Add test case for a custom Java trust store

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/buildless-fetches.expected

@@ -0,0 +1 @@
+https://localhost:4443/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIUP5OLGP5M6AlodzWUwsOgEFAeS5IwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA1MTAxODA2MTNaFw0yNTA1
+MTAxODA2MTNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCjonLrp9w3TKEzvjNxu0q7T717SBiTYQBJAliIO69V
+dKC9/PELTc/L4APIkLlB4YCFWTHblc1i5dGolWi6W1fTS+S8txD1HP2hWW20pvSP
+yDQSE7P40Ha6dLf9hGU5tIZyqxkJQJ1vsne3+YicB6SOa8Ub5dVaCK06IVTcmzkX
++3zae+OaTgBOfzxXpd3b8JGm0pLAjp7+theJzmToId2ZxDtb5Ot6fvEd1/voQ8i+
+wlYhpwpM0+KCL8R0P57XB1hXxvz/25OUSQQvcUF9TeckvVm+4P01Zip4/WublBue
+q9b4ctA3TZotdN/FO1rLZ74v1+uqWSvso+47YWH7OVjLAgMBAAGjaTBnMB0GA1Ud
+DgQWBBQ9xal7NPTWMjgQc45zfTPTuC/IWjAfBgNVHSMEGDAWgBQ9xal7NPTWMjgQ
+c45zfTPTuC/IWjAPBgNVHRMBAf8EBTADAQH/MBQGA1UdEQQNMAuCCWxvY2FsaG9z
+dDANBgkqhkiG9w0BAQsFAAOCAQEAC7s9WsRYQD5U1jb+PTsUPgYga/SPnmJ7Y2e6
+0Wtdj5ggG/DyGOVOWXVTiv7qI36N2iNfv2XfR1i9jnr/7HcEJPOgXHjCM6m/bg3v
+9xamt5VIjM6ZeVStgPZe1kuXP9CinhuRfa2ypfqZKXXIj4Ri+cv9qCRmLyTcJCpa
++WrlP/NdpQQ3WhghCzoD4dlXGVwcAWV7lAhWgnZbxq+CjMCXt+cIOhCX8tyzsDAK
+0BnLokXfFPwHrIvniayQJWcMFbEQuLuLgG/KlChbsCgKBfTY/jYnr5tl5ukcEUrr
+hci9Ww25oELOoghZAIKV2Mstc4aZHx7EBCygZap6/Z+PmOBkjw==
+-----END CERTIFICATE-----

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/diagnostics.expected

@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 1 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
+    "name": "Java analysis extracted precise dependency graph information from tool Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjonLrp9w3TKEz
+vjNxu0q7T717SBiTYQBJAliIO69VdKC9/PELTc/L4APIkLlB4YCFWTHblc1i5dGo
+lWi6W1fTS+S8txD1HP2hWW20pvSPyDQSE7P40Ha6dLf9hGU5tIZyqxkJQJ1vsne3
++YicB6SOa8Ub5dVaCK06IVTcmzkX+3zae+OaTgBOfzxXpd3b8JGm0pLAjp7+theJ
+zmToId2ZxDtb5Ot6fvEd1/voQ8i+wlYhpwpM0+KCL8R0P57XB1hXxvz/25OUSQQv
+cUF9TeckvVm+4P01Zip4/WublBueq9b4ctA3TZotdN/FO1rLZ74v1+uqWSvso+47
+YWH7OVjLAgMBAAECgf8xdXxjQPivkL4jB8CyZrahotkxCVsDi9xoEr84NU87aK+q
+Vsm334jBxv9dwhD+KF3jfomqGZ1ErZ5K5I5oCbxrPa0NUezqpo6iFBYPAY9ynCHA
+Q/ALIoWNNrSIMFRzpS4PKxQWhKRyJB6T+iJWF/lKAdznUy/2Su1a9EZifmYveFKk
+71bso/KPZLKslf0VwwebvH7BSwjZUISLJzgP4gorBCI2CHo6qai963XA+7POgoPk
+Oz1g1QQOypHCAPaONBAuzqbUGoezQtWSBmshmRTTgz1ZYSvxf9iVvPUutT7jsKaC
+TKa18UMN0tvXk0SzGZiSX/fgGUQCybe6ydevQcECgYEA0TvP80Y/B0M5NjG7278l
+nSYrpGILW81frYr7i2W6B5sD/XTNjGMBsTh14FA90J2oii9OxZrH8TIku/+WXb8i
+T6aEz5javHe0qtYSgSO/99uP7/r/AXQcuLvyZAmGF+q3vsM6wpc1E4dwEAXy2m1l
+pyyWbXZmy/dWtwCuqZzPTrsCgYEAyDV+HX6esGdMAfRgrxfiP9Aqx4q83R3zDPI8
+xSrMhF17T3Url0a9lRdyfzEZHopqfK/DsHH+I+RPr3FxDT+09oE8n2N5oAgYrtLH
+CnTZi84yV3l9TRqG3pCKtGMT8z4qQgtniExgX3lBYyjkzyePctLUElQTEO2gBBxZ
+tHN65TECgYEArqa/uXDskbJiYkN3bUGMMzY2fbu9gX7YG7OEr2JVu52A4iOKpGHM
+etMHShuQzb+cfORqW3YM6d+SXD9Hk69FA7ma6PLNuz4s1+FjhtqBlnJ3Hrmj/OGg
+S+/OsARnIzWw9RJfzSiMjGWkfCuLARsKHFaSpoKL4jvu7Ukrgrc7MJsCgYEAl8Os
+8RC9nD0Bae3kqHWzZOoYs6AgoIEGcAbkOBXEaIYwZkAMpiTSq0TV30LJptQH+rKF
+5afTnUOBgB2/M+rZ845t9OjEFqJsi4Ftrih7jDXnBVYrvJniKK5q5mjAg7/Y6q2Y
+csJqv5S8Ez25jKqRW9ojNi2TMl7e0J7pBRgQzdECgYAFQ06YB1w4Sgw7fRtMJwyT
+8E7Bbi3BeD/sLEXuNRBDVbbyHMvPYu2qEwRTdXpXKwN5P0dGw/JAGYzTeq6EKiFz
+lajQVGs6l1yOz7a4e62qPQtjSUGzkYHsCopARTOjCpHt1yxL/Mzh3u0qW6yIeaB4
+4QQRjB9++Jpci2GQiTPhyg==
+-----END PRIVATE KEY-----

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/pom.xml

@@ -0,0 +1,35 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+ 
+  <groupId>com.mycompany.app</groupId>
+  <artifactId>my-app</artifactId>
+  <version>1.0-SNAPSHOT</version>
+ 
+  <properties>
+    <maven.compiler.source>8</maven.compiler.source>
+    <maven.compiler.target>8</maven.compiler.target>
+  </properties>
+
+  <repositories>
+    <repository>
+      <id>snapshot-test-repo</id>
+      <url>https://localhost:4443/snapshots</url>
+      <releases>
+        <enabled>false</enabled>
+      </releases>
+      <snapshots>
+        <enabled>true</enabled>
+        <updatePolicy>always</updatePolicy>
+      </snapshots>
+    </repository>
+  </repositories>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.github.my.snapshot.test</groupId>
+      <artifactId>snapshottest</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+  </dependencies>
+</project>

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml

@@ -0,0 +1,24 @@
+<metadata modelVersion="1.1.0">
+  <groupId>com.github.my.snapshot.test</groupId>
+  <artifactId>snapshottest</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <versioning>
+    <lastUpdated>20230101020304</lastUpdated>
+    <snapshot>
+      <timestamp>20230901.050514</timestamp>
+      <buildNumber>100</buildNumber>
+    </snapshot>
+    <snapshotVersions>
+      <snapshotVersion>
+        <extension>jar</extension>
+        <value>1.0-20230901.050514-100</value>
+        <updated>20230101020304</updated>
+      </snapshotVersion>
+      <snapshotVersion>
+        <extension>pom</extension>
+        <value>1.0-20230901.050514-100</value>
+        <updated>20230101020304</updated>
+      </snapshotVersion>
+    </snapshotVersions>
+  </versioning>
+</metadata>

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml.md5

@@ -0,0 +1 @@
+cf2064037098dc6d4294ef6f1a12dc75

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml.sha1

@@ -0,0 +1 @@
+aeabf1dbf735290f5317d78459b3219d267dbb0e

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar.md5

@@ -0,0 +1 @@
+dbb202adb2f6c5504c9b29b93610dd9e

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar.sha1

@@ -0,0 +1 @@
+6db6f637a68116728830d5610cbafb608bc58a21

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom

@@ -0,0 +1,13 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+ 
+  <groupId>com.github.my.snapshot.test</groupId>
+  <artifactId>snapshottest</artifactId>
+  <version>1.0-SNAPSHOT</version>
+ 
+  <properties>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+  </properties>
+</project>

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom.md5

@@ -0,0 +1 @@
+66c5f73407153610dc3f5743eef678f3

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom.sha1

@@ -0,0 +1 @@
+f895a88d2490dbcec8228c2a528bde029d80409e

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/server.py

@@ -0,0 +1,11 @@
+from http.server import HTTPServer, SimpleHTTPRequestHandler
+import ssl
+
+
+httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler)
+
+httpd.socket = ssl.wrap_socket (httpd.socket, 
+        keyfile="../key.pem", 
+        certfile="../cert.pem", server_side=True)
+
+httpd.serve_forever()

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/src/main/java/Test.java

@@ -0,0 +1,7 @@
+import testpkg.DepClass;
+
+public class Test { 
+
+  DepClass dc;
+
+}

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.expected

@@ -0,0 +1,3 @@
+diagnostics
+#select
+| DepClass |

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.py

@@ -0,0 +1,21 @@
+import sys
+
+from create_database_utils import *
+from buildless_test_utils import *
+from diagnostics_test_utils import *
+import subprocess
+import os.path
+
+repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd = "repo")
+
+mypath = os.path.abspath(os.path.dirname(__file__))
+certspath = os.path.join(mypath, "jdk8_shipped_cacerts_plus_cert_pem")
+maven_certs_option = "-Djavax.net.ssl.trustStore=" + certspath
+
+try:
+  run_codeql_database_create([], lang="java", extra_args=["--build-mode=none"], extra_env={"MAVEN_OPTS": maven_certs_option, "CODEQL_JAVA_EXTRACTOR_TRUST_STORE_PATH": certspath})
+finally:
+  repo_server_process.kill()
+
+check_buildless_fetches()
+check_diagnostics()

java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.ql

@@ -0,0 +1,8 @@
+import java
+import semmle.code.java.Diagnostics
+
+query predicate diagnostics(Diagnostic d) { any() }
+
+from Class c
+where c.getName() = "DepClass"
+select c.toString()