict(long p0) { - return null; - } - - public String toString() { - return null; - } - - public Timeout timeout() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public boolean exhausted() { - return false; - } - - public boolean isOpen() { - return false; - } - - public boolean rangeEquals(long p0, ByteString p1) { - return false; - } - - public boolean rangeEquals(long p0, ByteString p1, int p2, int p3) { - return false; - } - - public boolean request(long p0) { - return false; - } - - public byte readByte() { - return 0; - } - - public byte[] readByteArray() { - return null; - } - - public byte[] readByteArray(long p0) { - return null; - } - - public final Buffer copy() { - return null; - } - - public final Buffer copyTo(Buffer p0, long p1) { - return null; - } - - public final Buffer copyTo(Buffer p0, long p1, long p2) { - return null; - } - - public final Buffer copyTo(OutputStream p0) { - return null; - } - - public final Buffer copyTo(OutputStream p0, long p1) { - return null; - } - - public final Buffer copyTo(OutputStream p0, long p1, long p2) { - return null; - } - - public final Buffer readFrom(InputStream p0) { - return null; - } - - public final Buffer readFrom(InputStream p0, long p1) { - return null; - } - - public final Buffer writeTo(OutputStream p0) { - return null; - } - - public final Buffer writeTo(OutputStream p0, long p1) { - return null; - } - - public final Buffer.UnsafeCursor readAndWriteUnsafe() { - return null; - } - - public final Buffer.UnsafeCursor readAndWriteUnsafe(Buffer.UnsafeCursor p0) { - return null; - } - - public final Buffer.UnsafeCursor readUnsafe() { - return null; - } - - public final Buffer.UnsafeCursor readUnsafe(Buffer.UnsafeCursor p0) { - return null; - } - - public final ByteString hmacSha1(ByteString p0) { - return null; - } - - public final ByteString hmacSha256(ByteString p0) { - return null; - } - - public final ByteString hmacSha512(ByteString p0) { - return null; - } - - public final ByteString md5() { - return null; - } - - public final ByteString sha1() { - return null; - } - - public final ByteString sha256() { - return null; - } - - public final ByteString sha512() { - return null; - } - - public final ByteString snapshot() { - return null; - } - - public final ByteString snapshot(int p0) { - return null; - } - - public final Segment writableSegment$okio(int p0) { - return null; - } - - public final byte getByte(long p0) { - return 0; - } - - public final long completeSegmentByteCount() { - return 0; - } - - public final long size() { - return 0; - } - - public final void clear() {} - - public final void setSize$okio(long p0) {} - - public int hashCode() { - return 0; - } - - public int read(ByteBuffer p0) { - return 0; - } - - public int read(byte[] p0) { - return 0; - } - - public int read(byte[] p0, int p1, int p2) { - return 0; - } - - public int readInt() { - return 0; - } - - public int readIntLe() { - return 0; - } - - public int readUtf8CodePoint() { - return 0; - } - - public int select(Options p0) { - return 0; - } - - public int write(ByteBuffer p0) { - return 0; - } - - public long indexOf(ByteString p0) { - return 0; - } - - public long indexOf(ByteString p0, long p1) { - return 0; - } - - public long indexOf(byte p0) { - return 0; - } - - public long indexOf(byte p0, long p1) { - return 0; - } - - public long indexOf(byte p0, long p1, long p2) { - return 0; - } - - public long indexOfElement(ByteString p0) { - return 0; - } - - public long indexOfElement(ByteString p0, long p1) { - return 0; - } - - public long read(Buffer p0, long p1) { - return 0; - } - - public long readAll(Sink p0) { - return 0; - } - - public long readDecimalLong() { - return 0; - } - - public long readHexadecimalUnsignedLong() { - return 0; - } - - public long readLong() { - return 0; - } - - public long readLongLe() { - return 0; - } - - public long writeAll(Source p0) { - return 0; - } - - public short readShort() { - return 0; - } - - public short readShortLe() { - return 0; - } - - public void close() {} - - public void flush() {} - - public void readFully(Buffer p0, long p1) {} - - public void readFully(byte[] p0) {} - - public void require(long p0) {} - - public void skip(long p0) {} - - public void write(Buffer p0, long p1) {} - - static public class UnsafeCursor implements Closeable { + public String readString(Charset p0){ return null; } + public String readString(long p0, Charset p1){ return null; } + public String readUtf8(){ return null; } + public String readUtf8(long p0){ return null; } + public String readUtf8Line(){ return null; } + public String readUtf8LineStrict(){ return null; } + public String readUtf8LineStrict(long p0){ return null; } + public String toString(){ return null; } + public Timeout timeout(){ return null; } + public boolean equals(Object p0){ return false; } + public boolean exhausted(){ return false; } + public boolean isOpen(){ return false; } + public boolean rangeEquals(long p0, ByteString p1){ return false; } + public boolean rangeEquals(long p0, ByteString p1, int p2, int p3){ return false; } + public boolean request(long p0){ return false; } + public byte readByte(){ return 0; } + public byte[] readByteArray(){ return null; } + public byte[] readByteArray(long p0){ return null; } + public final Buffer copy(){ return null; } + public final Buffer copyTo(Buffer p0, long p1){ return null; } + public final Buffer copyTo(Buffer p0, long p1, long p2){ return null; } + public final Buffer copyTo(OutputStream p0){ return null; } + public final Buffer copyTo(OutputStream p0, long p1){ return null; } + public final Buffer copyTo(OutputStream p0, long p1, long p2){ return null; } + public final Buffer readFrom(InputStream p0){ return null; } + public final Buffer readFrom(InputStream p0, long p1){ return null; } + public final Buffer writeTo(OutputStream p0){ return null; } + public final Buffer writeTo(OutputStream p0, long p1){ return null; } + public final Buffer.UnsafeCursor readAndWriteUnsafe(){ return null; } + public final Buffer.UnsafeCursor readAndWriteUnsafe(Buffer.UnsafeCursor p0){ return null; } + public final Buffer.UnsafeCursor readUnsafe(){ return null; } + public final Buffer.UnsafeCursor readUnsafe(Buffer.UnsafeCursor p0){ return null; } + public final ByteString hmacSha1(ByteString p0){ return null; } + public final ByteString hmacSha256(ByteString p0){ return null; } + public final ByteString hmacSha512(ByteString p0){ return null; } + public final ByteString md5(){ return null; } + public final ByteString sha1(){ return null; } + public final ByteString sha256(){ return null; } + public final ByteString sha512(){ return null; } + public final ByteString snapshot(){ return null; } + public final ByteString snapshot(int p0){ return null; } + public final Segment writableSegment$okio(int p0){ return null; } + public final byte getByte(long p0){ return 0; } + public final long completeSegmentByteCount(){ return 0; } + public final long size(){ return 0; } + public final void clear(){} + public final void setSize$okio(long p0){} + public int hashCode(){ return 0; } + public int read(ByteBuffer p0){ return 0; } + public int read(byte[] p0){ return 0; } + public int read(byte[] p0, int p1, int p2){ return 0; } + public int readInt(){ return 0; } + public int readIntLe(){ return 0; } + public int readUtf8CodePoint(){ return 0; } + public int select(Options p0){ return 0; } + public int write(ByteBuffer p0){ return 0; } + public long indexOf(ByteString p0){ return 0; } + public long indexOf(ByteString p0, long p1){ return 0; } + public long indexOf(byte p0){ return 0; } + public long indexOf(byte p0, long p1){ return 0; } + public long indexOf(byte p0, long p1, long p2){ return 0; } + public long indexOfElement(ByteString p0){ return 0; } + public long indexOfElement(ByteString p0, long p1){ return 0; } + public long read(Buffer p0, long p1){ return 0; } + public long readAll(Sink p0){ return 0; } + public long readDecimalLong(){ return 0; } + public long readHexadecimalUnsignedLong(){ return 0; } + public long readLong(){ return 0; } + public long readLongLe(){ return 0; } + public long writeAll(Source p0){ return 0; } + public short readShort(){ return 0; } + public short readShortLe(){ return 0; } + public void close(){} + public void flush(){} + public void readFully(Buffer p0, long p1){} + public void readFully(byte[] p0){} + public void require(long p0){} + public void skip(long p0){} + public void write(Buffer p0, long p1){} + static public class UnsafeCursor implements Closeable + { public Buffer buffer = null; - - public UnsafeCursor() {} - + public UnsafeCursor(){} public boolean readWrite = false; public byte[] data = null; - - public final int next() { - return 0; - } - - public final int seek(long p0) { - return 0; - } - - public final long expandBuffer(int p0) { - return 0; - } - - public final long resizeBuffer(long p0) { - return 0; - } - + public final int next(){ return 0; } + public final int seek(long p0){ return 0; } + public final long expandBuffer(int p0){ return 0; } + public final long resizeBuffer(long p0){ return 0; } public int end = 0; public int start = 0; public long offset = 0; - - public void close() {} + public void close(){} } } diff --git a/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java b/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java index 2ac5fe9901a..8378e6a047d 100644 --- a/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java +++ b/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java @@ -9,276 +9,81 @@ import java.nio.ByteBuffer; import java.nio.charset.Charset; import okio.Buffer; -public class ByteString implements Comparable, Serializable { +public class ByteString implements Comparable, Serializable +{ protected ByteString() {} - - public ByteBuffer asByteBuffer() { - return null; - } - - public ByteString digest$okio(String p0) { - return null; - } - - public ByteString hmac$okio(String p0, ByteString p1) { - return null; - } - - public ByteString hmacSha1(ByteString p0) { - return null; - } - - public ByteString hmacSha256(ByteString p0) { - return null; - } - - public ByteString hmacSha512(ByteString p0) { - return null; - } - - public ByteString md5() { - return null; - } - - public ByteString sha1() { - return null; - } - - public ByteString sha256() { - return null; - } - - public ByteString sha512() { - return null; - } - - public ByteString substring(int p0, int p1) { - return null; - } - - public ByteString toAsciiLowercase() { - return null; - } - - public ByteString toAsciiUppercase() { - return null; - } - - public ByteString(byte[] p0) {} - - public String base64() { - return null; - } - - public String base64Url() { - return null; - } - - public String hex() { - return null; - } - - public String string(Charset p0) { - return null; - } - - public String toString() { - return null; - } - - public String utf8() { - return null; - } - - public boolean equals(Object p0) { - return false; - } - - public boolean rangeEquals(int p0, ByteString p1, int p2, int p3) { - return false; - } - - public boolean rangeEquals(int p0, byte[] p1, int p2, int p3) { - return false; - } - - public byte internalGet$okio(int p0) { - return 0; - } - - public byte[] internalArray$okio() { - return null; - } - - public byte[] toByteArray() { - return null; - } - - public final ByteString substring() { - return null; - } - - public final ByteString substring(int p0) { - return null; - } - - public final String getUtf8$okio() { - return null; - } - - public final boolean endsWith(ByteString p0) { - return false; - } - - public final boolean endsWith(byte[] p0) { - return false; - } - - public final boolean startsWith(ByteString p0) { - return false; - } - - public final boolean startsWith(byte[] p0) { - return false; - } - - public final byte getByte(int p0) { - return 0; - } - - public final byte[] getData$okio() { - return null; - } - - public final int getHashCode$okio() { - return 0; - } - - public final int indexOf(ByteString p0) { - return 0; - } - - public final int indexOf(ByteString p0, int p1) { - return 0; - } - - public final int indexOf(byte[] p0) { - return 0; - } - - public final int lastIndexOf(ByteString p0) { - return 0; - } - - public final int lastIndexOf(ByteString p0, int p1) { - return 0; - } - - public final int lastIndexOf(byte[] p0) { - return 0; - } - - public final int size() { - return 0; - } - - public final void setHashCode$okio(int p0) {} - - public final void setUtf8$okio(String p0) {} - - public int compareTo(ByteString p0) { - return 0; - } - - public int getSize$okio() { - return 0; - } - - public int hashCode() { - return 0; - } - - public int indexOf(byte[] p0, int p1) { - return 0; - } - - public int lastIndexOf(byte[] p0, int p1) { - return 0; - } - + public ByteBuffer asByteBuffer(){ return null; } + public ByteString digest$okio(String p0){ return null; } + public ByteString hmac$okio(String p0, ByteString p1){ return null; } + public ByteString hmacSha1(ByteString p0){ return null; } + public ByteString hmacSha256(ByteString p0){ return null; } + public ByteString hmacSha512(ByteString p0){ return null; } + public ByteString md5(){ return null; } + public ByteString sha1(){ return null; } + public ByteString sha256(){ return null; } + public ByteString sha512(){ return null; } + public ByteString substring(int p0, int p1){ return null; } + public ByteString toAsciiLowercase(){ return null; } + public ByteString toAsciiUppercase(){ return null; } + public ByteString(byte[] p0){} + public String base64(){ return null; } + public String base64Url(){ return null; } + public String hex(){ return null; } + public String string(Charset p0){ return null; } + public String toString(){ return null; } + public String utf8(){ return null; } + public boolean equals(Object p0){ return false; } + public boolean rangeEquals(int p0, ByteString p1, int p2, int p3){ return false; } + public boolean rangeEquals(int p0, byte[] p1, int p2, int p3){ return false; } + public byte internalGet$okio(int p0){ return 0; } + public byte[] internalArray$okio(){ return null; } + public byte[] toByteArray(){ return null; } + public final ByteString substring(){ return null; } + public final ByteString substring(int p0){ return null; } + public final String getUtf8$okio(){ return null; } + public final boolean endsWith(ByteString p0){ return false; } + public final boolean endsWith(byte[] p0){ return false; } + public final boolean startsWith(ByteString p0){ return false; } + public final boolean startsWith(byte[] p0){ return false; } + public final byte getByte(int p0){ return 0; } + public final byte[] getData$okio(){ return null; } + public final int getHashCode$okio(){ return 0; } + public final int indexOf(ByteString p0){ return 0; } + public final int indexOf(ByteString p0, int p1){ return 0; } + public final int indexOf(byte[] p0){ return 0; } + public final int lastIndexOf(ByteString p0){ return 0; } + public final int lastIndexOf(ByteString p0, int p1){ return 0; } + public final int lastIndexOf(byte[] p0){ return 0; } + public final int size(){ return 0; } + public final void setHashCode$okio(int p0){} + public final void setUtf8$okio(String p0){} + public int compareTo(ByteString p0){ return 0; } + public int getSize$okio(){ return 0; } + public int hashCode(){ return 0; } + public int indexOf(byte[] p0, int p1){ return 0; } + public int lastIndexOf(byte[] p0, int p1){ return 0; } public static ByteString EMPTY = null; - - public static ByteString decodeBase64(String p0) { - return null; - } - - public static ByteString decodeHex(String p0) { - return null; - } - - public static ByteString encodeString(String p0, Charset p1) { - return null; - } - - public static ByteString encodeUtf8(String p0) { - return null; - } - - public static ByteString of(ByteBuffer p0) { - return null; - } - - public static ByteString of(byte... p0) { - return null; - } - - public static ByteString of(byte[] p0, int p1, int p2) { - return null; - } - - public static ByteString read(InputStream p0, int p1) { - return null; - } - + public static ByteString decodeBase64(String p0){ return null; } + public static ByteString decodeHex(String p0){ return null; } + public static ByteString encodeString(String p0, Charset p1){ return null; } + public static ByteString encodeUtf8(String p0){ return null; } + public static ByteString of(ByteBuffer p0){ return null; } + public static ByteString of(byte... p0){ return null; } + public static ByteString of(byte[] p0, int p1, int p2){ return null; } + public static ByteString read(InputStream p0, int p1){ return null; } public static ByteString.Companion Companion = null; - - public void write$okio(Buffer p0, int p1, int p2) {} - - public void write(OutputStream p0) {} - - static public class Companion { + public void write$okio(Buffer p0, int p1, int p2){} + public void write(OutputStream p0){} + static public class Companion + { protected Companion() {} - - public final ByteString decodeBase64(String p0) { - return null; - } - - public final ByteString decodeHex(String p0) { - return null; - } - - public final ByteString encodeString(String p0, Charset p1) { - return null; - } - - public final ByteString encodeUtf8(String p0) { - return null; - } - - public final ByteString of(ByteBuffer p0) { - return null; - } - - public final ByteString of(byte... p0) { - return null; - } - - public final ByteString of(byte[] p0, int p1, int p2) { - return null; - } - - public final ByteString read(InputStream p0, int p1) { - return null; - } + public final ByteString decodeBase64(String p0){ return null; } + public final ByteString decodeHex(String p0){ return null; } + public final ByteString encodeString(String p0, Charset p1){ return null; } + public final ByteString encodeUtf8(String p0){ return null; } + public final ByteString of(ByteBuffer p0){ return null; } + public final ByteString of(byte... p0){ return null; } + public final ByteString of(byte[] p0, int p1, int p2){ return null; } + public final ByteString read(InputStream p0, int p1){ return null; } } } diff --git a/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java index a03d03bfe0c..dfce800af76 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java @@ -13,7 +13,6 @@ import com.semmle.js.extractor.ExtractorConfig.ECMAVersion; import com.semmle.js.extractor.ExtractorConfig.Platform; import com.semmle.js.extractor.ExtractorConfig.SourceType; import com.semmle.js.parser.ParseError; -import com.semmle.util.data.Option; import com.semmle.util.data.Pair; import com.semmle.util.data.StringUtil; import com.semmle.util.io.WholeIO; @@ -239,7 +238,7 @@ public class HTMLExtractor implements IExtractor { extractor.setSourceMap(textualExtractor.getSourceMap()); } - List