diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref index 9658a376bb9..b3c88b353dd 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/NonceReuse.qlref @@ -1,2 +1,4 @@ query: experimental/quantum/Examples/ReusedNonce.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java index e384143db08..80524e269e7 100644 --- a/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java @@ -16,7 +16,7 @@ public class Test { private static byte[] getRandomWrapper1() throws Exception { byte[] val = new byte[16]; - new SecureRandom().nextBytes(val); + new SecureRandom().nextBytes(val); // $ Source return val; } @@ -37,7 +37,7 @@ public class Test { IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKey key = generateAESKey(); - cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcB1 + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // $ Alert // BAD: Reuse of `iv` in funcB1 byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } @@ -46,7 +46,7 @@ public class Test { IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKey key = generateAESKey(); - cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcA1 + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // $ Alert // BAD: Reuse of `iv` in funcA1 byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } @@ -73,13 +73,13 @@ public class Test { IvParameterSpec ivSpec1 = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKey key1 = generateAESKey(); - cipher.init(Cipher.ENCRYPT_MODE, key1, ivSpec1); // BAD: reuse of `iv` below + cipher.init(Cipher.ENCRYPT_MODE, key1, ivSpec1); // $ Alert // BAD: reuse of `iv` below byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); IvParameterSpec ivSpec2 = new IvParameterSpec(iv); Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKey key2 = generateAESKey(); - cipher2.init(Cipher.ENCRYPT_MODE, key2, ivSpec2); // BAD: Reuse of `iv` above + cipher2.init(Cipher.ENCRYPT_MODE, key2, ivSpec2); // $ Alert // BAD: Reuse of `iv` above byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.qlref b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.qlref index ea158af1e3a..3b0cb0955c9 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jJndiInjectionTest.java b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jJndiInjectionTest.java index c180fdc40f1..25f43bf4e69 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-020/Log4jJndiInjectionTest.java +++ b/java/ql/test/experimental/query-tests/security/CWE-020/Log4jJndiInjectionTest.java @@ -21,985 +21,985 @@ public class Log4jJndiInjectionTest { private HttpServletRequest request; public Object source() { - return request.getParameter("source"); + return request.getParameter("source"); // $ Source } public void test() { Logger logger = null; { // @formatter:off - logger.debug((CharSequence) source()); - logger.debug((CharSequence) source(), (Throwable) null); - logger.debug((Marker) null, (CharSequence) source()); - logger.debug((Marker) null, (CharSequence) source(), null); - logger.debug((Marker) null, (Message) source()); - logger.debug((Marker) null, (MessageSupplier) source()); - logger.debug((Marker) null, (MessageSupplier) source(), null); - logger.debug((Marker) null, source()); - logger.debug((Marker) null, (String) source()); - logger.debug((Marker) null, (String) source(), new Object[] {}); - logger.debug((Marker) null, (String) null, new Object[] {source()}); - logger.debug((Marker) null, (String) null, (Object) source()); - logger.debug((Marker) null, (String) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((Marker) null, (String) source(), (Supplier) null); - logger.debug((Marker) null, (String) null, (Supplier) source()); - logger.debug((Marker) null, (String) source(), (Throwable) null); - logger.debug((Marker) null, (Supplier) source()); - logger.debug((Marker) null, (Supplier) source(), (Throwable) null); - logger.debug((MessageSupplier) source()); - logger.debug((MessageSupplier) source(), (Throwable) null); - logger.debug((Message) source()); - logger.debug((Message) source(), (Throwable) null); - logger.debug(source()); - logger.debug(source(), (Throwable) null); - logger.debug((String) source()); - logger.debug((String) source(), (Object[]) null); - logger.debug((String) null, new Object[] {source()}); - logger.debug((String) null, (Object) source()); - logger.debug((String) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) source(), (Object) null); - logger.debug((String) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.debug((String) source(), (Supplier) null); - logger.debug((String) null, (Supplier) source()); - logger.debug((String) source(), (Throwable) null); - logger.debug((Supplier) source()); - logger.debug((Supplier) source(), (Throwable) null); - logger.error((CharSequence) source()); - logger.error((CharSequence) source(), (Throwable) null); - logger.error((Marker) null, (CharSequence) source()); - logger.error((Marker) null, (CharSequence) source(), null); - logger.error((Marker) null, (Message) source()); - logger.error((Marker) null, (MessageSupplier) source()); - logger.error((Marker) null, (MessageSupplier) source(), null); - logger.error((Marker) null, source()); - logger.error((Marker) null, (String) source()); - logger.error((Marker) null, (String) source(), new Object[] {}); - logger.error((Marker) null, (String) null, new Object[] {source()}); - logger.error((Marker) null, (String) null, (Object) source()); - logger.error((Marker) null, (String) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((Marker) null, (String) source(), (Supplier) null); - logger.error((Marker) null, (String) null, (Supplier) source()); - logger.error((Marker) null, (String) source(), (Throwable) null); - logger.error((Marker) null, (Supplier) source()); - logger.error((Marker) null, (Supplier) source(), (Throwable) null); - logger.error((MessageSupplier) source()); - logger.error((MessageSupplier) source(), (Throwable) null); - logger.error((Message) source()); - logger.error((Message) source(), (Throwable) null); - logger.error(source()); - logger.error(source(), (Throwable) null); - logger.error((String) source()); - logger.error((String) source(), (Object[]) null); - logger.error((String) null, new Object[] {source()}); - logger.error((String) null, (Object) source()); - logger.error((String) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) source(), (Object) null); - logger.error((String) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.error((String) source(), (Supplier) null); - logger.error((String) null, (Supplier) source()); - logger.error((String) source(), (Throwable) null); - logger.error((Supplier) source()); - logger.error((Supplier) source(), (Throwable) null); - logger.fatal((CharSequence) source()); - logger.fatal((CharSequence) source(), (Throwable) null); - logger.fatal((Marker) null, (CharSequence) source()); - logger.fatal((Marker) null, (CharSequence) source(), null); - logger.fatal((Marker) null, (Message) source()); - logger.fatal((Marker) null, (MessageSupplier) source()); - logger.fatal((Marker) null, (MessageSupplier) source(), null); - logger.fatal((Marker) null, source()); - logger.fatal((Marker) null, (String) source()); - logger.fatal((Marker) null, (String) source(), new Object[] {}); - logger.fatal((Marker) null, (String) null, new Object[] {source()}); - logger.fatal((Marker) null, (String) null, (Object) source()); - logger.fatal((Marker) null, (String) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((Marker) null, (String) source(), (Supplier) null); - logger.fatal((Marker) null, (String) null, (Supplier) source()); - logger.fatal((Marker) null, (String) source(), (Throwable) null); - logger.fatal((Marker) null, (Supplier) source()); - logger.fatal((Marker) null, (Supplier) source(), (Throwable) null); - logger.fatal((MessageSupplier) source()); - logger.fatal((MessageSupplier) source(), (Throwable) null); - logger.fatal((Message) source()); - logger.fatal((Message) source(), (Throwable) null); - logger.fatal(source()); - logger.fatal(source(), (Throwable) null); - logger.fatal((String) source()); - logger.fatal((String) source(), (Object[]) null); - logger.fatal((String) null, new Object[] {source()}); - logger.fatal((String) null, (Object) source()); - logger.fatal((String) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) source(), (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.fatal((String) source(), (Supplier) null); - logger.fatal((String) null, (Supplier) source()); - logger.fatal((String) source(), (Throwable) null); - logger.fatal((Supplier) source()); - logger.fatal((Supplier) source(), (Throwable) null); - logger.info((CharSequence) source()); - logger.info((CharSequence) source(), (Throwable) null); - logger.info((Marker) null, (CharSequence) source()); - logger.info((Marker) null, (CharSequence) source(), null); - logger.info((Marker) null, (Message) source()); - logger.info((Marker) null, (MessageSupplier) source()); - logger.info((Marker) null, (MessageSupplier) source(), null); - logger.info((Marker) null, source()); - logger.info((Marker) null, (String) source()); - logger.info((Marker) null, (String) source(), new Object[] {}); - logger.info((Marker) null, (String) null, new Object[] {source()}); - logger.info((Marker) null, (String) null, (Object) source()); - logger.info((Marker) null, (String) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((Marker) null, (String) source(), (Supplier) null); - logger.info((Marker) null, (String) null, (Supplier) source()); - logger.info((Marker) null, (String) source(), (Throwable) null); - logger.info((Marker) null, (Supplier) source()); - logger.info((Marker) null, (Supplier) source(), (Throwable) null); - logger.info((MessageSupplier) source()); - logger.info((MessageSupplier) source(), (Throwable) null); - logger.info((Message) source()); - logger.info((Message) source(), (Throwable) null); - logger.info(source()); - logger.info(source(), (Throwable) null); - logger.info((String) source()); - logger.info((String) source(), (Object[]) null); - logger.info((String) null, new Object[] {source()}); - logger.info((String) null, (Object) source()); - logger.info((String) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) source(), (Object) null); - logger.info((String) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.info((String) source(), (Supplier) null); - logger.info((String) null, (Supplier) source()); - logger.info((String) source(), (Throwable) null); - logger.info((Supplier) source()); - logger.info((Supplier) source(), (Throwable) null); - logger.log((Level) null, (CharSequence) source()); - logger.log((Level) null, (CharSequence) source(), (Throwable) null); - logger.log((Level) null, (Marker) null, (CharSequence) source()); - logger.log((Level) null, (Marker) null, (CharSequence) source(), null); - logger.log((Level) null, (Marker) null, (Message) source()); - logger.log((Level) null, (Marker) null, (MessageSupplier) source()); - logger.log((Level) null, (Marker) null, (MessageSupplier) source(), null); - logger.log((Level) null, (Marker) null, source()); - logger.log((Level) null, (Marker) null, (String) source()); - logger.log((Level) null, (Marker) null, (String) source(), new Object[] {}); - logger.log((Level) null, (Marker) null, (String) null, new Object[] {source()}); - logger.log((Level) null, (Marker) null, (String) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (Marker) null, (String) source(), (Supplier) null); - logger.log((Level) null, (Marker) null, (String) null, (Supplier) source()); - logger.log((Level) null, (Marker) null, (String) source(), (Throwable) null); - logger.log((Level) null, (Marker) null, (Supplier) source()); - logger.log((Level) null, (Marker) null, (Supplier) source(), (Throwable) null); - logger.log((Level) null, (MessageSupplier) source()); - logger.log((Level) null, (MessageSupplier) source(), (Throwable) null); - logger.log((Level) null, (Message) source()); - logger.log((Level) null, (Message) source(), (Throwable) null); - logger.log((Level) null, source()); - logger.log((Level) null, source(), (Throwable) null); - logger.log((Level) null, (String) source()); - logger.log((Level) null, (String) source(), (Object[]) null); - logger.log((Level) null, (String) null, new Object[] {source()}); - logger.log((Level) null, (String) null, (Object) source()); - logger.log((Level) null, (String) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.log((Level) null, (String) source(), (Supplier) null); - logger.log((Level) null, (String) null, (Supplier) source()); - logger.log((Level) null, (String) source(), (Throwable) null); - logger.log((Level) null, (Supplier) source()); - logger.log((Level) null, (Supplier) source(), (Throwable) null); - logger.trace((CharSequence) source()); - logger.trace((CharSequence) source(), (Throwable) null); - logger.trace((Marker) null, (CharSequence) source()); - logger.trace((Marker) null, (CharSequence) source(), null); - logger.trace((Marker) null, (Message) source()); - logger.trace((Marker) null, (MessageSupplier) source()); - logger.trace((Marker) null, (MessageSupplier) source(), null); - logger.trace((Marker) null, source()); - logger.trace((Marker) null, (String) source()); - logger.trace((Marker) null, (String) source(), new Object[] {}); - logger.trace((Marker) null, (String) null, new Object[] {source()}); - logger.trace((Marker) null, (String) null, (Object) source()); - logger.trace((Marker) null, (String) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((Marker) null, (String) source(), (Supplier) null); - logger.trace((Marker) null, (String) null, (Supplier) source()); - logger.trace((Marker) null, (String) source(), (Throwable) null); - logger.trace((Marker) null, (Supplier) source()); - logger.trace((Marker) null, (Supplier) source(), (Throwable) null); - logger.trace((MessageSupplier) source()); - logger.trace((MessageSupplier) source(), (Throwable) null); - logger.trace((Message) source()); - logger.trace((Message) source(), (Throwable) null); - logger.trace(source()); - logger.trace(source(), (Throwable) null); - logger.trace((String) source()); - logger.trace((String) source(), (Object[]) null); - logger.trace((String) null, new Object[] {source()}); - logger.trace((String) null, (Object) source()); - logger.trace((String) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) source(), (Object) null); - logger.trace((String) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.trace((String) source(), (Supplier) null); - logger.trace((String) null, (Supplier) source()); - logger.trace((String) source(), (Throwable) null); - logger.trace((Supplier) source()); - logger.trace((Supplier) source(), (Throwable) null); - logger.warn((CharSequence) source()); - logger.warn((CharSequence) source(), (Throwable) null); - logger.warn((Marker) null, (CharSequence) source()); - logger.warn((Marker) null, (CharSequence) source(), null); - logger.warn((Marker) null, (Message) source()); - logger.warn((Marker) null, (MessageSupplier) source()); - logger.warn((Marker) null, (MessageSupplier) source(), null); - logger.warn((Marker) null, source()); - logger.warn((Marker) null, (String) source()); - logger.warn((Marker) null, (String) source(), new Object[] {}); - logger.warn((Marker) null, (String) null, new Object[] {source()}); - logger.warn((Marker) null, (String) null, (Object) source()); - logger.warn((Marker) null, (String) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((Marker) null, (String) source(), (Supplier) null); - logger.warn((Marker) null, (String) null, (Supplier) source()); - logger.warn((Marker) null, (String) source(), (Throwable) null); - logger.warn((Marker) null, (Supplier) source()); - logger.warn((Marker) null, (Supplier) source(), (Throwable) null); - logger.warn((MessageSupplier) source()); - logger.warn((MessageSupplier) source(), (Throwable) null); - logger.warn((Message) source()); - logger.warn((Message) source(), (Throwable) null); - logger.warn(source()); - logger.warn(source(), (Throwable) null); - logger.warn((String) source()); - logger.warn((String) source(), (Object[]) null); - logger.warn((String) null, new Object[] {source()}); - logger.warn((String) null, (Object) source()); - logger.warn((String) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) source(), (Object) null); - logger.warn((String) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - logger.warn((String) source(), (Supplier) null); - logger.warn((String) null, (Supplier) source()); - logger.warn((String) source(), (Throwable) null); - logger.warn((Supplier) source()); - logger.warn((Supplier) source(), (Throwable) null); + logger.debug((CharSequence) source()); // $ Alert + logger.debug((CharSequence) source(), (Throwable) null); // $ Alert + logger.debug((Marker) null, (CharSequence) source()); // $ Alert + logger.debug((Marker) null, (CharSequence) source(), null); // $ Alert + logger.debug((Marker) null, (Message) source()); // $ Alert + logger.debug((Marker) null, (MessageSupplier) source()); // $ Alert + logger.debug((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.debug((Marker) null, source()); // $ Alert + logger.debug((Marker) null, (String) source()); // $ Alert + logger.debug((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.debug((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.debug((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.debug((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.debug((Marker) null, (Supplier) source()); // $ Alert + logger.debug((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.debug((MessageSupplier) source()); // $ Alert + logger.debug((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.debug((Message) source()); // $ Alert + logger.debug((Message) source(), (Throwable) null); // $ Alert + logger.debug(source()); // $ Alert + logger.debug(source(), (Throwable) null); // $ Alert + logger.debug((String) source()); // $ Alert + logger.debug((String) source(), (Object[]) null); // $ Alert + logger.debug((String) null, new Object[] {source()}); // $ Alert + logger.debug((String) null, (Object) source()); // $ Alert + logger.debug((String) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.debug((String) source(), (Supplier) null); // $ Alert + logger.debug((String) null, (Supplier) source()); // $ Alert + logger.debug((String) source(), (Throwable) null); // $ Alert + logger.debug((Supplier) source()); // $ Alert + logger.debug((Supplier) source(), (Throwable) null); // $ Alert + logger.error((CharSequence) source()); // $ Alert + logger.error((CharSequence) source(), (Throwable) null); // $ Alert + logger.error((Marker) null, (CharSequence) source()); // $ Alert + logger.error((Marker) null, (CharSequence) source(), null); // $ Alert + logger.error((Marker) null, (Message) source()); // $ Alert + logger.error((Marker) null, (MessageSupplier) source()); // $ Alert + logger.error((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.error((Marker) null, source()); // $ Alert + logger.error((Marker) null, (String) source()); // $ Alert + logger.error((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.error((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.error((Marker) null, (String) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.error((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.error((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.error((Marker) null, (Supplier) source()); // $ Alert + logger.error((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.error((MessageSupplier) source()); // $ Alert + logger.error((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.error((Message) source()); // $ Alert + logger.error((Message) source(), (Throwable) null); // $ Alert + logger.error(source()); // $ Alert + logger.error(source(), (Throwable) null); // $ Alert + logger.error((String) source()); // $ Alert + logger.error((String) source(), (Object[]) null); // $ Alert + logger.error((String) null, new Object[] {source()}); // $ Alert + logger.error((String) null, (Object) source()); // $ Alert + logger.error((String) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.error((String) source(), (Supplier) null); // $ Alert + logger.error((String) null, (Supplier) source()); // $ Alert + logger.error((String) source(), (Throwable) null); // $ Alert + logger.error((Supplier) source()); // $ Alert + logger.error((Supplier) source(), (Throwable) null); // $ Alert + logger.fatal((CharSequence) source()); // $ Alert + logger.fatal((CharSequence) source(), (Throwable) null); // $ Alert + logger.fatal((Marker) null, (CharSequence) source()); // $ Alert + logger.fatal((Marker) null, (CharSequence) source(), null); // $ Alert + logger.fatal((Marker) null, (Message) source()); // $ Alert + logger.fatal((Marker) null, (MessageSupplier) source()); // $ Alert + logger.fatal((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.fatal((Marker) null, source()); // $ Alert + logger.fatal((Marker) null, (String) source()); // $ Alert + logger.fatal((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.fatal((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.fatal((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.fatal((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.fatal((Marker) null, (Supplier) source()); // $ Alert + logger.fatal((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.fatal((MessageSupplier) source()); // $ Alert + logger.fatal((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.fatal((Message) source()); // $ Alert + logger.fatal((Message) source(), (Throwable) null); // $ Alert + logger.fatal(source()); // $ Alert + logger.fatal(source(), (Throwable) null); // $ Alert + logger.fatal((String) source()); // $ Alert + logger.fatal((String) source(), (Object[]) null); // $ Alert + logger.fatal((String) null, new Object[] {source()}); // $ Alert + logger.fatal((String) null, (Object) source()); // $ Alert + logger.fatal((String) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.fatal((String) source(), (Supplier) null); // $ Alert + logger.fatal((String) null, (Supplier) source()); // $ Alert + logger.fatal((String) source(), (Throwable) null); // $ Alert + logger.fatal((Supplier) source()); // $ Alert + logger.fatal((Supplier) source(), (Throwable) null); // $ Alert + logger.info((CharSequence) source()); // $ Alert + logger.info((CharSequence) source(), (Throwable) null); // $ Alert + logger.info((Marker) null, (CharSequence) source()); // $ Alert + logger.info((Marker) null, (CharSequence) source(), null); // $ Alert + logger.info((Marker) null, (Message) source()); // $ Alert + logger.info((Marker) null, (MessageSupplier) source()); // $ Alert + logger.info((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.info((Marker) null, source()); // $ Alert + logger.info((Marker) null, (String) source()); // $ Alert + logger.info((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.info((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.info((Marker) null, (String) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.info((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.info((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.info((Marker) null, (Supplier) source()); // $ Alert + logger.info((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.info((MessageSupplier) source()); // $ Alert + logger.info((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.info((Message) source()); // $ Alert + logger.info((Message) source(), (Throwable) null); // $ Alert + logger.info(source()); // $ Alert + logger.info(source(), (Throwable) null); // $ Alert + logger.info((String) source()); // $ Alert + logger.info((String) source(), (Object[]) null); // $ Alert + logger.info((String) null, new Object[] {source()}); // $ Alert + logger.info((String) null, (Object) source()); // $ Alert + logger.info((String) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.info((String) source(), (Supplier) null); // $ Alert + logger.info((String) null, (Supplier) source()); // $ Alert + logger.info((String) source(), (Throwable) null); // $ Alert + logger.info((Supplier) source()); // $ Alert + logger.info((Supplier) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (CharSequence) source()); // $ Alert + logger.log((Level) null, (CharSequence) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (Marker) null, (CharSequence) source()); // $ Alert + logger.log((Level) null, (Marker) null, (CharSequence) source(), null); // $ Alert + logger.log((Level) null, (Marker) null, (Message) source()); // $ Alert + logger.log((Level) null, (Marker) null, (MessageSupplier) source()); // $ Alert + logger.log((Level) null, (Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.log((Level) null, (Marker) null, source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.log((Level) null, (Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.log((Level) null, (Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (Marker) null, (Supplier) source()); // $ Alert + logger.log((Level) null, (Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (MessageSupplier) source()); // $ Alert + logger.log((Level) null, (MessageSupplier) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (Message) source()); // $ Alert + logger.log((Level) null, (Message) source(), (Throwable) null); // $ Alert + logger.log((Level) null, source()); // $ Alert + logger.log((Level) null, source(), (Throwable) null); // $ Alert + logger.log((Level) null, (String) source()); // $ Alert + logger.log((Level) null, (String) source(), (Object[]) null); // $ Alert + logger.log((Level) null, (String) null, new Object[] {source()}); // $ Alert + logger.log((Level) null, (String) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.log((Level) null, (String) source(), (Supplier) null); // $ Alert + logger.log((Level) null, (String) null, (Supplier) source()); // $ Alert + logger.log((Level) null, (String) source(), (Throwable) null); // $ Alert + logger.log((Level) null, (Supplier) source()); // $ Alert + logger.log((Level) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.trace((CharSequence) source()); // $ Alert + logger.trace((CharSequence) source(), (Throwable) null); // $ Alert + logger.trace((Marker) null, (CharSequence) source()); // $ Alert + logger.trace((Marker) null, (CharSequence) source(), null); // $ Alert + logger.trace((Marker) null, (Message) source()); // $ Alert + logger.trace((Marker) null, (MessageSupplier) source()); // $ Alert + logger.trace((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.trace((Marker) null, source()); // $ Alert + logger.trace((Marker) null, (String) source()); // $ Alert + logger.trace((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.trace((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.trace((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.trace((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.trace((Marker) null, (Supplier) source()); // $ Alert + logger.trace((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.trace((MessageSupplier) source()); // $ Alert + logger.trace((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.trace((Message) source()); // $ Alert + logger.trace((Message) source(), (Throwable) null); // $ Alert + logger.trace(source()); // $ Alert + logger.trace(source(), (Throwable) null); // $ Alert + logger.trace((String) source()); // $ Alert + logger.trace((String) source(), (Object[]) null); // $ Alert + logger.trace((String) null, new Object[] {source()}); // $ Alert + logger.trace((String) null, (Object) source()); // $ Alert + logger.trace((String) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.trace((String) source(), (Supplier) null); // $ Alert + logger.trace((String) null, (Supplier) source()); // $ Alert + logger.trace((String) source(), (Throwable) null); // $ Alert + logger.trace((Supplier) source()); // $ Alert + logger.trace((Supplier) source(), (Throwable) null); // $ Alert + logger.warn((CharSequence) source()); // $ Alert + logger.warn((CharSequence) source(), (Throwable) null); // $ Alert + logger.warn((Marker) null, (CharSequence) source()); // $ Alert + logger.warn((Marker) null, (CharSequence) source(), null); // $ Alert + logger.warn((Marker) null, (Message) source()); // $ Alert + logger.warn((Marker) null, (MessageSupplier) source()); // $ Alert + logger.warn((Marker) null, (MessageSupplier) source(), null); // $ Alert + logger.warn((Marker) null, source()); // $ Alert + logger.warn((Marker) null, (String) source()); // $ Alert + logger.warn((Marker) null, (String) source(), new Object[] {}); // $ Alert + logger.warn((Marker) null, (String) null, new Object[] {source()}); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((Marker) null, (String) source(), (Supplier) null); // $ Alert + logger.warn((Marker) null, (String) null, (Supplier) source()); // $ Alert + logger.warn((Marker) null, (String) source(), (Throwable) null); // $ Alert + logger.warn((Marker) null, (Supplier) source()); // $ Alert + logger.warn((Marker) null, (Supplier) source(), (Throwable) null); // $ Alert + logger.warn((MessageSupplier) source()); // $ Alert + logger.warn((MessageSupplier) source(), (Throwable) null); // $ Alert + logger.warn((Message) source()); // $ Alert + logger.warn((Message) source(), (Throwable) null); // $ Alert + logger.warn(source()); // $ Alert + logger.warn(source(), (Throwable) null); // $ Alert + logger.warn((String) source()); // $ Alert + logger.warn((String) source(), (Object[]) null); // $ Alert + logger.warn((String) null, new Object[] {source()}); // $ Alert + logger.warn((String) null, (Object) source()); // $ Alert + logger.warn((String) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + logger.warn((String) source(), (Supplier) null); // $ Alert + logger.warn((String) null, (Supplier) source()); // $ Alert + logger.warn((String) source(), (Throwable) null); // $ Alert + logger.warn((Supplier) source()); // $ Alert + logger.warn((Supplier) source(), (Throwable) null); // $ Alert // @formatter:on - logger.logMessage(null, null, null, null, (Message) source(), null); - logger.printf(null, null, (String) source(), (Object[]) null); - logger.printf(null, null, null, new Object[] {source()}); - logger.printf(null, (String) source(), (Object[]) null); - logger.printf(null, null, new Object[] {source()}); + logger.logMessage(null, null, null, null, (Message) source(), null); // $ Alert + logger.printf(null, null, (String) source(), (Object[]) null); // $ Alert + logger.printf(null, null, null, new Object[] {source()}); // $ Alert + logger.printf(null, (String) source(), (Object[]) null); // $ Alert + logger.printf(null, null, new Object[] {source()}); // $ Alert logger.traceEntry((Message) source()); logger.traceEntry((String) source(), (Object[]) null); logger.traceEntry((String) null, new Object[] {source()}); @@ -1017,109 +1017,109 @@ public class Log4jJndiInjectionTest { } { LogBuilder builder = null; - builder.log((CharSequence) source()); - builder.log((Message) source()); - builder.log(source()); - builder.log((String) source()); - builder.log((String) source(), (Object[]) null); - builder.log((String) null, new Object[] {source()}); - builder.log((String) null, source()); + builder.log((CharSequence) source()); // $ Alert + builder.log((Message) source()); // $ Alert + builder.log(source()); // $ Alert + builder.log((String) source()); // $ Alert + builder.log((String) source(), (Object[]) null); // $ Alert + builder.log((String) null, new Object[] {source()}); // $ Alert + builder.log((String) null, source()); // $ Alert // @formatter:off - builder.log((String) null, (Object) source()); - builder.log((String) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) source(), (Object) null); - builder.log((String) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); - builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); + builder.log((String) null, (Object) source()); // $ Alert + builder.log((String) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source()); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) null, (Object) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert + builder.log((String) source(), (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null, (Object) null); // $ Alert // @formatter:on - builder.log((String) source(), (Supplier) null); - builder.log((String) null, (Supplier) source()); - builder.log((Supplier) source()); + builder.log((String) source(), (Supplier) null); // $ Alert + builder.log((String) null, (Supplier) source()); // $ Alert + builder.log((Supplier) source()); // $ Alert } { - ThreadContext.put("key", (String) source()); - ThreadContext.putIfNull("key", (String) source()); + ThreadContext.put("key", (String) source()); // $ Alert + ThreadContext.putIfNull("key", (String) source()); // $ Alert Map map = new HashMap(); map.put("key", (String) source()); - ThreadContext.putAll(map); + ThreadContext.putAll(map); // $ Alert } { MapMessage mmsg = new StringMapMessage().with("username", (String) source()); - logger.error(mmsg); + logger.error(mmsg); // $ Alert } { MapMessage mmsg = new StringMapMessage(); mmsg.with("username", (String) source()); - logger.error(mmsg); + logger.error(mmsg); // $ Alert } { MapMessage mmsg = new StringMapMessage(); mmsg.put("username", (String) source()); - logger.error(mmsg); + logger.error(mmsg); // $ Alert } { MapMessage mmsg = new StringMapMessage(); Map map = new HashMap(); map.put("username", (String) source()); mmsg.putAll(map); - logger.error(mmsg); + logger.error(mmsg); // $ Alert } { - CloseableThreadContext.put("username", (String) source()); - CloseableThreadContext.put("safe", "safe").put("username", (String) source()); + CloseableThreadContext.put("username", (String) source()); // $ Alert + CloseableThreadContext.put("safe", "safe").put("username", (String) source()); // $ Alert Map map = new HashMap(); map.put("username", (String) source()); - CloseableThreadContext.putAll(map); - CloseableThreadContext.put("safe", "safe").putAll(map); + CloseableThreadContext.putAll(map); // $ Alert + CloseableThreadContext.put("safe", "safe").putAll(map); // $ Alert } } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java index 2534386a210..6080167987c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java @@ -18,12 +18,12 @@ public class FilePathInjection extends Controller { // BAD: Upload file to user specified path without validation public void uploadFile() throws IOException { - String savePath = getPara("dir"); + String savePath = getPara("dir"); // $ Source File file = getFile("fileParam").getFile(); String finalFilePath = BASE_PATH + savePath; FileInputStream fis = new FileInputStream(file); - FileOutputStream fos = new FileOutputStream(finalFilePath); + FileOutputStream fos = new FileOutputStream(finalFilePath); // $ Alert int i = 0; do { @@ -61,7 +61,7 @@ public class FilePathInjection extends Controller { // BAD: Upload file to user specified path without validation through session attribute public void uploadFile3() throws IOException { - String savePath = getPara("dir"); + String savePath = getPara("dir"); // $ Source setSessionAttr("uploadDir", savePath); String sessionUploadDir = getSessionAttr("uploadDir"); @@ -69,7 +69,7 @@ public class FilePathInjection extends Controller { String finalFilePath = BASE_PATH + sessionUploadDir; FileInputStream fis = new FileInputStream(file); - FileOutputStream fos = new FileOutputStream(finalFilePath); + FileOutputStream fos = new FileOutputStream(finalFilePath); // $ Alert int i = 0; do { @@ -84,7 +84,7 @@ public class FilePathInjection extends Controller { // BAD: Upload file to user specified path without validation through request attribute public void uploadFile4() throws IOException { - String savePath = getPara("dir"); + String savePath = getPara("dir"); // $ Source setAttr("uploadDir2", savePath); String requestUploadDir = getAttr("uploadDir2"); @@ -92,7 +92,7 @@ public class FilePathInjection extends Controller { String finalFilePath = BASE_PATH + requestUploadDir; FileInputStream fis = new FileInputStream(file); - FileOutputStream fos = new FileOutputStream(finalFilePath); + FileOutputStream fos = new FileOutputStream(finalFilePath); // $ Alert int i = 0; do { @@ -179,7 +179,7 @@ public class FilePathInjection extends Controller { FileInputStream fis = null; try { os = resp.getOutputStream(); - fis = new FileInputStream(file); + fis = new FileInputStream(file); // $ Alert byte fileContent[] = new byte[(int) file.length()]; fis.read(fileContent); os.write(fileContent); @@ -202,12 +202,12 @@ public class FilePathInjection extends Controller { // BAD: Download file to user specified path without validation public void downloadFile() throws FileNotFoundException, IOException { HttpServletRequest request = getRequest(); - String path = request.getParameter("path"); + String path = request.getParameter("path"); // $ Source String filePath = BASE_PATH + path; HttpServletResponse resp = getResponse(); File file = new File(filePath); - if (path != null && file.exists()) { + if (path != null && file.exists()) { // $ Alert resp.setHeader("Content-type", "application/force-download"); resp.setHeader("Content-Disposition", "inline;filename=\"" + filePath + "\""); resp.setHeader("Content-Transfer-Encoding", "Binary"); diff --git a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.qlref index e0dc75098eb..c541d90b184 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-073/FilePathInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.qlref b/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.qlref index 24bd62c5a2e..9916b156289 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.qlref b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.qlref index ddd01d29539..4db90bad013 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-078/ExecTainted.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/JSchOSInjectionTest.java b/java/ql/test/experimental/query-tests/security/CWE-078/JSchOSInjectionTest.java index 7b8c5a1181c..3b21f0de7f4 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/JSchOSInjectionTest.java +++ b/java/ql/test/experimental/query-tests/security/CWE-078/JSchOSInjectionTest.java @@ -11,7 +11,7 @@ public class JSchOSInjectionTest extends HttpServlet { String host = "sshHost"; String user = "user"; String password = "password"; - String command = request.getParameter("command"); + String command = request.getParameter("command"); // $ Source[java/command-line-injection-experimental] java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); @@ -24,7 +24,7 @@ public class JSchOSInjectionTest extends HttpServlet { session.connect(); Channel channel = session.openChannel("exec"); - ((ChannelExec) channel).setCommand("ping " + command); + ((ChannelExec) channel).setCommand("ping " + command); // $ Alert[java/command-line-injection-experimental] channel.setInputStream(null); ((ChannelExec) channel).setErrStream(System.err); @@ -37,7 +37,7 @@ public class JSchOSInjectionTest extends HttpServlet { String host = "sshHost"; String user = "user"; String password = "password"; - String command = request.getParameter("command"); + String command = request.getParameter("command"); // $ Source[java/command-line-injection-experimental] java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); @@ -50,7 +50,7 @@ public class JSchOSInjectionTest extends HttpServlet { session.connect(); ChannelExec channel = (ChannelExec)session.openChannel("exec"); - channel.setCommand("ping " + command); + channel.setCommand("ping " + command); // $ Alert[java/command-line-injection-experimental] channel.setInputStream(null); channel.setErrStream(System.err); diff --git a/java/ql/test/experimental/query-tests/security/CWE-078/RuntimeExecTest.java b/java/ql/test/experimental/query-tests/security/CWE-078/RuntimeExecTest.java index 203c3855c87..9d1ec9d73f7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-078/RuntimeExecTest.java +++ b/java/ql/test/experimental/query-tests/security/CWE-078/RuntimeExecTest.java @@ -14,29 +14,29 @@ public class RuntimeExecTest { public static void test() { System.out.println("Command injection test"); - String script = System.getenv("SCRIPTNAME"); + String script = System.getenv("SCRIPTNAME"); // $ Source[java/command-line-injection-extra-local] if (script != null) { try { // 1. array literal in the args - Runtime.getRuntime().exec(new String[]{"/bin/sh", script}); + Runtime.getRuntime().exec(new String[]{"/bin/sh", script}); // $ Alert[java/command-line-injection-extra-local] // 2. array literal with dataflow String[] commandArray1 = new String[]{"/bin/sh", script}; - Runtime.getRuntime().exec(commandArray1); + Runtime.getRuntime().exec(commandArray1); // $ Alert[java/command-line-injection-extra-local] // 3. array assignment after it is created String[] commandArray2 = new String[4]; commandArray2[0] = "/bin/sh"; commandArray2[1] = script; - Runtime.getRuntime().exec(commandArray2); + Runtime.getRuntime().exec(commandArray2); // $ Alert[java/command-line-injection-extra-local] // 4. Stream concatenation Runtime.getRuntime().exec( - Stream.concat( + Stream.concat( // $ Arrays.stream(new String[]{"/bin/sh"}), Arrays.stream(new String[]{script}) - ).toArray(String[]::new) + ).toArray(String[]::new) // $ Alert[java/command-line-injection-extra-local] ); } catch (Exception e) { diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.qlref index 44302277a79..2ed491d5df0 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisAnnotationSqlInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisMapperXmlSqlInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisMapperXmlSqlInjection.qlref index 19e95a85de4..404b67d5001 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisMapperXmlSqlInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisMapperXmlSqlInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java index 856c1d0b299..7ea49efbf9a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java @@ -16,55 +16,55 @@ public class MybatisSqlInjection { private MybatisSqlInjectionService mybatisSqlInjectionService; @GetMapping(value = "msi1") - public List bad1(@RequestParam String name) { + public List bad1(@RequestParam String name) { // $ Source[java/mybatis-xml-sql-injection] List result = mybatisSqlInjectionService.bad1(name); return result; } @GetMapping(value = "msi2") - public List bad2(@RequestParam String name) { + public List bad2(@RequestParam String name) { // $ Source[java/mybatis-xml-sql-injection] List result = mybatisSqlInjectionService.bad2(name); return result; } @GetMapping(value = "msi3") - public List bad3(@ModelAttribute Test test) { + public List bad3(@ModelAttribute Test test) { // $ Source[java/mybatis-xml-sql-injection] List result = mybatisSqlInjectionService.bad3(test); return result; } @RequestMapping(value = "msi4", method = RequestMethod.POST, produces = "application/json") - public void bad4(@RequestBody Test test) { + public void bad4(@RequestBody Test test) { // $ Source[java/mybatis-xml-sql-injection] mybatisSqlInjectionService.bad4(test); } @RequestMapping(value = "msi5", method = RequestMethod.PUT, produces = "application/json") - public void bad5(@RequestBody Test test) { + public void bad5(@RequestBody Test test) { // $ Source[java/mybatis-xml-sql-injection] mybatisSqlInjectionService.bad5(test); } @RequestMapping(value = "msi6", method = RequestMethod.POST, produces = "application/json") - public void bad6(@RequestBody Map params) { + public void bad6(@RequestBody Map params) { // $ Source[java/mybatis-xml-sql-injection] mybatisSqlInjectionService.bad6(params); } @RequestMapping(value = "msi7", method = RequestMethod.POST, produces = "application/json") - public void bad7(@RequestBody List params) { + public void bad7(@RequestBody List params) { // $ Source[java/mybatis-xml-sql-injection] mybatisSqlInjectionService.bad7(params); } @RequestMapping(value = "msi8", method = RequestMethod.POST, produces = "application/json") - public void bad8(@RequestBody String[] params) { + public void bad8(@RequestBody String[] params) { // $ Source[java/mybatis-xml-sql-injection] mybatisSqlInjectionService.bad8(params); } @GetMapping(value = "msi9") - public void bad9(@RequestParam String name) { + public void bad9(@RequestParam String name) { // $ Source[java/mybatis-annotation-sql-injection] mybatisSqlInjectionService.bad9(name); } @GetMapping(value = "msi10") - public void bad10(@RequestParam Integer id, @RequestParam String name) { + public void bad10(@RequestParam Integer id, @RequestParam String name) { // $ Source[java/mybatis-annotation-sql-injection] mybatisSqlInjectionService.bad10(id, name); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java index 6e334ea35dd..7a686c0498a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java +++ b/java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java @@ -11,48 +11,48 @@ public class MybatisSqlInjectionService { private SqlInjectionMapper sqlInjectionMapper; public List bad1(String name) { - List result = sqlInjectionMapper.bad1(name); + List result = sqlInjectionMapper.bad1(name); // $ Alert[java/mybatis-xml-sql-injection] return result; } public List bad2(String name) { - List result = sqlInjectionMapper.bad2(name); + List result = sqlInjectionMapper.bad2(name); // $ Alert[java/mybatis-xml-sql-injection] return result; } public List bad3(Test test) { - List result = sqlInjectionMapper.bad3(test); + List result = sqlInjectionMapper.bad3(test); // $ Alert[java/mybatis-xml-sql-injection] return result; } public void bad4(Test test) { - sqlInjectionMapper.bad4(test); + sqlInjectionMapper.bad4(test); // $ Alert[java/mybatis-xml-sql-injection] } public void bad5(Test test) { - sqlInjectionMapper.bad5(test); + sqlInjectionMapper.bad5(test); // $ Alert[java/mybatis-xml-sql-injection] } public void bad6(Map params) { - sqlInjectionMapper.bad6(params); + sqlInjectionMapper.bad6(params); // $ Alert[java/mybatis-xml-sql-injection] } public void bad7(List params) { - sqlInjectionMapper.bad7(params); + sqlInjectionMapper.bad7(params); // $ Alert[java/mybatis-xml-sql-injection] } public void bad8(String[] params) { - sqlInjectionMapper.bad8(params); + sqlInjectionMapper.bad8(params); // $ Alert[java/mybatis-xml-sql-injection] } public void bad9(String name) { HashMap hashMap = new HashMap(); hashMap.put("name", name); - sqlInjectionMapper.bad9(hashMap); + sqlInjectionMapper.bad9(hashMap); // $ Alert[java/mybatis-annotation-sql-injection] } public void bad10(Integer id, String name) { - sqlInjectionMapper.bad10(id, name); + sqlInjectionMapper.bad10(id, name); // $ Alert[java/mybatis-annotation-sql-injection] } public List good1(Integer id) { diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.java b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.java index ee98929312b..015c1569df4 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.java @@ -10,24 +10,24 @@ public class BeanShellInjection { @GetMapping(value = "bad1") public void bad1(HttpServletRequest request) { - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/beanshell-injection] BshScriptEvaluator evaluator = new BshScriptEvaluator(); - evaluator.evaluate(new StaticScriptSource(code)); //bad + evaluator.evaluate(new StaticScriptSource(code)); // $ Alert[java/beanshell-injection] //bad } @GetMapping(value = "bad2") public void bad2(HttpServletRequest request) throws Exception { - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/beanshell-injection] Interpreter interpreter = new Interpreter(); - interpreter.eval(code); //bad + interpreter.eval(code); // $ Alert[java/beanshell-injection] //bad } @GetMapping(value = "bad3") public void bad3(HttpServletRequest request) { - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/beanshell-injection] StaticScriptSource staticScriptSource = new StaticScriptSource("test"); staticScriptSource.setScript(code); BshScriptEvaluator evaluator = new BshScriptEvaluator(); - evaluator.evaluate(staticScriptSource); //bad + evaluator.evaluate(staticScriptSource); // $ Alert[java/beanshell-injection] //bad } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.qlref index 00de8652203..8476fa9ca1a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-094/BeanShellInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.java b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.java index 115030087ff..5e37c77e754 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.java @@ -9,24 +9,24 @@ public class JShellInjection { @GetMapping(value = "bad1") public void bad1(HttpServletRequest request) { - String input = request.getParameter("code"); + String input = request.getParameter("code"); // $ Source[java/jshell-injection] JShell jShell = JShell.builder().build(); // BAD: allow execution of arbitrary Java code - jShell.eval(input); + jShell.eval(input); // $ Alert[java/jshell-injection] } @GetMapping(value = "bad2") public void bad2(HttpServletRequest request) { - String input = request.getParameter("code"); + String input = request.getParameter("code"); // $ Source[java/jshell-injection] JShell jShell = JShell.builder().build(); SourceCodeAnalysis sourceCodeAnalysis = jShell.sourceCodeAnalysis(); // BAD: allow execution of arbitrary Java code - sourceCodeAnalysis.wrappers(input); + sourceCodeAnalysis.wrappers(input); // $ Alert[java/jshell-injection] } @GetMapping(value = "bad3") public void bad3(HttpServletRequest request) { - String input = request.getParameter("code"); + String input = request.getParameter("code"); // $ Source[java/jshell-injection] JShell jShell = JShell.builder().build(); SourceCodeAnalysis.CompletionInfo info; SourceCodeAnalysis sca = jShell.sourceCodeAnalysis(); @@ -34,7 +34,7 @@ public class JShellInjection { info.completeness().isComplete(); info = sca.analyzeCompletion(info.remaining())) { // BAD: allow execution of arbitrary Java code - jShell.eval(info.source()); + jShell.eval(info.source()); // $ Alert[java/jshell-injection] } } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.qlref index d5b2db58b53..ec418d1a57d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-094/JShellInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.java b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.java index ae5b6a8d5e4..93cbddd5778 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.java @@ -20,7 +20,7 @@ public class JakartaExpressionInjection { try (ServerSocket serverSocket = new ServerSocket(0)) { try (Socket socket = serverSocket.accept()) { byte[] bytes = new byte[1024]; - int n = socket.getInputStream().read(bytes); + int n = socket.getInputStream().read(bytes); // $ Source[java/javaee-expression-injection] String expression = new String(bytes, 0, n); action.accept(expression); } @@ -31,7 +31,7 @@ public class JakartaExpressionInjection { private static void testWithELProcessorEval() throws IOException { testWithSocket(expression -> { ELProcessor processor = new ELProcessor(); - processor.eval(expression); + processor.eval(expression); // $ Alert[java/javaee-expression-injection] }); } @@ -39,7 +39,7 @@ public class JakartaExpressionInjection { private static void testWithELProcessorGetValue() throws IOException { testWithSocket(expression -> { ELProcessor processor = new ELProcessor(); - processor.getValue(expression, Object.class); + processor.getValue(expression, Object.class); // $ Alert[java/javaee-expression-injection] }); } @@ -50,7 +50,7 @@ public class JakartaExpressionInjection { StandardELContext context = new StandardELContext(factory); ValueExpression valueExpression = factory.createValueExpression(context, expression, Object.class); LambdaExpression lambdaExpression = new LambdaExpression(new ArrayList<>(), valueExpression); - lambdaExpression.invoke(context, new Object[0]); + lambdaExpression.invoke(context, new Object[0]); // $ Alert[java/javaee-expression-injection] }); } @@ -58,7 +58,7 @@ public class JakartaExpressionInjection { private static void testWithELProcessorSetValue() throws IOException { testWithSocket(expression -> { ELProcessor processor = new ELProcessor(); - processor.setValue(expression, new Object()); + processor.setValue(expression, new Object()); // $ Alert[java/javaee-expression-injection] }); } @@ -66,7 +66,7 @@ public class JakartaExpressionInjection { private static void testWithELProcessorSetVariable() throws IOException { testWithSocket(expression -> { ELProcessor processor = new ELProcessor(); - processor.setVariable("test", expression); + processor.setVariable("test", expression); // $ Alert[java/javaee-expression-injection] }); } @@ -76,7 +76,7 @@ public class JakartaExpressionInjection { ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl(); ELContext context = new de.odysseus.el.util.SimpleContext(); ValueExpression e = factory.createValueExpression(context, expression, Object.class); - e.getValue(context); + e.getValue(context); // $ Alert[java/javaee-expression-injection] }); } @@ -86,7 +86,7 @@ public class JakartaExpressionInjection { ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl(); ELContext context = new de.odysseus.el.util.SimpleContext(); ValueExpression e = factory.createValueExpression(context, expression, Object.class); - e.setValue(context, new Object()); + e.setValue(context, new Object()); // $ Alert[java/javaee-expression-injection] }); } @@ -96,7 +96,7 @@ public class JakartaExpressionInjection { ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl(); ELContext context = new de.odysseus.el.util.SimpleContext(); MethodExpression e = factory.createMethodExpression(context, expression, Object.class, new Class[0]); - e.invoke(context, new Object[0]); + e.invoke(context, new Object[0]); // $ Alert[java/javaee-expression-injection] }); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.qlref index e00d8a11658..a1e03eeadcb 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.java b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.java index f9b29fec6cc..653e7fd4afb 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.java @@ -25,7 +25,7 @@ public class JythonInjection extends HttpServlet { // BAD: allow execution of arbitrary Python code protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/plain"); - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/jython-injection] PythonInterpreter interpreter = null; ByteArrayOutputStream out = new ByteArrayOutputStream(); @@ -33,7 +33,7 @@ public class JythonInjection extends HttpServlet { interpreter = new PythonInterpreter(); interpreter.setOut(out); interpreter.setErr(out); - interpreter.exec(code); + interpreter.exec(code); // $ Alert[java/jython-injection] out.flush(); response.getWriter().print(out.toString()); @@ -50,12 +50,12 @@ public class JythonInjection extends HttpServlet { // BAD: allow execution of arbitrary Python code protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/plain"); - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/jython-injection] PythonInterpreter interpreter = null; try { interpreter = new PythonInterpreter(); - PyObject py = interpreter.eval(code); + PyObject py = interpreter.eval(code); // $ Alert[java/jython-injection] response.getWriter().print(py.toString()); } catch(PyException ex) { @@ -70,7 +70,7 @@ public class JythonInjection extends HttpServlet { // BAD: allow arbitrary Jython expression to run protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/plain"); - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/jython-injection] InteractiveInterpreter interpreter = null; ByteArrayOutputStream out = new ByteArrayOutputStream(); @@ -78,7 +78,7 @@ public class JythonInjection extends HttpServlet { interpreter = new InteractiveInterpreter(); interpreter.setOut(out); interpreter.setErr(out); - interpreter.runsource(code); + interpreter.runsource(code); // $ Alert[java/jython-injection] out.flush(); response.getWriter().print(out.toString()); @@ -94,7 +94,7 @@ public class JythonInjection extends HttpServlet { // BAD: load arbitrary class file to execute protected void doTrace(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/plain"); - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/jython-injection] PythonInterpreter interpreter = null; ByteArrayOutputStream out = new ByteArrayOutputStream(); @@ -103,7 +103,7 @@ public class JythonInjection extends HttpServlet { interpreter.setOut(out); interpreter.setErr(out); - PyCode pyCode = BytecodeLoader.makeCode("test", code.getBytes(), getServletContext().getRealPath("/com/example/test.pyc")); + PyCode pyCode = BytecodeLoader.makeCode("test", code.getBytes(), getServletContext().getRealPath("/com/example/test.pyc")); // $ Alert[java/jython-injection] interpreter.exec(pyCode); out.flush(); @@ -128,7 +128,7 @@ public class JythonInjection extends HttpServlet { interpreter.setOut(out); interpreter.setErr(out); - PyCode pyCode = Py.compile(request.getInputStream(), "Test.py", org.python.core.CompileMode.eval); + PyCode pyCode = Py.compile(request.getInputStream(), "Test.py", org.python.core.CompileMode.eval); // $ Alert[java/jython-injection] interpreter.exec(pyCode); out.flush(); diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.qlref index 7448a79394e..3d3b09f4801 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-094/JythonInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/RhinoServlet.java b/java/ql/test/experimental/query-tests/security/CWE-094/RhinoServlet.java index e76a9543f87..129c1903466 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/RhinoServlet.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/RhinoServlet.java @@ -25,11 +25,11 @@ public class RhinoServlet extends HttpServlet { // BAD: allow arbitrary Java and JavaScript code to be executed protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/plain"); - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/unsafe-eval] Context ctx = Context.enter(); try { Scriptable scope = ctx.initStandardObjects(); - Object result = ctx.evaluateString(scope, code, "", 1, null); + Object result = ctx.evaluateString(scope, code, "", 1, null); // $ Alert[java/unsafe-eval] response.getWriter().print(Context.toString(result)); } catch(RhinoException ex) { response.getWriter().println(ex.getMessage()); @@ -78,14 +78,14 @@ public class RhinoServlet extends HttpServlet { // BAD: allow arbitrary code to be compiled for subsequent execution protected void doGet2(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/unsafe-eval] ClassCompiler compiler = new ClassCompiler(new CompilerEnvirons()); - Object[] objs = compiler.compileToClassFiles(code, "/sourceLocation", 1, "mainClassName"); + Object[] objs = compiler.compileToClassFiles(code, "/sourceLocation", 1, "mainClassName"); // $ Alert[java/unsafe-eval] } // BAD: allow arbitrary code to be loaded for subsequent execution protected void doPost2(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String code = request.getParameter("code"); - Class clazz = new DefiningClassLoader().defineClass("Powerfunc", code.getBytes()); + String code = request.getParameter("code"); // $ Source[java/unsafe-eval] + Class clazz = new DefiningClassLoader().defineClass("Powerfunc", code.getBytes()); // $ Alert[java/unsafe-eval] } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptEngineTest.java b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptEngineTest.java index ed7099d7598..a80003fe5eb 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptEngineTest.java +++ b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptEngineTest.java @@ -21,14 +21,14 @@ public class ScriptEngineTest extends HttpServlet { ScriptEngineManager scriptEngineManager = new ScriptEngineManager(); // Create with ScriptEngine reference ScriptEngine scriptEngine = scriptEngineManager.getEngineByExtension("js"); - Object result = scriptEngine.eval(input); + Object result = scriptEngine.eval(input); // $ Alert[java/unsafe-eval] } public void testNashornWithScriptEngineReference(String input) throws ScriptException { NashornScriptEngineFactory factory = new NashornScriptEngineFactory(); // Create Nashorn with ScriptEngine reference ScriptEngine engine = (NashornScriptEngine) factory.getScriptEngine(new String[] { "-scripting" }); - Object result = engine.eval(input); + Object result = engine.eval(input); // $ Alert[java/unsafe-eval] } @@ -36,27 +36,27 @@ public class ScriptEngineTest extends HttpServlet { NashornScriptEngineFactory factory = new NashornScriptEngineFactory(); // Create Nashorn with NashornScriptEngine reference NashornScriptEngine engine = (NashornScriptEngine) factory.getScriptEngine(new String[] { "-scripting" }); - Object result = engine.eval(input); + Object result = engine.eval(input); // $ Alert[java/unsafe-eval] } public void testCustomScriptEngineReference(String input) throws ScriptException { MyCustomFactory factory = new MyCustomFactory(); //Create with Custom Script Engine reference MyCustomScriptEngine engine = (MyCustomScriptEngine) factory.getScriptEngine(new String[] { "-scripting" }); - Object result = engine.eval(input); + Object result = engine.eval(input); // $ Alert[java/unsafe-eval] } public void testScriptEngineCompilable(String input) throws ScriptException { NashornScriptEngineFactory factory = new NashornScriptEngineFactory(); Compilable engine = (Compilable) factory.getScriptEngine(new String[] { "-scripting" }); - CompiledScript script = engine.compile(input); + CompiledScript script = engine.compile(input); // $ Alert[java/unsafe-eval] Object result = script.eval(); } public void testScriptEngineGetProgram(String input) throws ScriptException { ScriptEngineManager scriptEngineManager = new ScriptEngineManager(); ScriptEngine engine = scriptEngineManager.getEngineByName("nashorn"); - String program = engine.getFactory().getProgram(input); + String program = engine.getFactory().getProgram(input); // $ Alert[java/unsafe-eval] Object result = engine.eval(program); } @@ -88,7 +88,7 @@ public class ScriptEngineTest extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { - String code = request.getParameter("code"); + String code = request.getParameter("code"); // $ Source[java/unsafe-eval] new ScriptEngineTest().testWithScriptEngineReference(code); new ScriptEngineTest().testNashornWithScriptEngineReference(code); diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.qlref index 8bd566cf4fd..6aabb565b8b 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-094/ScriptInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-094/ScriptInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/FileService.java b/java/ql/test/experimental/query-tests/security/CWE-200/FileService.java index 4641a975429..e3a89e3999a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/FileService.java +++ b/java/ql/test/experimental/query-tests/security/CWE-200/FileService.java @@ -42,7 +42,7 @@ public class FileService extends Service { try { String[] uris = (String[]) params[1]; - outputStream = new FileOutputStream(uris[0]); + outputStream = new FileOutputStream(uris[0]); // $ Alert[java/sensitive-android-file-leak] return "success"; } catch (Exception e) { } diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.java b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.java index 1405484c56a..275286e2710 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.java +++ b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.java @@ -25,7 +25,7 @@ public class InsecureWebResourceResponse extends Activity { super.onCreate(savedInstanceState); setContentView(-1); - String inputUrl = getIntent().getStringExtra("inputUrl"); + String inputUrl = getIntent().getStringExtra("inputUrl"); // $ Source[java/insecure-webview-resource-response] getBadResponse1(inputUrl); @@ -65,7 +65,7 @@ public class InsecureWebResourceResponse extends Activity { Uri uri = Uri.parse(url); FileInputStream inputStream = new FileInputStream(uri.getPath()); String mimeType = getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } catch (IOException ie) { return new WebResourceResponse("text/plain", "UTF-8", null); } @@ -88,7 +88,7 @@ public class InsecureWebResourceResponse extends Activity { File cacheFile = new File(getCacheDir(), uri.getLastPathSegment()); FileInputStream inputStream = new FileInputStream(cacheFile); String mimeType = getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } else { return new WebResourceResponse("text/plain", "UTF-8", null); } @@ -114,7 +114,7 @@ public class InsecureWebResourceResponse extends Activity { if (path.startsWith("files/")) { FileInputStream inputStream = new FileInputStream(path.substring("files/".length())); String mimeType = getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } else { return new WebResourceResponse("text/plain", "UTF-8", null); } @@ -196,7 +196,7 @@ public class InsecureWebResourceResponse extends Activity { File cacheFile = new File(getCacheDir(), uri.getLastPathSegment()); FileInputStream inputStream = new FileInputStream(cacheFile); String mimeType = getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } else { return new WebResourceResponse("text/plain", "UTF-8", null); } @@ -234,7 +234,7 @@ class VulnerableWebViewClient extends WebViewClient { Uri uri = Uri.parse(url); FileInputStream inputStream = new FileInputStream(uri.getPath()); String mimeType = InsecureWebResourceResponse.getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } catch (IOException ie) { return new WebResourceResponse("text/plain", "UTF-8", null); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.qlref b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.qlref index 09049772ede..f592d7c83a7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebResourceResponse.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebViewActivity.java b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebViewActivity.java index 6644eb97289..e63de5c9d4e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebViewActivity.java +++ b/java/ql/test/experimental/query-tests/security/CWE-200/InsecureWebViewActivity.java @@ -24,7 +24,7 @@ public class InsecureWebViewActivity extends Activity { setContentView(-1); webview = (VulnerableWebView) findViewById(-1); - String inputUrl = getIntent().getStringExtra("inputUrl"); + String inputUrl = getIntent().getStringExtra("inputUrl"); // $ Source[java/insecure-webview-resource-response] loadWebUrl(inputUrl); } @@ -55,7 +55,7 @@ class VulnerableWebView extends WebView { Uri uri = Uri.parse(url); FileInputStream inputStream = new FileInputStream(uri.getPath()); String mimeType = InsecureWebViewActivity.getMimeTypeFromPath(uri.getPath()); - return new WebResourceResponse(mimeType, "UTF-8", inputStream); + return new WebResourceResponse(mimeType, "UTF-8", inputStream); // $ Alert[java/insecure-webview-resource-response] } catch (IOException ie) { return new WebResourceResponse("text/plain", "UTF-8", null); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity.java b/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity.java index 3520ed0fd40..6d7cf90ce0b 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity.java +++ b/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity.java @@ -11,14 +11,14 @@ public class LeakFileActivity extends Activity { protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (requestCode == GetFileActivity.REQUEST_CODE__SELECT_CONTENT_FROM_APPS && resultCode == RESULT_OK) { - loadOfContentFromApps(data, resultCode); + loadOfContentFromApps(data, resultCode); // $ Source[java/sensitive-android-file-leak] } } private void loadOfContentFromApps(Intent contentIntent, int resultCode) { Uri streamsToUpload = contentIntent.getData(); try { - RandomAccessFile file = new RandomAccessFile(streamsToUpload.getPath(), "r"); + RandomAccessFile file = new RandomAccessFile(streamsToUpload.getPath(), "r"); // $ Alert[java/sensitive-android-file-leak] } catch (Exception ex) { ex.printStackTrace(); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity2.java b/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity2.java index 56e695ec97a..c3fa282fc0e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity2.java +++ b/java/ql/test/experimental/query-tests/security/CWE-200/LeakFileActivity2.java @@ -12,8 +12,8 @@ public class LeakFileActivity2 extends Activity { if (requestCode == GetFileActivity.REQUEST_CODE__SELECT_CONTENT_FROM_APPS && resultCode == RESULT_OK) { Intent intent = new Intent(this, FileService.class); - intent.putExtra(FileService.KEY_LOCAL_FILE, localPath); - startService(intent); + intent.putExtra(FileService.KEY_LOCAL_FILE, localPath); // $ Source[java/sensitive-android-file-leak] + startService(intent); // $ Source[java/sensitive-android-file-leak] } } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.qlref b/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.qlref index a98eeb21914..d4cad711fc2 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.java b/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.java index 7a4433e485d..20a61b88c36 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.java +++ b/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.java @@ -11,8 +11,8 @@ public class Test { // BAD: compare MACs using a not-constant time method public boolean unsafeMacCheck(byte[] expectedMac, byte[] data) throws Exception { Mac mac = Mac.getInstance("HmacSHA256"); - byte[] actualMac = mac.doFinal(data); - return Arrays.equals(expectedMac, actualMac); + byte[] actualMac = mac.doFinal(data); // $ Source + return Arrays.equals(expectedMac, actualMac); // $ Alert } // GOOD: compare MACs using a constant time method @@ -27,8 +27,8 @@ public class Test { Signature engine = Signature.getInstance("SHA256withRSA"); engine.initSign(key); engine.update(data); - byte[] signature = engine.sign(); - return Arrays.equals(expected, signature); + byte[] signature = engine.sign(); // $ Source + return Arrays.equals(expected, signature); // $ Alert } // GOOD: compare signatures using a constant time method @@ -44,8 +44,8 @@ public class Test { public boolean unsafeCheckCustomMac(byte[] expected, byte[] plaintext, Key key) throws Exception { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); - byte[] tag = cipher.doFinal(plaintext); - return Arrays.equals(expected, tag); + byte[] tag = cipher.doFinal(plaintext); // $ Source + return Arrays.equals(expected, tag); // $ Alert } // GOOD: compare ciphertexts using a constant time method @@ -56,4 +56,4 @@ public class Test { return MessageDigest.isEqual(expected, tag); } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.qlref b/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.qlref index 7a83f56cbd6..b426adf811f 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-208/NotConstantTimeCheckOnSignature/Test.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/Test.java b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/Test.java index 3e9dbc11fff..73b0b1fcafc 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/Test.java +++ b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/Test.java @@ -7,7 +7,7 @@ import java.lang.String; public class Test { private boolean UnsafeComparison(HttpServletRequest request) { String Key = "secret"; - return Key.equals(request.getHeader("X-Auth-Token")); + return Key.equals(request.getHeader("X-Auth-Token")); // $ Alert } private boolean safeComparison(HttpServletRequest request) { diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.qlref b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.qlref index 086df8ab1bb..0c95df907ba 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +query: experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.java b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.java index 0755f1fe668..9613dd2d3df 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.java +++ b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.java @@ -18,9 +18,9 @@ public class Test { Mac mac = Mac.getInstance("HmacSHA256"); byte[] data = new byte[1024]; is.read(data); - byte[] actualMac = mac.doFinal(data); + byte[] actualMac = mac.doFinal(data); // $ Source byte[] expectedMac = is.readNBytes(32); - return Arrays.equals(expectedMac, actualMac); + return Arrays.equals(expectedMac, actualMac); // $ Alert } } @@ -31,9 +31,9 @@ public class Test { Mac mac = Mac.getInstance("HmacSHA256"); byte[] actualMac = new byte[256]; mac.update(data); - mac.doFinal(actualMac, 0); + mac.doFinal(actualMac, 0); // $ Source byte[] expectedMac = socket.getInputStream().readNBytes(256); - return Arrays.equals(expectedMac, actualMac); + return Arrays.equals(expectedMac, actualMac); // $ Alert } } @@ -56,9 +56,9 @@ public class Test { engine.initSign(key); byte[] data = socket.getInputStream().readAllBytes(); engine.update(data); - byte[] signature = engine.sign(); + byte[] signature = engine.sign(); // $ Source byte[] expected = is.readNBytes(256); - return Arrays.equals(expected, signature); + return Arrays.equals(expected, signature); // $ Alert } } @@ -70,9 +70,9 @@ public class Test { byte[] data = socket.getInputStream().readAllBytes(); engine.update(data); byte[] signature = new byte[1024]; - engine.sign(signature, 0, 1024); + engine.sign(signature, 0, 1024); // $ Source byte[] expected = is.readNBytes(256); - return Arrays.equals(expected, signature); + return Arrays.equals(expected, signature); // $ Alert } } @@ -96,9 +96,9 @@ public class Test { byte[] hash = MessageDigest.getInstance("SHA-256").digest(plaintext); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); - byte[] tag = cipher.doFinal(hash); + byte[] tag = cipher.doFinal(hash); // $ Source byte[] expected = socket.getInputStream().readAllBytes(); - return Objects.deepEquals(expected, tag); + return Objects.deepEquals(expected, tag); // $ Alert } } @@ -113,9 +113,9 @@ public class Test { cipher.init(Cipher.ENCRYPT_MODE, key); cipher.update(hash); byte[] tag = new byte[1024]; - cipher.doFinal(tag, 0); + cipher.doFinal(tag, 0); // $ Source byte[] expected = is.readNBytes(32); - return Arrays.equals(expected, tag); + return Arrays.equals(expected, tag); // $ Alert } } @@ -131,9 +131,9 @@ public class Test { cipher.init(Cipher.ENCRYPT_MODE, key); cipher.update(hash); ByteBuffer tag = ByteBuffer.wrap(new byte[1024]); - cipher.doFinal(ByteBuffer.wrap(plaintext), tag); + cipher.doFinal(ByteBuffer.wrap(plaintext), tag); // $ Source byte[] expected = socket.getInputStream().readNBytes(1024); - return Arrays.equals(expected, tag.array()); + return Arrays.equals(expected, tag.array()); // $ Alert } } @@ -145,9 +145,9 @@ public class Test { byte[] plaintext = socket.getInputStream().readAllBytes(); cipher.update(plaintext); ByteBuffer tag = ByteBuffer.wrap(new byte[1024]); - cipher.doFinal(ByteBuffer.wrap(plaintext), tag); + cipher.doFinal(ByteBuffer.wrap(plaintext), tag); // $ Source byte[] expected = is.readNBytes(32); - return ByteBuffer.wrap(expected).equals(tag); + return ByteBuffer.wrap(expected).equals(tag); // $ Alert } } @@ -171,9 +171,9 @@ public class Test { byte[] plaintext = is.readNBytes(100); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); - byte[] tag = cipher.doFinal(plaintext); + byte[] tag = cipher.doFinal(plaintext); // $ Source byte[] expected = is.readNBytes(32); - return Arrays.equals(expected, tag); + return Arrays.equals(expected, tag); // $ Alert } } @@ -233,4 +233,4 @@ public class Test { } } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.qlref b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.qlref index f8275271b6b..fc815564ac0 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstSignagure/Test.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.qlref b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.qlref index cab6f2a4962..fc54893242c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +query: experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidationV6_23_1.java b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidationV6_23_1.java index 8f7be261413..a0035959217 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidationV6_23_1.java +++ b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidationV6_23_1.java @@ -14,7 +14,7 @@ public class JxBrowserWithoutCertValidationV6_23_1 { } private static void badUsage() { - Browser browser = new Browser(); + Browser browser = new Browser(); // $ Alert browser.loadURL("https://example.com"); // no further calls // BAD: The browser ignores any certificate error by default! @@ -33,4 +33,4 @@ public class JxBrowserWithoutCertValidationV6_23_1 { }); // GOOD: A secure `LoadHandler` is used. browser.loadURL("https://example.com"); } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.qlref b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.qlref index cab6f2a4962..fc54893242c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +query: experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java b/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java index f79fd15af23..fd4d0d7103e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java +++ b/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java @@ -13,7 +13,7 @@ public class IgnoredHostnameVerification { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(host, port); socket.startHandshake(); - verifier.verify(host, socket.getSession()); + verifier.verify(host, socket.getSession()); // $ Alert[java/ignored-hostname-verification] return socket; } @@ -109,4 +109,4 @@ public class IgnoredHostnameVerification { } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.qlref b/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.qlref index 454b421f7b2..20387fe9f62 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql \ No newline at end of file +query: experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.java b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.java index 72f6bee118a..e04acd919b0 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.java +++ b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.java @@ -16,7 +16,7 @@ public class InsecureLdapEndpoint { env.put(Context.SECURITY_CREDENTIALS, "secpassword"); // Disable SSL endpoint check - System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true"); + System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true"); // $ Alert[java/insecure-ldaps-endpoint] return env; } @@ -47,7 +47,7 @@ public class InsecureLdapEndpoint { // Disable SSL endpoint check Properties properties = new Properties(); properties.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true"); - System.setProperties(properties); + System.setProperties(properties); // $ Alert[java/insecure-ldaps-endpoint] return env; } @@ -65,7 +65,7 @@ public class InsecureLdapEndpoint { // Disable SSL endpoint check Properties properties = new Properties(); properties.put("com.sun.jndi.ldap.object.disableEndpointIdentification", "true"); - System.setProperties(properties); + System.setProperties(properties); // $ Alert[java/insecure-ldaps-endpoint] return env; } @@ -81,7 +81,7 @@ public class InsecureLdapEndpoint { env.put(Context.SECURITY_CREDENTIALS, "secpassword"); // Disable SSL endpoint check - System.setProperty(PROP_DISABLE_LDAP_ENDPOINT_IDENTIFICATION, Boolean.TRUE.toString()); + System.setProperty(PROP_DISABLE_LDAP_ENDPOINT_IDENTIFICATION, Boolean.TRUE.toString()); // $ Alert[java/insecure-ldaps-endpoint] return env; } @@ -99,7 +99,7 @@ public class InsecureLdapEndpoint { // Disable SSL endpoint check Properties properties = new Properties(); properties.put("com.sun.jndi.ldap.object.disableEndpointIdentification", true); - System.setProperties(properties); + System.setProperties(properties); // $ Alert[java/insecure-ldaps-endpoint] return env; } diff --git a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.qlref b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.qlref index 1c4d99bb6a3..5fdd2fbfcf0 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-297/InsecureLdapEndpoint.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +query: experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.java b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.java index 41b470b62d0..4b377a34f94 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.java +++ b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.java @@ -14,7 +14,7 @@ public class DisabledRevocationChecking { private boolean flag = true; public void disableRevocationChecking() { - flag = false; + flag = false; // $ Alert } public void testDisabledRevocationChecking(KeyStore cacerts, CertPath certPath) throws Exception { @@ -25,7 +25,7 @@ public class DisabledRevocationChecking { public void validate(KeyStore cacerts, CertPath certPath) throws Exception { CertPathValidator validator = CertPathValidator.getInstance("PKIX"); PKIXParameters params = new PKIXParameters(cacerts); - params.setRevocationEnabled(flag); + params.setRevocationEnabled(flag); // $ Sink validator.validate(certPath, params); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.qlref b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.qlref index cc9089b4951..6902ecb5905 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-299/DisabledRevocationChecking.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.java b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.java index 11649621c85..ae87251ea3a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.java +++ b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.java @@ -13,12 +13,12 @@ public class UnsafeTlsVersion { public static void testSslContextWithProtocol() throws NoSuchAlgorithmException { // unsafe - SSLContext.getInstance("SSL"); - SSLContext.getInstance("SSLv2"); - SSLContext.getInstance("SSLv3"); - SSLContext.getInstance("TLS"); - SSLContext.getInstance("TLSv1"); - SSLContext.getInstance("TLSv1.1"); + SSLContext.getInstance("SSL"); // $ Alert + SSLContext.getInstance("SSLv2"); // $ Alert + SSLContext.getInstance("SSLv3"); // $ Alert + SSLContext.getInstance("TLS"); // $ Alert + SSLContext.getInstance("TLSv1"); // $ Alert + SSLContext.getInstance("TLSv1.1"); // $ Alert // safe SSLContext.getInstance("TLSv1.2"); @@ -28,11 +28,11 @@ public class UnsafeTlsVersion { public static void testCreateSslParametersWithProtocol(String[] cipherSuites) { // unsafe - createSslParameters(cipherSuites, "SSLv3"); - createSslParameters(cipherSuites, "TLS"); - createSslParameters(cipherSuites, "TLSv1"); - createSslParameters(cipherSuites, "TLSv1.1"); - createSslParameters(cipherSuites, "TLSv1", "TLSv1.1", "TLSv1.2"); + createSslParameters(cipherSuites, "SSLv3"); // $ Source + createSslParameters(cipherSuites, "TLS"); // $ Source + createSslParameters(cipherSuites, "TLSv1"); // $ Source + createSslParameters(cipherSuites, "TLSv1.1"); // $ Source + createSslParameters(cipherSuites, "TLSv1", "TLSv1.1", "TLSv1.2"); // $ Source createSslParameters(cipherSuites, "TLSv1.2"); // safe @@ -41,19 +41,19 @@ public class UnsafeTlsVersion { } public static SSLParameters createSslParameters(String[] cipherSuites, String... protocols) { - return new SSLParameters(cipherSuites, protocols); + return new SSLParameters(cipherSuites, protocols); // $ Alert } public static void testSettingProtocolsForSslParameters() { // unsafe - new SSLParameters().setProtocols(new String[] { "SSLv3" }); - new SSLParameters().setProtocols(new String[] { "TLS" }); - new SSLParameters().setProtocols(new String[] { "TLSv1" }); - new SSLParameters().setProtocols(new String[] { "TLSv1.1" }); + new SSLParameters().setProtocols(new String[] { "SSLv3" }); // $ Alert + new SSLParameters().setProtocols(new String[] { "TLS" }); // $ Alert + new SSLParameters().setProtocols(new String[] { "TLSv1" }); // $ Alert + new SSLParameters().setProtocols(new String[] { "TLSv1.1" }); // $ Alert SSLParameters parameters = new SSLParameters(); - parameters.setProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); + parameters.setProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); // $ Alert // safe new SSLParameters().setProtocols(new String[] { "TLSv1.2" }); @@ -65,11 +65,11 @@ public class UnsafeTlsVersion { public static void testSettingProtocolForSslSocket() throws IOException { // unsafe - createSslSocket("SSLv3"); - createSslSocket("TLS"); - createSslSocket("TLSv1"); - createSslSocket("TLSv1.1"); - createSslSocket("TLSv1.1", "TLSv1.2"); + createSslSocket("SSLv3"); // $ Source + createSslSocket("TLS"); // $ Source + createSslSocket("TLSv1"); // $ Source + createSslSocket("TLSv1.1"); // $ Source + createSslSocket("TLSv1.1", "TLSv1.2"); // $ Source // safe createSslSocket("TLSv1.2"); @@ -78,18 +78,18 @@ public class UnsafeTlsVersion { public static SSLSocket createSslSocket(String... protocols) throws IOException { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); - socket.setEnabledProtocols(protocols); + socket.setEnabledProtocols(protocols); // $ Alert return socket; } public static void testSettingProtocolForSslServerSocket() throws IOException { // unsafe - createSslServerSocket("SSLv3"); - createSslServerSocket("TLS"); - createSslServerSocket("TLSv1"); - createSslServerSocket("TLSv1.1"); - createSslServerSocket("TLSv1.1", "TLSv1.2"); + createSslServerSocket("SSLv3"); // $ Source + createSslServerSocket("TLS"); // $ Source + createSslServerSocket("TLSv1"); // $ Source + createSslServerSocket("TLSv1.1"); // $ Source + createSslServerSocket("TLSv1.1", "TLSv1.2"); // $ Source // safe createSslServerSocket("TLSv1.2"); @@ -98,18 +98,18 @@ public class UnsafeTlsVersion { public static SSLServerSocket createSslServerSocket(String... protocols) throws IOException { SSLServerSocket socket = (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket(); - socket.setEnabledProtocols(protocols); + socket.setEnabledProtocols(protocols); // $ Alert return socket; } public static void testSettingProtocolForSslEngine() throws NoSuchAlgorithmException { // unsafe - createSslEngine("SSLv3"); - createSslEngine("TLS"); - createSslEngine("TLSv1"); - createSslEngine("TLSv1.1"); - createSslEngine("TLSv1.1", "TLSv1.2"); + createSslEngine("SSLv3"); // $ Source + createSslEngine("TLS"); // $ Source + createSslEngine("TLSv1"); // $ Source + createSslEngine("TLSv1.1"); // $ Source + createSslEngine("TLSv1.1", "TLSv1.2"); // $ Source // safe createSslEngine("TLSv1.2"); @@ -118,7 +118,7 @@ public class UnsafeTlsVersion { public static SSLEngine createSslEngine(String... protocols) throws NoSuchAlgorithmException { SSLEngine engine = SSLContext.getDefault().createSSLEngine(); - engine.setEnabledProtocols(protocols); + engine.setEnabledProtocols(protocols); // $ Alert return engine; } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.qlref b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.qlref index f29bf9a7836..5f599e917bd 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-327/UnsafeTlsVersion.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.java b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.java index 9ec3c8466be..d6f0ce5ab2d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.java +++ b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.java @@ -18,13 +18,13 @@ public class UnvalidatedCors implements Filter { FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; - String url = request.getHeader("Origin"); + String url = request.getHeader("Origin"); // $ Source if (!StringUtils.isEmpty(url)) { String val = response.getHeader("Access-Control-Allow-Origin"); if (StringUtils.isEmpty(val)) { - response.addHeader("Access-Control-Allow-Origin", url); + response.addHeader("Access-Control-Allow-Origin", url); // $ Alert response.addHeader("Access-Control-Allow-Credentials", "true"); } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.qlref b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.qlref index 90fde66959b..fdd2a5c3f79 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-346/UnvalidatedCors.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-347/Auth0NoVerifier.qlref b/java/ql/test/experimental/query-tests/security/CWE-347/Auth0NoVerifier.qlref index 0cd8baf6d34..5a642823c7c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-347/Auth0NoVerifier.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-347/Auth0NoVerifier.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql -postprocess: utils/test/PrettyPrintModels.ql \ No newline at end of file +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-347/JwtNoVerifier.java b/java/ql/test/experimental/query-tests/security/CWE-347/JwtNoVerifier.java index 15a31bcc476..b6814f36abf 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-347/JwtNoVerifier.java +++ b/java/ql/test/experimental/query-tests/security/CWE-347/JwtNoVerifier.java @@ -41,7 +41,7 @@ public class JwtNoVerifier extends HttpServlet { PrintWriter out = response.getWriter(); // NOT OK: only decode, no verification - String JwtToken1 = request.getParameter("JWT2"); + String JwtToken1 = request.getParameter("JWT2"); // $ Source String userName = decodeToken(JwtToken1); if (Objects.equals(userName, "Admin")) { out.println(""); @@ -55,7 +55,7 @@ public class JwtNoVerifier extends HttpServlet { JWT.decode(JwtToken2); // NOT OK: only decode, no verification - String JwtToken3 = (String) authToken.getCredentials(); + String JwtToken3 = (String) authToken.getCredentials(); // $ Source userName = decodeToken(JwtToken3); if (Objects.equals(userName, "Admin")) { out.println(""); @@ -88,7 +88,7 @@ public class JwtNoVerifier extends HttpServlet { public static String decodeToken(final String token) { DecodedJWT jwt = JWT.decode(token); - return Optional.of(jwt).map(item -> item.getClaim("userName").asString()).orElse(""); + return Optional.of(jwt).map(item -> item.getClaim("userName").asString()).orElse(""); // $ Alert } diff --git a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.java b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.java index 93a860981d1..1e0175fcd35 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.java +++ b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.java @@ -14,7 +14,7 @@ public class ClientSuppliedIpUsedInSecurityCheck { @GetMapping(value = "bad1") public void bad1(HttpServletRequest request) { String ip = getClientIP(); - if (!StringUtils.startsWith(ip, "192.168.")) { + if (!StringUtils.startsWith(ip, "192.168.")) { // $ Alert new Exception("ip illegal"); } } @@ -22,7 +22,7 @@ public class ClientSuppliedIpUsedInSecurityCheck { @GetMapping(value = "bad2") public void bad2(HttpServletRequest request) { String ip = getClientIP(); - if (!"127.0.0.1".equals(ip)) { + if (!"127.0.0.1".equals(ip)) { // $ Alert new Exception("ip illegal"); } } @@ -40,7 +40,7 @@ public class ClientSuppliedIpUsedInSecurityCheck { } protected String getClientIP() { - String xfHeader = request.getHeader("X-Forwarded-For"); + String xfHeader = request.getHeader("X-Forwarded-For"); // $ Source if (xfHeader == null) { return request.getRemoteAddr(); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.qlref b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.qlref index 8ca6ac71c9a..78f375ab1ee 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpController.java b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpController.java index c7fd850bb09..ec3e070b342 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpController.java +++ b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpController.java @@ -30,79 +30,79 @@ public class JsonpController { @ResponseBody public String bad1(HttpServletRequest request) { String resultStr = null; - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source Gson gson = new Gson(); String result = gson.toJson(hashMap); resultStr = jsonpCallback + "(" + result + ")"; - return resultStr; + return resultStr; // $ Alert } @GetMapping(value = "jsonp2") @ResponseBody public String bad2(HttpServletRequest request) { String resultStr = null; - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source resultStr = jsonpCallback + "(" + JSONObject.toJSONString(hashMap) + ")"; - return resultStr; + return resultStr; // $ Alert } @GetMapping(value = "jsonp3") @ResponseBody public String bad3(HttpServletRequest request) { String resultStr = null; - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source String jsonStr = getJsonStr(hashMap); resultStr = jsonpCallback + "(" + jsonStr + ")"; - return resultStr; + return resultStr; // $ Alert } @GetMapping(value = "jsonp4") @ResponseBody public String bad4(HttpServletRequest request) { String resultStr = null; - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source String restr = JSONObject.toJSONString(hashMap); resultStr = jsonpCallback + "(" + restr + ");"; - return resultStr; + return resultStr; // $ Alert } @GetMapping(value = "jsonp5") @ResponseBody public void bad5(HttpServletRequest request, HttpServletResponse response) throws Exception { - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source PrintWriter pw = null; Gson gson = new Gson(); String result = gson.toJson(hashMap); String resultStr = null; pw = response.getWriter(); resultStr = jsonpCallback + "(" + result + ")"; - pw.println(resultStr); + pw.println(resultStr); // $ Alert } @GetMapping(value = "jsonp6") @ResponseBody public void bad6(HttpServletRequest request, HttpServletResponse response) throws Exception { - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source PrintWriter pw = null; ObjectMapper mapper = new ObjectMapper(); String result = mapper.writeValueAsString(hashMap); String resultStr = null; pw = response.getWriter(); resultStr = jsonpCallback + "(" + result + ")"; - pw.println(resultStr); + pw.println(resultStr); // $ Alert } @RequestMapping(value = "jsonp7", method = RequestMethod.GET) @ResponseBody public String bad7(HttpServletRequest request) { String resultStr = null; - String jsonpCallback = request.getParameter("jsonpCallback"); + String jsonpCallback = request.getParameter("jsonpCallback"); // $ Source Gson gson = new Gson(); String result = gson.toJson(hashMap); resultStr = jsonpCallback + "(" + result + ")"; - return resultStr; + return resultStr; // $ Alert } @RequestMapping(value = "jsonp11") @@ -158,4 +158,4 @@ public class JsonpController { public static String getJsonStr(Object result) { return JSONObject.toJSONString(result); } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.qlref index 15b579b57ea..86da535af89 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-352/JsonpInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.qlref b/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.qlref index 12c247f1f3b..95485a215fe 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-400/LocalThreadResourceAbuse.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java index e5cd70c42f2..44d25320eef 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java +++ b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.java @@ -15,7 +15,7 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request parameter without validation - String delayTimeStr = request.getParameter("DelayTime"); + String delayTimeStr = request.getParameter("DelayTime"); // $ Source[java/thread-resource-abuse] try { int delayTime = Integer.valueOf(delayTimeStr); new UncheckedSyncAction(delayTime).start(); @@ -26,7 +26,7 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doGet2(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request parameter without validation try { - int delayTime = request.getParameter("nodelay") != null ? 0 : Integer.valueOf(request.getParameter("DelayTime")); + int delayTime = request.getParameter("nodelay") != null ? 0 : Integer.valueOf(request.getParameter("DelayTime")); // $ Source[java/thread-resource-abuse] new UncheckedSyncAction(delayTime).start(); } catch (NumberFormatException e) { } @@ -34,7 +34,7 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from context init parameter without validation - String delayTimeStr = getServletContext().getInitParameter("DelayTime"); + String delayTimeStr = getServletContext().getInitParameter("DelayTime"); // $ Source[java/local-thread-resource-abuse] try { int delayTime = Integer.valueOf(delayTimeStr); new UncheckedSyncAction(delayTime).start(); @@ -71,7 +71,7 @@ public class ThreadResourceAbuse extends HttpServlet { public void run() { // BAD: no boundary check on wait time try { - Thread.sleep(waitTime); + Thread.sleep(waitTime); // $ Alert[java/thread-resource-abuse] Alert[java/local-thread-resource-abuse] // Do other updates } catch (InterruptedException e) { } @@ -138,10 +138,10 @@ public class ThreadResourceAbuse extends HttpServlet { Cookie cookie = cookies[i]; if (cookie.getName().equals("DelayTime")) { - String delayTimeStr = cookie.getValue(); + String delayTimeStr = cookie.getValue(); // $ Source[java/thread-resource-abuse] try { int delayTime = Integer.valueOf(delayTimeStr); - TimeUnit.MILLISECONDS.sleep(delayTime); + TimeUnit.MILLISECONDS.sleep(delayTime); // $ Alert[java/thread-resource-abuse] // Do other updates } catch (NumberFormatException ne) { } catch (InterruptedException ie) { @@ -169,11 +169,11 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doHead2(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request header without validation - String header = request.getHeader("Retry-After"); + String header = request.getHeader("Retry-After"); // $ Source[java/thread-resource-abuse] int retryAfter = Integer.parseInt(header); try { - Thread.sleep(retryAfter); + Thread.sleep(retryAfter); // $ Alert[java/thread-resource-abuse] } catch (InterruptedException ignore) { // ignore } @@ -203,7 +203,7 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doHead4(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request header without validation try { - String uploadDelayStr = request.getParameter("delay"); + String uploadDelayStr = request.getParameter("delay"); // $ Source[java/thread-resource-abuse] int uploadDelay = Integer.parseInt(uploadDelayStr); UploadListener listener = new UploadListener(uploadDelay, getContentLength(request)); @@ -212,11 +212,11 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doHead5(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request header with binary multiplication expression and without validation - String header = request.getHeader("Retry-After"); + String header = request.getHeader("Retry-After"); // $ Source[java/thread-resource-abuse] int retryAfter = Integer.parseInt(header); try { - Thread.sleep(retryAfter * 1000); + Thread.sleep(retryAfter * 1000); // $ Alert[java/thread-resource-abuse] } catch (InterruptedException ignore) { // ignore } @@ -224,13 +224,13 @@ public class ThreadResourceAbuse extends HttpServlet { protected void doHead6(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: Get thread pause time from request header with multiplication assignment operator and without validation - String header = request.getHeader("Retry-After"); + String header = request.getHeader("Retry-After"); // $ Source[java/thread-resource-abuse] int retryAfter = Integer.parseInt(header); retryAfter *= 1000; try { - Thread.sleep(retryAfter); + Thread.sleep(retryAfter); // $ Alert[java/thread-resource-abuse] } catch (InterruptedException ignore) { // ignore } diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.qlref b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.qlref index caf6f8da85b..bf6365944ba 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-400/UploadListener.java b/java/ql/test/experimental/query-tests/security/CWE-400/UploadListener.java index 9e213116872..d6df514518b 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-400/UploadListener.java +++ b/java/ql/test/experimental/query-tests/security/CWE-400/UploadListener.java @@ -32,7 +32,7 @@ public class UploadListener implements ProgressListener, Serializable { // Just a way to slow down the upload process and see the progress bar in fast networks. if (slowUploads > 0 && done < total) { try { - Thread.sleep(slowUploads); + Thread.sleep(slowUploads); // $ Alert[java/thread-resource-abuse] } catch (Exception e) { } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/BadClassLoader.java b/java/ql/test/experimental/query-tests/security/CWE-470/BadClassLoader.java index 6fd6b9ccfa5..213dfa96196 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/BadClassLoader.java +++ b/java/ql/test/experimental/query-tests/security/CWE-470/BadClassLoader.java @@ -12,10 +12,10 @@ public class BadClassLoader extends Application { for (PackageInfo p : getPackageManager().getInstalledPackages(0)) { try { if (p.packageName.startsWith("some.package.")) { - Context appContext = createPackageContext(p.packageName, - CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY); + Context appContext = createPackageContext(p.packageName, // $ + CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY); // $ Source[java/android/unsafe-reflection] ClassLoader classLoader = appContext.getClassLoader(); - Object result = classLoader.loadClass("some.package.SomeClass") + Object result = classLoader.loadClass("some.package.SomeClass") // $ Alert[java/android/unsafe-reflection] .getMethod("someMethod") .invoke(null); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/LoadClassNoSignatureCheck.qlref b/java/ql/test/experimental/query-tests/security/CWE-470/LoadClassNoSignatureCheck.qlref index 5feabdb8bec..d1d07a95f73 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/LoadClassNoSignatureCheck.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-470/LoadClassNoSignatureCheck.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.java b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.java index d9dc0573660..2822ad3dff2 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.java @@ -18,11 +18,11 @@ public class UnsafeReflection { @GetMapping(value = "uf1") public void bad1(HttpServletRequest request) { - String className = request.getParameter("className"); + String className = request.getParameter("className"); // $ Source[java/unsafe-reflection] String parameterValue = request.getParameter("parameterValue"); try { Class clazz = Class.forName(className); - Object object = clazz.getDeclaredConstructors()[0].newInstance(parameterValue); //bad + Object object = clazz.getDeclaredConstructors()[0].newInstance(parameterValue); // $ Alert[java/unsafe-reflection] //bad } catch (Exception e) { e.printStackTrace(); } @@ -30,20 +30,20 @@ public class UnsafeReflection { @GetMapping(value = "uf2") public void bad2(HttpServletRequest request) { - String className = request.getParameter("className"); + String className = request.getParameter("className"); // $ Source[java/unsafe-reflection] String parameterValue = request.getParameter("parameterValue"); try { ClassLoader classLoader = ClassLoader.getSystemClassLoader(); Class clazz = classLoader.loadClass(className); Object object = clazz.newInstance(); - clazz.getDeclaredMethods()[0].invoke(object, parameterValue); //bad + clazz.getDeclaredMethods()[0].invoke(object, parameterValue); // $ Alert[java/unsafe-reflection] //bad } catch (Exception e) { e.printStackTrace(); } } @RequestMapping(value = {"/service/{beanIdOrClassName}/{methodName}"}, method = {RequestMethod.POST}, consumes = {"application/json"}, produces = {"application/json"}) - public Object bad3(@PathVariable("beanIdOrClassName") String beanIdOrClassName, @PathVariable("methodName") String methodName, @RequestBody Map body) throws Exception { + public Object bad3(@PathVariable("beanIdOrClassName") String beanIdOrClassName, @PathVariable("methodName") String methodName, @RequestBody Map body) throws Exception { // $ Source[java/unsafe-reflection] List rawData = null; try { rawData = (List)body.get("methodInput"); @@ -116,7 +116,7 @@ public class UnsafeReflection { b++; continue; } - Object result = method.invoke(bean, data); + Object result = method.invoke(bean, data); // $ Alert[java/unsafe-reflection] Map map = new HashMap<>(); return map; } diff --git a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.qlref b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.qlref index 28822316a90..119312e6ae8 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-470/UnsafeReflection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.java b/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.java index a29a82bb15b..056074f3b35 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.java +++ b/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.java @@ -52,7 +52,7 @@ public class ServiceBean implements SessionBean { } /** Local unit testing code */ - public static void main(String[] args) throws Exception { + public static void main(String[] args) throws Exception { // $ Alert[java/main-method-in-enterprise-bean] ServiceBean b = new ServiceBean(); b.doService(); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.qlref b/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.qlref index 38d09d01cfb..80869cba4ff 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-489/ServiceBean.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-489/EJBMain.ql +query: experimental/Security/CWE/CWE-489/EJBMain.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-489/ServletContextListenerMain.java b/java/ql/test/experimental/query-tests/security/CWE-489/ServletContextListenerMain.java index 38ce153aa5a..71351029f56 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-489/ServletContextListenerMain.java +++ b/java/ql/test/experimental/query-tests/security/CWE-489/ServletContextListenerMain.java @@ -14,7 +14,7 @@ public class ServletContextListenerMain implements ServletContextListener { } // BAD - Implement a main method in servlet listener. - public static void main(String[] args) { + public static void main(String[] args) { // $ Alert[java/main-method-in-web-components] try { URL url = new URL("https://www.example.com"); url.openConnection(); diff --git a/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.java b/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.java index 55b73bd3b72..4f3029b6d13 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.java +++ b/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.java @@ -25,7 +25,7 @@ public class ServletMain implements Servlet { } // BAD - Implement a main method in servlet. - public static void main(String[] args) throws Exception { + public static void main(String[] args) throws Exception { // $ Alert[java/main-method-in-web-components] // Connect to my server URL url = new URL("https://www.example.com"); url.openConnection(); diff --git a/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.qlref b/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.qlref index bf8fc2aacce..71869fb862e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-489/ServletMain.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-489/WebComponentMain.ql +query: experimental/Security/CWE/CWE-489/WebComponentMain.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/SpringExporterUnsafeDeserialization.java b/java/ql/test/experimental/query-tests/security/CWE-502/SpringExporterUnsafeDeserialization.java index f1b2453ea15..5f5fcd56129 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/SpringExporterUnsafeDeserialization.java +++ b/java/ql/test/experimental/query-tests/security/CWE-502/SpringExporterUnsafeDeserialization.java @@ -11,7 +11,7 @@ import org.springframework.remoting.rmi.RmiServiceExporter; public class SpringExporterUnsafeDeserialization { @Bean(name = "/unsafeRmiServiceExporter") - RmiServiceExporter unsafeRmiServiceExporter() { + RmiServiceExporter unsafeRmiServiceExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] RmiServiceExporter exporter = new RmiServiceExporter(); exporter.setServiceInterface(AccountService.class); exporter.setService(new AccountServiceImpl()); @@ -21,7 +21,7 @@ public class SpringExporterUnsafeDeserialization { } @Bean(name = "/unsafeHessianServiceExporter") - HessianServiceExporter unsafeHessianServiceExporter() { + HessianServiceExporter unsafeHessianServiceExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] HessianServiceExporter exporter = new HessianServiceExporter(); exporter.setService(new AccountServiceImpl()); exporter.setServiceInterface(AccountService.class); @@ -29,7 +29,7 @@ public class SpringExporterUnsafeDeserialization { } @Bean(name = "/unsafeHttpInvokerServiceExporter") - HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { + HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter(); exporter.setService(new AccountServiceImpl()); exporter.setServiceInterface(AccountService.class); @@ -37,7 +37,7 @@ public class SpringExporterUnsafeDeserialization { } @Bean(name = "/unsafeCustomeRemoteInvocationSerializingExporter") - RemoteInvocationSerializingExporter unsafeCustomeRemoteInvocationSerializingExporter() { + RemoteInvocationSerializingExporter unsafeCustomeRemoteInvocationSerializingExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] return new CustomeRemoteInvocationSerializingExporter(); } @@ -53,7 +53,7 @@ public class SpringExporterUnsafeDeserialization { class SpringBootTestApplication { @Bean(name = "/unsafeHttpInvokerServiceExporter") - HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { + HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter(); exporter.setService(new AccountServiceImpl()); exporter.setServiceInterface(AccountService.class); @@ -65,7 +65,7 @@ class SpringBootTestApplication { class SpringBootTestConfiguration { @Bean(name = "/unsafeHttpInvokerServiceExporter") - HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { + HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() { // $ Alert[java/unsafe-deserialization-spring-exporter-in-configuration-class] HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter(); exporter.setService(new AccountServiceImpl()); exporter.setServiceInterface(AccountService.class); diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.java b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.java index 197a1c47843..2f551e1205e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.java +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.java @@ -12,9 +12,9 @@ public class UnsafeDeserializationRmi { // BAD (bind a remote object that has a vulnerable method) public static void testRegistryBindWithObjectParameter() throws Exception { Registry registry = LocateRegistry.createRegistry(1099); - registry.bind("unsafe", new UnsafeRemoteObjectImpl()); - registry.rebind("unsafe", new UnsafeRemoteObjectImpl()); - registry.rebind("unsafe", UnicastRemoteObject.exportObject(new UnsafeRemoteObjectImpl())); + registry.bind("unsafe", new UnsafeRemoteObjectImpl()); // $ Alert[java/unsafe-deserialization-rmi] + registry.rebind("unsafe", new UnsafeRemoteObjectImpl()); // $ Alert[java/unsafe-deserialization-rmi] + registry.rebind("unsafe", UnicastRemoteObject.exportObject(new UnsafeRemoteObjectImpl())); // $ Alert[java/unsafe-deserialization-rmi] } // GOOD (bind a remote object that has methods that takes safe parameters) @@ -26,8 +26,8 @@ public class UnsafeDeserializationRmi { // BAD (bind a remote object that has a vulnerable method) public static void testNamingBindWithObjectParameter() throws Exception { - Naming.bind("unsafe", new UnsafeRemoteObjectImpl()); - Naming.rebind("unsafe", new UnsafeRemoteObjectImpl()); + Naming.bind("unsafe", new UnsafeRemoteObjectImpl()); // $ Alert[java/unsafe-deserialization-rmi] + Naming.rebind("unsafe", new UnsafeRemoteObjectImpl()); // $ Alert[java/unsafe-deserialization-rmi] } // GOOD (bind a remote object that has methods that takes safe parameters) diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.qlref b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.qlref index f9691113cfa..711338908ee 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.qlref b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.qlref index 823c7735ec5..e58985f0971 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInConfigurationClass.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql \ No newline at end of file +query: experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.qlref b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.qlref index 46024a0b6b3..4491a0d3225 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-502/UnsafeSpringExporterInXMLConfiguration.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql \ No newline at end of file +query: experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-502/beans.xml b/java/ql/test/experimental/query-tests/security/CWE-502/beans.xml index fbb936d901d..fc7536c7175 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-502/beans.xml +++ b/java/ql/test/experimental/query-tests/security/CWE-502/beans.xml @@ -10,21 +10,21 @@ - + - + - + - + diff --git a/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.qlref b/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.qlref index ead6d782be8..a6a93025c43 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-548/InsecureDirectoryConfig.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +query: experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-548/insecure-web.xml b/java/ql/test/experimental/query-tests/security/CWE-548/insecure-web.xml index 346f98346b3..3e197e53fca 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-548/insecure-web.xml +++ b/java/ql/test/experimental/query-tests/security/CWE-548/insecure-web.xml @@ -16,7 +16,7 @@ listings true - + 1 @@ -26,4 +26,4 @@ / - \ No newline at end of file + diff --git a/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.qlref b/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.qlref index b996de13723..29138b5006d 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-555/PasswordInConfigurationFile.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +query: experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml b/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml index 040c866759b..a4030150cb9 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml +++ b/java/ql/test/experimental/query-tests/security/CWE-555/applicationContext.xml @@ -6,7 +6,7 @@ - + diff --git a/java/ql/test/experimental/query-tests/security/CWE-555/context.xml b/java/ql/test/experimental/query-tests/security/CWE-555/context.xml index 6ea601bc6d7..f3e59bfcdb1 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-555/context.xml +++ b/java/ql/test/experimental/query-tests/security/CWE-555/context.xml @@ -5,7 +5,7 @@ maxTotal="100" maxIdle="30" maxWaitMillis="10000" username="root" password="1234" driverClassName="com.mysql.jdbc.Driver" - url="jdbc:mysql://www.example1.com:3306/proj"/> + url="jdbc:mysql://www.example1.com:3306/proj"/> - \ No newline at end of file + diff --git a/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml b/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml index 3569f0d09de..10ad6b30f7c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml +++ b/java/ql/test/experimental/query-tests/security/CWE-555/custom-config.xml @@ -1,4 +1,4 @@ - + diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java index 2b7386bb600..d1a633be31c 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.java @@ -9,13 +9,13 @@ public class SensitiveGetQuery extends HttpServlet { // BAD - Tests retrieving sensitive information through `request.getParameter()` in a GET request. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String username = request.getParameter("username"); - String password = request.getParameter("password"); + String password = request.getParameter("password"); // $ Source - processUserInfo(username, password); + processUserInfo(username, password); // $ Alert } void processUserInfo(String username, String password) { - System.out.println("username = " + username+"; password "+password); + System.out.println("username = " + username+"; password "+password); // $ Alert } // GOOD - Tests retrieving sensitive information through `request.getParameter()` in a POST request. diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.qlref b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.qlref index 53c2523e041..20c3e79eb96 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java index 6b4fec0b331..97b929c792f 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery2.java @@ -9,14 +9,14 @@ import javax.servlet.ServletException; public class SensitiveGetQuery2 extends HttpServlet { // BAD - Tests retrieving sensitive information through `request.getParameterMap()` in a GET request. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - Map map = request.getParameterMap(); + Map map = request.getParameterMap(); // $ Source String username = (String) map.get("username"); String password = (String) map.get("password"); - processUserInfo(username, password); + processUserInfo(username, password); // $ Alert } void processUserInfo(String username, String password) { - System.out.println("username = " + username+"; password "+password); + System.out.println("username = " + username+"; password "+password); // $ Alert } // GOOD - Tests retrieving sensitive information through `request.getParameterMap()` in a POST request. diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java index 5d191bb52b1..e34534236d0 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery3.java @@ -10,11 +10,11 @@ public class SensitiveGetQuery3 extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String username = getRequestParameter(request, "username"); String password = getRequestParameter(request, "password"); - System.out.println("Username="+username+"; password="+password); + System.out.println("Username="+username+"; password="+password); // $ Alert } String getRequestParameter(HttpServletRequest request, String paramName) { - return request.getParameter(paramName); + return request.getParameter(paramName); // $ Source } // GOOD - Tests retrieving sensitive information through a wrapper call in a POST request. diff --git a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java index 29e94d254d4..4f5399b9e10 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java +++ b/java/ql/test/experimental/query-tests/security/CWE-598/SensitiveGetQuery4.java @@ -13,11 +13,11 @@ public class SensitiveGetQuery4 extends HttpServlet { String tokenType = getRequestParameter(request, "tokenType"); String accessToken = getRequestParameter(request, "accessToken"); System.out.println("Username="+username+"; token="+token+"; tokenType="+tokenType); - System.out.println("AccessToken="+accessToken); + System.out.println("AccessToken="+accessToken); // $ Alert } String getRequestParameter(HttpServletRequest request, String paramName) { - return request.getParameter(paramName); + return request.getParameter(paramName); // $ Source } // GOOD - Tests retrieving non-sensitive tokens and sensitive tokens in a POST request. diff --git a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.java b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.java index 1e38c917b0f..63f19ef87a3 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.java +++ b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.java @@ -10,11 +10,11 @@ import javax.servlet.ServletException; class UncaughtServletException extends HttpServlet { // BAD - Tests `doGet` without catching exceptions. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - String ip = request.getParameter("srcIP"); - InetAddress addr = InetAddress.getByName(ip); // getByName(String) throws UnknownHostException + String ip = request.getParameter("srcIP"); // $ Source + InetAddress addr = InetAddress.getByName(ip); // $ Alert // getByName(String) throws UnknownHostException - String userId = request.getRemoteUser(); - Integer.parseInt(userId); // Integer.parse(String) throws RuntimeException + String userId = request.getRemoteUser(); // $ Source + Integer.parseInt(userId); // $ Alert // Integer.parse(String) throws RuntimeException } // GOOD - Tests `doPost` with catching exceptions. @@ -51,8 +51,8 @@ class UncaughtServletException extends HttpServlet { // BAD - Tests rethrowing caught exceptions with stack trace. public void doOptions(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { try { - String ip = request.getParameter("srcIP"); - InetAddress addr = InetAddress.getByName(ip); + String ip = request.getParameter("srcIP"); // $ Source + InetAddress addr = InetAddress.getByName(ip); // $ Alert } catch (UnknownHostException uhex) { uhex.printStackTrace(); throw uhex; @@ -72,8 +72,8 @@ class UncaughtServletException extends HttpServlet { try { addr = InetAddress.getByName(ip); - String userId = request.getRemoteUser(); - Integer.parseInt(userId); // Integer.parse(String) throws RuntimeException + String userId = request.getRemoteUser(); // $ Source + Integer.parseInt(userId); // $ Alert // Integer.parse(String) throws RuntimeException } catch (UnknownHostException uhex) { throw new UnknownHostException("Got exception "+uhex.getMessage()); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.qlref b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.qlref index 14466d983a7..11977e14ba2 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-600/UncaughtServletException.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.java b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.java index e5909b3478e..a73f9c14249 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.java +++ b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.java @@ -14,53 +14,53 @@ public class SpringUrlRedirect { private final static String VALID_REDIRECT = "http://127.0.0.1"; @GetMapping("url1") - public RedirectView bad1(String redirectUrl, HttpServletResponse response) throws Exception { + public RedirectView bad1(String redirectUrl, HttpServletResponse response) throws Exception { // $ Source RedirectView rv = new RedirectView(); - rv.setUrl(redirectUrl); + rv.setUrl(redirectUrl); // $ Alert return rv; } @GetMapping("url2") - public String bad2(String redirectUrl) { - String url = "redirect:" + redirectUrl; + public String bad2(String redirectUrl) { // $ Source + String url = "redirect:" + redirectUrl; // $ Alert return url; } @GetMapping("url3") - public RedirectView bad3(String redirectUrl) { - RedirectView rv = new RedirectView(redirectUrl); + public RedirectView bad3(String redirectUrl) { // $ Source + RedirectView rv = new RedirectView(redirectUrl); // $ Alert return rv; } @GetMapping("url4") - public ModelAndView bad4(String redirectUrl) { - return new ModelAndView("redirect:" + redirectUrl); + public ModelAndView bad4(String redirectUrl) { // $ Source + return new ModelAndView("redirect:" + redirectUrl); // $ Alert } @GetMapping("url5") - public String bad5(String redirectUrl) { + public String bad5(String redirectUrl) { // $ Source StringBuffer stringBuffer = new StringBuffer(); stringBuffer.append("redirect:"); - stringBuffer.append(redirectUrl); + stringBuffer.append(redirectUrl); // $ Alert return stringBuffer.toString(); } @GetMapping("url6") - public String bad6(String redirectUrl) { + public String bad6(String redirectUrl) { // $ Source StringBuilder stringBuilder = new StringBuilder(); stringBuilder.append("redirect:"); - stringBuilder.append(redirectUrl); + stringBuilder.append(redirectUrl); // $ Alert return stringBuilder.toString(); } @GetMapping("url7") - public String bad7(String redirectUrl) { - return "redirect:" + String.format("%s/?aaa", redirectUrl); + public String bad7(String redirectUrl) { // $ Source + return "redirect:" + String.format("%s/?aaa", redirectUrl); // $ Alert } @GetMapping("url8") - public String bad8(String redirectUrl, String token) { - return "redirect:" + String.format(redirectUrl + "?token=%s", token); + public String bad8(String redirectUrl, String token) { // $ Source + return "redirect:" + String.format(redirectUrl + "?token=%s", token); // $ Alert } @GetMapping("url9") @@ -86,49 +86,49 @@ public class SpringUrlRedirect { } @GetMapping("url12") - public ResponseEntity bad9(String redirectUrl) { + public ResponseEntity bad9(String redirectUrl) { // $ Source return ResponseEntity.status(HttpStatus.FOUND) - .location(URI.create(redirectUrl)) + .location(URI.create(redirectUrl)) // $ Alert .build(); } @GetMapping("url13") - public ResponseEntity bad10(String redirectUrl) { + public ResponseEntity bad10(String redirectUrl) { // $ Source HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.setLocation(URI.create(redirectUrl)); - return new ResponseEntity<>(httpHeaders, HttpStatus.SEE_OTHER); + return new ResponseEntity<>(httpHeaders, HttpStatus.SEE_OTHER); // $ Alert } @GetMapping("url14") - public ResponseEntity bad11(String redirectUrl) { + public ResponseEntity bad11(String redirectUrl) { // $ Source HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Location", redirectUrl); - return ResponseEntity.status(HttpStatus.SEE_OTHER).headers(httpHeaders).build(); + return ResponseEntity.status(HttpStatus.SEE_OTHER).headers(httpHeaders).build(); // $ Alert } @GetMapping("url15") - public ResponseEntity bad12(String redirectUrl) { + public ResponseEntity bad12(String redirectUrl) { // $ Source HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Location", redirectUrl); - return new ResponseEntity<>(httpHeaders, HttpStatus.SEE_OTHER); + return new ResponseEntity<>(httpHeaders, HttpStatus.SEE_OTHER); // $ Alert } @GetMapping("url16") - public ResponseEntity bad13(String redirectUrl) { + public ResponseEntity bad13(String redirectUrl) { // $ Source HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Location", redirectUrl); - return new ResponseEntity<>("TestBody", httpHeaders, HttpStatus.SEE_OTHER); + return new ResponseEntity<>("TestBody", httpHeaders, HttpStatus.SEE_OTHER); // $ Alert } @GetMapping("url17") - public ResponseEntity bad14(String redirectUrl) { + public ResponseEntity bad14(String redirectUrl) { // $ Source HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.setLocation(URI.create(redirectUrl)); - return new ResponseEntity<>("TestBody", httpHeaders, HttpStatus.SEE_OTHER); + return new ResponseEntity<>("TestBody", httpHeaders, HttpStatus.SEE_OTHER); // $ Alert } } diff --git a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.qlref b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.qlref index 3c1c8a42a95..62384d5e430 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexFilter.java b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexFilter.java index 6ce97453d8f..28583c0ecb3 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexFilter.java +++ b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexFilter.java @@ -26,10 +26,10 @@ public class DotRegexFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; - String source = httpRequest.getPathInfo(); + String source = httpRequest.getPathInfo(); // $ Source Pattern p = Pattern.compile(PROTECTED_PATTERN); - Matcher m = p.matcher(source); + Matcher m = p.matcher(source); // $ Alert if (m.matches()) { // Protected page - check access token and redirect to login page @@ -67,4 +67,4 @@ public class DotRegexFilter implements Filter { public void destroy() { // Close resources } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexServlet.java b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexServlet.java index 47d3175afcf..c2d50a50d71 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexServlet.java +++ b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexServlet.java @@ -16,10 +16,10 @@ public class DotRegexServlet extends HttpServlet { // BAD: A string with line return e.g. `/protected/%0dxyz` can bypass the path check protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String source = request.getPathInfo(); + String source = request.getPathInfo(); // $ Source Pattern p = Pattern.compile(PROTECTED_PATTERN); - Matcher m = p.matcher(source); + Matcher m = p.matcher(source); // $ Alert if (m.matches()) { // Protected page - check access token and redirect to login page @@ -54,9 +54,9 @@ public class DotRegexServlet extends HttpServlet { // BAD: A string with line return e.g. `/protected/%0axyz` can bypass the path check protected void doGet3(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String source = request.getRequestURI(); + String source = request.getRequestURI(); // $ Source - boolean matches = source.matches(PROTECTED_PATTERN); + boolean matches = source.matches(PROTECTED_PATTERN); // $ Alert if (matches) { // Protected page - check access token and redirect to login page @@ -72,9 +72,9 @@ public class DotRegexServlet extends HttpServlet { // BAD: A string with line return e.g. `/protected/%0axyz` can bypass the path check protected void doGet4(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String source = request.getPathInfo(); + String source = request.getPathInfo(); // $ Source - boolean matches = Pattern.matches(PROTECTED_PATTERN, source); + boolean matches = Pattern.matches(PROTECTED_PATTERN, source); // $ Alert if (matches) { // Protected page - check access token and redirect to login page @@ -109,10 +109,10 @@ public class DotRegexServlet extends HttpServlet { // BAD: A string with line return e.g. `/protected/%0dxyz` can bypass the path check protected void doGet6(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String source = request.getPathInfo(); + String source = request.getPathInfo(); // $ Source Pattern p = Pattern.compile(PROTECTED_PATTERN); - Matcher m = p.matcher(source); + Matcher m = p.matcher(source); // $ Alert if (m.matches()) { // Protected page - check access token and redirect to login page diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexSpring.java b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexSpring.java index 4651508fe19..196a305b086 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexSpring.java +++ b/java/ql/test/experimental/query-tests/security/CWE-625/DotRegexSpring.java @@ -17,10 +17,10 @@ public class DotRegexSpring { @GetMapping("param") // BAD: A string with line return e.g. `/protected/%0dxyz` can bypass the path check - public String withParam(@RequestParam String path, Model model) throws UnsupportedEncodingException { + public String withParam(@RequestParam String path, Model model) throws UnsupportedEncodingException { // $ Source Pattern p = Pattern.compile(PROTECTED_PATTERN); path = decodePath(path); - Matcher m = p.matcher(path); + Matcher m = p.matcher(path); // $ Alert if (m.matches()) { // Protected page - check access token and redirect to login page @@ -34,10 +34,10 @@ public class DotRegexSpring { @GetMapping("{path}") // BAD: A string with line return e.g. `%252Fprotected%252F%250dxyz` can bypass the path check - public RedirectView withPathVariable1(@PathVariable String path, Model model) throws UnsupportedEncodingException { + public RedirectView withPathVariable1(@PathVariable String path, Model model) throws UnsupportedEncodingException { // $ Source Pattern p = Pattern.compile(PROTECTED_PATTERN); path = decodePath(path); - Matcher m = p.matcher(path); + Matcher m = p.matcher(path); // $ Alert if (m.matches()) { // Protected page - check access token and redirect to login page diff --git a/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.qlref b/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.qlref index 67382a5e297..b4a93ae73f2 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.java b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.java index d8df8057cc6..5dccb7dbe22 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.java +++ b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.java @@ -42,13 +42,13 @@ public class XQueryInjection { @RequestMapping public void testRequestbad(HttpServletRequest request) throws Exception { - String name = request.getParameter("name"); + String name = request.getParameter("name"); // $ Source XQDataSource ds = new SaxonXQDataSource(); XQConnection conn = ds.getConnection(); String query = "for $user in doc(\"users.xml\")/Users/User[name='" + name + "'] return $user/password"; XQPreparedExpression xqpe = conn.prepareExpression(query); - XQResultSequence result = xqpe.executeQuery(); + XQResultSequence result = xqpe.executeQuery(); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -56,13 +56,13 @@ public class XQueryInjection { @RequestMapping public void testRequestbad1(HttpServletRequest request) throws Exception { - String name = request.getParameter("name"); + String name = request.getParameter("name"); // $ Source XQDataSource xqds = new SaxonXQDataSource(); String query = "for $user in doc(\"users.xml\")/Users/User[name='" + name + "'] return $user/password"; XQConnection conn = xqds.getConnection(); XQExpression expr = conn.createExpression(); - XQResultSequence result = expr.executeQuery(query); + XQResultSequence result = expr.executeQuery(query); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -70,26 +70,26 @@ public class XQueryInjection { @RequestMapping - public void testStringtbad(@RequestParam String nameStr) throws XQException { + public void testStringtbad(@RequestParam String nameStr) throws XQException { // $ Source XQDataSource ds = new SaxonXQDataSource(); XQConnection conn = ds.getConnection(); String query = "for $user in doc(\"users.xml\")/Users/User[name='" + nameStr + "'] return $user/password"; XQPreparedExpression xqpe = conn.prepareExpression(query); - XQResultSequence result = xqpe.executeQuery(); + XQResultSequence result = xqpe.executeQuery(); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } } @RequestMapping - public void testStringtbad1(@RequestParam String nameStr) throws XQException { + public void testStringtbad1(@RequestParam String nameStr) throws XQException { // $ Source XQDataSource xqds = new SaxonXQDataSource(); String query = "for $user in doc(\"users.xml\")/Users/User[name='" + nameStr + "'] return $user/password"; XQConnection conn = xqds.getConnection(); XQExpression expr = conn.createExpression(); - XQResultSequence result = expr.executeQuery(query); + XQResultSequence result = expr.executeQuery(query); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -97,11 +97,11 @@ public class XQueryInjection { @RequestMapping public void testInputStreambad(HttpServletRequest request) throws Exception { - InputStream name = request.getInputStream(); + InputStream name = request.getInputStream(); // $ Source XQDataSource ds = new SaxonXQDataSource(); XQConnection conn = ds.getConnection(); XQPreparedExpression xqpe = conn.prepareExpression(name); - XQResultSequence result = xqpe.executeQuery(); + XQResultSequence result = xqpe.executeQuery(); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -109,11 +109,11 @@ public class XQueryInjection { @RequestMapping public void testInputStreambad1(HttpServletRequest request) throws Exception { - InputStream name = request.getInputStream(); + InputStream name = request.getInputStream(); // $ Source XQDataSource xqds = new SaxonXQDataSource(); XQConnection conn = xqds.getConnection(); XQExpression expr = conn.createExpression(); - XQResultSequence result = expr.executeQuery(name); + XQResultSequence result = expr.executeQuery(name); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -121,12 +121,12 @@ public class XQueryInjection { @RequestMapping public void testReaderbad(HttpServletRequest request) throws Exception { - InputStream name = request.getInputStream(); + InputStream name = request.getInputStream(); // $ Source BufferedReader br = new BufferedReader(new InputStreamReader(name)); XQDataSource ds = new SaxonXQDataSource(); XQConnection conn = ds.getConnection(); XQPreparedExpression xqpe = conn.prepareExpression(br); - XQResultSequence result = xqpe.executeQuery(); + XQResultSequence result = xqpe.executeQuery(); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -134,12 +134,12 @@ public class XQueryInjection { @RequestMapping public void testReaderbad1(HttpServletRequest request) throws Exception { - InputStream name = request.getInputStream(); + InputStream name = request.getInputStream(); // $ Source BufferedReader br = new BufferedReader(new InputStreamReader(name)); XQDataSource xqds = new SaxonXQDataSource(); XQConnection conn = xqds.getConnection(); XQExpression expr = conn.createExpression(); - XQResultSequence result = expr.executeQuery(br); + XQResultSequence result = expr.executeQuery(br); // $ Alert while (result.next()) { System.out.println(result.getItemAsString(null)); } @@ -147,16 +147,16 @@ public class XQueryInjection { @RequestMapping public void testExecuteCommandbad(HttpServletRequest request) throws Exception { - String name = request.getParameter("name"); + String name = request.getParameter("name"); // $ Source XQDataSource xqds = new SaxonXQDataSource(); XQConnection conn = xqds.getConnection(); XQExpression expr = conn.createExpression(); //bad code - expr.executeCommand(name); + expr.executeCommand(name); // $ Alert //bad code - InputStream is = request.getInputStream(); + InputStream is = request.getInputStream(); // $ Source BufferedReader br = new BufferedReader(new InputStreamReader(is)); - expr.executeCommand(br); + expr.executeCommand(br); // $ Alert expr.close(); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.qlref index df94ae95807..a998a694ade 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-652/XQueryInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java index f1294847fcc..b631e7c6cca 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java +++ b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.java @@ -9,12 +9,12 @@ public class InsecureRmiJmxEnvironmentConfiguration { public void initInsecureJmxDueToNullEnv() throws IOException { // Bad initializing env (arg1) with null - JMXConnectorServerFactory.newJMXConnectorServer(null, null, null); + JMXConnectorServerFactory.newJMXConnectorServer(null, null, null); // $ Alert } public void initInsecureRmiDueToNullEnv() throws IOException { // Bad initializing env (arg1) with null - new RMIConnectorServer(null, null, null, null); + new RMIConnectorServer(null, null, null, null); // $ Alert } public void initInsecureRmiDueToMissingEnvKeyValue() throws IOException { @@ -22,7 +22,7 @@ public class InsecureRmiJmxEnvironmentConfiguration { // "jmx.remote.rmi.server.credential.types" Map env = new HashMap<>(); env.put("jmx.remote.x.daemon", "true"); - new RMIConnectorServer(null, env, null, null); + new RMIConnectorServer(null, env, null, null); // $ Alert } public void initInsecureJmxDueToMissingEnvKeyValue() throws IOException { @@ -30,7 +30,7 @@ public class InsecureRmiJmxEnvironmentConfiguration { // "jmx.remote.rmi.server.credential.types" Map env = new HashMap<>(); env.put("jmx.remote.x.daemon", "true"); - JMXConnectorServerFactory.newJMXConnectorServer(null, env, null); + JMXConnectorServerFactory.newJMXConnectorServer(null, env, null); // $ Alert } public void secureJmxConnnectorServer() throws IOException { diff --git a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qlref b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qlref index de4b6744533..3b1127b4695 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qlref @@ -1 +1,2 @@ -experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql \ No newline at end of file +query: experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.java b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.java index bf527f04fe1..9ceefd5a388 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.java +++ b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.java @@ -10,8 +10,8 @@ public class NFEAndroidDoS extends Activity { super.onCreate(savedInstanceState); setContentView(-1); - String minPriceStr = getIntent().getStringExtra("priceMin"); - double minPrice = Double.parseDouble(minPriceStr); + String minPriceStr = getIntent().getStringExtra("priceMin"); // $ Source + double minPrice = Double.parseDouble(minPriceStr); // $ Alert } // BAD - parse string extra to integer @@ -19,11 +19,11 @@ public class NFEAndroidDoS extends Activity { super.onCreate(savedInstanceState); setContentView(-1); - String widthStr = getIntent().getStringExtra("width"); - int width = Integer.parseInt(widthStr); + String widthStr = getIntent().getStringExtra("width"); // $ Source + int width = Integer.parseInt(widthStr); // $ Alert - String heightStr = getIntent().getStringExtra("height"); - int height = Integer.parseInt(heightStr); + String heightStr = getIntent().getStringExtra("height"); // $ Source + int height = Integer.parseInt(heightStr); // $ Alert } // GOOD - parse int extra to integer @@ -40,11 +40,11 @@ public class NFEAndroidDoS extends Activity { super.onCreate(savedInstanceState); setContentView(-1); - String minPriceStr = getIntent().getStringExtra("priceMin"); - double minPrice = new Double(minPriceStr); + String minPriceStr = getIntent().getStringExtra("priceMin"); // $ Source + double minPrice = new Double(minPriceStr); // $ Alert String maxPriceStr = getIntent().getStringExtra("priceMax"); - double maxPrice = Double.valueOf(minPriceStr); + double maxPrice = Double.valueOf(minPriceStr); // $ Alert } // GOOD - parse string extra to double with caught NFE @@ -83,4 +83,4 @@ public class NFEAndroidDoS extends Activity { double priceMin = IntentUtils.getDoubleExtra(this, "priceMin"); } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.qlref b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.qlref index 17bd71ea68a..9e538d9fd8a 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java index 48911486db1..ba482a503e7 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java +++ b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.java @@ -7,7 +7,7 @@ public class HashWithoutSalt { // BAD - Hash without a salt. public String getSHA256Hash(String password) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] messageDigest = md.digest(password.getBytes()); + byte[] messageDigest = md.digest(password.getBytes()); // $ Alert return Base64.getEncoder().encodeToString(messageDigest); } @@ -22,7 +22,7 @@ public class HashWithoutSalt { // BAD - Hash without a salt. public String getSHA256Hash2(String password) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance("SHA-256"); - md.update(password.getBytes()); + md.update(password.getBytes()); // $ Alert byte[] messageDigest = md.digest(); return Base64.getEncoder().encodeToString(messageDigest); } @@ -90,8 +90,8 @@ public class HashWithoutSalt { // BAD - Invoking a wrapper implementation through qualifier without a salt. public String getWrapperSHA256Hash2(String password) throws NoSuchAlgorithmException, ClassNotFoundException, IllegalAccessException, InstantiationException { SHA256 sha256 = new SHA256(); - byte[] passBytes = password.getBytes(); - sha256.update(passBytes, 0, passBytes.length); + byte[] passBytes = password.getBytes(); // $ Source + sha256.update(passBytes, 0, passBytes.length); // $ Alert return Base64.getEncoder().encodeToString(sha256.digest()); } @@ -108,8 +108,8 @@ public class HashWithoutSalt { // BAD - Invoking a wrapper implementation through argument without a salt. public String getWrapperSHA256Hash4(String password) throws NoSuchAlgorithmException { SHA256 sha256 = new SHA256(); - byte[] passBytes = password.getBytes(); - update(sha256, passBytes, 0, passBytes.length); + byte[] passBytes = password.getBytes(); // $ Source + update(sha256, passBytes, 0, passBytes.length); // $ Alert return Base64.getEncoder().encodeToString(sha256.digest()); } diff --git a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.qlref b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.qlref index b2f767ca66a..186b2833671 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.qlref +++ b/java/ql/test/experimental/query-tests/security/CWE-759/HashWithoutSalt.qlref @@ -1,2 +1,4 @@ query: experimental/Security/CWE/CWE-759/HashWithoutSalt.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref index 933c3569eed..f41f720f725 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref +++ b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirect.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-601/UrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJakarta.java b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJakarta.java index 897ee7890bd..263472d3fc5 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJakarta.java +++ b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJakarta.java @@ -7,9 +7,9 @@ import jakarta.ws.rs.core.Response; public class UrlRedirectJakarta extends HttpServlet { protected void doGetJax(HttpServletRequest request, Response jaxResponse) throws Exception { // BAD - jaxResponse.seeOther(new URI(request.getParameter("target"))); + jaxResponse.seeOther(new URI(request.getParameter("target"))); // $ Alert[java/unvalidated-url-redirection] // BAD - jaxResponse.temporaryRedirect(new URI(request.getParameter("target"))); + jaxResponse.temporaryRedirect(new URI(request.getParameter("target"))); // $ Alert[java/unvalidated-url-redirection] } } diff --git a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJax.java b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJax.java index 4ba3d1f1331..a757351a93c 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJax.java +++ b/java/ql/test/library-tests/frameworks/JaxWs/UrlRedirectJax.java @@ -7,9 +7,9 @@ import javax.ws.rs.core.Response; public class UrlRedirectJax extends HttpServlet { protected void doGetJax(HttpServletRequest request, Response jaxResponse) throws Exception { // BAD - jaxResponse.seeOther(new URI(request.getParameter("target"))); + jaxResponse.seeOther(new URI(request.getParameter("target"))); // $ Alert[java/unvalidated-url-redirection] // BAD - jaxResponse.temporaryRedirect(new URI(request.getParameter("target"))); + jaxResponse.temporaryRedirect(new URI(request.getParameter("target"))); // $ Alert[java/unvalidated-url-redirection] } } diff --git a/java/ql/test/query-tests/AmbiguousOuterSuper/AmbiguousOuterSuper.qlref b/java/ql/test/query-tests/AmbiguousOuterSuper/AmbiguousOuterSuper.qlref index 70c62b8c851..add5a9dc533 100644 --- a/java/ql/test/query-tests/AmbiguousOuterSuper/AmbiguousOuterSuper.qlref +++ b/java/ql/test/query-tests/AmbiguousOuterSuper/AmbiguousOuterSuper.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql \ No newline at end of file +query: Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/AmbiguousOuterSuper/GenericTest.java b/java/ql/test/query-tests/AmbiguousOuterSuper/GenericTest.java index f0d14dc4867..b35ac02925c 100644 --- a/java/ql/test/query-tests/AmbiguousOuterSuper/GenericTest.java +++ b/java/ql/test/query-tests/AmbiguousOuterSuper/GenericTest.java @@ -11,7 +11,7 @@ class Outer2 { class Inner extends GenericTest { public void test() { - f(); + f(); // $ Alert } } diff --git a/java/ql/test/query-tests/AmbiguousOuterSuper/Test.java b/java/ql/test/query-tests/AmbiguousOuterSuper/Test.java index e2a506f1438..875b4f7bbe9 100644 --- a/java/ql/test/query-tests/AmbiguousOuterSuper/Test.java +++ b/java/ql/test/query-tests/AmbiguousOuterSuper/Test.java @@ -11,7 +11,7 @@ class Outer { class Inner extends Test { public void test() { - f(); + f(); // $ Alert } } diff --git a/java/ql/test/query-tests/AutoBoxing/AutoBoxing.qlref b/java/ql/test/query-tests/AutoBoxing/AutoBoxing.qlref index f116f3bd8b4..dc47875616d 100644 --- a/java/ql/test/query-tests/AutoBoxing/AutoBoxing.qlref +++ b/java/ql/test/query-tests/AutoBoxing/AutoBoxing.qlref @@ -1 +1,2 @@ -Violations of Best Practice/legacy/AutoBoxing.ql +query: Violations of Best Practice/legacy/AutoBoxing.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/AutoBoxing/Test.java b/java/ql/test/query-tests/AutoBoxing/Test.java index 49c12f0c521..300a82a9a57 100644 --- a/java/ql/test/query-tests/AutoBoxing/Test.java +++ b/java/ql/test/query-tests/AutoBoxing/Test.java @@ -1,19 +1,19 @@ class Test { void unbox(Integer i, Boolean b) { // NOT OK - int j = i + 19; + int j = i + 19; // $ Alert // OK if (i == null); // NOT OK - if (i == 42); + if (i == 42); // $ Alert // NOT OK - j += i; + j += i; // $ Alert // NOT OK - int k = i; + int k = i; // $ Alert // NOT OK - bar(b); + bar(b); // $ Alert // NOT OK - int l = i == null ? 0 : i; + int l = i == null ? 0 : i; // $ Alert } void bar(boolean b) {} @@ -21,15 +21,15 @@ class Test { Integer box(int i) { Integer[] is = new Integer[1]; // NOT OK - is[0] = i; + is[0] = i; // $ Alert // NOT OK - Integer j = i; + Integer j = i; // $ Alert // NOT OK - return i == -1 ? null : i; + return i == -1 ? null : i; // $ Alert } void rebox(Integer i) { // NOT OK - i += 19; + i += 19; // $ Alert } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/AvoidDeprecatedCallableAccess.qlref b/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/AvoidDeprecatedCallableAccess.qlref index 58c139046f3..1277deb8a54 100644 --- a/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/AvoidDeprecatedCallableAccess.qlref +++ b/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/AvoidDeprecatedCallableAccess.qlref @@ -1 +1,2 @@ -Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql \ No newline at end of file +query: Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/Test.java b/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/Test.java index 8f4b55c861d..b9095a1fa70 100644 --- a/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/Test.java +++ b/java/ql/test/query-tests/AvoidDeprecatedCallableAccess/Test.java @@ -10,11 +10,11 @@ public class Test { { // NOT OK - m(); + m(); // $ Alert } public static void main(String[] args) { // NOT OK - new Test().n(); + new Test().n(); // $ Alert } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/BadAbsOfRandom/BadAbsOfRandom.qlref b/java/ql/test/query-tests/BadAbsOfRandom/BadAbsOfRandom.qlref index b6bbc44bfa0..2fa4288992a 100644 --- a/java/ql/test/query-tests/BadAbsOfRandom/BadAbsOfRandom.qlref +++ b/java/ql/test/query-tests/BadAbsOfRandom/BadAbsOfRandom.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/BadAbsOfRandom.ql +query: Likely Bugs/Arithmetic/BadAbsOfRandom.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/BadAbsOfRandom/Test.java b/java/ql/test/query-tests/BadAbsOfRandom/Test.java index a01f13c7a82..1be16ed7368 100644 --- a/java/ql/test/query-tests/BadAbsOfRandom/Test.java +++ b/java/ql/test/query-tests/BadAbsOfRandom/Test.java @@ -7,18 +7,18 @@ public class Test { public static void test() { Random r = new Random(); - Math.abs(r.nextInt()); - Math.abs(r.nextLong()); + Math.abs(r.nextInt()); // $ Alert + Math.abs(r.nextLong()); // $ Alert Math.abs(r.nextInt(100)); // GOOD: random value already has a restricted range - Math.abs(RandomUtils.nextInt()); - Math.abs(RandomUtils.nextLong()); + Math.abs(RandomUtils.nextInt()); // $ Alert + Math.abs(RandomUtils.nextLong()); // $ Alert Math.abs(RandomUtils.nextInt(1, 10)); // GOOD: random value already has a restricted range Math.abs(RandomUtils.nextLong(1, 10)); // GOOD: random value already has a restricted range ThreadLocalRandom tlr = ThreadLocalRandom.current(); - Math.abs(tlr.nextInt()); - Math.abs(tlr.nextLong()); + Math.abs(tlr.nextInt()); // $ Alert + Math.abs(tlr.nextLong()); // $ Alert Math.abs(tlr.nextInt(10)); // GOOD: random value already has a restricted range Math.abs(tlr.nextLong(10)); // GOOD: random value already has a restricted range Math.abs(tlr.nextInt(1, 10)); // GOOD: random value already has a restricted range diff --git a/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.java b/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.java index a1f7e950502..f76b5b535fe 100644 --- a/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.java +++ b/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.java @@ -7,23 +7,23 @@ class BadCheckOdd { } public boolean badLiteral() { - return -10 % 2 > 0; + return -10 % 2 > 0; // $ Alert } public boolean badBrackets1() { - return -10 % 2 > (0); + return -10 % 2 > (0); // $ Alert } public boolean badBrackets2() { - return -10 % (2) > 0;// + return -10 % (2) > 0;// $ Alert // } public boolean badBrackets3() { - return (-10) % 2 > 0; + return (-10) % 2 > 0; // $ Alert } public boolean badBrackets4() { - return (-10 % 2) > 0; + return (-10 % 2) > 0; // $ Alert } // TODO: support for these cases @@ -47,11 +47,11 @@ class BadCheckOdd { public boolean badVarLiteral() { int x = -10; - return x % 2 > 0; + return x % 2 > 0; // $ Alert } public boolean badParam(int x) { - return x % 2 > 0; + return x % 2 > 0; // $ Alert } public boolean badSometimes(boolean positive) { @@ -60,11 +60,11 @@ class BadCheckOdd { x = 10; else x = -10; - return x % 2 > 0; + return x % 2 > 0; // $ Alert } private int f; public boolean badField() { - return f % 2 >0; + return f % 2 >0; // $ Alert } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.qlref b/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.qlref index 486707e04c1..544f107b3ff 100644 --- a/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.qlref +++ b/java/ql/test/query-tests/BadCheckOdd/BadCheckOdd.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/BadCheckOdd.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/BadCheckOdd.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/BoxedVariable/BoxedVariable.java b/java/ql/test/query-tests/BoxedVariable/BoxedVariable.java index 948f0942af7..3f0f8ff8a44 100644 --- a/java/ql/test/query-tests/BoxedVariable/BoxedVariable.java +++ b/java/ql/test/query-tests/BoxedVariable/BoxedVariable.java @@ -2,12 +2,12 @@ import java.util.*; class Test { public void f() { - Boolean done = false; // bad + Boolean done = false; // $ Alert // bad while (!done) { done = true; } - Integer sum = 0; // bad + Integer sum = 0; // $ Alert // bad for (int i = 0; i < 10; i++) sum += i; useBoxed(sum); @@ -15,7 +15,7 @@ class Test { Integer box = 42; // ok; only boxed usages useBoxed(box); - Integer badbox = 17; // bad + Integer badbox = 17; // $ Alert // bad useBoxed(badbox); usePrim(badbox); @@ -23,7 +23,7 @@ class Test { usePrim(x); x = null; - Long y = getPrim(); // bad + Long y = getPrim(); // $ Alert // bad y = 15L; y = getPrim(); boolean dummy = y > 0; @@ -39,7 +39,7 @@ class Test { for (Integer okix : l) sum += okix; // ok; has boxed assignment - for (Integer badix : a) sum += badix; // bad + for (Integer badix : a) sum += badix; // $ Alert // bad } void usePrim(int i) { } diff --git a/java/ql/test/query-tests/BoxedVariable/BoxedVariable.qlref b/java/ql/test/query-tests/BoxedVariable/BoxedVariable.qlref index 3b9bd6efc7e..d7c4d286236 100644 --- a/java/ql/test/query-tests/BoxedVariable/BoxedVariable.qlref +++ b/java/ql/test/query-tests/BoxedVariable/BoxedVariable.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Boxed Types/BoxedVariable.ql +query: Violations of Best Practice/Boxed Types/BoxedVariable.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/BusyWait/BusyWait.qlref b/java/ql/test/query-tests/BusyWait/BusyWait.qlref index c172b454c92..874645fca3e 100644 --- a/java/ql/test/query-tests/BusyWait/BusyWait.qlref +++ b/java/ql/test/query-tests/BusyWait/BusyWait.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/BusyWait.ql \ No newline at end of file +query: Likely Bugs/Concurrency/BusyWait.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/BusyWait/BusyWaits.java b/java/ql/test/query-tests/BusyWait/BusyWaits.java index 7b30ffe591e..4269bc905f1 100644 --- a/java/ql/test/query-tests/BusyWait/BusyWaits.java +++ b/java/ql/test/query-tests/BusyWait/BusyWaits.java @@ -1,13 +1,13 @@ class BusyWaits { public void badWait() throws InterruptedException { while(this.hashCode() != 0) - Thread.sleep(1); + Thread.sleep(1); // $ Alert } public void badWait2() throws InterruptedException, CloneNotSupportedException { while (this.hashCode() < 3) { for (int i = 0; i < this.hashCode(); this.clone()) - Thread.sleep(new String[1].length); + Thread.sleep(new String[1].length); // $ Alert } } @@ -26,4 +26,4 @@ class BusyWaits { System.out.println("foo"); } } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.java b/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.java index b77afc49105..b77c3b91538 100644 --- a/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.java +++ b/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.java @@ -15,12 +15,12 @@ import java.util.zip.ZipFile; class CloseReader { void test1() throws IOException { - BufferedReader br = new BufferedReader(new FileReader("C:\\test.txt")); + BufferedReader br = new BufferedReader(new FileReader("C:\\test.txt")); // $ Alert System.out.println(br.readLine()); } void test2() throws IOException { - InputStream in = new FileInputStream("file.bin"); + InputStream in = new FileInputStream("file.bin"); // $ Alert in.read(); } @@ -30,7 +30,7 @@ class CloseReader { // InputStreamReader may throw an exception, in which case the ... reader = new InputStreamReader( // ... FileInputStream is not closed by the finally block - new FileInputStream("C:\\test.txt"), "UTF-8"); + new FileInputStream("C:\\test.txt"), "UTF-8"); // $ Alert System.out.println(reader.read()); } finally { @@ -40,7 +40,7 @@ class CloseReader { } void test4() throws IOException { - ZipFile zipFile = new ZipFile("file.zip"); + ZipFile zipFile = new ZipFile("file.zip"); // $ Alert System.out.println(zipFile.getComment()); } diff --git a/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.qlref b/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.qlref index 1c808bb9f46..9fae04fe76d 100644 --- a/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.qlref +++ b/java/ql/test/query-tests/CloseResource/CloseReader/CloseReader.qlref @@ -1 +1,2 @@ -Likely Bugs/Resource Leaks/CloseReader.ql +query: Likely Bugs/Resource Leaks/CloseReader.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.java b/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.java index 3733237b8de..877d18bae68 100644 --- a/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.java +++ b/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.java @@ -14,12 +14,12 @@ import java.util.zip.ZipFile; class CloseWriter { void test1() throws IOException { - BufferedWriter bw = new BufferedWriter(new FileWriter("C:\\test.txt")); + BufferedWriter bw = new BufferedWriter(new FileWriter("C:\\test.txt")); // $ Alert bw.write("test"); } void test2() throws IOException { - OutputStream out = new FileOutputStream("test.bin"); + OutputStream out = new FileOutputStream("test.bin"); // $ Alert out.write(1); } @@ -29,7 +29,7 @@ class CloseWriter { // OutputStreamWriter may throw an exception, in which case the ... writer = new OutputStreamWriter( // ... FileOutputStream is not closed by the finally block - new FileOutputStream("C:\\test.txt"), "UTF-8"); + new FileOutputStream("C:\\test.txt"), "UTF-8"); // $ Alert writer.write("test"); } finally { diff --git a/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.qlref b/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.qlref index 88008367363..d81d6020dae 100644 --- a/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.qlref +++ b/java/ql/test/query-tests/CloseResource/CloseWriter/CloseWriter.qlref @@ -1 +1,2 @@ -Likely Bugs/Resource Leaks/CloseWriter.ql +query: Likely Bugs/Resource Leaks/CloseWriter.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/CompareIdenticalValues/A.java b/java/ql/test/query-tests/CompareIdenticalValues/A.java index 89cadc833f5..d3f1b984132 100644 --- a/java/ql/test/query-tests/CompareIdenticalValues/A.java +++ b/java/ql/test/query-tests/CompareIdenticalValues/A.java @@ -6,13 +6,13 @@ class Super { public class A extends Super { class B extends Super { { - if (this.foo == this.foo) + if (this.foo == this.foo) // $ Alert ; - if (B.this.foo == this.foo) + if (B.this.foo == this.foo) // $ Alert ; - if (super.foo == foo) + if (super.foo == foo) // $ Alert ; - if (B.super.foo == foo) + if (B.super.foo == foo) // $ Alert ; if (A.this.foo != this.foo) ; @@ -23,23 +23,23 @@ public class A extends Super { { Double d = Double.NaN; - if (d == d); // !Double.isNan(d) - if (d <= d); // !Double.isNan(d), but unlikely to be intentional - if (d >= d); // !Double.isNan(d), but unlikely to be intentional - if (d != d); // Double.isNan(d) - if (d > d); // always false - if (d < d); // always false + if (d == d); // $ Alert // !Double.isNan(d) + if (d <= d); // $ Alert // !Double.isNan(d), but unlikely to be intentional + if (d >= d); // $ Alert // !Double.isNan(d), but unlikely to be intentional + if (d != d); // $ Alert // Double.isNan(d) + if (d > d); // $ Alert // always false + if (d < d); // $ Alert // always false float f = Float.NaN; - if (f == f); // !Float.isNan(f) - if (f <= f); // !Float.isNan(f), but unlikely to be intentional - if (f >= f); // !Float.isNan(f), but unlikely to be intentional - if (f != f); // Float.isNan(f) - if (f > f); // always false - if (f < f); // always false + if (f == f); // $ Alert // !Float.isNan(f) + if (f <= f); // $ Alert // !Float.isNan(f), but unlikely to be intentional + if (f >= f); // $ Alert // !Float.isNan(f), but unlikely to be intentional + if (f != f); // $ Alert // Float.isNan(f) + if (f > f); // $ Alert // always false + if (f < f); // $ Alert // always false int i = 0; - if (i == i); - if (i != i); + if (i == i); // $ Alert + if (i != i); // $ Alert } } diff --git a/java/ql/test/query-tests/CompareIdenticalValues/CompareIdenticalValues.qlref b/java/ql/test/query-tests/CompareIdenticalValues/CompareIdenticalValues.qlref index afff16c4f86..6022334fa24 100644 --- a/java/ql/test/query-tests/CompareIdenticalValues/CompareIdenticalValues.qlref +++ b/java/ql/test/query-tests/CompareIdenticalValues/CompareIdenticalValues.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/CompareIdenticalValues.ql \ No newline at end of file +query: Likely Bugs/Comparison/CompareIdenticalValues.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ComplexCondition/ComplexCondition.java b/java/ql/test/query-tests/ComplexCondition/ComplexCondition.java index 4ed26d90731..8ad6e40022c 100644 --- a/java/ql/test/query-tests/ComplexCondition/ComplexCondition.java +++ b/java/ql/test/query-tests/ComplexCondition/ComplexCondition.java @@ -1,11 +1,11 @@ class ComplexCondition { public boolean bad(boolean a, boolean b, boolean c) { - if (a && (b || !c) + if (a && (b || !c) // $ || b && (a || !c) - || c && (a || !b)) { + || c && (a || !b)) { // $ Alert return true; } else { - return (a && !b) || (b && !c) || (a && !c) || (a && b || c); + return (a && !b) || (b && !c) || (a && !c) || (a && b || c); // $ Alert } } @@ -30,4 +30,4 @@ class ComplexCondition { }.ok(a || b, b || c, c || a) ); } -}; \ No newline at end of file +}; diff --git a/java/ql/test/query-tests/ComplexCondition/ComplexCondition.qlref b/java/ql/test/query-tests/ComplexCondition/ComplexCondition.qlref index 3c32b8a04ce..cf023b3c8af 100644 --- a/java/ql/test/query-tests/ComplexCondition/ComplexCondition.qlref +++ b/java/ql/test/query-tests/ComplexCondition/ComplexCondition.qlref @@ -1 +1,2 @@ -Complexity/ComplexCondition.ql +query: Complexity/ComplexCondition.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ConfusingOverloading/ConfusingOverloading.qlref b/java/ql/test/query-tests/ConfusingOverloading/ConfusingOverloading.qlref index 4fc71295c2c..e74bc1b00aa 100644 --- a/java/ql/test/query-tests/ConfusingOverloading/ConfusingOverloading.qlref +++ b/java/ql/test/query-tests/ConfusingOverloading/ConfusingOverloading.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql \ No newline at end of file +query: Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ConfusingOverloading/TestConfusingOverloading.java b/java/ql/test/query-tests/ConfusingOverloading/TestConfusingOverloading.java index bba5cfb67b6..1d404574215 100644 --- a/java/ql/test/query-tests/ConfusingOverloading/TestConfusingOverloading.java +++ b/java/ql/test/query-tests/ConfusingOverloading/TestConfusingOverloading.java @@ -4,7 +4,7 @@ public class TestConfusingOverloading { void test(Super other) {} } class Sub extends Super { - void test(Sub other) {} + void test(Sub other) {} // $ Alert } class Sub2 extends Super { diff --git a/java/ql/test/query-tests/ConstantExpAppearsNonConstant/ConstantExpAppearsNonConstant.qlref b/java/ql/test/query-tests/ConstantExpAppearsNonConstant/ConstantExpAppearsNonConstant.qlref index 6d7e1f5cb7f..924600d5a4d 100644 --- a/java/ql/test/query-tests/ConstantExpAppearsNonConstant/ConstantExpAppearsNonConstant.qlref +++ b/java/ql/test/query-tests/ConstantExpAppearsNonConstant/ConstantExpAppearsNonConstant.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ConstantExpAppearsNonConstant/Test.java b/java/ql/test/query-tests/ConstantExpAppearsNonConstant/Test.java index 57c8fe55f15..344fe39d603 100644 --- a/java/ql/test/query-tests/ConstantExpAppearsNonConstant/Test.java +++ b/java/ql/test/query-tests/ConstantExpAppearsNonConstant/Test.java @@ -15,27 +15,27 @@ class Test{ int mul_constant_left = 0 * 60 * 60 * 24; //OK int mul_constant_right = 60 * 60 * 24 * 0; //OK int mul_is_not_constant = rnd.nextInt() * 1; //OK - int mul_is_constant_int_left = (0+0) * rnd.nextInt(); //NOT OK - int mul_is_constant_int_right = rnd.nextInt() * (1-1); //NOT OK - long mul_is_constant_hex = rnd.nextLong() * (0x0F & 0xF0); //NOT OK - long mul_is_constant_binary = rnd.nextLong() * (0b010101 & 0b101010); //NOT OK + int mul_is_constant_int_left = (0+0) * rnd.nextInt(); // $ Alert //NOT OK + int mul_is_constant_int_right = rnd.nextInt() * (1-1); // $ Alert //NOT OK + long mul_is_constant_hex = rnd.nextLong() * (0x0F & 0xF0); // $ Alert //NOT OK + long mul_is_constant_binary = rnd.nextLong() * (0b010101 & 0b101010); // $ Alert //NOT OK int mul_explicit_zero = rnd.nextInt() * 0; //OK (deliberate zero multiplication) //Remainder by 1 int rem_not_constant = 42 % 6; //OK int rem_constant = 60 % 1; //OK int rem_is_not_constant = rnd.nextInt() % 2; //OK - int rem_is_constant_int = rnd.nextInt() % 1; //NOT OK + int rem_is_constant_int = rnd.nextInt() % 1; // $ Alert //NOT OK double rem_is_constant_float = rnd.nextDouble() % 1; //OK (remainder by 1 on floats is not constant) - long rem_is_constant_hex = rnd.nextLong() % 0x1; //NOT OK - long rem_is_constant_binary = rnd.nextLong() % 01; //NOT OK + long rem_is_constant_hex = rnd.nextLong() % 0x1; // $ Alert //NOT OK + long rem_is_constant_binary = rnd.nextLong() % 01; // $ Alert //NOT OK //Bitwise 'and' by 0 int band_not_constant = 42 & 6; //OK int band_appears_constant_left = 0 & 60; //OK int band_appears_constant_right = 24 & 0; //OK int band_is_not_constant = rnd.nextInt() & 5; //OK - int band_is_constant_left = 0 & rnd.nextInt(); //NOT OK - int band_is_constant_right = rnd.nextInt() & 0; //NOT OK + int band_is_constant_left = 0 & rnd.nextInt(); // $ Alert //NOT OK + int band_is_constant_right = rnd.nextInt() & 0; // $ Alert //NOT OK //Logical 'and' by false boolean and_not_constant = true && true; //OK @@ -50,7 +50,7 @@ class Test{ boolean or_appears_constant_left = true || false; //OK boolean or_appears_constant_right = false || true; //OK boolean or_is_not_constant = (rnd.nextInt() > 0) || false; //OK - boolean or_is_constant_left = true || (rnd.nextInt() > 0); //NOT OK - boolean or_is_constant_right = (rnd.nextInt() > 0) || true; //NOT OK + boolean or_is_constant_left = true || (rnd.nextInt() > 0); // $ Alert //NOT OK + boolean or_is_constant_right = (rnd.nextInt() > 0) || true; // $ Alert //NOT OK } } diff --git a/java/ql/test/query-tests/ConstantLoopCondition/A.java b/java/ql/test/query-tests/ConstantLoopCondition/A.java index 444954476da..e837b69ea1e 100644 --- a/java/ql/test/query-tests/ConstantLoopCondition/A.java +++ b/java/ql/test/query-tests/ConstantLoopCondition/A.java @@ -5,14 +5,14 @@ class A { void f(int initx) { boolean done = false; - while(!done) { // BAD: main loop condition is constant in the loop + while(!done) { // $ Alert // BAD: main loop condition is constant in the loop if (otherCond()) break; } int x = initx * 2; int i = 0; for(x++; ; i++) { - if (x > 5 && otherCond()) { // BAD: x>5 is constant in the loop and guards all exits + if (x > 5 && otherCond()) { // $ Alert // BAD: x>5 is constant in the loop and guards all exits if (i > 3) break; if (otherCond()) return; } @@ -26,14 +26,14 @@ class A { i++; } - for(int j = 0; j < 2 * initx; i++) { // BAD: j 0) { // OK: loop used as an if-statement break; } - while (cond) { // BAD: read of final field + while (cond) { // $ Alert // BAD: read of final field i++; } } diff --git a/java/ql/test/query-tests/ConstantLoopCondition/ConstantLoopCondition.qlref b/java/ql/test/query-tests/ConstantLoopCondition/ConstantLoopCondition.qlref index 37e6a9b72fe..f7081322f7d 100644 --- a/java/ql/test/query-tests/ConstantLoopCondition/ConstantLoopCondition.qlref +++ b/java/ql/test/query-tests/ConstantLoopCondition/ConstantLoopCondition.qlref @@ -1 +1,2 @@ -Likely Bugs/Termination/ConstantLoopCondition.ql +query: Likely Bugs/Termination/ConstantLoopCondition.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref b/java/ql/test/query-tests/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref index a9ea71f7f28..8d1915fd56a 100644 --- a/java/ql/test/query-tests/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref +++ b/java/ql/test/query-tests/ContainerSizeCmpZero/ContainerSizeCmpZero.qlref @@ -1 +1,2 @@ -Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql \ No newline at end of file +query: Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ContainerSizeCmpZero/Main.java b/java/ql/test/query-tests/ContainerSizeCmpZero/Main.java index 8176177561a..518e5074fc3 100644 --- a/java/ql/test/query-tests/ContainerSizeCmpZero/Main.java +++ b/java/ql/test/query-tests/ContainerSizeCmpZero/Main.java @@ -5,22 +5,22 @@ public class Main { public static void arrays(String[] args) { // NOT OK: always true - if (args.length >= 0) { + if (args.length >= 0) { // $ Alert System.out.println("At least zero arguments!!"); } // NOT OK: always true - if (0 <= args.length) { + if (0 <= args.length) { // $ Alert System.out.println("At least zero arguments!!"); } // NOT OK: always false - if (args.length < 0) { + if (args.length < 0) { // $ Alert System.out.println("At least zero arguments!!"); } // NOT OK: always false - if (0 > args.length) { + if (0 > args.length) { // $ Alert System.out.println("At least zero arguments!!"); } @@ -51,12 +51,12 @@ public class Main { Boolean b; // NOT OK - b = xs.size() >= 0; - b = 0 <= xs.size(); - b = 0 <= ys.size(); + b = xs.size() >= 0; // $ Alert + b = 0 <= xs.size(); // $ Alert + b = 0 <= ys.size(); // $ Alert - b = xs.size() < 0; - b = 0 > ys.size(); + b = xs.size() < 0; // $ Alert + b = 0 > ys.size(); // $ Alert // OK b = xs.size() >= -1; @@ -80,24 +80,24 @@ public class Main { Boolean b; // NOT OK - b = xs.size() >= 0; - b = xs.size() < 0; + b = xs.size() >= 0; // $ Alert + b = xs.size() < 0; // $ Alert // NOT OK - b = xs.get(0).size() >= 0; + b = xs.get(0).size() >= 0; // $ Alert // NOT OK - b = xs.get(0).get(0).length() >= 0; + b = xs.get(0).get(0).length() >= 0; // $ Alert } public static void mapTests(TreeMap xs) { Boolean b; // NOT OK: Always true - b = xs.size() >= 0; + b = xs.size() >= 0; // $ Alert // NOT OK: Always true - b = 0 <= xs.size(); + b = 0 <= xs.size(); // $ Alert // OK: can be false b = xs.size() >= -1; @@ -110,9 +110,9 @@ public class Main { Boolean b; // NOT OK - b = s.size() >= 0; - b = a.size() >= 0; - b = 0 <= m.size(); + b = s.size() >= 0; // $ Alert + b = a.size() >= 0; // $ Alert + b = 0 <= m.size(); // $ Alert } } diff --git a/java/ql/test/query-tests/ContinueInFalseLoop/A.java b/java/ql/test/query-tests/ContinueInFalseLoop/A.java index 51f381b94c8..99a749d6726 100644 --- a/java/ql/test/query-tests/ContinueInFalseLoop/A.java +++ b/java/ql/test/query-tests/ContinueInFalseLoop/A.java @@ -11,7 +11,7 @@ public class A { do { if (c.cond()) - continue; // BAD + continue; // $ Alert // BAD if (c.cond()) break; } while (false); @@ -51,7 +51,7 @@ public class A { do { do { if (c.cond()) - continue; // BAD + continue; // $ Alert // BAD if (c.cond()) break; } while (false); @@ -76,7 +76,7 @@ public class A { default: // do [2] // break out of the loop entirely, skipping [3] - continue; // BAD; labelled break is better + continue; // $ Alert // BAD; labelled break is better }; // do [3] } while (false); diff --git a/java/ql/test/query-tests/ContinueInFalseLoop/ContinueInFalseLoop.qlref b/java/ql/test/query-tests/ContinueInFalseLoop/ContinueInFalseLoop.qlref index 525b40f8409..3fa3e514229 100644 --- a/java/ql/test/query-tests/ContinueInFalseLoop/ContinueInFalseLoop.qlref +++ b/java/ql/test/query-tests/ContinueInFalseLoop/ContinueInFalseLoop.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/ContinueInFalseLoop.ql +query: Likely Bugs/Statements/ContinueInFalseLoop.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.qlref b/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.qlref index 0744f656bdb..ecec142d9ed 100644 --- a/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.qlref +++ b/java/ql/test/query-tests/ContradictoryTypeChecks/ContradictoryTypeChecks.qlref @@ -1 +1,2 @@ -Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql \ No newline at end of file +query: Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ContradictoryTypeChecks/Test.java b/java/ql/test/query-tests/ContradictoryTypeChecks/Test.java index 258b6ce87a2..25b44158fdb 100644 --- a/java/ql/test/query-tests/ContradictoryTypeChecks/Test.java +++ b/java/ql/test/query-tests/ContradictoryTypeChecks/Test.java @@ -7,31 +7,31 @@ public class Test { void foo(Super lhs, Super rhs) { if (lhs instanceof Sub1) ; else if (rhs instanceof Sub1) - if ((lhs instanceof Sub1) || (lhs instanceof Sub2)); + if ((lhs instanceof Sub1) || (lhs instanceof Sub2)); // $ Alert } void bar(Super x) { if (x instanceof Super); - else if (x instanceof Sub1); + else if (x instanceof Sub1); // $ Alert } // modeled after results on Apache Lucene void baz(Super x, Super y) { if (x instanceof Sub1); - else if (x instanceof Sub1); + else if (x instanceof Sub1); // $ Alert } // NOT OK void w(Super x) { if (x instanceof Sub2 || x instanceof Super); - else if (x instanceof Sub1); + else if (x instanceof Sub1); // $ Alert } // modeled after result on WildFly @Override public boolean equals(Object object) { if ((object != null) && !(object instanceof Test)) { - Test value = (Test) object; + Test value = (Test) object; // $ Alert return (this.hashCode() == value.hashCode()) && super.equals(object); } return super.equals(object); @@ -40,7 +40,7 @@ public class Test { // NOT OK Sub1 m(Super o) { if (!(o instanceof Sub1)) - return (Sub1)o; + return (Sub1)o; // $ Alert return null; } diff --git a/java/ql/test/query-tests/DeadCode/DeadRefTypes/DeadRefTypes.qlref b/java/ql/test/query-tests/DeadCode/DeadRefTypes/DeadRefTypes.qlref index e4f2d879149..e8f47f2d682 100644 --- a/java/ql/test/query-tests/DeadCode/DeadRefTypes/DeadRefTypes.qlref +++ b/java/ql/test/query-tests/DeadCode/DeadRefTypes/DeadRefTypes.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/DeadRefTypes.ql +query: Violations of Best Practice/Dead Code/DeadRefTypes.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DeadCode/DeadRefTypes/UnusedClass.java b/java/ql/test/query-tests/DeadCode/DeadRefTypes/UnusedClass.java index 4c0d27118a3..f6696b8296a 100644 --- a/java/ql/test/query-tests/DeadCode/DeadRefTypes/UnusedClass.java +++ b/java/ql/test/query-tests/DeadCode/DeadRefTypes/UnusedClass.java @@ -1 +1 @@ -class UnusedClass {} +class UnusedClass {} // $ Alert diff --git a/java/ql/test/query-tests/DeadCode/NonAssignedFields/NonAssignedFields.qlref b/java/ql/test/query-tests/DeadCode/NonAssignedFields/NonAssignedFields.qlref index 79031c31ddb..ea15ad036eb 100644 --- a/java/ql/test/query-tests/DeadCode/NonAssignedFields/NonAssignedFields.qlref +++ b/java/ql/test/query-tests/DeadCode/NonAssignedFields/NonAssignedFields.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/NonAssignedFields.ql \ No newline at end of file +query: Violations of Best Practice/Dead Code/NonAssignedFields.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DeadCode/camel/DeadClass.qlref b/java/ql/test/query-tests/DeadCode/camel/DeadClass.qlref index d726e7e0849..b94832ebfca 100644 --- a/java/ql/test/query-tests/DeadCode/camel/DeadClass.qlref +++ b/java/ql/test/query-tests/DeadCode/camel/DeadClass.qlref @@ -1 +1,2 @@ -DeadCode/DeadClass.ql +query: DeadCode/DeadClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DeadCode/camel/DeadMethod.qlref b/java/ql/test/query-tests/DeadCode/camel/DeadMethod.qlref index 76204a1df5a..743a5f15775 100644 --- a/java/ql/test/query-tests/DeadCode/camel/DeadMethod.qlref +++ b/java/ql/test/query-tests/DeadCode/camel/DeadMethod.qlref @@ -1 +1,2 @@ -DeadCode/DeadMethod.ql +query: DeadCode/DeadMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/DeadTarget.java b/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/DeadTarget.java index f4fabc7d22e..d2ccfa90e36 100644 --- a/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/DeadTarget.java +++ b/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/DeadTarget.java @@ -1,10 +1,10 @@ package com.semmle.camel; /** Dead because it is not referenced in the {@code config.xml} file, or in the Java DSL. */ -public class DeadTarget { +public class DeadTarget { // $ Alert[java/dead-class] public Foo getFoo(Foo foo1) { return new Foo(); } - public static class Foo {} + public static class Foo {} // $ Alert[java/dead-class] } diff --git a/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/javadsl/CustomRouteBuilder.java b/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/javadsl/CustomRouteBuilder.java index 437a4d7b56d..01baa30e0a9 100644 --- a/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/javadsl/CustomRouteBuilder.java +++ b/java/ql/test/query-tests/DeadCode/camel/com/semmle/camel/javadsl/CustomRouteBuilder.java @@ -5,7 +5,7 @@ import org.apache.camel.impl.DefaultCamelContext; public class CustomRouteBuilder extends RouteBuilder { @Override - public void configure() throws Exception { + public void configure() throws Exception { // $ Alert[java/dead-function] from("direct:test") .to("bean:dslToTarget") .bean(DSLBeanTarget.class) diff --git a/java/ql/test/query-tests/Declarations/BreakInSwitchCase.qlref b/java/ql/test/query-tests/Declarations/BreakInSwitchCase.qlref index 463071903e8..ba1066f4fdf 100644 --- a/java/ql/test/query-tests/Declarations/BreakInSwitchCase.qlref +++ b/java/ql/test/query-tests/Declarations/BreakInSwitchCase.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Declarations/BreakInSwitchCase.ql \ No newline at end of file +query: Violations of Best Practice/Declarations/BreakInSwitchCase.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Declarations/Test.java b/java/ql/test/query-tests/Declarations/Test.java index 473001a4de4..d47c8e72904 100644 --- a/java/ql/test/query-tests/Declarations/Test.java +++ b/java/ql/test/query-tests/Declarations/Test.java @@ -11,13 +11,13 @@ public class Test { System.out.println("No args"); break; case 1: - case 2: + case 2: // $ Alert System.out.println("1-2 args"); // missing break. case 3: System.out.println("3 or more args"); // fall-through - case 4: + case 4: // $ Alert System.out.println("4 or more args"); if (i > 1) break; diff --git a/java/ql/test/query-tests/DefineEqualsWhenAddingFields/DefineEqualsWhenAddingFields.qlref b/java/ql/test/query-tests/DefineEqualsWhenAddingFields/DefineEqualsWhenAddingFields.qlref index 59ec6309d58..908f133eccb 100644 --- a/java/ql/test/query-tests/DefineEqualsWhenAddingFields/DefineEqualsWhenAddingFields.qlref +++ b/java/ql/test/query-tests/DefineEqualsWhenAddingFields/DefineEqualsWhenAddingFields.qlref @@ -1,2 +1,2 @@ - -Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql \ No newline at end of file +query: Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DoubleCheckedLocking/A.java b/java/ql/test/query-tests/DoubleCheckedLocking/A.java index 88c7e317244..c1b119d061a 100644 --- a/java/ql/test/query-tests/DoubleCheckedLocking/A.java +++ b/java/ql/test/query-tests/DoubleCheckedLocking/A.java @@ -9,11 +9,11 @@ public class A { private String s1; public String getString1() { if (s1 == null) { - synchronized(this) { + synchronized(this) { // $ if (s1 == null) { s1 = "string"; // BAD, immutable but read twice outside sync } - } + } // $ Alert[java/unsafe-double-checked-locking] } return s1; } @@ -37,12 +37,12 @@ public class A { public B getter1() { B x = b1; if (x == null) { - synchronized(this) { + synchronized(this) { // $ if ((x = b1) == null) { b1 = new B(); // BAD, not volatile x = b1; } - } + } // $ Alert[java/unsafe-double-checked-locking] } return x; } @@ -67,7 +67,7 @@ public class A { if (b3 == null) { synchronized(this) { if (b3 == null) { - b3 = new B(); + b3 = new B(); // $ Alert[java/unsafe-double-checked-locking-init-order] b3.x = 7; // BAD, post update init } } @@ -80,7 +80,7 @@ public class A { if (b4 == null) { synchronized(this) { if (b4 == null) { - b4 = new B(); + b4 = new B(); // $ Alert[java/unsafe-double-checked-locking-init-order] b4.setX(7); // BAD, post update init } } @@ -98,12 +98,12 @@ public class A { private FinalHelper b5; public B getter5() { if (b5 == null) { - synchronized(this) { + synchronized(this) { // $ if (b5 == null) { B b = new B(); b5 = new FinalHelper(b); // BAD, racy read on b5 outside synchronized-block } - } + } // $ Alert[java/unsafe-double-checked-locking] } return b5.x; // Potential NPE here, as the two b5 reads may be reordered } diff --git a/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.qlref b/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.qlref index dba6bdc1423..e5349f614dd 100644 --- a/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.qlref +++ b/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLocking.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/DoubleCheckedLocking.ql +query: Likely Bugs/Concurrency/DoubleCheckedLocking.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLockingWithInitRace.qlref b/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLockingWithInitRace.qlref index eaa2a16d238..f38033e0831 100644 --- a/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLockingWithInitRace.qlref +++ b/java/ql/test/query-tests/DoubleCheckedLocking/DoubleCheckedLockingWithInitRace.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +query: Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/EqualsArray/EqualsArray.qlref b/java/ql/test/query-tests/EqualsArray/EqualsArray.qlref index 0e55e19bea4..7bd191ec639 100644 --- a/java/ql/test/query-tests/EqualsArray/EqualsArray.qlref +++ b/java/ql/test/query-tests/EqualsArray/EqualsArray.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/EqualsArray.ql \ No newline at end of file +query: Likely Bugs/Comparison/EqualsArray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/EqualsArray/Test.java b/java/ql/test/query-tests/EqualsArray/Test.java index f6bf536c4b1..f1870b15ddf 100644 --- a/java/ql/test/query-tests/EqualsArray/Test.java +++ b/java/ql/test/query-tests/EqualsArray/Test.java @@ -3,7 +3,7 @@ public class Test { // NOT OK public boolean areTheseMyNumbers(int[] numbers) { - return this.numbers.equals(numbers); + return this.numbers.equals(numbers); // $ Alert } // OK @@ -17,6 +17,6 @@ public class Test { } { - numbers.hashCode(); + numbers.hashCode(); // $ Alert } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/EqualsUsesInstanceOf/EqualsUsesInstanceOf.qlref b/java/ql/test/query-tests/EqualsUsesInstanceOf/EqualsUsesInstanceOf.qlref index 5fb552f91da..b9031f10aa6 100644 --- a/java/ql/test/query-tests/EqualsUsesInstanceOf/EqualsUsesInstanceOf.qlref +++ b/java/ql/test/query-tests/EqualsUsesInstanceOf/EqualsUsesInstanceOf.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/EqualsUsesInstanceOf.ql \ No newline at end of file +query: Likely Bugs/Comparison/EqualsUsesInstanceOf.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.qlref b/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.qlref index 6452bb942d2..e47d860dcc2 100644 --- a/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.qlref +++ b/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +query: Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ExposeRepresentation/ExposesRep.java b/java/ql/test/query-tests/ExposeRepresentation/ExposesRep.java index 11cf4456788..3949467e249 100644 --- a/java/ql/test/query-tests/ExposeRepresentation/ExposesRep.java +++ b/java/ql/test/query-tests/ExposeRepresentation/ExposesRep.java @@ -8,17 +8,17 @@ public class ExposesRep { strings = new String[1]; } - public String[] getStrings() { return strings; } + public String[] getStrings() { return strings; } // $ Alert - public Map getStringMap() { + public Map getStringMap() { // $ Alert return stringMap; } - public void setStrings(String[] ss) { + public void setStrings(String[] ss) { // $ Alert this.strings = ss; } - public void setStringMap(Map m) { + public void setStringMap(Map m) { // $ Alert this.stringMap = m; } } @@ -26,5 +26,5 @@ public class ExposesRep { class GenericExposesRep { private T[] array; - public T[] getArray() { return array; } + public T[] getArray() { return array; } // $ Alert } diff --git a/java/ql/test/query-tests/Finally/Finally.java b/java/ql/test/query-tests/Finally/Finally.java index 536dc1df65f..7baffe907b4 100644 --- a/java/ql/test/query-tests/Finally/Finally.java +++ b/java/ql/test/query-tests/Finally/Finally.java @@ -3,7 +3,7 @@ class InFinally { void returnVoidInFinally() { try { } finally { - return; + return; // $ Alert } } @@ -14,7 +14,7 @@ class InFinally { } } finally { if (b2) { - return 5; + return 5; // $ Alert } } return 3; @@ -27,7 +27,7 @@ class InFinally { } } finally { if (b2) { - throw new RuntimeException("Foo 2"); + throw new RuntimeException("Foo 2"); // $ Alert } } throw new RuntimeException("Foo 3"); @@ -60,7 +60,7 @@ class InFinally { } } finally { if(b) { - break; + break; // $ Alert } } } @@ -74,7 +74,7 @@ class InFinally { } } finally { if(b) { - break; + break; // $ Alert } } } @@ -108,7 +108,7 @@ class InFinally { } } finally { if(b) { - continue; + continue; // $ Alert } } } @@ -122,7 +122,7 @@ class InFinally { } } finally { if(b) { - continue; + continue; // $ Alert } } } diff --git a/java/ql/test/query-tests/Finally/FinallyMayNotComplete.qlref b/java/ql/test/query-tests/Finally/FinallyMayNotComplete.qlref index d15679d0dc9..18b98edef02 100644 --- a/java/ql/test/query-tests/Finally/FinallyMayNotComplete.qlref +++ b/java/ql/test/query-tests/Finally/FinallyMayNotComplete.qlref @@ -1 +1,2 @@ -Violations of Best Practice/legacy/FinallyMayNotComplete.ql +query: Violations of Best Practice/legacy/FinallyMayNotComplete.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/HashedButNoHash/HashedButNoHash.qlref b/java/ql/test/query-tests/HashedButNoHash/HashedButNoHash.qlref index 22dcbc4be81..2dc8d0a9197 100644 --- a/java/ql/test/query-tests/HashedButNoHash/HashedButNoHash.qlref +++ b/java/ql/test/query-tests/HashedButNoHash/HashedButNoHash.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/HashedButNoHash.ql \ No newline at end of file +query: Likely Bugs/Comparison/HashedButNoHash.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/HashedButNoHash/Test.java b/java/ql/test/query-tests/HashedButNoHash/Test.java index fa3e3851bbc..b8d63affe78 100644 --- a/java/ql/test/query-tests/HashedButNoHash/Test.java +++ b/java/ql/test/query-tests/HashedButNoHash/Test.java @@ -7,7 +7,7 @@ class Test { A a = new A(); map.put(a, "value"); HashMap map2 = new HashMap<>(); - map2.put(a, "value"); + map2.put(a, "value"); // $ Alert } } diff --git a/java/ql/test/query-tests/IgnoreExceptionalReturn/IgnoreExceptionalReturn.qlref b/java/ql/test/query-tests/IgnoreExceptionalReturn/IgnoreExceptionalReturn.qlref index a324dbc8ebf..f359a3dfd3e 100644 --- a/java/ql/test/query-tests/IgnoreExceptionalReturn/IgnoreExceptionalReturn.qlref +++ b/java/ql/test/query-tests/IgnoreExceptionalReturn/IgnoreExceptionalReturn.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +query: Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/IgnoreExceptionalReturn/Test.java b/java/ql/test/query-tests/IgnoreExceptionalReturn/Test.java index 68f647ad474..9f16604b33a 100644 --- a/java/ql/test/query-tests/IgnoreExceptionalReturn/Test.java +++ b/java/ql/test/query-tests/IgnoreExceptionalReturn/Test.java @@ -2,13 +2,13 @@ import java.io.*; public class Test { public static void main(String[] args) throws IOException { - new File("foo").createNewFile(); + new File("foo").createNewFile(); // $ Alert new File("foo").delete(); // Don't flag: there's usually nothing to do - new File("foo").mkdir(); + new File("foo").mkdir(); // $ Alert new File("foo").mkdirs(); // Don't flag: the return value is uninformative/misleading - new File("foo").renameTo(new File("bar")); - new File("foo").setLastModified(0L); - new File("foo").setReadOnly(); - new File("foo").setWritable(true); + new File("foo").renameTo(new File("bar")); // $ Alert + new File("foo").setLastModified(0L); // $ Alert + new File("foo").setReadOnly(); // $ Alert + new File("foo").setWritable(true); // $ Alert } } diff --git a/java/ql/test/query-tests/ImpossibleCast/ImpossibleCast.qlref b/java/ql/test/query-tests/ImpossibleCast/ImpossibleCast.qlref index f39a2841d29..076c1c077fc 100644 --- a/java/ql/test/query-tests/ImpossibleCast/ImpossibleCast.qlref +++ b/java/ql/test/query-tests/ImpossibleCast/ImpossibleCast.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/ImpossibleCast.ql \ No newline at end of file +query: Likely Bugs/Statements/ImpossibleCast.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ImpossibleCast/impossible_cast/A.java b/java/ql/test/query-tests/ImpossibleCast/impossible_cast/A.java index c7ed31926b3..05b4e5734e8 100644 --- a/java/ql/test/query-tests/ImpossibleCast/impossible_cast/A.java +++ b/java/ql/test/query-tests/ImpossibleCast/impossible_cast/A.java @@ -3,6 +3,6 @@ package impossible_cast; import java.io.Serializable; public class A { - { String[] s = (String[])new Object[] { "Hello, world!" }; } - { Serializable[] ss = (Object[][])new Serializable[] {}; } + { String[] s = (String[])new Object[] { "Hello, world!" }; } // $ Alert + { Serializable[] ss = (Object[][])new Serializable[] {}; } // $ Alert } diff --git a/java/ql/test/query-tests/InconsistentEqualsHashCode/InconsistentEqualsHashCode.qlref b/java/ql/test/query-tests/InconsistentEqualsHashCode/InconsistentEqualsHashCode.qlref index f97a899d887..bdda86a6662 100644 --- a/java/ql/test/query-tests/InconsistentEqualsHashCode/InconsistentEqualsHashCode.qlref +++ b/java/ql/test/query-tests/InconsistentEqualsHashCode/InconsistentEqualsHashCode.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/InconsistentEqualsHashCode.ql \ No newline at end of file +query: Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/InconsistentEqualsHashCode/Test.java b/java/ql/test/query-tests/InconsistentEqualsHashCode/Test.java index f4bbb3bcbce..fce1665accb 100644 --- a/java/ql/test/query-tests/InconsistentEqualsHashCode/Test.java +++ b/java/ql/test/query-tests/InconsistentEqualsHashCode/Test.java @@ -16,14 +16,14 @@ class Super { } } -class NoEquals extends Super { +class NoEquals extends Super { // $ Alert // BAD public int hashCode() { return myInt+1; } } -class NoHashCode extends Super { +class NoHashCode extends Super { // $ Alert // BAD public boolean equals(Object other) { return true; @@ -37,4 +37,4 @@ class RefiningEquals extends Super { public boolean equals(Object other) { return (super.equals(other) && myLong == ((RefiningEquals)other).myLong); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/InconsistentOperations/InconsistentCallOnResult.qlref b/java/ql/test/query-tests/InconsistentOperations/InconsistentCallOnResult.qlref index b1457baff9a..b0ed2b68915 100644 --- a/java/ql/test/query-tests/InconsistentOperations/InconsistentCallOnResult.qlref +++ b/java/ql/test/query-tests/InconsistentOperations/InconsistentCallOnResult.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/InconsistentCallOnResult.ql \ No newline at end of file +query: Likely Bugs/Statements/InconsistentCallOnResult.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/InconsistentOperations/Operations.java b/java/ql/test/query-tests/InconsistentOperations/Operations.java index 1667ac5fccc..a91ec212a10 100644 --- a/java/ql/test/query-tests/InconsistentOperations/Operations.java +++ b/java/ql/test/query-tests/InconsistentOperations/Operations.java @@ -36,7 +36,7 @@ public class Operations implements AutoCloseable { { Operations ops = open(); if (ops.isOpen()) ops.close(); } { Operations ops = open(); if (ops.isOpen()) ops.close(); } { Operations ops = open(); if (ops.isOpen()) ops.close(); } - { Operations ops = open(); if (ops.isOpen()) ops.open(); } + { Operations ops = open(); if (ops.isOpen()) ops.open(); } // $ Alert[java/inconsistent-call-on-result] } public void missingAdd() { @@ -83,7 +83,7 @@ public class Operations implements AutoCloseable { System.out.println(this.toString()); System.out.println(this.toString()); System.out.println(this.toString()); - this.toString(); + this.toString(); // $ Alert[java/return-value-ignored] } public void designedForChaining() { diff --git a/java/ql/test/query-tests/InconsistentOperations/ReturnValueIgnored.qlref b/java/ql/test/query-tests/InconsistentOperations/ReturnValueIgnored.qlref index ef1dc964d95..ab13392ec55 100644 --- a/java/ql/test/query-tests/InconsistentOperations/ReturnValueIgnored.qlref +++ b/java/ql/test/query-tests/InconsistentOperations/ReturnValueIgnored.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/ReturnValueIgnored.ql \ No newline at end of file +query: Likely Bugs/Statements/ReturnValueIgnored.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/InconsistentOperations/Test2.java b/java/ql/test/query-tests/InconsistentOperations/Test2.java index c325179b863..6d74fd883fc 100644 --- a/java/ql/test/query-tests/InconsistentOperations/Test2.java +++ b/java/ql/test/query-tests/InconsistentOperations/Test2.java @@ -12,6 +12,6 @@ public class Test2 { { A a = foo(); a.bar(); } { A a = foo(); a.bar(); } { A a = foo(); a.bar(); } - { A a = foo(); /* no a.bar();*/ } // NOT OK + { A a = foo(); /* no a.bar();*/ } // $ Alert[java/inconsistent-call-on-result] // NOT OK } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/InconsistentOperations/Test3.java b/java/ql/test/query-tests/InconsistentOperations/Test3.java index 70c28029de9..9600179fe6d 100644 --- a/java/ql/test/query-tests/InconsistentOperations/Test3.java +++ b/java/ql/test/query-tests/InconsistentOperations/Test3.java @@ -14,5 +14,5 @@ public class Test3 { { A a = foo(); a.bar(); } } - { A a = foo(); /* no a.bar();*/ } // NOT OK -} \ No newline at end of file + { A a = foo(); /* no a.bar();*/ } // $ Alert[java/inconsistent-call-on-result] // NOT OK +} diff --git a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.qlref b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.qlref index 1ae3a25fd23..92c44931869 100644 --- a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.qlref +++ b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStream.qlref @@ -1 +1,2 @@ -Performance/InefficientOutputStream.ql \ No newline at end of file +query: Performance/InefficientOutputStream.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStreamBad.java b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStreamBad.java index f1d17f31aa9..fda83c34964 100644 --- a/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStreamBad.java +++ b/java/ql/test/query-tests/InefficientOutputStream/InefficientOutputStreamBad.java @@ -2,7 +2,7 @@ import java.io.*; import java.security.*; import java.util.*; -public class InefficientOutputStreamBad extends OutputStream { +public class InefficientOutputStreamBad extends OutputStream { // $ Alert private DigestOutputStream digest; private byte[] expectedMD5; diff --git a/java/ql/test/query-tests/InnerClassCouldBeStatic/Classes.java b/java/ql/test/query-tests/InnerClassCouldBeStatic/Classes.java index 38ef4d358db..03932830d58 100644 --- a/java/ql/test/query-tests/InnerClassCouldBeStatic/Classes.java +++ b/java/ql/test/query-tests/InnerClassCouldBeStatic/Classes.java @@ -12,19 +12,19 @@ public class Classes { } /** Could be static. */ - private class MaybeStatic { + private class MaybeStatic { // $ Alert } /** Only accesses enclosing instance in constructor. */ - private class MaybeStatic1 { + private class MaybeStatic1 { // $ Alert public MaybeStatic1() { System.out.println(foo); } } /** Only accesses enclosing instance in constructor. */ - private class MaybeStatic2 { + private class MaybeStatic2 { // $ Alert public MaybeStatic2() { System.out.println(Classes.this); } @@ -37,7 +37,7 @@ public class Classes { /** * Supertype could be static, and no enclosing instance accesses. */ - private class MaybeStatic3 extends MaybeStatic2 { + private class MaybeStatic3 extends MaybeStatic2 { // $ Alert public void foo(int i) { staticFoo = i; } } @@ -47,7 +47,7 @@ public class Classes { /** Nested and extending classes that can be static; using enclosing * state only in constructor. */ - public class MaybeStatic4 extends Static { + public class MaybeStatic4 extends Static { // $ Alert MaybeStatic4() { System.out.println(staticFoo); } @@ -57,19 +57,19 @@ public class Classes { /** * Access to bar() is through inheritance, not enclosing state. */ - private class MaybeStatic5 extends Classes { + private class MaybeStatic5 extends Classes { // $ Alert public void doit() { System.out.println(bar()); } } - private class MaybeStatic6 { + private class MaybeStatic6 { // $ Alert private final int myFoo = staticFoo; MaybeStatic6() { staticBar(); } } /** A qualified `this` access needn't refer to the enclosing instance. */ - private class MaybeStatic7 { + private class MaybeStatic7 { // $ Alert private void foo() { MaybeStatic7.this.foo(); } } @@ -82,7 +82,7 @@ public class Classes { System.out.println(interfaceFoo); } - class MaybeStatic8 { + class MaybeStatic8 { // $ Alert private void bar() { System.out.println(interfaceFoo); } @@ -91,14 +91,14 @@ public class Classes { } /** Accesses implicitly static interface field. */ - public class MaybeStatic9 extends MaybeStatic7 { + public class MaybeStatic9 extends MaybeStatic7 { // $ Alert private void bar() { System.out.println(Interface.interfaceFoo); } } /** A qualified `super` access that doesn't refer to the enclosing scope. */ - class MaybeStatic10 extends Classes { + class MaybeStatic10 extends Classes { // $ Alert private void baz() { System.out.println(MaybeStatic10.super.getClass()); } @@ -108,7 +108,7 @@ public class Classes { interface B { class ThisIsStatic { final int outer = 0; - class MaybeStaticToo { + class MaybeStaticToo { // $ Alert final int a = 0; } class MayNotBeStatic { @@ -130,7 +130,7 @@ public class Classes { enum E { A; - class NotStaticButCouldBe {} + class NotStaticButCouldBe {} // $ Alert } /** @@ -187,9 +187,9 @@ public class Classes { } /** Could be static. */ - private class SadlyNotStatic { + private class SadlyNotStatic { // $ Alert /** Could be static, provided the enclosing class is made static. */ - private class SadlyNotStaticToo { + private class SadlyNotStaticToo { // $ Alert } } @@ -203,26 +203,26 @@ public class Classes { } } - private class MaybeStatic11 { + private class MaybeStatic11 { // $ Alert { new MaybeStatic11(); } } - private class MaybeStatic12 { + private class MaybeStatic12 { // $ Alert { new Classes().new NotStatic(); } } - private class MaybeStatic13 { + private class MaybeStatic13 { // $ Alert { new Static(); } } - class CouldBeStatic { + class CouldBeStatic { // $ Alert { new Object() { class CannotBeStatic { } }; } - class CouldBeStatic2 { + class CouldBeStatic2 { // $ Alert int i; class NotStatic { { @@ -252,7 +252,7 @@ public class Classes { } /** Has an inner anonymous class with a field initializer accessing a member of this class. */ - class CouldBeStatic3 { + class CouldBeStatic3 { // $ Alert int j; { new Object() { diff --git a/java/ql/test/query-tests/InnerClassCouldBeStatic/InnerClassCouldBeStatic.qlref b/java/ql/test/query-tests/InnerClassCouldBeStatic/InnerClassCouldBeStatic.qlref index 3d3b5444609..68cb3e6761e 100644 --- a/java/ql/test/query-tests/InnerClassCouldBeStatic/InnerClassCouldBeStatic.qlref +++ b/java/ql/test/query-tests/InnerClassCouldBeStatic/InnerClassCouldBeStatic.qlref @@ -1 +1,2 @@ -Performance/InnerClassCouldBeStatic.ql \ No newline at end of file +query: Performance/InnerClassCouldBeStatic.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/InnerClassCouldBeStatic/Test.java b/java/ql/test/query-tests/InnerClassCouldBeStatic/Test.java index 41926a6e230..92d39471a13 100644 --- a/java/ql/test/query-tests/InnerClassCouldBeStatic/Test.java +++ b/java/ql/test/query-tests/InnerClassCouldBeStatic/Test.java @@ -2,7 +2,7 @@ class Test { static class Super { public void test() {} } - class Sub extends Super { + class Sub extends Super { // $ Alert public void test2() { test(); } diff --git a/java/ql/test/query-tests/Iterable/IterableIterator.qlref b/java/ql/test/query-tests/Iterable/IterableIterator.qlref index 74c3aa86efa..b21ae41e640 100644 --- a/java/ql/test/query-tests/Iterable/IterableIterator.qlref +++ b/java/ql/test/query-tests/Iterable/IterableIterator.qlref @@ -1 +1,2 @@ -Language Abuse/IterableIterator.ql +query: Language Abuse/IterableIterator.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Iterable/Test.java b/java/ql/test/query-tests/Iterable/Test.java index e44f8dd9c28..7978342a96f 100644 --- a/java/ql/test/query-tests/Iterable/Test.java +++ b/java/ql/test/query-tests/Iterable/Test.java @@ -9,7 +9,7 @@ class Test { List someStrings; void m() { - useIterable(new Iterable() { + useIterable(new Iterable() { // $ Alert[java/iterable-wraps-iterator] final Iterator i = someStrings.iterator(); // bad @Override @@ -72,7 +72,7 @@ class Test { public void remove() { } } - protected class ValueIterableBad implements Iterable { + protected class ValueIterableBad implements Iterable { // $ Alert[java/iterable-wraps-iterator] private ValueIterator iterator = new ValueIterator(); // bad @Override public Iterator iterator() { @@ -105,7 +105,7 @@ class Test { } } - class IntIteratorBad implements Iterable, Iterator { + class IntIteratorBad implements Iterable, Iterator { // $ Alert[java/iterator-implements-iterable] private int[] ints; private int idx = 0; IntIteratorBad(int[] ints) { diff --git a/java/ql/test/query-tests/Iterable/WrappedIterator.qlref b/java/ql/test/query-tests/Iterable/WrappedIterator.qlref index c21083fd818..ce208ed2f8a 100644 --- a/java/ql/test/query-tests/Iterable/WrappedIterator.qlref +++ b/java/ql/test/query-tests/Iterable/WrappedIterator.qlref @@ -1 +1,2 @@ -Language Abuse/WrappedIterator.ql +query: Language Abuse/WrappedIterator.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.qlref b/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.qlref index 614554885fe..3a9b278a015 100644 --- a/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.qlref +++ b/java/ql/test/query-tests/IteratorRemoveMayFail/IteratorRemoveMayFail.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/IteratorRemoveMayFail.ql \ No newline at end of file +query: Likely Bugs/Collections/IteratorRemoveMayFail.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/IteratorRemoveMayFail/Test.java b/java/ql/test/query-tests/IteratorRemoveMayFail/Test.java index 3ed2c563327..f06f8efb22d 100644 --- a/java/ql/test/query-tests/IteratorRemoveMayFail/Test.java +++ b/java/ql/test/query-tests/IteratorRemoveMayFail/Test.java @@ -13,7 +13,7 @@ public class Test { private static void removeOdd(Iterator iter) { while (iter.hasNext()) { if (iter.next()%2 != 0) - iter.remove(); + iter.remove(); // $ Alert } } } @@ -41,7 +41,7 @@ class A { class Parent { public void removeFirst(List l) { - l.iterator().remove(); + l.iterator().remove(); // $ Alert } } @@ -52,4 +52,4 @@ class Child extends Parent { removeFirst(Arrays.asList(ss)); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java index 7ba8988c38b..9795251ce9a 100644 --- a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java +++ b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.java @@ -6,14 +6,14 @@ class ImpossibleJavadocThrows { /** * - * @throws InterruptedException + * @throws InterruptedException // $ Alert */ public void bad1() { } /** * - * @exception Exception + * @exception Exception // $ Alert */ public void bad2() { } @@ -31,4 +31,4 @@ class ImpossibleJavadocThrows { */ public void goodUnchecked(){ } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.qlref b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.qlref index 3f604bfc9d1..dc001712b07 100644 --- a/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.qlref +++ b/java/ql/test/query-tests/Javadoc/ImpossibleJavadocThrows.qlref @@ -1 +1,2 @@ -Advisory/Documentation/ImpossibleJavadocThrows.ql \ No newline at end of file +query: Advisory/Documentation/ImpossibleJavadocThrows.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/LShiftLargerThanTypeWidth/A.java b/java/ql/test/query-tests/LShiftLargerThanTypeWidth/A.java index a2f1f78506c..71383afbe5f 100644 --- a/java/ql/test/query-tests/LShiftLargerThanTypeWidth/A.java +++ b/java/ql/test/query-tests/LShiftLargerThanTypeWidth/A.java @@ -1,51 +1,51 @@ public class A { void test1(byte b, char c, short s, int i, long l) { long b1 = b << 31; // OK - long b2 = b << 32; // BAD - long b3 = b << 33; // BAD - long b4 = b << 64; // BAD + long b2 = b << 32; // $ Alert // BAD + long b3 = b << 33; // $ Alert // BAD + long b4 = b << 64; // $ Alert // BAD long c1 = c << 22; // OK - long c2 = c << 42; // BAD + long c2 = c << 42; // $ Alert // BAD long s1 = s << 22; // OK - long s2 = s << 42; // BAD + long s2 = s << 42; // $ Alert // BAD long i1 = i << 22; // OK - long i2 = i << 32; // BAD - long i3 = i << 42; // BAD - long i4 = i << 64; // BAD - long i5 = i << 65; // BAD + long i2 = i << 32; // $ Alert // BAD + long i3 = i << 42; // $ Alert // BAD + long i4 = i << 64; // $ Alert // BAD + long i5 = i << 65; // $ Alert // BAD long l1 = l << 22; // OK long l2 = l << 32; // OK long l3 = l << 42; // OK - long l4 = l << 64; // BAD - long l5 = l << 65; // BAD + long l4 = l << 64; // $ Alert // BAD + long l5 = l << 65; // $ Alert // BAD } void test2(Byte b, Character c, Short s, Integer i, Long l) { long b1 = b << 31; // OK - long b2 = b << 32; // BAD - long b3 = b << 33; // BAD - long b4 = b << 64; // BAD + long b2 = b << 32; // $ Alert // BAD + long b3 = b << 33; // $ Alert // BAD + long b4 = b << 64; // $ Alert // BAD long c1 = c << 22; // OK - long c2 = c << 42; // BAD + long c2 = c << 42; // $ Alert // BAD long s1 = s << 22; // OK - long s2 = s << 42; // BAD + long s2 = s << 42; // $ Alert // BAD long i1 = i << 22; // OK - long i2 = i << 32; // BAD - long i3 = i << 42; // BAD - long i4 = i << 64; // BAD - long i5 = i << 65; // BAD + long i2 = i << 32; // $ Alert // BAD + long i3 = i << 42; // $ Alert // BAD + long i4 = i << 64; // $ Alert // BAD + long i5 = i << 65; // $ Alert // BAD long l1 = l << 22; // OK long l2 = l << 32; // OK long l3 = l << 42; // OK - long l4 = l << 64; // BAD - long l5 = l << 65; // BAD + long l4 = l << 64; // $ Alert // BAD + long l5 = l << 65; // $ Alert // BAD } } diff --git a/java/ql/test/query-tests/LShiftLargerThanTypeWidth/LShiftLargerThanTypeWidth.qlref b/java/ql/test/query-tests/LShiftLargerThanTypeWidth/LShiftLargerThanTypeWidth.qlref index 5e3fa630b7d..5f6b6243296 100644 --- a/java/ql/test/query-tests/LShiftLargerThanTypeWidth/LShiftLargerThanTypeWidth.qlref +++ b/java/ql/test/query-tests/LShiftLargerThanTypeWidth/LShiftLargerThanTypeWidth.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +query: Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/LazyInitStaticField/LazyInitStaticField.qlref b/java/ql/test/query-tests/LazyInitStaticField/LazyInitStaticField.qlref index 3d83072e701..bba785935e5 100644 --- a/java/ql/test/query-tests/LazyInitStaticField/LazyInitStaticField.qlref +++ b/java/ql/test/query-tests/LazyInitStaticField/LazyInitStaticField.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/LazyInitStaticField.ql \ No newline at end of file +query: Likely Bugs/Concurrency/LazyInitStaticField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/LazyInitStaticField/LazyInits.java b/java/ql/test/query-tests/LazyInitStaticField/LazyInits.java index 08440c20ea3..1faab5c5a5f 100644 --- a/java/ql/test/query-tests/LazyInitStaticField/LazyInits.java +++ b/java/ql/test/query-tests/LazyInitStaticField/LazyInits.java @@ -95,7 +95,7 @@ public class LazyInits { private static LazyInits bad1; public static LazyInits getBad1() { if (bad1 == null) - bad1 = new LazyInits(); + bad1 = new LazyInits(); // $ Alert return bad1; } @@ -105,7 +105,7 @@ public class LazyInits { if (bad2 == null) { synchronized(bad2) { if (bad2 == null) - bad2 = new LazyInits(); + bad2 = new LazyInits(); // $ Alert } } return bad2; @@ -117,7 +117,7 @@ public class LazyInits { if (bad3 == null) { synchronized(Object.class) { if (bad3 == null) - bad3 = new LazyInits(); + bad3 = new LazyInits(); // $ Alert } } return bad3; @@ -129,7 +129,7 @@ public class LazyInits { if (bad4 == null) { synchronized(LazyInits.class) { if (bad4 == null) - bad4 = new LazyInits(); + bad4 = new LazyInits(); // $ Alert } } return bad4; @@ -141,7 +141,7 @@ public class LazyInits { if (bad5 == null) { synchronized(lock) { if (bad5 == null) - bad5 = new LazyInits(); + bad5 = new LazyInits(); // $ Alert } } return bad5; @@ -153,7 +153,7 @@ public class LazyInits { if (bad6 == null) { synchronized(badLock) { if (bad6 == null) - bad6 = new LazyInits(); + bad6 = new LazyInits(); // $ Alert } } return bad6; @@ -174,4 +174,4 @@ public class LazyInits { okLock.unlock(); } } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/MissingEnumInSwitch.qlref b/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/MissingEnumInSwitch.qlref index 10f1b3e8be2..74fae365410 100644 --- a/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/MissingEnumInSwitch.qlref +++ b/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/MissingEnumInSwitch.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/MissingEnumInSwitch.ql +query: Likely Bugs/Statements/MissingEnumInSwitch.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/Test.java b/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/Test.java index 2f39918ead4..ff75940c857 100644 --- a/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/Test.java +++ b/java/ql/test/query-tests/Likely Bugs/Statements/MissingEnumInSwitch/Test.java @@ -5,32 +5,32 @@ public class Test { } public void use(MyEnum e) { - switch(e) { + switch(e) { // $ Alert case A: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; case D: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; case D: break; case E: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; @@ -53,7 +53,7 @@ public class Test { case T: break; case U: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; @@ -77,7 +77,7 @@ public class Test { case U: break; case V: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; @@ -102,7 +102,7 @@ public class Test { case V: break; case W: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; @@ -128,7 +128,7 @@ public class Test { case W: break; case X: break; } - switch(e) { + switch(e) { // $ Alert case A: break; case B: break; case C: break; diff --git a/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref b/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref index 8ad93d27f52..4d45b7edd2f 100644 --- a/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref +++ b/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunity.qlref @@ -1 +1,2 @@ -Language Abuse/MissedTernaryOpportunity.ql \ No newline at end of file +query: Language Abuse/MissedTernaryOpportunity.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunityTest.java b/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunityTest.java index 34dab78f14f..b463c7ad545 100644 --- a/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunityTest.java +++ b/java/ql/test/query-tests/MissedTernaryOpportunity/MissedTernaryOpportunityTest.java @@ -3,7 +3,7 @@ import java.util.*; public class MissedTernaryOpportunityTest { public static boolean missedOpportunity1(int a){ - if(a == 42) + if(a == 42) // $ Alert return true; else return false; @@ -29,7 +29,7 @@ public class MissedTernaryOpportunityTest { public static boolean missedOpportunity2(int a){ boolean ret; - if(a == 42) + if(a == 42) // $ Alert ret = true; else ret = false; @@ -71,7 +71,7 @@ public class MissedTernaryOpportunityTest { } public static boolean missedOpportunity3(int a){ - if(a == 42) + if(a == 42) // $ Alert return true; else return someOtherFn(a); @@ -130,7 +130,7 @@ public class MissedTernaryOpportunityTest { // same variables, different qualification public void missedOpportunity4(int a){ - if(a > 42) + if(a > 42) // $ Alert memberVar1 = "hey"; else MissedTernaryOpportunityTest.this.memberVar1 = "ho"; @@ -142,7 +142,7 @@ public class MissedTernaryOpportunityTest { System.out.println("something"); return false; }else{ - if(a == 42) + if(a == 42) // $ Alert return true; else return false; @@ -152,7 +152,7 @@ public class MissedTernaryOpportunityTest { // nested if public boolean missedOpportunity6(int a){ if(a > 42){ - if(a == 42) + if(a == 42) // $ Alert return true; else return false; diff --git a/java/ql/test/query-tests/MissingCallToSuperClone/MissingCallToSuperClone.qlref b/java/ql/test/query-tests/MissingCallToSuperClone/MissingCallToSuperClone.qlref index 5e9ed3758ee..3939e6de8f0 100644 --- a/java/ql/test/query-tests/MissingCallToSuperClone/MissingCallToSuperClone.qlref +++ b/java/ql/test/query-tests/MissingCallToSuperClone/MissingCallToSuperClone.qlref @@ -1 +1,2 @@ -Likely Bugs/Cloning/MissingCallToSuperClone.ql +query: Likely Bugs/Cloning/MissingCallToSuperClone.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissingCallToSuperClone/Test.java b/java/ql/test/query-tests/MissingCallToSuperClone/Test.java index a236543a695..e0286c37930 100644 --- a/java/ql/test/query-tests/MissingCallToSuperClone/Test.java +++ b/java/ql/test/query-tests/MissingCallToSuperClone/Test.java @@ -7,7 +7,7 @@ class IAmAGoodCloneable implements Cloneable { class Sub1 extends IAmAGoodCloneable { public Object clone() throws CloneNotSupportedException { return super.clone(); } } class IAmABadCloneable implements Cloneable { - public Object clone() { + public Object clone() { // $ Alert return null; } } diff --git a/java/ql/test/query-tests/MissingInstanceofInEquals/Bad.java b/java/ql/test/query-tests/MissingInstanceofInEquals/Bad.java index 63cdf14fddd..0f22d47cab2 100644 --- a/java/ql/test/query-tests/MissingInstanceofInEquals/Bad.java +++ b/java/ql/test/query-tests/MissingInstanceofInEquals/Bad.java @@ -10,10 +10,10 @@ class Bad { } @Override - public boolean equals(Object obj) { + public boolean equals(Object obj) { // $ Alert Bad other = (Bad) obj; if (data != other.data) return false; return true; } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.qlref b/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.qlref index 40038cf027a..d1a5c7d8130 100644 --- a/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.qlref +++ b/java/ql/test/query-tests/MissingInstanceofInEquals/MissingInstanceofInEquals.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/MissingInstanceofInEquals.ql \ No newline at end of file +query: Likely Bugs/Comparison/MissingInstanceofInEquals.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissingOverrideAnnotation/MissingOverrideAnnotation.qlref b/java/ql/test/query-tests/MissingOverrideAnnotation/MissingOverrideAnnotation.qlref index c74780e7d24..885c1312f9e 100644 --- a/java/ql/test/query-tests/MissingOverrideAnnotation/MissingOverrideAnnotation.qlref +++ b/java/ql/test/query-tests/MissingOverrideAnnotation/MissingOverrideAnnotation.qlref @@ -1 +1,2 @@ -Advisory/Declarations/MissingOverrideAnnotation.ql \ No newline at end of file +query: Advisory/Declarations/MissingOverrideAnnotation.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissingOverrideAnnotation/Test.java b/java/ql/test/query-tests/MissingOverrideAnnotation/Test.java index e74026cf6ef..cdadb8b7818 100644 --- a/java/ql/test/query-tests/MissingOverrideAnnotation/Test.java +++ b/java/ql/test/query-tests/MissingOverrideAnnotation/Test.java @@ -15,7 +15,7 @@ class Super { public class Test extends Super { // NOT OK - int m() { + int m() { // $ Alert return 42; } @@ -32,4 +32,4 @@ public class Test extends Super { // OK Arrays.asList(1,2).stream().map(x -> x+1).collect(Collectors.toList()); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/MissingSpaceTypo/A.java b/java/ql/test/query-tests/MissingSpaceTypo/A.java index bf40bbaa27a..a095d8568d8 100644 --- a/java/ql/test/query-tests/MissingSpaceTypo/A.java +++ b/java/ql/test/query-tests/MissingSpaceTypo/A.java @@ -1,20 +1,20 @@ public class A { public void missing() { String s; - s = "this text" + - "is missing a space"; - s = "the class java.util.ArrayList" + - "without a space"; - s = "This isn't" + - "right."; - s = "There's 1" + - "thing wrong"; - s = "There's A/B" + - "and no space"; - s = "Wait for it...." + - "No space!"; - s = "Is there a space?" + - "No!"; + s = "this text" + // $ + "is missing a space"; // $ Alert + s = "the class java.util.ArrayList" + // $ + "without a space"; // $ Alert + s = "This isn't" + // $ + "right."; // $ Alert + s = "There's 1" + // $ + "thing wrong"; // $ Alert + s = "There's A/B" + // $ + "and no space"; // $ Alert + s = "Wait for it...." + // $ + "No space!"; // $ Alert + s = "Is there a space?" + // $ + "No!"; // $ Alert } public void ok() { diff --git a/java/ql/test/query-tests/MissingSpaceTypo/MissingSpaceTypo.qlref b/java/ql/test/query-tests/MissingSpaceTypo/MissingSpaceTypo.qlref index b0ad55262d2..6eb5700aa4e 100644 --- a/java/ql/test/query-tests/MissingSpaceTypo/MissingSpaceTypo.qlref +++ b/java/ql/test/query-tests/MissingSpaceTypo/MissingSpaceTypo.qlref @@ -1 +1,2 @@ -Likely Bugs/Likely Typos/MissingSpaceTypo.ql +query: Likely Bugs/Likely Typos/MissingSpaceTypo.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.qlref b/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.qlref index 26bbcf24bbb..220dcc04752 100644 --- a/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.qlref +++ b/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.qlref @@ -1 +1,2 @@ -Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +query: Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/Test.java b/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/Test.java index f20f5ac8f49..579aa276070 100644 --- a/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/Test.java +++ b/java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/Test.java @@ -9,7 +9,7 @@ class NonSerializable { } // BAD: Serializable but its parent cannot be instantiated -class A extends NonSerializable implements Serializable { +class A extends NonSerializable implements Serializable { // $ Alert public A() { super(1); } } diff --git a/java/ql/test/query-tests/MutualDependency/MutualDependency.qlref b/java/ql/test/query-tests/MutualDependency/MutualDependency.qlref index ab1dbe353ef..273ed4d757a 100644 --- a/java/ql/test/query-tests/MutualDependency/MutualDependency.qlref +++ b/java/ql/test/query-tests/MutualDependency/MutualDependency.qlref @@ -1 +1,2 @@ -Architecture/Dependencies/MutualDependency.ql \ No newline at end of file +query: Architecture/Dependencies/MutualDependency.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/MutualDependency/onepackage/MutualDependency.java b/java/ql/test/query-tests/MutualDependency/onepackage/MutualDependency.java index 31188ad5a52..13225f83869 100644 --- a/java/ql/test/query-tests/MutualDependency/onepackage/MutualDependency.java +++ b/java/ql/test/query-tests/MutualDependency/onepackage/MutualDependency.java @@ -7,7 +7,7 @@ public class MutualDependency { static int a = m; } // disallow inter-package dependencies - public static class B { + public static class B { // $ Alert public static int b = otherpackage.OtherClass.c; } } diff --git a/java/ql/test/query-tests/Naming/ConfusingOverloading.qlref b/java/ql/test/query-tests/Naming/ConfusingOverloading.qlref index 4fc71295c2c..e74bc1b00aa 100644 --- a/java/ql/test/query-tests/Naming/ConfusingOverloading.qlref +++ b/java/ql/test/query-tests/Naming/ConfusingOverloading.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql \ No newline at end of file +query: Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Naming/NamingTest.java b/java/ql/test/query-tests/Naming/NamingTest.java index e6365ead8ef..75ee73b4eb7 100644 --- a/java/ql/test/query-tests/Naming/NamingTest.java +++ b/java/ql/test/query-tests/Naming/NamingTest.java @@ -4,7 +4,7 @@ import java.util.stream.*; public class NamingTest { public boolean equals(Object other) { return false; } - public boolean equals(NamingTest other) { return true; } + public boolean equals(NamingTest other) { return true; } // $ Alert public void visit(Object node) {} public void visit(NamingTest t) {} diff --git a/java/ql/test/query-tests/NonPrivateField/NonPrivateField.qlref b/java/ql/test/query-tests/NonPrivateField/NonPrivateField.qlref index 569bf88d8e5..e52cd3fa668 100644 --- a/java/ql/test/query-tests/NonPrivateField/NonPrivateField.qlref +++ b/java/ql/test/query-tests/NonPrivateField/NonPrivateField.qlref @@ -1 +1,2 @@ -Advisory/Declarations/NonPrivateField.ql +query: Advisory/Declarations/NonPrivateField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NonPrivateField/NonPrivateFieldTest.java b/java/ql/test/query-tests/NonPrivateField/NonPrivateFieldTest.java index c64af38ee50..a67c6ac7da6 100644 --- a/java/ql/test/query-tests/NonPrivateField/NonPrivateFieldTest.java +++ b/java/ql/test/query-tests/NonPrivateField/NonPrivateFieldTest.java @@ -5,15 +5,15 @@ public class NonPrivateFieldTest { public @interface Rule {} // JUnit-like annotation public static class Fields{ - public static String problematic1 = "value"; - public final int problematic2 = 0; - public final int problematic3; + public static String problematic1 = "value"; // $ Alert + public final int problematic2 = 0; // $ Alert + public final int problematic3; // $ Alert - final int problematic4 = 9; // omitted access descriptor - static int problematic5 = 0; - public int problematic6 = 0; - protected Double problematic7 = 0.0; // protected but not used in derived classes - static int[] problematic8; + final int problematic4 = 9; // $ Alert // omitted access descriptor + static int problematic5 = 0; // $ Alert + public int problematic6 = 0; // $ Alert + protected Double problematic7 = 0.0; // $ Alert // protected but not used in derived classes + static int[] problematic8; // $ Alert public static final int ok1 = 0; // public static finals are usually fine, even if not accessed by anything from outside public static int ok2 = 0; // foreign write access diff --git a/java/ql/test/query-tests/NonSerializableField/NonSerializableField.qlref b/java/ql/test/query-tests/NonSerializableField/NonSerializableField.qlref index 401d63757af..1b3b59559be 100644 --- a/java/ql/test/query-tests/NonSerializableField/NonSerializableField.qlref +++ b/java/ql/test/query-tests/NonSerializableField/NonSerializableField.qlref @@ -1 +1,2 @@ -Likely Bugs/Serialization/NonSerializableField.ql +query: Likely Bugs/Serialization/NonSerializableField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NonSerializableField/NonSerializableFieldTest.java b/java/ql/test/query-tests/NonSerializableField/NonSerializableFieldTest.java index 48022434c91..71b48e62d78 100644 --- a/java/ql/test/query-tests/NonSerializableField/NonSerializableFieldTest.java +++ b/java/ql/test/query-tests/NonSerializableField/NonSerializableFieldTest.java @@ -22,20 +22,20 @@ public class NonSerializableFieldTest { public static class MyColl extends HashMap{} public static class NotSerializable1 extends SerializableBase{ - NS problematic1; - List problematic2; - Map problematic3; - Map problematic4; - Map> problematic5; - Map problematic6; - List problematic7; - List problematic8; - T problematic9; - List problematic10; - List problematic11; - Map problematic12; - Map> problematic13; - Map problematic14; + NS problematic1; // $ Alert + List problematic2; // $ Alert + Map problematic3; // $ Alert + Map problematic4; // $ Alert + Map> problematic5; // $ Alert + Map problematic6; // $ Alert + List problematic7; // $ Alert + List problematic8; // $ Alert + T problematic9; // $ Alert + List problematic10; // $ Alert + List problematic11; // $ Alert + Map problematic12; // $ Alert + Map> problematic13; // $ Alert + Map problematic14; // $ Alert transient NS ok1; List ok2; @@ -76,7 +76,7 @@ public class NonSerializableFieldTest { public static void main(String[] args){ Anonymous a1 = new Anonymous(){ - NS problematic; + NS problematic; // $ Alert }; @SuppressWarnings("serial") @@ -106,7 +106,7 @@ public class NonSerializableFieldTest { @Stateful class StatefulSessionEjb extends SessionBean { - NonSerializableClass nonSerializableField; + NonSerializableClass nonSerializableField; // $ Alert } enum Enum { diff --git a/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref b/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref index 4cbb0995764..0ce5b0819e9 100644 --- a/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref +++ b/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClass.qlref @@ -1 +1,2 @@ -Likely Bugs/Serialization/NonSerializableInnerClass.ql +query: Likely Bugs/Serialization/NonSerializableInnerClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.java b/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.java index 5fe5a6cafa3..55e15cdd0b9 100644 --- a/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.java +++ b/java/ql/test/query-tests/NonSerializableInnerClass/NonSerializableInnerClassTest.java @@ -11,9 +11,9 @@ public class NonSerializableInnerClassTest { public static class Outer1{ - public class Problematic1 implements Serializable{ } + public class Problematic1 implements Serializable{ } // $ Alert - public class Problematic2 extends S{ } + public class Problematic2 extends S{ } // $ Alert @SuppressWarnings("serial") @@ -48,8 +48,8 @@ public class NonSerializableInnerClassTest { public class Ok9 implements Serializable{ } } - public class Problematic3 extends S { - public class Problematic4 implements Serializable{ } // because NonSerializableInnerClassTest is not serializable + public class Problematic3 extends S { // $ Alert + public class Problematic4 implements Serializable{ } // $ Alert // because NonSerializableInnerClassTest is not serializable } // we currently ignore anonymous classes @@ -66,7 +66,7 @@ public class NonSerializableInnerClassTest { } // the class is not used anywhere, but the serialVersionUID field is an indicator for later serialization - private class Problematic7 implements Serializable{ + private class Problematic7 implements Serializable{ // $ Alert public static final long serialVersionUID = 123; } diff --git a/java/ql/test/query-tests/NonSynchronizedOverride/NonSynchronizedOverride.qlref b/java/ql/test/query-tests/NonSynchronizedOverride/NonSynchronizedOverride.qlref index f8c54049dce..324b7a4355c 100644 --- a/java/ql/test/query-tests/NonSynchronizedOverride/NonSynchronizedOverride.qlref +++ b/java/ql/test/query-tests/NonSynchronizedOverride/NonSynchronizedOverride.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/NonSynchronizedOverride.ql \ No newline at end of file +query: Likely Bugs/Concurrency/NonSynchronizedOverride.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NonSynchronizedOverride/Test.java b/java/ql/test/query-tests/NonSynchronizedOverride/Test.java index dd537d12b3b..82ffa4b2650 100644 --- a/java/ql/test/query-tests/NonSynchronizedOverride/Test.java +++ b/java/ql/test/query-tests/NonSynchronizedOverride/Test.java @@ -13,7 +13,7 @@ class Super { class Sub extends Super { // NOT OK - void quack() { + void quack() { // $ Alert super.quack(); super.quack(); } @@ -24,7 +24,7 @@ class Sub extends Super { } // NOT OK - void foo() { + void foo() { // $ Alert super.bar(); } } @@ -35,10 +35,10 @@ class A { class B extends A { // NOT OK - void foo() {} + void foo() {} // $ Alert } class C extends A { // NOT OK - void foo() {} -} \ No newline at end of file + void foo() {} // $ Alert +} diff --git a/java/ql/test/query-tests/NotifyWithoutSynch/NotifyWithoutSynch.qlref b/java/ql/test/query-tests/NotifyWithoutSynch/NotifyWithoutSynch.qlref index fb6f44cc3e0..b05b6eb0c06 100644 --- a/java/ql/test/query-tests/NotifyWithoutSynch/NotifyWithoutSynch.qlref +++ b/java/ql/test/query-tests/NotifyWithoutSynch/NotifyWithoutSynch.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/NotifyWithoutSynch.ql +query: Likely Bugs/Concurrency/NotifyWithoutSynch.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NotifyWithoutSynch/Test.java b/java/ql/test/query-tests/NotifyWithoutSynch/Test.java index 73982fc6586..7bd22fbbab3 100644 --- a/java/ql/test/query-tests/NotifyWithoutSynch/Test.java +++ b/java/ql/test/query-tests/NotifyWithoutSynch/Test.java @@ -7,7 +7,7 @@ class NotifyWithoutSynch { } public void fail_unqualified_wait() throws InterruptedException { - wait(); + wait(); // $ Alert } public synchronized void pass_unqualified_notify() throws InterruptedException { @@ -15,7 +15,7 @@ class NotifyWithoutSynch { } public void fail_unqualified_notify() throws InterruptedException { - notify(); + notify(); // $ Alert } public synchronized void pass_unqualified_notifyAll() throws InterruptedException { @@ -23,7 +23,7 @@ class NotifyWithoutSynch { } public void fail_unqualified_notifyAll() throws InterruptedException { - notifyAll(); + notifyAll(); // $ Alert } public void pass_unqualified_wait2() throws InterruptedException { @@ -49,32 +49,32 @@ class NotifyWithoutSynch { } public void fail_qualified_wait01() throws InterruptedException { - this.wait(); + this.wait(); // $ Alert } public void fail_qualified_wait02() throws InterruptedException { - this.wait(); + this.wait(); // $ Alert } public void fail_qualified_wait03() throws InterruptedException { synchronized(obj1) { - this.wait(); + this.wait(); // $ Alert } } public void fail_qualified_wait04() throws InterruptedException { synchronized(this) { - obj1.wait(); + obj1.wait(); // $ Alert } } public synchronized void fail_qualified_wait05() throws InterruptedException { - obj1.wait(); + obj1.wait(); // $ Alert } public synchronized void fail_qualified_wait06() throws InterruptedException { synchronized(obj1) { - obj2.wait(); + obj2.wait(); // $ Alert } } @@ -111,7 +111,7 @@ class NotifyWithoutSynch { } private void fail_indirect_callee14() throws InterruptedException { - wait(); + wait(); // $ Alert } public void fail_indirect_caller15() throws InterruptedException { diff --git a/java/ql/test/query-tests/Nullness/A.java b/java/ql/test/query-tests/Nullness/A.java index 065fffdbd3f..c40f6e898d5 100644 --- a/java/ql/test/query-tests/Nullness/A.java +++ b/java/ql/test/query-tests/Nullness/A.java @@ -12,7 +12,7 @@ public class A { } Object not = null; if (!(not != null)) { - not.hashCode(); + not.hashCode(); // $ Alert[java/dereferenced-value-is-always-null] } } @@ -45,7 +45,7 @@ public class A { Object assertNotNull_ok3 = maybe() ? null : new Object(); assertNonNull(assertNotNull_ok3, ""); - assertNotNull_ok3.toString(); + assertNotNull_ok3.toString(); // $ Alert[java/dereferenced-value-may-be-null] } public void assertTrueTest() { @@ -94,7 +94,7 @@ public class A { public void synchronised() { Object synchronized_always = null; - synchronized(synchronized_always) { + synchronized(synchronized_always) { // $ Alert[java/dereferenced-value-is-always-null] synchronized_always.hashCode(); } } @@ -158,18 +158,18 @@ public class A { String do_always = null; do { - System.out.println(do_always.length()); + System.out.println(do_always.length()); // $ Alert[java/dereferenced-value-is-always-null] do_always = null; } while(do_always != null); String do_maybe1 = null; do { - System.out.println(do_maybe1.length()); + System.out.println(do_maybe1.length()); // $ Alert[java/dereferenced-value-is-always-null] } while(do_maybe1 != null); String do_maybe = ""; do { - System.out.println(do_maybe.length()); + System.out.println(do_maybe.length()); // $ Alert[java/dereferenced-value-may-be-null] do_maybe = null; } while(true); } @@ -184,13 +184,13 @@ public class A { boolean TRUE = true; String while_always = null; while(TRUE) { - System.out.println(while_always.length()); + System.out.println(while_always.length()); // $ Alert[java/dereferenced-value-is-always-null] while_always = null; } String while_maybe = ""; while(true) { - System.out.println(while_maybe.length()); + System.out.println(while_maybe.length()); // $ Alert[java/dereferenced-value-may-be-null] while_maybe = null; } } @@ -204,7 +204,7 @@ public class A { String if_always = null; if (if_always == null) { - System.out.println(if_always.length()); + System.out.println(if_always.length()); // $ Alert[java/dereferenced-value-is-always-null] if_always = null; } @@ -212,7 +212,7 @@ public class A { if (if_maybe != null && if_maybe.length() % 2 == 0) { if_maybe = null; } - System.out.println(if_maybe.length()); + System.out.println(if_maybe.length()); // $ Alert[java/dereferenced-value-may-be-null] } public void for_() { @@ -220,20 +220,20 @@ public class A { for (for_ok = ""; for_ok != null; for_ok = null) { System.out.println(for_ok.length()); } - System.out.println(for_ok.length()); + System.out.println(for_ok.length()); // $ Alert[java/dereferenced-value-is-always-null] for (String for_always = null; ((for_always == null)); for_always = null) { - System.out.println(for_always.length()); + System.out.println(for_always.length()); // $ Alert[java/dereferenced-value-is-always-null] } for (String for_maybe = ""; ; for_maybe = null) { - System.out.println(for_maybe.length()); + System.out.println(for_maybe.length()); // $ Alert[java/dereferenced-value-may-be-null] } } public void array_assign_test() { int[] array_null = null; - array_null[0] = 10; + array_null[0] = 10; // $ Alert[java/dereferenced-value-is-always-null] int[] array_ok; array_ok = new int[10]; @@ -245,9 +245,9 @@ public class A { String[] fieldaccess = null; Object methodaccess = null; - System.out.println(arrayaccess[1]); - System.out.println(fieldaccess.length); - System.out.println(methodaccess.toString()); + System.out.println(arrayaccess[1]); // $ Alert[java/dereferenced-value-is-always-null] + System.out.println(fieldaccess.length); // $ Alert[java/dereferenced-value-is-always-null] + System.out.println(methodaccess.toString()); // $ Alert[java/dereferenced-value-is-always-null] System.out.println(arrayaccess[1]); System.out.println(fieldaccess.length); @@ -261,16 +261,16 @@ public class A { System.out.println(for_ok.size()); List for_always = null; - for (String s : for_always) + for (String s : for_always) // $ Alert[java/dereferenced-value-is-always-null] System.out.println(s); - System.out.println(for_always.size()); + System.out.println(for_always.size()); // $ Alert[java/dereferenced-value-is-always-null] List for_maybe = java.util.Collections.emptyList(); for (String s : for_maybe) { System.out.println(s); for_maybe = null; } - System.out.println(for_maybe.size()); + System.out.println(for_maybe.size()); // $ Alert[java/dereferenced-value-may-be-null] } public void assertFalseInstanceofTest() { @@ -290,7 +290,7 @@ public class A { public void assertFalseNotNullNestedTest() { Object s = String.valueOf(1); assertFalse(s != null || !"1".equals("1")); // assertTrue(s==null) - s.toString().isEmpty(); + s.toString().isEmpty(); // $ Alert[java/dereferenced-value-is-always-null] } public void testForLoopCondition(Iterable iter) { diff --git a/java/ql/test/query-tests/Nullness/B.java b/java/ql/test/query-tests/Nullness/B.java index 5759df2d236..14ff2b35935 100644 --- a/java/ql/test/query-tests/Nullness/B.java +++ b/java/ql/test/query-tests/Nullness/B.java @@ -13,14 +13,14 @@ public class B { } public void callee1(Object param) { - param.toString(); // NPE + param.toString(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } public void callee2(Object param) { if (param != null) { param.toString(); // OK } - param.toString(); // NPE + param.toString(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } private static boolean customIsNull(Object x) { @@ -54,7 +54,7 @@ public class B { if (ok) o7.hashCode(); // OK else - o7.hashCode(); // NPE + o7.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE Object o8 = maybe ? null : ""; int track = o8 == null ? 42 : 1+1; @@ -66,16 +66,16 @@ public class B { public void deref() { int[] xs = maybe ? null : new int[2]; - if (2 > 1) xs[0] = 5; // NPE - if (2 > 1) maybe = xs[1] > 5; // NPE + if (2 > 1) xs[0] = 5; // $ Alert[java/dereferenced-value-may-be-null] // NPE + if (2 > 1) maybe = xs[1] > 5; // $ Alert[java/dereferenced-value-may-be-null] // NPE if (2 > 1) { - int l = xs.length; // NPE + int l = xs.length; // $ Alert[java/dereferenced-value-may-be-null] // NPE } if (2 > 1) { - for (int i : xs) { } // NPE + for (int i : xs) { } // $ Alert[java/dereferenced-value-may-be-null] // NPE } if (2 > 1) { - synchronized(xs) { // NPE + synchronized(xs) { // $ Alert[java/dereferenced-value-may-be-null] // NPE xs.hashCode(); // Not reported - same basic block } } @@ -115,7 +115,7 @@ public class B { } public void missedGuard(Object obj) { - obj.hashCode(); // NPE + obj.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE int x = obj != null ? 1 : 0; } @@ -130,7 +130,7 @@ public class B { obj = mkMaybe(); } catch(Exception e) { } - obj.hashCode(); // NPE + obj.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE Object obj2 = null; try { @@ -187,7 +187,7 @@ public class B { Object other = maybe ? null : ""; if (other == null) o = ""; if (other != null) - o.hashCode(); // NPE + o.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE else o.hashCode(); // OK @@ -301,7 +301,7 @@ public class B { if (ioe != null) { ioe = e; } else { - ioe.getMessage(); // NPE; always + ioe.getMessage(); // $ Alert[java/dereferenced-value-is-always-null] // NPE; always } } @@ -331,7 +331,7 @@ public class B { x = new Object(); } if(y instanceof String) { - x.hashCode(); // Spurious NPE - false positive + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } } @@ -341,7 +341,7 @@ public class B { x = new Object(); } if(!(y instanceof String)) { - x.hashCode(); // Spurious NPE - false positive + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } } @@ -351,7 +351,7 @@ public class B { x = new Object(); } if(y == z) { - x.hashCode(); // Spurious NPE - false positive + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } Object x2 = null; @@ -359,7 +359,7 @@ public class B { x2 = new Object(); } if(y != z) { - x2.hashCode(); // Spurious NPE - false positive + x2.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } Object x3 = null; @@ -367,7 +367,7 @@ public class B { x3 = new Object(); } if(!(y == z)) { - x3.hashCode(); // Spurious NPE - false positive + x3.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } } @@ -405,7 +405,7 @@ public class B { g5 |= b; if (g5) { - x.hashCode(); // NPE + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } } @@ -417,7 +417,7 @@ public class B { x = null; } if (!b) { - x.hashCode(); // NPE + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } // flow can loop around from one iteration to the next } @@ -462,7 +462,7 @@ public class B { cur = a[i]; if (!prev) { // correctly guarded by !cur from the _previous_ iteration - x.hashCode(); // Spurious NPE - false positive + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } else { x = new Object(); } @@ -484,7 +484,7 @@ public class B { t = new Object(); } // correctly guarded by t: null -> String -> Object - x.hashCode(); // Spurious NPE - false positive + x.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive } } } @@ -513,7 +513,7 @@ public class B { int c = -1; if (maybe) { } if (c == 100) { return; } - o.hashCode(); // NPE + o.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } public void testFinally(int[] xs, int[] ys) { @@ -532,9 +532,9 @@ public class B { } finally { } s1.hashCode(); // OK - s2.hashCode(); // NPE + s2.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } - s1.hashCode(); // NPE + s1.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } public void lenCheck(int[] xs, int n, int t) { @@ -573,7 +573,7 @@ public class B { } finally { } } - s.hashCode(); // Spurious NPE - false positive + s.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // Spurious NPE - false positive // CFG reachability does not distinguish abrupt successors } } diff --git a/java/ql/test/query-tests/Nullness/C.java b/java/ql/test/query-tests/Nullness/C.java index edd64cfa79b..0ecc0c23f88 100644 --- a/java/ql/test/query-tests/Nullness/C.java +++ b/java/ql/test/query-tests/Nullness/C.java @@ -6,8 +6,8 @@ public class C { long[][] a2 = null; boolean haveA2 = ix < len && (a2 = a1[ix]) != null; long[] a3 = null; - final boolean haveA3 = haveA2 && (a3 = a2[ix]) != null; // NPE - false positive - if (haveA3) a3[0] = 0; // NPE - false positive + final boolean haveA3 = haveA2 && (a3 = a2[ix]) != null; // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive + if (haveA3) a3[0] = 0; // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive } public void ex2(boolean x, boolean y) { @@ -18,7 +18,7 @@ public class C { s2 = (s1 == null) ? null : ""; } if (s2 != null) - s1.hashCode(); // NPE - false positive + s1.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive } public void ex3(List ss) { @@ -48,7 +48,7 @@ public class C { slice = new ArrayList<>(); result.add(slice); } - slice.add(str); // NPE - false positive + slice.add(str); // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive ++index; iter.remove(); } @@ -141,7 +141,7 @@ public class C { public void ex10(int[] a) { int n = a == null ? 0 : a.length; for (int i = 0; i < n; i++) { - int x = a[i]; // NPE - false positive + int x = a[i]; // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive if (x > 7) a = new int[n]; } @@ -216,7 +216,7 @@ public class C { if (o1 == o2) { return; } - if (o1.equals(o2)) { // NPE - false positive + if (o1.equals(o2)) { // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive return; } } @@ -230,7 +230,7 @@ public class C { public static void ex16(C c) { int[] xs = c.getFoo16() != null ? new int[5] : null; if (c.getFoo16() != null) { - xs[0]++; // NPE - false positive + xs[0]++; // $ Alert[java/dereferenced-value-may-be-null] // NPE - false positive } } diff --git a/java/ql/test/query-tests/Nullness/ExprDeref.java b/java/ql/test/query-tests/Nullness/ExprDeref.java index 61aa9c4d8da..4a4c503d959 100644 --- a/java/ql/test/query-tests/Nullness/ExprDeref.java +++ b/java/ql/test/query-tests/Nullness/ExprDeref.java @@ -4,6 +4,6 @@ public class ExprDeref { } int unboxBad(boolean b) { - return (b ? null : getBoxed()); // NPE + return (b ? null : getBoxed()); // $ Alert[java/dereferenced-expr-may-be-null] // NPE } } diff --git a/java/ql/test/query-tests/Nullness/F.java b/java/ql/test/query-tests/Nullness/F.java index 6589c3d78fa..d1fd4348429 100644 --- a/java/ql/test/query-tests/Nullness/F.java +++ b/java/ql/test/query-tests/Nullness/F.java @@ -8,13 +8,13 @@ public class F { public void m2(Object obj) { if (obj == null) doStuff(); - obj.hashCode(); // NPE + obj.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } public void m3(Object obj) { if (obj == null) doStuffOrThrow(0); - obj.hashCode(); // NPE + obj.hashCode(); // $ Alert[java/dereferenced-value-may-be-null] // NPE } public static class MyException extends RuntimeException { diff --git a/java/ql/test/query-tests/Nullness/G.java b/java/ql/test/query-tests/Nullness/G.java index 9a525e8d14b..c8c69873299 100644 --- a/java/ql/test/query-tests/Nullness/G.java +++ b/java/ql/test/query-tests/Nullness/G.java @@ -17,7 +17,7 @@ public class G { case null, default -> "bar"; }; - switch(s) { // BAD; lack of a null case means this may throw. + switch(s) { // $ Alert[java/dereferenced-value-may-be-null] // BAD; lack of a null case means this may throw. case "foo" -> System.out.println("Foo"); case String s2 -> System.out.println("Other string of length " + s2.length()); } diff --git a/java/ql/test/query-tests/Nullness/NullAlways.qlref b/java/ql/test/query-tests/Nullness/NullAlways.qlref index a03818b411f..76df7c2751e 100644 --- a/java/ql/test/query-tests/Nullness/NullAlways.qlref +++ b/java/ql/test/query-tests/Nullness/NullAlways.qlref @@ -1 +1,2 @@ -Likely Bugs/Nullness/NullAlways.ql +query: Likely Bugs/Nullness/NullAlways.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Nullness/NullExprDeref.qlref b/java/ql/test/query-tests/Nullness/NullExprDeref.qlref index 46dda091593..4ca963ecbcc 100644 --- a/java/ql/test/query-tests/Nullness/NullExprDeref.qlref +++ b/java/ql/test/query-tests/Nullness/NullExprDeref.qlref @@ -1 +1,2 @@ -Likely Bugs/Nullness/NullExprDeref.ql +query: Likely Bugs/Nullness/NullExprDeref.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/Nullness/NullMaybe.qlref b/java/ql/test/query-tests/Nullness/NullMaybe.qlref index ab01473d8e5..19125c7bc59 100644 --- a/java/ql/test/query-tests/Nullness/NullMaybe.qlref +++ b/java/ql/test/query-tests/Nullness/NullMaybe.qlref @@ -1 +1,2 @@ -Likely Bugs/Nullness/NullMaybe.ql +query: Likely Bugs/Nullness/NullMaybe.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NumberFormatException/NumberFormatException.qlref b/java/ql/test/query-tests/NumberFormatException/NumberFormatException.qlref index 8d221a0854f..4f183d197af 100644 --- a/java/ql/test/query-tests/NumberFormatException/NumberFormatException.qlref +++ b/java/ql/test/query-tests/NumberFormatException/NumberFormatException.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Exception Handling/NumberFormatException.ql +query: Violations of Best Practice/Exception Handling/NumberFormatException.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/NumberFormatException/Test.java b/java/ql/test/query-tests/NumberFormatException/Test.java index b886116eb74..6f58bac8ba2 100644 --- a/java/ql/test/query-tests/NumberFormatException/Test.java +++ b/java/ql/test/query-tests/NumberFormatException/Test.java @@ -8,46 +8,46 @@ public class Test { } static void test1() { - Byte.parseByte("123"); - Byte.decode("123"); - Byte.valueOf("123"); - Byte.valueOf("123", 10); - Byte.valueOf("7f", 16); - new Byte("123"); + Byte.parseByte("123"); // $ Alert + Byte.decode("123"); // $ Alert + Byte.valueOf("123"); // $ Alert + Byte.valueOf("123", 10); // $ Alert + Byte.valueOf("7f", 16); // $ Alert + new Byte("123"); // $ Alert new Byte((byte) 123); // don't flag: wrong constructor - Short.parseShort("123"); - Short.decode("123"); - Short.valueOf("123"); - Short.valueOf("123", 10); - Short.valueOf("7abc", 16); - new Short("123"); + Short.parseShort("123"); // $ Alert + Short.decode("123"); // $ Alert + Short.valueOf("123"); // $ Alert + Short.valueOf("123", 10); // $ Alert + Short.valueOf("7abc", 16); // $ Alert + new Short("123"); // $ Alert new Short((short) 123); // don't flag: wrong constructor - Integer.parseInt("123"); - Integer.decode("123"); - Integer.valueOf("123"); - Integer.valueOf("123", 10); - Integer.valueOf("1234beef", 16); - new Integer("123"); + Integer.parseInt("123"); // $ Alert + Integer.decode("123"); // $ Alert + Integer.valueOf("123"); // $ Alert + Integer.valueOf("123", 10); // $ Alert + Integer.valueOf("1234beef", 16); // $ Alert + new Integer("123"); // $ Alert new Integer(123); // don't flag: wrong constructor - Long.parseLong("123"); - Long.decode("123"); - Long.valueOf("123"); - Long.valueOf("123", 10); - Long.valueOf("deadbeef", 16); - new Long("123"); + Long.parseLong("123"); // $ Alert + Long.decode("123"); // $ Alert + Long.valueOf("123"); // $ Alert + Long.valueOf("123", 10); // $ Alert + Long.valueOf("deadbeef", 16); // $ Alert + new Long("123"); // $ Alert new Long(123l); // don't flag: wrong constructor - Float.parseFloat("2.7818281828"); - Float.valueOf("2.7818281828"); - new Float("2.7818281828"); + Float.parseFloat("2.7818281828"); // $ Alert + Float.valueOf("2.7818281828"); // $ Alert + new Float("2.7818281828"); // $ Alert new Float(2.7818281828f); // don't flag: wrong constructor - Double.parseDouble("2.7818281828"); - Double.valueOf("2.7818281828"); - new Double("2.7818281828"); + Double.parseDouble("2.7818281828"); // $ Alert + Double.valueOf("2.7818281828"); // $ Alert + new Double("2.7818281828"); // $ Alert new Double(2.7818281828); // don't flag: wrong constructor } diff --git a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.qlref b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.qlref index c2db43d8953..a129d30287b 100644 --- a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.qlref +++ b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatch.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/PartiallyMaskedCatch.ql \ No newline at end of file +query: Likely Bugs/Statements/PartiallyMaskedCatch.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatchTest.java b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatchTest.java index 4debe220f25..b5423a3c731 100644 --- a/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatchTest.java +++ b/java/ql/test/query-tests/PartiallyMaskedCatch/PartiallyMaskedCatchTest.java @@ -13,7 +13,7 @@ public class PartiallyMaskedCatchTest { // reachable: ExceptionB is thrown by invocation of CloseableThing.doThing() } catch (ExceptionA e) { // reachable: ExceptionA is thrown by implicit invocation of CloseableThing.close() - } catch (IOException e) { + } catch (IOException e) { // $ Alert // unreachable: only more specific exceptions are thrown and caught by previous catch blocks } @@ -23,7 +23,7 @@ public class PartiallyMaskedCatchTest { // reachable: ExceptionB is thrown by invocation of CloseableThing.doThing() } catch (ExceptionA | RuntimeException e) { // reachable: ExceptionA is thrown by implicit invocation of CloseableThing.close() - } catch (IOException e) { + } catch (IOException e) { // $ Alert // unreachable: only more specific exceptions are thrown and caught by previous catch blocks } @@ -33,7 +33,7 @@ public class PartiallyMaskedCatchTest { // reachable: ExceptionB is thrown by invocation of CloseableThing.doThing() } catch (ExceptionA | IllegalArgumentException e) { // reachable: ExceptionA is thrown by implicit invocation of CloseableThing.close() - } catch (IOException | RuntimeException e) { + } catch (IOException | RuntimeException e) { // $ Alert // unreachable for type IOException: only more specific exceptions are thrown and caught by previous catch blocks } diff --git a/java/ql/test/query-tests/PointlessForwardingMethod/PointlessForwardingMethod.qlref b/java/ql/test/query-tests/PointlessForwardingMethod/PointlessForwardingMethod.qlref index 310c4a6ae3e..ad8cb0f399d 100644 --- a/java/ql/test/query-tests/PointlessForwardingMethod/PointlessForwardingMethod.qlref +++ b/java/ql/test/query-tests/PointlessForwardingMethod/PointlessForwardingMethod.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql +query: Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/PointlessForwardingMethod/pointlessforwardingmethod/Test.java b/java/ql/test/query-tests/PointlessForwardingMethod/pointlessforwardingmethod/Test.java index 4810a4cefcf..a71b7c7382d 100644 --- a/java/ql/test/query-tests/PointlessForwardingMethod/pointlessforwardingmethod/Test.java +++ b/java/ql/test/query-tests/PointlessForwardingMethod/pointlessforwardingmethod/Test.java @@ -6,7 +6,7 @@ public class Test { return x + one; } - int addOne(byte x) { + int addOne(byte x) { // $ Alert return addOne(x, 1); } diff --git a/java/ql/test/query-tests/PrintLnArray/PrintLn.qlref b/java/ql/test/query-tests/PrintLnArray/PrintLn.qlref index 476f3f42e6e..ccb0525d55e 100644 --- a/java/ql/test/query-tests/PrintLnArray/PrintLn.qlref +++ b/java/ql/test/query-tests/PrintLnArray/PrintLn.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Undesirable Calls/PrintLnArray.ql \ No newline at end of file +query: Violations of Best Practice/Undesirable Calls/PrintLnArray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/PrintLnArray/Test.java b/java/ql/test/query-tests/PrintLnArray/Test.java index 4890b892ce8..917091c21de 100644 --- a/java/ql/test/query-tests/PrintLnArray/Test.java +++ b/java/ql/test/query-tests/PrintLnArray/Test.java @@ -3,6 +3,6 @@ class Test { // OK: calls PrintStream.println(char[]) System.out.println(new char[] { 'H', 'i' }); // NOT OK: calls PrintStream.println(Object) - System.out.println(new byte[0]); + System.out.println(new byte[0]); // $ Alert } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/RandomUsedOnce/RandomUsedOnce.qlref b/java/ql/test/query-tests/RandomUsedOnce/RandomUsedOnce.qlref index fa212fc3548..9dd0dd1812b 100644 --- a/java/ql/test/query-tests/RandomUsedOnce/RandomUsedOnce.qlref +++ b/java/ql/test/query-tests/RandomUsedOnce/RandomUsedOnce.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/RandomUsedOnce.ql +query: Likely Bugs/Arithmetic/RandomUsedOnce.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/RandomUsedOnce/Test.java b/java/ql/test/query-tests/RandomUsedOnce/Test.java index 81ee1f0dd5a..d27779f6757 100644 --- a/java/ql/test/query-tests/RandomUsedOnce/Test.java +++ b/java/ql/test/query-tests/RandomUsedOnce/Test.java @@ -4,7 +4,7 @@ public class Test { public static void test() { - (new Random()).nextInt(); + (new Random()).nextInt(); // $ Alert } diff --git a/java/ql/test/query-tests/RangeAnalysis/A.java b/java/ql/test/query-tests/RangeAnalysis/A.java index b68de9beaa7..acd05fae9b8 100644 --- a/java/ql/test/query-tests/RangeAnalysis/A.java +++ b/java/ql/test/query-tests/RangeAnalysis/A.java @@ -16,14 +16,14 @@ public class A { void m1(int[] a) { int sum = 0; for (int i = 0; i <= a.length; i++) { - sum += a[i]; // Out of bounds + sum += a[i]; // $ Alert // Out of bounds } } void m2(int[] a) { int sum = 0; for (int i = 0; i < a.length; i += 2) { - sum += a[i] + a[i + 1]; // Out of bounds (unless len%2==0) + sum += a[i] + a[i + 1]; // $ Alert // Out of bounds (unless len%2==0) } } @@ -42,11 +42,11 @@ public class A { } for (int i = 0; i < arr2.length; ) { sum += arr2[i++]; // OK - sum += arr2[i++]; // OK - FP + sum += arr2[i++]; // $ Alert // OK - FP } for (int i = 0; i < arr3.length; ) { sum += arr3[i++]; // OK - sum += arr3[i++]; // OK - FP + sum += arr3[i++]; // $ Alert // OK - FP } int[] b; if (sum > 3) @@ -55,7 +55,7 @@ public class A { b = arr1; for (int i = 0; i < b.length; i++) { sum += b[i]; // OK - sum += b[++i]; // OK - FP + sum += b[++i]; // $ Alert // OK - FP } } @@ -86,7 +86,7 @@ public class A { int m6(int[] a, int ix) { if (ix < 0 || ix > a.length) return 0; - return a[ix]; // Out of bounds + return a[ix]; // $ Alert // Out of bounds } void m7() { @@ -97,7 +97,7 @@ public class A { sum += xs[i]; // OK sum += xs[j]; // OK if (i < j) - sum += xs[i + 11 - j]; // OK - FP + sum += xs[i + 11 - j]; // $ Alert // OK - FP else sum += xs[i - j]; // OK } @@ -110,8 +110,8 @@ public class A { int sum = 0; for (int i = 4; i < a.length; i += 3) { sum += a[i]; // OK - sum += a[i + 1]; // OK - FP - sum += a[i + 2]; // OK - FP + sum += a[i + 1]; // $ Alert // OK - FP + sum += a[i + 2]; // $ Alert // OK - FP } } @@ -122,7 +122,7 @@ public class A { if (i < 5) sum += a[i]; // OK else - sum += a[9 - i]; // OK - FP + sum += a[9 - i]; // $ Alert // OK - FP } } @@ -134,7 +134,7 @@ public class A { sum += a[i]; // OK for (int j = i + 1; j < len; j++) { sum += a[j]; // OK - sum += a[i + 1]; // OK - FP + sum += a[i + 1]; // $ Alert // OK - FP } } } @@ -182,7 +182,7 @@ public class A { void m14(int[] xs) { for (int i = 0; i < xs.length + 1; i++) { if (i == 0 && xs.length > 0) { - xs[i]++; // OK - FP + xs[i]++; // $ Alert // OK - FP } } } @@ -192,23 +192,23 @@ public class A { int x = ++i; int y = ++i; if (y < xs.length) { - xs[x]++; // OK - FP + xs[x]++; // $ Alert // OK - FP xs[y]++; // OK } } } static int m16() { - return A.arr1[(new Random()).nextInt(arr1.length + 1)] + // BAD: random int may be out of range + return A.arr1[(new Random()).nextInt(arr1.length + 1)] + // $ Alert // BAD: random int may be out of range A.arr1[(new Random()).nextInt(arr1.length)] + // GOOD: random int must be in range - A.arr1[RandomUtils.nextInt(0, arr1.length + 1)] + // BAD: random int may be out of range + A.arr1[RandomUtils.nextInt(0, arr1.length + 1)] + // $ Alert // BAD: random int may be out of range A.arr1[RandomUtils.nextInt(0, arr1.length)]; // GOOD: random int must be in range } int m17() { - return this.arr2[(new Random()).nextInt(arr2.length + 1)] + // BAD: random int may be out of range + return this.arr2[(new Random()).nextInt(arr2.length + 1)] + // $ Alert // BAD: random int may be out of range this.arr2[(new Random()).nextInt(arr2.length)] + // GOOD: random int must be in range - this.arr2[RandomUtils.nextInt(0, arr2.length + 1)] + // BAD: random int may be out of range + this.arr2[RandomUtils.nextInt(0, arr2.length + 1)] + // $ Alert // BAD: random int may be out of range this.arr2[RandomUtils.nextInt(0, arr2.length)]; // GOOD: random int must be in range } } diff --git a/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.qlref b/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.qlref index 439f2fd18de..a374970716f 100644 --- a/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.qlref +++ b/java/ql/test/query-tests/RangeAnalysis/ArrayIndexOutOfBounds.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +query: Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref b/java/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref index 2f4f5248a6b..623d63c7505 100644 --- a/java/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref +++ b/java/ql/test/query-tests/ReadOnlyContainer/ReadOnlyContainer.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/ReadOnlyContainer.ql \ No newline at end of file +query: Likely Bugs/Collections/ReadOnlyContainer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ReadOnlyContainer/Test.java b/java/ql/test/query-tests/ReadOnlyContainer/Test.java index f4e75501bc8..7eb11a5784c 100644 --- a/java/ql/test/query-tests/ReadOnlyContainer/Test.java +++ b/java/ql/test/query-tests/ReadOnlyContainer/Test.java @@ -2,7 +2,7 @@ import java.util.*; public class Test { boolean containsDuplicates(Object[] array) { - Set seen = new HashSet(); + Set seen = new HashSet(); // $ Alert for (Object o : array) { // should be flagged if (seen.contains(o)) @@ -65,7 +65,7 @@ public class Test { } List g() { - List bl = new ArrayList(); + List bl = new ArrayList(); // $ Alert // should be flagged bl.contains(false); return bl; @@ -81,4 +81,4 @@ public class Test { return sneakySet.contains(x); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref b/java/ql/test/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref index ef1dc964d95..ab13392ec55 100644 --- a/java/ql/test/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref +++ b/java/ql/test/query-tests/ReturnValueIgnored/ReturnValueIgnored.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/ReturnValueIgnored.ql \ No newline at end of file +query: Likely Bugs/Statements/ReturnValueIgnored.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/ReturnValueIgnored/return_value_ignored/Test.java b/java/ql/test/query-tests/ReturnValueIgnored/return_value_ignored/Test.java index 49ec7daf694..f736a12b764 100644 --- a/java/ql/test/query-tests/ReturnValueIgnored/return_value_ignored/Test.java +++ b/java/ql/test/query-tests/ReturnValueIgnored/return_value_ignored/Test.java @@ -38,7 +38,7 @@ public class Test implements I { foo = test3.getI(); foo = test1.getI(); foo = test2.getI(); - test3.getI(); + test3.getI(); // $ Alert // test setter; shouldn't flag last call Test test; @@ -86,6 +86,6 @@ public class Test implements I { t = s.trim(); t = s.trim(); t = s.trim(); - s.trim(); + s.trim(); // $ Alert } } diff --git a/java/ql/test/query-tests/SelfAssignment/SelfAssignment.qlref b/java/ql/test/query-tests/SelfAssignment/SelfAssignment.qlref index de3fdee7091..b56a4a66749 100644 --- a/java/ql/test/query-tests/SelfAssignment/SelfAssignment.qlref +++ b/java/ql/test/query-tests/SelfAssignment/SelfAssignment.qlref @@ -1 +1,2 @@ -Likely Bugs/Likely Typos/SelfAssignment.ql +query: Likely Bugs/Likely Typos/SelfAssignment.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/SelfAssignment/Test.java b/java/ql/test/query-tests/SelfAssignment/Test.java index 7b55fd4c1d0..2c89a4a49bf 100644 --- a/java/ql/test/query-tests/SelfAssignment/Test.java +++ b/java/ql/test/query-tests/SelfAssignment/Test.java @@ -3,7 +3,7 @@ class Outer { Outer(int x) { // NOT OK - x = x; + x = x; // $ Alert // OK this.x = x; } @@ -20,4 +20,4 @@ class Outer { // OK { x = Outer.this.x; } } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.java b/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.java index 7d425e96d80..612acaa5c7a 100644 --- a/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.java +++ b/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.java @@ -1,16 +1,16 @@ class Test { void f(boolean x, boolean y, Boolean a, Boolean b) { boolean w; - w = a == false; - w = x != true; - w = a ? false : b; - w = a ? true : false; - w = x ? y : true; + w = a == false; // $ Alert + w = x != true; // $ Alert + w = a ? false : b; // $ Alert + w = a ? true : false; // $ Alert + w = x ? y : true; // $ Alert } void g(int x, int y) { boolean w; - w = !(x > y); - w = !(x != y); + w = !(x > y); // $ Alert + w = !(x != y); // $ Alert } public Boolean getBool(int i) { if (i > 2) @@ -19,7 +19,7 @@ class Test { } public Boolean getBoolNPE(int i) { if (i > 2) - return i == 3 ? true : ((Boolean)null); // should be reported; both this and the simplified version have equal NPE behavior - return i == 1 ? false : ((Boolean)null); // should be reported; both this and the simplified version have equal NPE behavior + return i == 3 ? true : ((Boolean)null); // $ Alert // should be reported; both this and the simplified version have equal NPE behavior + return i == 1 ? false : ((Boolean)null); // $ Alert // should be reported; both this and the simplified version have equal NPE behavior } } diff --git a/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref b/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref index d071e989ebb..45d0db5559c 100644 --- a/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref +++ b/java/ql/test/query-tests/SimplifyBoolExpr/SimplifyBoolExpr.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql +query: Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/SpuriousJavadocParam/Test.java b/java/ql/test/query-tests/SpuriousJavadocParam/Test.java index d8891afb756..ca724cf468c 100644 --- a/java/ql/test/query-tests/SpuriousJavadocParam/Test.java +++ b/java/ql/test/query-tests/SpuriousJavadocParam/Test.java @@ -54,83 +54,83 @@ public class Test { protected void ok9(int...param){ } /** - * @param prameter typo + * @param prameter typo // $ Alert */ public void problem1(int parameter){ } /** - * @param Parameter capitalization + * @param Parameter capitalization // $ Alert */ public void problem2(int parameter){ } /** - * @param parameter unmatched + * @param parameter unmatched // $ Alert */ public void problem3(){ } /** * @param someOtherParameter matched - * @param parameter unmatched + * @param parameter unmatched // $ Alert */ public void problem4(int someOtherParameter){ } /** - * @param unmatched type parameter + * @param unmatched type parameter // $ Alert */ private T problem5(){ return null; } /** * @param matched type parameter - * @param

unmatched type parameter - * @param n unmatched normal parameter + * @param

unmatched type parameter // $ Alert + * @param n unmatched normal parameter // $ Alert */ private T problem6(V p){ return null; } /** * param with immediate newline - * @param + * @param // $ Alert */ protected void problem7(){ } /** * param without a value (followed by blanks) - * @param + * @param // $ Alert */ protected void problem8(){ } class SomeClass { /** * @param i exists - * @param k does not + * @param k does not // $ Alert */ SomeClass(int i, int j) {} } /** * @param exists - * @param T wrong syntax - * @param does not exist + * @param T wrong syntax // $ Alert + * @param does not exist // $ Alert */ class GenericClass {} /** * @param exists - * @param T wrong syntax - * @param does not exist + * @param T wrong syntax // $ Alert + * @param does not exist // $ Alert */ interface GenericInterface {} /** * @param i exists - * @param k does not + * @param k does not // $ Alert */ static record SomeRecord(int i, int j) {} /** * @param exists - * @param does not + * @param does not // $ Alert * @param i exists - * @param k does not + * @param k does not // $ Alert */ static record GenericRecord(int i, int j) {} } diff --git a/java/ql/test/query-tests/SpuriousJavadocParam/test.qlref b/java/ql/test/query-tests/SpuriousJavadocParam/test.qlref index 05f7231fe6b..85c1971658c 100644 --- a/java/ql/test/query-tests/SpuriousJavadocParam/test.qlref +++ b/java/ql/test/query-tests/SpuriousJavadocParam/test.qlref @@ -1 +1,2 @@ -Advisory/Documentation/SpuriousJavadocParam.ql +query: Advisory/Documentation/SpuriousJavadocParam.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StartInConstructor/StartInConstructor.qlref b/java/ql/test/query-tests/StartInConstructor/StartInConstructor.qlref index 2f16c25c1ee..e27b98e9e72 100644 --- a/java/ql/test/query-tests/StartInConstructor/StartInConstructor.qlref +++ b/java/ql/test/query-tests/StartInConstructor/StartInConstructor.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/StartInConstructor.ql +query: Likely Bugs/Concurrency/StartInConstructor.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StartInConstructor/Test.java b/java/ql/test/query-tests/StartInConstructor/Test.java index ae8148af787..58883af4ede 100644 --- a/java/ql/test/query-tests/StartInConstructor/Test.java +++ b/java/ql/test/query-tests/StartInConstructor/Test.java @@ -6,7 +6,7 @@ public class Test { public Test() { myThread = new Thread("myThread"); // BAD - myThread.start(); + myThread.start(); // $ Alert } public static final class Final { diff --git a/java/ql/test/query-tests/StaticArray/StaticArray.java b/java/ql/test/query-tests/StaticArray/StaticArray.java index 362d6fefcef..b24fa5526b1 100644 --- a/java/ql/test/query-tests/StaticArray/StaticArray.java +++ b/java/ql/test/query-tests/StaticArray/StaticArray.java @@ -1,6 +1,6 @@ class StaticArray { - public static final int[] bad = new int[42]; //NOT OK + public static final int[] bad = new int[42]; // $ Alert //NOT OK protected static final int[] good_protected = new int[42]; //OK (protected arrays are ok) /* default */ static final int[] good_default = new int[42]; //OK (default access arrays are ok) @@ -11,10 +11,10 @@ class StaticArray public /* final */ static int[] good_nonfinal = new int[42]; //OK (non-final arrays are ok) public static final Object good_not_array = new int[42]; //OK (non-arrays are ok) - public static final int[][][] bad_multidimensional = new int[42][42][42]; //NOT OK - public static final int[][][] bad_multidimensional_partial_init = new int[42][][]; //NOT OK + public static final int[][][] bad_multidimensional = new int[42][42][42]; // $ Alert //NOT OK + public static final int[][][] bad_multidimensional_partial_init = new int[42][][]; // $ Alert //NOT OK - public static final int[] bad_separate_init; //NOT OK + public static final int[] bad_separate_init; // $ Alert //NOT OK static { bad_separate_init = new int[42]; @@ -23,6 +23,6 @@ class StaticArray public static final int[] good_empty = new int[0]; //OK (empty array creation) public static final int[] good_empty2 = {}; //OK (empty array literal) public static final int[][] good_empty_multidimensional = new int[0][42]; //OK (empty array) - public static final int[][] bad_nonempty = { {} }; //NOT OK (first dimension is 1, so not empty) + public static final int[][] bad_nonempty = { {} }; // $ Alert //NOT OK (first dimension is 1, so not empty) } diff --git a/java/ql/test/query-tests/StaticArray/StaticArray.qlref b/java/ql/test/query-tests/StaticArray/StaticArray.qlref index 1c28ac13a16..f0cae39a882 100644 --- a/java/ql/test/query-tests/StaticArray/StaticArray.qlref +++ b/java/ql/test/query-tests/StaticArray/StaticArray.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Implementation Hiding/StaticArray.ql \ No newline at end of file +query: Violations of Best Practice/Implementation Hiding/StaticArray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StringComparison/StringComparison.java b/java/ql/test/query-tests/StringComparison/StringComparison.java index e777b75a3f1..f1156a3e706 100644 --- a/java/ql/test/query-tests/StringComparison/StringComparison.java +++ b/java/ql/test/query-tests/StringComparison/StringComparison.java @@ -20,13 +20,13 @@ class StringComparison { if("".equals(variable)) return; // NOT OK - if("" == variable) + if("" == variable) // $ Alert return; // NOT OK - if("" == param) + if("" == param) // $ Alert return; // NOT OK - if("" == variable2) + if("" == variable2) // $ Alert return; } } diff --git a/java/ql/test/query-tests/StringComparison/StringComparison.qlref b/java/ql/test/query-tests/StringComparison/StringComparison.qlref index a50debd9378..ecf6c270f7e 100644 --- a/java/ql/test/query-tests/StringComparison/StringComparison.qlref +++ b/java/ql/test/query-tests/StringComparison/StringComparison.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/StringComparison.ql \ No newline at end of file +query: Likely Bugs/Comparison/StringComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StringFormat/A.java b/java/ql/test/query-tests/StringFormat/A.java index ff87290bcc9..88d651c8725 100644 --- a/java/ql/test/query-tests/StringFormat/A.java +++ b/java/ql/test/query-tests/StringFormat/A.java @@ -6,28 +6,28 @@ import java.io.File; public class A { void f_string() { - String.format("%s%s", ""); // missing + String.format("%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void f_formatter(Formatter x) { - x.format("%s%s", ""); // missing + x.format("%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void f_printstream(PrintStream x) { - x.format("%s%s", ""); // missing - x.printf("%s%s", ""); // missing + x.format("%s%s", ""); // $ Alert[java/missing-format-argument] // missing + x.printf("%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void f_printwriter(PrintWriter x) { - x.format("%s%s", ""); // missing - x.printf("%s%s", ""); // missing + x.format("%s%s", ""); // $ Alert[java/missing-format-argument] // missing + x.printf("%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void f_console(Console x) { - x.format("%s%s", ""); // missing - x.printf("%s%s", ""); // missing - x.readLine("%s%s", ""); // missing - x.readPassword("%s%s", ""); // missing + x.format("%s%s", ""); // $ Alert[java/missing-format-argument] // missing + x.printf("%s%s", ""); // $ Alert[java/missing-format-argument] // missing + x.readLine("%s%s", ""); // $ Alert[java/missing-format-argument] // missing + x.readPassword("%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void custom_format(Object o, String fmt, Object... args) { @@ -35,20 +35,20 @@ public class A { } void f_wrapper() { - custom_format(new Object(), "%s%s", ""); // missing + custom_format(new Object(), "%s%s", ""); // $ Alert[java/missing-format-argument] // missing } void f() { - String.format("%s", "", ""); // unused - String.format("s", ""); // unused - String.format("%2$s %2$s", "", ""); // unused + String.format("%s", "", ""); // $ Alert[java/unused-format-argument] // unused + String.format("s", ""); // $ Alert[java/unused-format-argument] // unused + String.format("%2$s %2$s", "", ""); // $ Alert[java/unused-format-argument] // unused String.format("%2$s %1$s", "", ""); // ok - String.format("%2$s %s", ""); // missing - String.format("%s% { T t; void test(String s) { - t.equals(s); + t.equals(s); // $ Alert[java/equals-on-unrelated-types] t.equals(this); } } diff --git a/java/ql/test/query-tests/TypeMismatch/incomparable_equals/F.java b/java/ql/test/query-tests/TypeMismatch/incomparable_equals/F.java index 52c41537437..a87667dd9d4 100644 --- a/java/ql/test/query-tests/TypeMismatch/incomparable_equals/F.java +++ b/java/ql/test/query-tests/TypeMismatch/incomparable_equals/F.java @@ -2,6 +2,6 @@ package incomparable_equals; public class F { void m(int[] l, int[][] r) { - l.equals(r); + l.equals(r); // $ Alert[java/equals-on-unrelated-types] } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/TypeMismatch/remove_type_mismatch/A.java b/java/ql/test/query-tests/TypeMismatch/remove_type_mismatch/A.java index 92b369da370..1dd72e43240 100644 --- a/java/ql/test/query-tests/TypeMismatch/remove_type_mismatch/A.java +++ b/java/ql/test/query-tests/TypeMismatch/remove_type_mismatch/A.java @@ -4,12 +4,12 @@ import java.util.Collection; public class A { void test1(Collection c, String s, StringBuffer b) { - c.remove(s); + c.remove(s); // $ Alert[java/type-mismatch-modification] c.remove(b); } void test2(Collection c, A a, String b) { - c.remove(a); + c.remove(a); // $ Alert[java/type-mismatch-modification] c.remove(b); } } @@ -20,7 +20,7 @@ class TestB { Collection coll2 = null; Collection coll3; { - coll3.remove(""); + coll3.remove(""); // $ Alert[java/type-mismatch-modification] } } @@ -30,7 +30,7 @@ class MyIntList extends java.util.LinkedList { class TestC { MyIntList mil; { - mil.remove(""); + mil.remove(""); // $ Alert[java/type-mismatch-modification] } } @@ -40,6 +40,6 @@ class MyOtherIntList extends java.util.LinkedList { class TestD { MyOtherIntList moil; { - moil.remove(""); + moil.remove(""); // $ Alert[java/type-mismatch-modification] } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/UnreadLocal/A.java b/java/ql/test/query-tests/UnreadLocal/A.java index 5591df08634..928de6cd48c 100644 --- a/java/ql/test/query-tests/UnreadLocal/A.java +++ b/java/ql/test/query-tests/UnreadLocal/A.java @@ -26,18 +26,18 @@ public class A { public void ex2() { for (int i = 0; i < 5; i++) { int x = 42; - x = x + 3; // DEAD + x = x + 3; // $ Alert[java/useless-assignment-to-local] // DEAD } } public int ex3(int param) { - param += 3; // DEAD + param += 3; // $ Alert[java/overwritten-assignment-to-local] // DEAD param = 4; int x = 7; - ++x; // DEAD + ++x; // $ Alert[java/overwritten-assignment-to-local] // DEAD x = 10; int y = 5; - y = (++y) + 5; // DEAD (++y) + y = (++y) + 5; // $ Alert[java/overwritten-assignment-to-local] // DEAD (++y) return x + y + param; } @@ -52,7 +52,7 @@ public class A { } int x; try { - x = 5; // DEAD + x = 5; // $ Alert[java/overwritten-assignment-to-local] // DEAD ex3(0); x = 7; ex3(x); @@ -61,7 +61,7 @@ public class A { boolean valid; try { if (ex3(4) > 4) { - valid = false; // DEAD + valid = false; // $ Alert[java/overwritten-assignment-to-local] // DEAD } ex3(0); valid = true; diff --git a/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocal.qlref b/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocal.qlref index ece72e5295b..86820a14122 100644 --- a/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocal.qlref +++ b/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocal.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql +query: Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocalUnread.qlref b/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocalUnread.qlref index c3fbaae6b81..81c434f6606 100644 --- a/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocalUnread.qlref +++ b/java/ql/test/query-tests/UnreadLocal/DeadStoreOfLocalUnread.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/DeadStoreOfLocalUnread.ql +query: Violations of Best Practice/Dead Code/DeadStoreOfLocalUnread.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UnreadLocal/UnreadLocal.qlref b/java/ql/test/query-tests/UnreadLocal/UnreadLocal.qlref index 5a77117711e..dc6fb57ca6a 100644 --- a/java/ql/test/query-tests/UnreadLocal/UnreadLocal.qlref +++ b/java/ql/test/query-tests/UnreadLocal/UnreadLocal.qlref @@ -1 +1,2 @@ -Violations of Best Practice/Dead Code/UnreadLocal.ql +query: Violations of Best Practice/Dead Code/UnreadLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UnreadLocal/UnreadLocal/ImplicitReads.java b/java/ql/test/query-tests/UnreadLocal/UnreadLocal/ImplicitReads.java index bd87047a086..236b97562f7 100644 --- a/java/ql/test/query-tests/UnreadLocal/UnreadLocal/ImplicitReads.java +++ b/java/ql/test/query-tests/UnreadLocal/UnreadLocal/ImplicitReads.java @@ -35,7 +35,7 @@ public class ImplicitReads System.out.println("test"); } // Assignment is useless - c = b; + c = b; // $ Alert[java/useless-assignment-to-local] // Not flagged due to implicit read in implicit finally block try(B d = b) {} } diff --git a/java/ql/test/query-tests/UnreadLocal/UnreadLocal/UnreadLocals.java b/java/ql/test/query-tests/UnreadLocal/UnreadLocal/UnreadLocals.java index 305b3947de6..5b2168b79d3 100644 --- a/java/ql/test/query-tests/UnreadLocal/UnreadLocal/UnreadLocals.java +++ b/java/ql/test/query-tests/UnreadLocal/UnreadLocal/UnreadLocals.java @@ -14,13 +14,13 @@ public class UnreadLocals public UnreadLocals () { - int alpha = 2; + int alpha = 2; // $ Alert[java/local-variable-is-never-read] int _beta = 4; this.alpha = 3; beta = _beta; Something something1 = new Something(); - Something something2 = new Something(); + Something something2 = new Something(); // $ Alert[java/local-variable-is-never-read] something = something1; diff --git a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java index 2aadb5044be..4b97a239be4 100644 --- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java +++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java @@ -12,7 +12,7 @@ class Test { MyLock mylock = new MyLock(); void bad1() { - mylock.lock(); + mylock.lock(); // $ Alert f(); mylock.unlock(); } @@ -27,7 +27,7 @@ class Test { } void bad3() { - mylock.lock(); + mylock.lock(); // $ Alert f(); try { g(); @@ -37,7 +37,7 @@ class Test { } void bad4() { - mylock.lock(); + mylock.lock(); // $ Alert try { f(); } finally { @@ -47,7 +47,7 @@ class Test { } void bad5(boolean lockmore) { - mylock.lock(); + mylock.lock(); // $ Alert try { f(); if (lockmore) { @@ -69,7 +69,7 @@ class Test { } void bad7() { - if (!mylock.tryLock()) { return; } + if (!mylock.tryLock()) { return; } // $ Alert f(); mylock.unlock(); } @@ -111,7 +111,7 @@ class Test { void bad10() { boolean locked = false; try { - locked = mylock.tryLock(); + locked = mylock.tryLock(); // $ Alert if (!locked) { return; } } finally { if (locked) { diff --git a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.qlref b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.qlref index 34ea40ac566..37dfff0e946 100644 --- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.qlref +++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.qlref @@ -1 +1,2 @@ -Likely Bugs/Concurrency/UnreleasedLock.ql +query: Likely Bugs/Concurrency/UnreleasedLock.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UseBraces/UseBraces.java b/java/ql/test/query-tests/UseBraces/UseBraces.java index 756050b2c44..0177d68571e 100644 --- a/java/ql/test/query-tests/UseBraces/UseBraces.java +++ b/java/ql/test/query-tests/UseBraces/UseBraces.java @@ -25,11 +25,11 @@ class UseBraces g(); // No alert if(1==1) - f(); + f(); // $ Alert g(); // Alert if(1==1) - f(); g(); // Alert + f(); g(); // $ Alert // Alert // If-then-else statement @@ -55,7 +55,7 @@ class UseBraces f(); } else - f(); + f(); // $ Alert g(); // Alert if(true) @@ -63,7 +63,7 @@ class UseBraces f(); } else - f(); g(); // Alert + f(); g(); // $ Alert // Alert // While statement @@ -79,12 +79,12 @@ class UseBraces g(); while(bb ) - f(); + f(); // $ Alert g(); // Alert g(); // No alert while(bb ) - f(); g(); // Alert + f(); g(); // $ Alert // Alert while(bb) @@ -109,11 +109,11 @@ class UseBraces g(); for(int i=0; i<10; ++i) - f(); + f(); // $ Alert g(); // Alert for(int i=0; i<10; ++i) - f(); g(); // Alert + f(); g(); // $ Alert // Alert // Foreach statement @@ -129,11 +129,11 @@ class UseBraces f(); for( int b : branches) - f(); + f(); // $ Alert g(); // Alert for( int b : branches) - f(); g(); // Alert + f(); g(); // $ Alert // Alert // Nested ifs if( true ) @@ -142,7 +142,7 @@ class UseBraces g(); // No alert if( true ) - if(false) + if(false) // $ Alert f(); g(); // Alert @@ -163,7 +163,7 @@ class UseBraces if( true ) ; else if (false) - f(); + f(); // $ Alert g(); // Alert // Nested combinations @@ -173,7 +173,7 @@ class UseBraces g(); // No alert if (true) - while (x<10) + while (x<10) // $ Alert f(); g(); // Alert @@ -183,7 +183,7 @@ class UseBraces g(); // No alert while (x<10) - if (true) + if (true) // $ Alert f(); g(); // Alert diff --git a/java/ql/test/query-tests/UseBraces/UseBraces.qlref b/java/ql/test/query-tests/UseBraces/UseBraces.qlref index 5d1d4a06388..e89389461d7 100644 --- a/java/ql/test/query-tests/UseBraces/UseBraces.qlref +++ b/java/ql/test/query-tests/UseBraces/UseBraces.qlref @@ -1 +1,2 @@ -Likely Bugs/Statements/UseBraces.ql +query: Likely Bugs/Statements/UseBraces.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UselessComparisonTest/A.java b/java/ql/test/query-tests/UselessComparisonTest/A.java index abc525ff20d..a7689b49c52 100644 --- a/java/ql/test/query-tests/UselessComparisonTest/A.java +++ b/java/ql/test/query-tests/UselessComparisonTest/A.java @@ -12,35 +12,35 @@ public class A { x++; if (x - 1 == 2) return; x--; - if (x >= 2) unreachable(); // useless test + if (x >= 2) unreachable(); // $ Alert // useless test } if (y > 0) { int z = (x >= 0) ? x : y; - if (z < 0) unreachable(); // useless test + if (z < 0) unreachable(); // $ Alert // useless test } int k; while ((k = getInt()) >= 0) { - if (k < 0) unreachable(); // useless test + if (k < 0) unreachable(); // $ Alert // useless test } if (x > 0) { int z = x & y; - if (!(z <= x)) unreachable(); // useless test + if (!(z <= x)) unreachable(); // $ Alert // useless test } if (x % 2 == 0) { for (int i = 0; i < x; i+=2) { - if (i + 1 >= x) unreachable(); // useless test + if (i + 1 >= x) unreachable(); // $ Alert // useless test } } int r = new Random().nextInt(x); - if (r >= x) unreachable(); // useless test + if (r >= x) unreachable(); // $ Alert // useless test - if (x > Math.max(x, y)) unreachable(); // useless test - if (x < Math.min(x, y)) unreachable(); // useless test + if (x > Math.max(x, y)) unreachable(); // $ Alert // useless test + if (x < Math.min(x, y)) unreachable(); // $ Alert // useless test int w; if (x > 7) { @@ -52,17 +52,17 @@ public class A { } w--; w -= 2; - if (w <= 5) unreachable(); // useless test + if (w <= 5) unreachable(); // $ Alert // useless test while ((w--) > 0) { - if (w < 0) unreachable(); // useless test + if (w < 0) unreachable(); // $ Alert // useless test } - if (w != -1) unreachable(); // useless test + if (w != -1) unreachable(); // $ Alert // useless test if (x > 20) { int i; for (i = x; i > 0; i--) { } - if (i != 0) unreachable(); // useless test + if (i != 0) unreachable(); // $ Alert // useless test } if (getInt() > 0) { @@ -73,7 +73,7 @@ public class A { } else { if (z >= 4) return; } - if (z >= 4) unreachable(); // useless test + if (z >= 4) unreachable(); // $ Alert // useless test } int length = getInt(); @@ -81,11 +81,11 @@ public class A { int cnt = getInt(); length -= cnt; } - for (int i = 0; i < length; ++i) { } // useless test + for (int i = 0; i < length; ++i) { } // $ Alert // useless test int b = getInt(); if (b > 4) b = 8; - if (b > 8) unreachable(); // useless test + if (b > 8) unreachable(); // $ Alert // useless test int sz = getInt(); if (0 < x && x < sz) { diff --git a/java/ql/test/query-tests/UselessComparisonTest/CharLiterals.java b/java/ql/test/query-tests/UselessComparisonTest/CharLiterals.java index ac90e911ca6..90d8ee0b883 100644 --- a/java/ql/test/query-tests/UselessComparisonTest/CharLiterals.java +++ b/java/ql/test/query-tests/UselessComparisonTest/CharLiterals.java @@ -1,7 +1,7 @@ public class CharLiterals { public static boolean redundantSurrogateRange(char c) { if(c >= '\uda00') { - if(c >= '\ud900') { + if(c >= '\ud900') { // $ Alert return true; } } @@ -19,7 +19,7 @@ public class CharLiterals { public static boolean redundantNonSurrogateRange(char c) { if(c >= 'b') { - if(c >= 'a') { + if(c >= 'a') { // $ Alert return true; } } @@ -39,7 +39,7 @@ public class CharLiterals { if(c == '\uda00') { return true; } - else if(c == '\uda00') { + else if(c == '\uda00') { // $ Alert return true; } return false; @@ -59,7 +59,7 @@ public class CharLiterals { if(c == 'a') { return true; } - else if(c == 'a') { + else if(c == 'a') { // $ Alert return true; } return false; diff --git a/java/ql/test/query-tests/UselessComparisonTest/Test.java b/java/ql/test/query-tests/UselessComparisonTest/Test.java index eafac84dea5..a4c8e31706f 100644 --- a/java/ql/test/query-tests/UselessComparisonTest/Test.java +++ b/java/ql/test/query-tests/UselessComparisonTest/Test.java @@ -6,28 +6,28 @@ class Test { throw new Error(); } int y = 0; - if (x >= 0) y++; // useless test due to test in line 5 being false - if (z >= 0) y++; // useless test due to test in line 5 being false + if (x >= 0) y++; // $ Alert // useless test due to test in line 5 being false + if (z >= 0) y++; // $ Alert // useless test due to test in line 5 being false while(x >= 0) { if (y < 10) { z++; - if (y == 15) z++; // useless test due to test in line 12 being true + if (y == 15) z++; // $ Alert // useless test due to test in line 12 being true y++; z--; - } else if (y > 7) { // useless test due to test in line 12 being false + } else if (y > 7) { // $ Alert // useless test due to test in line 12 being false y--; } - if (!(y != 5) && z >= 0) { // z >= 0 is always true due to line 5 (and z being increasing) - int w = y < 3 ? 0 : 1; // useless test due to test in line 20 being true + if (!(y != 5) && z >= 0) { // $ Alert // z >= 0 is always true due to line 5 (and z being increasing) + int w = y < 3 ? 0 : 1; // $ Alert // useless test due to test in line 20 being true } x--; } } void test2(int x) { if (x != 0) { - int w = x == 0 ? 1 : 2; // useless test due to test in line 27 being true + int w = x == 0 ? 1 : 2; // $ Alert // useless test due to test in line 27 being true x--; - } else if (x == 0) { // useless test due to test in line 27 being false + } else if (x == 0) { // $ Alert // useless test due to test in line 27 being false x++; } } diff --git a/java/ql/test/query-tests/UselessComparisonTest/UselessComparisonTest.qlref b/java/ql/test/query-tests/UselessComparisonTest/UselessComparisonTest.qlref index d567af5db1b..fc8aaa7ab6f 100644 --- a/java/ql/test/query-tests/UselessComparisonTest/UselessComparisonTest.qlref +++ b/java/ql/test/query-tests/UselessComparisonTest/UselessComparisonTest.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/UselessComparisonTest.ql +query: Likely Bugs/Comparison/UselessComparisonTest.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UselessNullCheck/A.java b/java/ql/test/query-tests/UselessNullCheck/A.java index 009f5efadd3..232534c0e7f 100644 --- a/java/ql/test/query-tests/UselessNullCheck/A.java +++ b/java/ql/test/query-tests/UselessNullCheck/A.java @@ -1,12 +1,12 @@ public class A { void f() { Object o = new Object(); - if (o == null) { } // Useless check - if (o != null) { } // Useless check + if (o == null) { } // $ Alert // Useless check + if (o != null) { } // $ Alert // Useless check try { new Object(); } catch(Exception e) { - if (e == null) { // Useless check + if (e == null) { // $ Alert // Useless check throw new Error(); } } @@ -15,7 +15,7 @@ public class A { void g(Object o) { if (o instanceof A) { A a = (A)o; - if (a != null) { // Useless check + if (a != null) { // $ Alert // Useless check throw new Error(); } } @@ -28,7 +28,7 @@ public class A { I h() { final A x = this; return () -> { - if (x != null) { // Useless check + if (x != null) { // $ Alert // Useless check return x; } return new A(); @@ -37,9 +37,9 @@ public class A { Object f2(Object x) { if (x == null) { - return this != null ? this : null; // Useless check + return this != null ? this : null; // $ Alert // Useless check } - if (x != null) { // Useless check + if (x != null) { // $ Alert // Useless check return x; } return null; @@ -49,7 +49,7 @@ public class A { public void ex12() { finalObj.hashCode(); - if (finalObj != null) { // Useless check + if (finalObj != null) { // $ Alert // Useless check finalObj.hashCode(); } } diff --git a/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.qlref b/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.qlref index 8b5a095d396..68c4adcf428 100644 --- a/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.qlref +++ b/java/ql/test/query-tests/UselessNullCheck/UselessNullCheck.qlref @@ -1 +1,2 @@ -Language Abuse/UselessNullCheck.ql +query: Language Abuse/UselessNullCheck.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/UselessUpcast/Test.java b/java/ql/test/query-tests/UselessUpcast/Test.java index 497957da5f7..68debb06029 100644 --- a/java/ql/test/query-tests/UselessUpcast/Test.java +++ b/java/ql/test/query-tests/UselessUpcast/Test.java @@ -18,11 +18,11 @@ class Test extends TestSuper { // OK new Test((Super)s); // NOT OK - Super o = (Super)s; + Super o = (Super)s; // $ Alert // OK foo((Super)s); // NOT OK - bar((Super)s); + bar((Super)s); // $ Alert // OK baz((Super)s); // OK @@ -37,4 +37,4 @@ class Test extends TestSuper { void bar(Super o) {} void baz(Super o) {} -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/UselessUpcast/Test2.java b/java/ql/test/query-tests/UselessUpcast/Test2.java index 0ae86ec7923..c1c884b5b00 100644 --- a/java/ql/test/query-tests/UselessUpcast/Test2.java +++ b/java/ql/test/query-tests/UselessUpcast/Test2.java @@ -5,7 +5,7 @@ public class Test2 { public static void main(Sub[] args) { Map m = new HashMap<>(); Sub k = null, v = null; - m.put(k, (Super) v); + m.put(k, (Super) v); // $ Alert m.put(k, v); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/UselessUpcast/UselessUpcast.qlref b/java/ql/test/query-tests/UselessUpcast/UselessUpcast.qlref index f0a49b78b14..d48a3f98942 100644 --- a/java/ql/test/query-tests/UselessUpcast/UselessUpcast.qlref +++ b/java/ql/test/query-tests/UselessUpcast/UselessUpcast.qlref @@ -1 +1,2 @@ -Language Abuse/UselessUpcast.ql \ No newline at end of file +query: Language Abuse/UselessUpcast.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.java b/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.java index db76f4f7355..227f04137d5 100644 --- a/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.java +++ b/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.java @@ -1,6 +1,6 @@ public class WhitespaceContradictsPrecedence { int bad(int x) { - return x + x>>1; + return x + x>>1; // $ Alert } int ok1(int x) { @@ -26,4 +26,4 @@ public class WhitespaceContradictsPrecedence { int ok6(int x) { return x + x>> 1; } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref b/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref index e8331b4132f..470fdcfe273 100644 --- a/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref +++ b/java/ql/test/query-tests/WhitespaceContradictsPrecedence/WhitespaceContradictsPrecedence.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/WriteOnlyContainer/CollectionTest.java b/java/ql/test/query-tests/WriteOnlyContainer/CollectionTest.java index f6dced779fa..2f57771ceae 100644 --- a/java/ql/test/query-tests/WriteOnlyContainer/CollectionTest.java +++ b/java/ql/test/query-tests/WriteOnlyContainer/CollectionTest.java @@ -35,7 +35,7 @@ public class CollectionTest { } // should be flagged - private List useless = new ArrayList(); + private List useless = new ArrayList(); // $ Alert { useless.add(23); useless.remove(0); @@ -49,4 +49,4 @@ public class CollectionTest { @interface MyReflectionAnnotation {} @MyReflectionAnnotation private List l8 = new ArrayList(); -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/WriteOnlyContainer/MapTest.java b/java/ql/test/query-tests/WriteOnlyContainer/MapTest.java index 201b7134af5..ee7071513c0 100644 --- a/java/ql/test/query-tests/WriteOnlyContainer/MapTest.java +++ b/java/ql/test/query-tests/WriteOnlyContainer/MapTest.java @@ -35,7 +35,7 @@ public class MapTest { } // should be flagged - private Map useless = new HashMap(); + private Map useless = new HashMap(); // $ Alert { useless.put("hello", 23); useless.remove("hello"); @@ -49,4 +49,4 @@ public class MapTest { @interface MyReflectionAnnotation {} @MyReflectionAnnotation private Map l8 = new HashMap(); -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref b/java/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref index fc4d4c2a39b..9d2057a3d37 100644 --- a/java/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref +++ b/java/ql/test/query-tests/WriteOnlyContainer/WriteOnlyContainer.qlref @@ -1 +1,2 @@ -Likely Bugs/Collections/WriteOnlyContainer.ql \ No newline at end of file +query: Likely Bugs/Collections/WriteOnlyContainer.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/WrongNanComparison/Test.java b/java/ql/test/query-tests/WrongNanComparison/Test.java index 23091818412..3bf6a12fd40 100644 --- a/java/ql/test/query-tests/WrongNanComparison/Test.java +++ b/java/ql/test/query-tests/WrongNanComparison/Test.java @@ -1,6 +1,6 @@ class Test { void f(double x, float y) { - if (x == Double.NaN) return; - if (y == Float.NaN) return; + if (x == Double.NaN) return; // $ Alert + if (y == Float.NaN) return; // $ Alert } } diff --git a/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.qlref b/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.qlref index 09e54ee1c1e..f22a5654255 100644 --- a/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.qlref +++ b/java/ql/test/query-tests/WrongNanComparison/WrongNanComparison.qlref @@ -1 +1,2 @@ -Likely Bugs/Comparison/WrongNanComparison.ql +query: Likely Bugs/Comparison/WrongNanComparison.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadCallable/DeadCallable.qlref b/java/ql/test/query-tests/dead-code/DeadCallable/DeadCallable.qlref index 76204a1df5a..743a5f15775 100644 --- a/java/ql/test/query-tests/dead-code/DeadCallable/DeadCallable.qlref +++ b/java/ql/test/query-tests/dead-code/DeadCallable/DeadCallable.qlref @@ -1 +1,2 @@ -DeadCode/DeadMethod.ql +query: DeadCode/DeadMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadCallable/Main.java b/java/ql/test/query-tests/dead-code/DeadCallable/Main.java index 46153987d9a..55de2248270 100644 --- a/java/ql/test/query-tests/dead-code/DeadCallable/Main.java +++ b/java/ql/test/query-tests/dead-code/DeadCallable/Main.java @@ -1,17 +1,17 @@ -public class Main { +public class Main { // $ Alert private static String ss = "a"; private static String ss2 = "b"; private final String is = "a"; private final String is2 = "b"; - private void unused() { + private void unused() { // $ Alert indirectlyUnused(); } - private void indirectlyUnused() {} + private void indirectlyUnused() {} // $ Alert - private void foo() { bar(); } - private void bar() { foo(); } + private void foo() { bar(); } // $ Alert + private void bar() { foo(); } // $ Alert public static void main(String[] args) {} } diff --git a/java/ql/test/query-tests/dead-code/DeadClass/DeadClass.qlref b/java/ql/test/query-tests/dead-code/DeadClass/DeadClass.qlref index d726e7e0849..b94832ebfca 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/DeadClass.qlref +++ b/java/ql/test/query-tests/dead-code/DeadClass/DeadClass.qlref @@ -1 +1,2 @@ -DeadCode/DeadClass.ql +query: DeadCode/DeadClass.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadClass/DeadEnumTest.java b/java/ql/test/query-tests/dead-code/DeadClass/DeadEnumTest.java index 7e760a16e42..3163bb14dff 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/DeadEnumTest.java +++ b/java/ql/test/query-tests/dead-code/DeadClass/DeadEnumTest.java @@ -1,5 +1,5 @@ public class DeadEnumTest { - public enum DeadEnum { + public enum DeadEnum { // $ Alert A } diff --git a/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadCodeCycle.java b/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadCodeCycle.java index ab6fab276ff..40f661e602b 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadCodeCycle.java +++ b/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadCodeCycle.java @@ -5,7 +5,7 @@ public class ExternalDeadCodeCycle { * This class should be marked as being only used from a dead code cycle, because the dead-code * cycle is external to the class. */ - public static class DeadClass { + public static class DeadClass { // $ Alert public static void deadMethod() { } } diff --git a/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadRoot.java b/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadRoot.java index e239e2bbec8..dbdec26093d 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadRoot.java +++ b/java/ql/test/query-tests/dead-code/DeadClass/ExternalDeadRoot.java @@ -5,7 +5,7 @@ public class ExternalDeadRoot { * This class should be marked as only being used by the "outerDeadRoot()". The * "innerDeadRoot()" should not be reported as a dead root, as it is internal to the class. */ - public static class DeadClass { + public static class DeadClass { // $ Alert public static void innerDeadRoot() { } diff --git a/java/ql/test/query-tests/dead-code/DeadClass/InternalDeadCodeCycle.java b/java/ql/test/query-tests/dead-code/DeadClass/InternalDeadCodeCycle.java index 94079d6198c..cd0028d3a16 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/InternalDeadCodeCycle.java +++ b/java/ql/test/query-tests/dead-code/DeadClass/InternalDeadCodeCycle.java @@ -1,7 +1,7 @@ /** * This class should be marked as entirely unused. */ -public class InternalDeadCodeCycle { +public class InternalDeadCodeCycle { // $ Alert public void foo() { bar(); diff --git a/java/ql/test/query-tests/dead-code/DeadClass/NamespaceTest.java b/java/ql/test/query-tests/dead-code/DeadClass/NamespaceTest.java index f0ae44f2bf7..12b7f547aee 100644 --- a/java/ql/test/query-tests/dead-code/DeadClass/NamespaceTest.java +++ b/java/ql/test/query-tests/dead-code/DeadClass/NamespaceTest.java @@ -32,7 +32,7 @@ public class NamespaceTest { * This class is not a namespace class, because it has an instance method. The nested live class * should not make the NonNamespaceClass live. */ - public static class NonNamespaceClass { + public static class NonNamespaceClass { // $ Alert public static class LiveInnerClass2 { } diff --git a/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstant.qlref b/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstant.qlref index 45725063f34..7e720934da4 100644 --- a/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstant.qlref +++ b/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstant.qlref @@ -1 +1,2 @@ -DeadCode/DeadEnumConstant.ql +query: DeadCode/DeadEnumConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstantTest.java b/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstantTest.java index ef6b2686b75..3e16c5305e4 100644 --- a/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstantTest.java +++ b/java/ql/test/query-tests/dead-code/DeadEnumConstant/DeadEnumConstantTest.java @@ -5,8 +5,8 @@ public class DeadEnumConstantTest { public @interface MyAnnotation{}; public static enum E1{ - unused1, - unused2, + unused1, // $ Alert + unused2, // $ Alert @MyAnnotation ok1, // constants with reflective annotations should be ignored diff --git a/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueTest.java b/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueTest.java index 007915b161b..0dbfb578aa7 100644 --- a/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueTest.java +++ b/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueTest.java @@ -8,7 +8,7 @@ public class AnnotationValueTest { public static String liveField = ""; @TestAnnotation(value = AnnotationValueUtil.DEAD_STRING_CONSTANT_FIELD) - public static String deadField = ""; + public static String deadField = ""; // $ Alert @TestAnnotation(value = { AnnotationValueUtil.LIVE_STRING_CONSTANT_METHOD }) public static void liveMethod() { diff --git a/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueUtil.java b/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueUtil.java index 95a7129286f..0511eecb14a 100644 --- a/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueUtil.java +++ b/java/ql/test/query-tests/dead-code/DeadField/AnnotationValueUtil.java @@ -19,9 +19,9 @@ public class AnnotationValueUtil { /** * These three should be dead because they are used as annotation values on dead fields/methods/classes. */ - public static final String DEAD_STRING_CONSTANT_FIELD = "A string constant."; - public static final String DEAD_STRING_CONSTANT_METHOD = "A string constant."; - public static final String DEAD_STRING_CONSTANT_CLASS = "A string constant."; + public static final String DEAD_STRING_CONSTANT_FIELD = "A string constant."; // $ Alert + public static final String DEAD_STRING_CONSTANT_METHOD = "A string constant."; // $ Alert + public static final String DEAD_STRING_CONSTANT_CLASS = "A string constant."; // $ Alert public static void main(String[] args) { // Ensure outer class is live. diff --git a/java/ql/test/query-tests/dead-code/DeadField/BasicTest.java b/java/ql/test/query-tests/dead-code/DeadField/BasicTest.java index 453469d177a..4a65ad28e40 100644 --- a/java/ql/test/query-tests/dead-code/DeadField/BasicTest.java +++ b/java/ql/test/query-tests/dead-code/DeadField/BasicTest.java @@ -1,8 +1,8 @@ public class BasicTest { - private static String deadStaticField = "Dead"; + private static String deadStaticField = "Dead"; // $ Alert private static String liveStaticField = "Live"; - private String deadField; - private String deadCycleField; + private String deadField; // $ Alert + private String deadCycleField; // $ Alert private String liveField; public BasicTest(String deadField, String liveField) { diff --git a/java/ql/test/query-tests/dead-code/DeadField/DeadField.qlref b/java/ql/test/query-tests/dead-code/DeadField/DeadField.qlref index 42d37e49f2f..fdae92e4d92 100644 --- a/java/ql/test/query-tests/dead-code/DeadField/DeadField.qlref +++ b/java/ql/test/query-tests/dead-code/DeadField/DeadField.qlref @@ -1 +1,2 @@ -DeadCode/DeadField.ql +query: DeadCode/DeadField.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadField/ReflectionTest.java b/java/ql/test/query-tests/dead-code/DeadField/ReflectionTest.java index 72ca3ae46f6..ca64e642fd4 100644 --- a/java/ql/test/query-tests/dead-code/DeadField/ReflectionTest.java +++ b/java/ql/test/query-tests/dead-code/DeadField/ReflectionTest.java @@ -2,11 +2,11 @@ public class ReflectionTest { public static class ParentClass { // Not live - private int notInheritedField; + private int notInheritedField; // $ Alert // Live because it is accessed through ChildClass public int inheritedField; // Not live because it is shadowed by the child - public int shadowedField; + public int shadowedField; // $ Alert } public static class ChildClass extends ParentClass { diff --git a/java/ql/test/query-tests/dead-code/DeadMethod/DeadMethod.qlref b/java/ql/test/query-tests/dead-code/DeadMethod/DeadMethod.qlref index 76204a1df5a..743a5f15775 100644 --- a/java/ql/test/query-tests/dead-code/DeadMethod/DeadMethod.qlref +++ b/java/ql/test/query-tests/dead-code/DeadMethod/DeadMethod.qlref @@ -1 +1,2 @@ -DeadCode/DeadMethod.ql +query: DeadCode/DeadMethod.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/dead-code/DeadMethod/InternalDeadCodeCycle.java b/java/ql/test/query-tests/dead-code/DeadMethod/InternalDeadCodeCycle.java index f52b3289528..18da349c79d 100644 --- a/java/ql/test/query-tests/dead-code/DeadMethod/InternalDeadCodeCycle.java +++ b/java/ql/test/query-tests/dead-code/DeadMethod/InternalDeadCodeCycle.java @@ -1,10 +1,10 @@ public class InternalDeadCodeCycle { - public void foo() { + public void foo() { // $ Alert bar(); } - public void bar() { + public void bar() { // $ Alert foo(); } diff --git a/java/ql/test/query-tests/dead-code/DeadMethod/JMXTest.java b/java/ql/test/query-tests/dead-code/DeadMethod/JMXTest.java index 0bd2c517f0d..32f8ec8d3e3 100644 --- a/java/ql/test/query-tests/dead-code/DeadMethod/JMXTest.java +++ b/java/ql/test/query-tests/dead-code/DeadMethod/JMXTest.java @@ -11,7 +11,7 @@ public class JMXTest { public static class FooIntermediate implements FooMBean { // This method is dead, because it is overridden in FooImpl, which is the registered MBean. - public String sometimesLiveMethod(String arg) { return "foo"; } + public String sometimesLiveMethod(String arg) { return "foo"; } // $ Alert // This method is live, because it is the most specific method for FooImpl public String liveMethod2(String arg) { return "foo"; } } diff --git a/java/ql/test/query-tests/dead-code/DeadMethod/SuppressedConstructorTest.java b/java/ql/test/query-tests/dead-code/DeadMethod/SuppressedConstructorTest.java index 8ab2f5a91c7..9eef167c6e9 100644 --- a/java/ql/test/query-tests/dead-code/DeadMethod/SuppressedConstructorTest.java +++ b/java/ql/test/query-tests/dead-code/DeadMethod/SuppressedConstructorTest.java @@ -6,13 +6,13 @@ public class SuppressedConstructorTest { public static void liveMethod() { } } - public void deadMethod() { + public void deadMethod() { // $ Alert new NestedPrivateConstructor(); } private static class NestedPrivateConstructor { // This should be dead, because it is called from a dead method. - private NestedPrivateConstructor() { } + private NestedPrivateConstructor() { } // $ Alert public static void liveMethod() { } } @@ -23,7 +23,7 @@ public class SuppressedConstructorTest { * constructor will be added by the compiler. Therefore, we do not need to declare this private * in order to suppress it. */ - private OtherConstructor() { } + private OtherConstructor() { } // $ Alert // Live constructor private OtherConstructor(Object foo) { } diff --git a/java/ql/test/query-tests/dead-code/UselessParameter/Test.java b/java/ql/test/query-tests/dead-code/UselessParameter/Test.java index 57554544e4c..7f8fc16ffe6 100644 --- a/java/ql/test/query-tests/dead-code/UselessParameter/Test.java +++ b/java/ql/test/query-tests/dead-code/UselessParameter/Test.java @@ -3,7 +3,7 @@ interface I { // NOT OK: no overriding method uses x - void foo(int x); + void foo(int x); // $ Alert // OK: no concrete implementation void bar(String y); diff --git a/java/ql/test/query-tests/dead-code/UselessParameter/UselessParameter.qlref b/java/ql/test/query-tests/dead-code/UselessParameter/UselessParameter.qlref index b1ceb2751a6..7de29d4e3f4 100644 --- a/java/ql/test/query-tests/dead-code/UselessParameter/UselessParameter.qlref +++ b/java/ql/test/query-tests/dead-code/UselessParameter/UselessParameter.qlref @@ -1 +1,2 @@ -DeadCode/UselessParameter.ql \ No newline at end of file +query: DeadCode/UselessParameter.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencyBinary.qlref b/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencyBinary.qlref index 9d5c4d42fe4..ff6e15f32d9 100644 --- a/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencyBinary.qlref +++ b/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencyBinary.qlref @@ -1 +1,2 @@ -Architecture/Dependencies/UnusedMavenDependencyBinary.ql \ No newline at end of file +query: Architecture/Dependencies/UnusedMavenDependencyBinary.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencySource.qlref b/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencySource.qlref index 78daed5aa14..e9ac8f72425 100644 --- a/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencySource.qlref +++ b/java/ql/test/query-tests/maven-dependencies/UnusedMavenDependencySource.qlref @@ -1 +1,2 @@ -Architecture/Dependencies/UnusedMavenDependencySource.ql \ No newline at end of file +query: Architecture/Dependencies/UnusedMavenDependencySource.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/maven-dependencies/my-project/pom.xml b/java/ql/test/query-tests/maven-dependencies/my-project/pom.xml index c082f704bed..644cc968f98 100644 --- a/java/ql/test/query-tests/maven-dependencies/my-project/pom.xml +++ b/java/ql/test/query-tests/maven-dependencies/my-project/pom.xml @@ -18,16 +18,16 @@ com.semmle another-project ${project.version} - + commons-lang commons-lang - + semmle-test semmle-test 1.0 - + - \ No newline at end of file + diff --git a/java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref b/java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref index ba518e54442..99525343c37 100644 --- a/java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref +++ b/java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-020/OverlyLargeRange.ql +query: Security/CWE/CWE-020/OverlyLargeRange.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.java b/java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.java index e346d74d4c2..b2f2e0c9c88 100644 --- a/java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.java +++ b/java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.java @@ -2,11 +2,11 @@ import java.util.regex.Pattern; class SuspiciousRegexpRange { void test() { - Pattern overlap1 = Pattern.compile("^[0-93-5]*$"); // NOT OK + Pattern overlap1 = Pattern.compile("^[0-93-5]*$"); // $ Alert[java/overly-large-range] // NOT OK - Pattern overlap2 = Pattern.compile("[A-ZA-z]*"); // NOT OK + Pattern overlap2 = Pattern.compile("[A-ZA-z]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern isEmpty = Pattern.compile("^[z-a]*$"); // NOT OK + Pattern isEmpty = Pattern.compile("^[z-a]*$"); // $ Alert[java/overly-large-range] // NOT OK Pattern isAscii = Pattern.compile("^[\\x00-\\x7F]*$"); // OK @@ -16,19 +16,19 @@ class SuspiciousRegexpRange { Pattern NON_ALPHANUMERIC_REGEXP = Pattern.compile("([^\\#-~| |!])*"); // OK - Pattern smallOverlap = Pattern.compile("[0-9a-fA-f]*"); // NOT OK + Pattern smallOverlap = Pattern.compile("[0-9a-fA-f]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern weirdRange = Pattern.compile("[$-`]*"); // NOT OK + Pattern weirdRange = Pattern.compile("[$-`]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern keywordOperator = Pattern.compile("[!\\~\\*\\/%+-<>\\^|=&]*"); // NOT OK + Pattern keywordOperator = Pattern.compile("[!\\~\\*\\/%+-<>\\^|=&]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern notYoutube = Pattern.compile("youtu.be/[a-z1-9.-_]+"); // NOT OK + Pattern notYoutube = Pattern.compile("youtu.be/[a-z1-9.-_]+"); // $ Alert[java/overly-large-range] // NOT OK - Pattern numberToLetter = Pattern.compile("[7-F]*"); // NOT OK + Pattern numberToLetter = Pattern.compile("[7-F]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern overlapsWithClass1 = Pattern.compile("[0-9\\d]*"); // NOT OK + Pattern overlapsWithClass1 = Pattern.compile("[0-9\\d]*"); // $ Alert[java/overly-large-range] // NOT OK - Pattern overlapsWithClass2 = Pattern.compile("[\\w,.-?:*+]*"); // NOT OK + Pattern overlapsWithClass2 = Pattern.compile("[\\w,.-?:*+]*"); // $ Alert[java/overly-large-range] // NOT OK Pattern nested = Pattern.compile("[[A-Za-z_][A-Za-z0-9._-]]*"); // OK, the dash it at the end diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref index eee3728e935..71a41a4c0ac 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-022/ZipSlip.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java index 2c5e1cd9d53..b4d8ba8eea9 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java @@ -4,11 +4,11 @@ import java.util.zip.*; public class ZipTest { public void m1(ZipEntry entry, File dir) throws Exception { - String name = entry.getName(); + String name = entry.getName(); // $ Alert[java/zipslip] File file = new File(dir, name); - FileOutputStream os = new FileOutputStream(file); // ZipSlip - RandomAccessFile raf = new RandomAccessFile(file, "rw"); // ZipSlip - FileWriter fw = new FileWriter(file); // ZipSlip + FileOutputStream os = new FileOutputStream(file); // $ Sink[java/zipslip] // ZipSlip + RandomAccessFile raf = new RandomAccessFile(file, "rw"); // $ Sink[java/zipslip] // ZipSlip + FileWriter fw = new FileWriter(file); // $ Sink[java/zipslip] // ZipSlip } public void m2(ZipEntry entry, File dir) throws Exception { diff --git a/java/ql/test/query-tests/security/CWE-078/ExecRelative.qlref b/java/ql/test/query-tests/security/CWE-078/ExecRelative.qlref index 42aa816c177..65cb1b6dd76 100644 --- a/java/ql/test/query-tests/security/CWE-078/ExecRelative.qlref +++ b/java/ql/test/query-tests/security/CWE-078/ExecRelative.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-078/ExecRelative.ql +query: Security/CWE/CWE-078/ExecRelative.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-078/ExecTainted.qlref b/java/ql/test/query-tests/security/CWE-078/ExecTainted.qlref index 856b97bf0fe..77cdee7b283 100644 --- a/java/ql/test/query-tests/security/CWE-078/ExecTainted.qlref +++ b/java/ql/test/query-tests/security/CWE-078/ExecTainted.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-078/ExecTainted.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-078/ExecUnescaped.qlref b/java/ql/test/query-tests/security/CWE-078/ExecUnescaped.qlref index 1ee86c5e76a..add1dcb676b 100644 --- a/java/ql/test/query-tests/security/CWE-078/ExecUnescaped.qlref +++ b/java/ql/test/query-tests/security/CWE-078/ExecUnescaped.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-078/ExecUnescaped.ql +query: Security/CWE/CWE-078/ExecUnescaped.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java b/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java index cb3ecb3b050..b112597f260 100644 --- a/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java +++ b/java/ql/test/query-tests/security/CWE-078/TaintedEnvironment.java @@ -36,6 +36,6 @@ public class TaintedEnvironment { public void exec() throws java.io.IOException { String kv = (String) source(); - Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $ hasTaintFlow + Runtime.getRuntime().exec(new String[] { "ls" }, new String[] { kv }); // $ Alert[java/relative-path-command] hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-078/Test.java b/java/ql/test/query-tests/security/CWE-078/Test.java index 1ac5dc47882..6850a3a19e3 100644 --- a/java/ql/test/query-tests/security/CWE-078/Test.java +++ b/java/ql/test/query-tests/security/CWE-078/Test.java @@ -4,10 +4,10 @@ import java.util.ArrayList; class Test { public static void shellCommand(String arg) throws java.io.IOException { - ProcessBuilder pb = new ProcessBuilder("/bin/bash -c echo " + arg); + ProcessBuilder pb = new ProcessBuilder("/bin/bash -c echo " + arg); // $ Alert[java/concatenated-command-line] Alert[java/command-line-injection] pb.start(); - pb = new ProcessBuilder(new String[]{"/bin/bash", "-c", "echo " + arg}); + pb = new ProcessBuilder(new String[]{"/bin/bash", "-c", "echo " + arg}); // $ Alert[java/command-line-injection] pb.start(); List cmd = new ArrayList(); @@ -15,18 +15,18 @@ class Test { cmd.add("-c"); cmd.add("echo " + arg); - pb = new ProcessBuilder(cmd); + pb = new ProcessBuilder(cmd); // $ Alert[java/command-line-injection] pb.start(); String[] cmd1 = new String[]{"/bin/bash", "-c", ""}; cmd1[1] = "echo " + arg; - pb = new ProcessBuilder(cmd1); + pb = new ProcessBuilder(cmd1); // $ Alert[java/command-line-injection] pb.start(); } public static void nonShellCommand(String arg) throws java.io.IOException { - ProcessBuilder pb = new ProcessBuilder("./customTool " + arg); + ProcessBuilder pb = new ProcessBuilder("./customTool " + arg); // $ Alert[java/concatenated-command-line] Alert[java/command-line-injection] pb.start(); pb = new ProcessBuilder(new String[]{"./customTool", arg}); @@ -47,14 +47,14 @@ class Test { } public static void relativeCommand() throws java.io.IOException { - ProcessBuilder pb = new ProcessBuilder("ls"); + ProcessBuilder pb = new ProcessBuilder("ls"); // $ Alert[java/relative-path-command] pb.start(); pb = new ProcessBuilder("/bin/ls"); pb.start(); } - public static void main(String[] args) throws java.io.IOException { + public static void main(String[] args) throws java.io.IOException { // $ Source[java/command-line-injection] String arg = args.length > 1 ? args[1] : "default"; shellCommand(arg); diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java index 02a81f3e3c2..82215d11130 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java @@ -6,7 +6,7 @@ import android.webkit.WebSettings; public class SetJavascriptEnabled { public static void configureWebViewUnsafe(WebView view) { WebSettings settings = view.getSettings(); - settings.setJavaScriptEnabled(true); // $ javascriptEnabled + settings.setJavaScriptEnabled(true); // $ Alert[java/android/websettings-javascript-enabled] javascriptEnabled } public static void configureWebViewSafe(WebView view) { diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java index 50fc3847705..acd895c474f 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java @@ -7,6 +7,6 @@ class WebViewAddJavascriptInterface { } public void addGreeter(WebView view) { - view.addJavascriptInterface(new Greeter(), "greeter"); + view.addJavascriptInterface(new Greeter(), "greeter"); // $ Alert[java/android/webview-addjavascriptinterface] } } diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref index 1161c47dda6..f0385f63cbd 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +query: Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref index e9e8006886d..34f44ac58cd 100644 --- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref +++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +query: Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java index 285f9bc49cb..50a9547e48a 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilList.java @@ -45,7 +45,7 @@ class AllowListSanitizerWithJavaUtilList { return String.valueOf(System.currentTimeMillis()); } - public static void main(String[] args) throws IOException, SQLException { + public static void main(String[] args) throws IOException, SQLException { // $ Source[java/sql-injection] badAllowList6 = List.of("allowed1", getNonConstantString(), "allowed3"); testStaticFields(args); testLocal(args); @@ -61,61 +61,61 @@ class AllowListSanitizerWithJavaUtilList { if(goodAllowList1.contains(tainted.toLowerCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList2.contains(tainted.toUpperCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList3.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList4.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList1.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList2.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList3.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList4.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList5.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // BAD: the allowlist is in a non-final field if(badAllowList6.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } @@ -125,7 +125,7 @@ class AllowListSanitizerWithJavaUtilList { if(goodAllowList7.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } @@ -137,7 +137,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted.toLowerCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -146,7 +146,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -156,7 +156,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted.toUpperCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -166,7 +166,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -175,7 +175,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -184,7 +184,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -194,7 +194,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -204,7 +204,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant string @@ -216,7 +216,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -228,7 +228,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but it contains a non-compile-time constant element @@ -239,7 +239,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } @@ -257,7 +257,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } { @@ -266,7 +266,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } { @@ -275,7 +275,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } @@ -290,7 +290,7 @@ class AllowListSanitizerWithJavaUtilList { if(allowlist.contains(tainted)){ // missing result String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java index e1a5f889c6f..28defcbab29 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/AllowListSanitizerWithJavaUtilSet.java @@ -44,7 +44,7 @@ class AllowListSanitizerWithJavaUtilSet { return String.valueOf(System.currentTimeMillis()); } - public static void main(String[] args) throws IOException, SQLException { + public static void main(String[] args) throws IOException, SQLException { // $ Source[java/sql-injection] badAllowList6 = Set.of("allowed1", getNonConstantString(), "allowed3"); testStaticFields(args); testLocal(args); @@ -60,61 +60,61 @@ class AllowListSanitizerWithJavaUtilSet { if(goodAllowList1.contains(tainted.toLowerCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList2.contains(tainted.toUpperCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList3.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList4.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList1.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList2.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList3.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: an allowlist is used with constant strings if(badAllowList4.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // GOOD: an allowlist is used with constant strings if(goodAllowList5.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } // BAD: the allowlist is in a non-final field if(badAllowList6.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } @@ -124,7 +124,7 @@ class AllowListSanitizerWithJavaUtilSet { if(goodAllowList7.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } @@ -136,7 +136,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted.toLowerCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -145,7 +145,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -155,7 +155,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted.toUpperCase())){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -165,7 +165,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -174,7 +174,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -183,7 +183,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant strings @@ -193,7 +193,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -203,7 +203,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // GOOD: an allowlist is used with constant string @@ -215,7 +215,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but one of the entries is not a compile-time constant @@ -227,7 +227,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } // BAD: an allowlist is used but it contains a non-compile-time constant element @@ -238,7 +238,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } @@ -256,7 +256,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } { @@ -265,7 +265,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } { @@ -274,7 +274,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } @@ -289,7 +289,7 @@ class AllowListSanitizerWithJavaUtilSet { if(allowlist.contains(tainted)){ // missing result String query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + tainted + "' ORDER BY PRICE"; - ResultSet results = connection.createStatement().executeQuery(query); + ResultSet results = connection.createStatement().executeQuery(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } } } diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java index ee6c81cdc81..3d3b7179459 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java @@ -4,14 +4,14 @@ import com.couchbase.client.java.Bucket; import com.couchbase.client.java.Cluster; public class CouchBase { - public static void main(String[] args) { + public static void main(String[] args) { // $ Source[java/sql-injection] Cluster cluster = Cluster.connect("192.168.0.158", "Administrator", "Administrator"); Bucket bucket = cluster.bucket("travel-sample"); - cluster.analyticsQuery(args[1]); - cluster.analyticsQuery(args[1], null); - cluster.query(args[1]); - cluster.query(args[1], null); - cluster.queryStreaming(args[1], null); - cluster.queryStreaming(args[1], null, null); + cluster.analyticsQuery(args[1]); // $ Alert[java/sql-injection] + cluster.analyticsQuery(args[1], null); // $ Alert[java/sql-injection] + cluster.query(args[1]); // $ Alert[java/sql-injection] + cluster.query(args[1], null); // $ Alert[java/sql-injection] + cluster.queryStreaming(args[1], null); // $ Alert[java/sql-injection] + cluster.queryStreaming(args[1], null, null); // $ Alert[java/sql-injection] } } diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Mongo.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Mongo.java index 3a1cfff39f9..2761a2c52bd 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Mongo.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Mongo.java @@ -7,19 +7,19 @@ import com.mongodb.DBCursor; import com.mongodb.*; public class Mongo { - public static void main(String[] args) { + public static void main(String[] args) { // $ Source[java/sql-injection] MongoClient mongoClient = new MongoClient(new ServerAddress("localhost", 27017)); DB db = mongoClient.getDB("mydb"); DBCollection collection = db.getCollection("test"); String name = args[1]; String stringQuery = "{ 'name' : '" + name + "'}"; - DBObject databaseQuery = (DBObject) JSON.parse(stringQuery); + DBObject databaseQuery = (DBObject) JSON.parse(stringQuery); // $ Alert[java/sql-injection] DBCursor result = collection.find(databaseQuery); String json = args[1]; - BasicDBObject bdb = BasicDBObject.parse(json); + BasicDBObject bdb = BasicDBObject.parse(json); // $ Alert[java/sql-injection] DBCursor result2 = collection.find(bdb); } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.qlref b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.qlref index 32211414c8c..2bab54f9ae6 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.qlref +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-089/SqlConcatenated.ql +query: Security/CWE/CWE-089/SqlConcatenated.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref index dc9ae162efb..a60fa5dde2e 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-089/SqlTainted.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Test.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Test.java index dee0db129eb..0f357e61a43 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Test.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Test.java @@ -33,13 +33,13 @@ abstract class Test { Statement statement = connection.createStatement(); String query1 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + category + "' ORDER BY PRICE"; - ResultSet results = statement.executeQuery(query1); + ResultSet results = statement.executeQuery(query1); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: don't use user input when building a prepared call { String id = args[1]; String query2 = "{ call get_product_by_id('" + id + "',?,?,?) }"; - PreparedStatement statement = connection.prepareCall(query2); + PreparedStatement statement = connection.prepareCall(query2); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] ResultSet results = statement.executeQuery(); } // BAD: don't use user input when building a prepared query @@ -47,7 +47,7 @@ abstract class Test { String category = args[1]; String query3 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + category + "' ORDER BY PRICE"; - PreparedStatement statement = connection.prepareStatement(query3); + PreparedStatement statement = connection.prepareStatement(query3); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] ResultSet results = statement.executeQuery(); } // BAD: an injection using a StringBuilder instead of string append @@ -59,7 +59,7 @@ abstract class Test { querySb.append("' ORDER BY PRICE"); String querySbToString = querySb.toString(); Statement statement = connection.createStatement(); - ResultSet results = statement.executeQuery(querySbToString); + ResultSet results = statement.executeQuery(querySbToString); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: executeUpdate { @@ -67,7 +67,7 @@ abstract class Test { String price = args[2]; Statement statement = connection.createStatement(); String query = "UPDATE PRODUCT SET PRICE='" + price + "' WHERE ITEM='" + item + "'"; - int count = statement.executeUpdate(query); + int count = statement.executeUpdate(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // BAD: executeUpdate { @@ -75,7 +75,7 @@ abstract class Test { String price = args[2]; Statement statement = connection.createStatement(); String query = "UPDATE PRODUCT SET PRICE='" + price + "' WHERE ITEM='" + item + "'"; - long count = statement.executeLargeUpdate(query); + long count = statement.executeLargeUpdate(query); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] } // OK: validate the input first @@ -95,7 +95,7 @@ abstract class Test { Statement statement = connection.createStatement(); String queryFromField = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + categoryName + "' ORDER BY PRICE"; - ResultSet results = statement.executeQuery(queryFromField); + ResultSet results = statement.executeQuery(queryFromField); // $ Alert[java/concatenated-sql-query] } // BAD: unescaped code using a StringBuilder { @@ -105,7 +105,7 @@ abstract class Test { querySb.append("' ORDER BY PRICE"); String querySbToString = querySb.toString(); Statement statement = connection.createStatement(); - ResultSet results = statement.executeQuery(querySbToString); + ResultSet results = statement.executeQuery(querySbToString); // $ Alert[java/concatenated-sql-query] } // BAD: a StringBuilder with appends of + operations { @@ -115,7 +115,7 @@ abstract class Test { querySb2.append("ORDER BY PRICE"); String querySb2ToString = querySb2.toString(); Statement statement = connection.createStatement(); - ResultSet results = statement.executeQuery(querySb2ToString); + ResultSet results = statement.executeQuery(querySb2ToString); // $ Alert[java/concatenated-sql-query] } } @@ -206,7 +206,7 @@ abstract class Test { String queryWithUserTableName = "SELECT ITEM,PRICE FROM " + userTabName + " WHERE ITEM_CATEGORY='Biscuits' ORDER BY PRICE"; - ResultSet results = statement.executeQuery(queryWithUserTableName); + ResultSet results = statement.executeQuery(queryWithUserTableName); // $ Alert[java/sql-injection] } } @@ -218,13 +218,13 @@ abstract class Test { String prefix = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"; String suffix = "' ORDER BY PRICE"; switch(prefix) { - case String prefixAlias when prefix.length() > 10 -> statement.executeQuery(prefixAlias + category + suffix); + case String prefixAlias when prefix.length() > 10 -> statement.executeQuery(prefixAlias + category + suffix); // $ Alert[java/sql-injection] Alert[java/concatenated-sql-query] default -> { } } } } - public static void main(String[] args) throws IOException, SQLException { + public static void main(String[] args) throws IOException, SQLException { // $ Source[java/sql-injection] tainted(args); unescaped(); good(args); diff --git a/java/ql/test/query-tests/security/CWE-090/LdapInjection.java b/java/ql/test/query-tests/security/CWE-090/LdapInjection.java index 7e585581f0b..661062f0a46 100644 --- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.java +++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.java @@ -42,53 +42,53 @@ import org.springframework.web.bind.annotation.RequestMapping; public class LdapInjection { // JNDI @RequestMapping - public void testJndiBad1(@RequestParam String jBad, @RequestParam String jBadDN, DirContext ctx) + public void testJndiBad1(@RequestParam String jBad, @RequestParam String jBadDN, DirContext ctx) // $ Source throws NamingException { - ctx.search("ou=system" + jBadDN, "(uid=" + jBad + ")", new SearchControls()); + ctx.search("ou=system" + jBadDN, "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad2(@RequestParam String jBad, @RequestParam String jBadDNName, InitialDirContext ctx) + public void testJndiBad2(@RequestParam String jBad, @RequestParam String jBadDNName, InitialDirContext ctx) // $ Source throws NamingException { - ctx.search(new LdapName("ou=system" + jBadDNName), "(uid=" + jBad + ")", new SearchControls()); + ctx.search(new LdapName("ou=system" + jBadDNName), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad3(@RequestParam String jBad, @RequestParam String jOkDN, LdapContext ctx) + public void testJndiBad3(@RequestParam String jBad, @RequestParam String jOkDN, LdapContext ctx) // $ Source throws NamingException { - ctx.search(new LdapName(List.of(new Rdn("ou=" + jOkDN))), "(uid=" + jBad + ")", new SearchControls()); + ctx.search(new LdapName(List.of(new Rdn("ou=" + jOkDN))), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad4(@RequestParam String jBadInitial, InitialLdapContext ctx) + public void testJndiBad4(@RequestParam String jBadInitial, InitialLdapContext ctx) // $ Source throws NamingException { - ctx.search("ou=system", "(uid=" + jBadInitial + ")", new SearchControls()); + ctx.search("ou=system", "(uid=" + jBadInitial + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad5(@RequestParam String jBad, @RequestParam String jBadDNNameAdd, InitialDirContext ctx) + public void testJndiBad5(@RequestParam String jBad, @RequestParam String jBadDNNameAdd, InitialDirContext ctx) // $ Source throws NamingException { - ctx.search(new LdapName("").addAll(new LdapName("ou=system" + jBadDNNameAdd)), "(uid=" + jBad + ")", new SearchControls()); + ctx.search(new LdapName("").addAll(new LdapName("ou=system" + jBadDNNameAdd)), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad6(@RequestParam String jBad, @RequestParam String jBadDNNameAdd2, InitialDirContext ctx) + public void testJndiBad6(@RequestParam String jBad, @RequestParam String jBadDNNameAdd2, InitialDirContext ctx) // $ Source throws NamingException { LdapName name = new LdapName(""); name.addAll(new LdapName("ou=system" + jBadDNNameAdd2).getRdns()); - ctx.search(new LdapName("").addAll(name), "(uid=" + jBad + ")", new SearchControls()); + ctx.search(new LdapName("").addAll(name), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad7(@RequestParam String jBad, @RequestParam String jBadDNNameToString, InitialDirContext ctx) + public void testJndiBad7(@RequestParam String jBad, @RequestParam String jBadDNNameToString, InitialDirContext ctx) // $ Source throws NamingException { - ctx.search(new LdapName("ou=system" + jBadDNNameToString).toString(), "(uid=" + jBad + ")", new SearchControls()); + ctx.search(new LdapName("ou=system" + jBadDNNameToString).toString(), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping - public void testJndiBad8(@RequestParam String jBad, @RequestParam String jBadDNNameClone, InitialDirContext ctx) + public void testJndiBad8(@RequestParam String jBad, @RequestParam String jBadDNNameClone, InitialDirContext ctx) // $ Source throws NamingException { - ctx.search((Name) new LdapName("ou=system" + jBadDNNameClone).clone(), "(uid=" + jBad + ")", new SearchControls()); + ctx.search((Name) new LdapName("ou=system" + jBadDNNameClone).clone(), "(uid=" + jBad + ")", new SearchControls()); // $ Alert } @RequestMapping @@ -97,107 +97,107 @@ public class LdapInjection { } @RequestMapping - public void testJndiOk2(@RequestParam String jOkAttribute, DirContext ctx) throws NamingException { - ctx.search("ou=system", new BasicAttributes(jOkAttribute, jOkAttribute)); + public void testJndiOk2(@RequestParam String jOkAttribute, DirContext ctx) throws NamingException { // $ Source + ctx.search("ou=system", new BasicAttributes(jOkAttribute, jOkAttribute)); // $ Alert } // UnboundID @RequestMapping - public void testUnboundBad1(@RequestParam String uBad, @RequestParam String uBadDN, LDAPConnection c) + public void testUnboundBad1(@RequestParam String uBad, @RequestParam String uBadDN, LDAPConnection c) // $ Source throws LDAPSearchException { - c.search(null, "ou=system" + uBadDN, null, null, 1, 1, false, "(uid=" + uBad + ")"); + c.search(null, "ou=system" + uBadDN, null, null, 1, 1, false, "(uid=" + uBad + ")"); // $ Alert } @RequestMapping - public void testUnboundBad2(@RequestParam String uBadFilterCreate, LDAPConnection c) throws LDAPException { - c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreate)); + public void testUnboundBad2(@RequestParam String uBadFilterCreate, LDAPConnection c) throws LDAPException { // $ Source + c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreate)); // $ Alert } @RequestMapping - public void testUnboundBad3(@RequestParam String uBadROSearchRequest, @RequestParam String uBadROSRDN, + public void testUnboundBad3(@RequestParam String uBadROSearchRequest, @RequestParam String uBadROSRDN, // $ Source LDAPConnection c) throws LDAPException { ReadOnlySearchRequest s = new SearchRequest(null, "ou=system" + uBadROSRDN, null, null, 1, 1, false, "(uid=" + uBadROSearchRequest + ")"); - c.search(s); + c.search(s); // $ Alert } @RequestMapping - public void testUnboundBad4(@RequestParam String uBadSearchRequest, @RequestParam String uBadSRDN, LDAPConnection c) + public void testUnboundBad4(@RequestParam String uBadSearchRequest, @RequestParam String uBadSRDN, LDAPConnection c) // $ Source throws LDAPException { SearchRequest s = new SearchRequest(null, "ou=system" + uBadSRDN, null, null, 1, 1, false, "(uid=" + uBadSearchRequest + ")"); - c.search(s); + c.search(s); // $ Alert } @RequestMapping - public void testUnboundBad5(@RequestParam String uBad, @RequestParam String uBadDNSFR, LDAPConnection c) + public void testUnboundBad5(@RequestParam String uBad, @RequestParam String uBadDNSFR, LDAPConnection c) // $ Source throws LDAPSearchException { - c.searchForEntry("ou=system" + uBadDNSFR, null, null, 1, false, "(uid=" + uBad + ")"); + c.searchForEntry("ou=system" + uBadDNSFR, null, null, 1, false, "(uid=" + uBad + ")"); // $ Alert } @RequestMapping - public void testUnboundBad6(@RequestParam String uBadROSearchRequestAsync, @RequestParam String uBadROSRDNAsync, + public void testUnboundBad6(@RequestParam String uBadROSearchRequestAsync, @RequestParam String uBadROSRDNAsync, // $ Source LDAPConnection c) throws LDAPException { ReadOnlySearchRequest s = new SearchRequest(null, "ou=system" + uBadROSRDNAsync, null, null, 1, 1, false, "(uid=" + uBadROSearchRequestAsync + ")"); - c.asyncSearch(s); + c.asyncSearch(s); // $ Alert } @RequestMapping - public void testUnboundBad7(@RequestParam String uBadSearchRequestAsync, @RequestParam String uBadSRDNAsync, LDAPConnection c) + public void testUnboundBad7(@RequestParam String uBadSearchRequestAsync, @RequestParam String uBadSRDNAsync, LDAPConnection c) // $ Source throws LDAPException { SearchRequest s = new SearchRequest(null, "ou=system" + uBadSRDNAsync, null, null, 1, 1, false, "(uid=" + uBadSearchRequestAsync + ")"); - c.asyncSearch(s); + c.asyncSearch(s); // $ Alert } @RequestMapping - public void testUnboundBad8(@RequestParam String uBadFilterCreateNOT, LDAPConnection c) throws LDAPException { - c.search(null, "ou=system", null, null, 1, 1, false, Filter.createNOTFilter(Filter.create(uBadFilterCreateNOT))); + public void testUnboundBad8(@RequestParam String uBadFilterCreateNOT, LDAPConnection c) throws LDAPException { // $ Source + c.search(null, "ou=system", null, null, 1, 1, false, Filter.createNOTFilter(Filter.create(uBadFilterCreateNOT))); // $ Alert } @RequestMapping - public void testUnboundBad9(@RequestParam String uBadFilterCreateToString, LDAPConnection c) throws LDAPException { - c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreateToString).toString()); + public void testUnboundBad9(@RequestParam String uBadFilterCreateToString, LDAPConnection c) throws LDAPException { // $ Source + c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreateToString).toString()); // $ Alert } @RequestMapping - public void testUnboundBad10(@RequestParam String uBadFilterCreateToStringBuffer, LDAPConnection c) throws LDAPException { + public void testUnboundBad10(@RequestParam String uBadFilterCreateToStringBuffer, LDAPConnection c) throws LDAPException { // $ Source StringBuilder b = new StringBuilder(); Filter.create(uBadFilterCreateToStringBuffer).toNormalizedString(b); - c.search(null, "ou=system", null, null, 1, 1, false, b.toString()); + c.search(null, "ou=system", null, null, 1, 1, false, b.toString()); // $ Alert } @RequestMapping - public void testUnboundBad11(@RequestParam String uBadSearchRequestDuplicate, LDAPConnection c) + public void testUnboundBad11(@RequestParam String uBadSearchRequestDuplicate, LDAPConnection c) // $ Source throws LDAPException { SearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false, "(uid=" + uBadSearchRequestDuplicate + ")"); - c.search(s.duplicate()); + c.search(s.duplicate()); // $ Alert } @RequestMapping - public void testUnboundBad12(@RequestParam String uBadROSearchRequestDuplicate, LDAPConnection c) + public void testUnboundBad12(@RequestParam String uBadROSearchRequestDuplicate, LDAPConnection c) // $ Source throws LDAPException { ReadOnlySearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false, "(uid=" + uBadROSearchRequestDuplicate + ")"); - c.search(s.duplicate()); + c.search(s.duplicate()); // $ Alert } @RequestMapping - public void testUnboundBad13(@RequestParam String uBadSearchRequestSetDN, LDAPConnection c) + public void testUnboundBad13(@RequestParam String uBadSearchRequestSetDN, LDAPConnection c) // $ Source throws LDAPException { SearchRequest s = new SearchRequest(null, "", null, null, 1, 1, false, ""); s.setBaseDN(uBadSearchRequestSetDN); - c.search(s); + c.search(s); // $ Alert } @RequestMapping - public void testUnboundBad14(@RequestParam String uBadSearchRequestSetFilter, LDAPConnection c) + public void testUnboundBad14(@RequestParam String uBadSearchRequestSetFilter, LDAPConnection c) // $ Source throws LDAPException { SearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false, ""); s.setFilter(uBadSearchRequestSetFilter); - c.search(s); + c.search(s); // $ Alert } @RequestMapping @@ -226,72 +226,72 @@ public class LdapInjection { // Spring LDAP @RequestMapping - public void testSpringBad1(@RequestParam String sBad, @RequestParam String sBadDN, LdapTemplate c) { - c.search("ou=system" + sBadDN, "(uid=" + sBad + ")", 1, false, null); + public void testSpringBad1(@RequestParam String sBad, @RequestParam String sBadDN, LdapTemplate c) { // $ Source + c.search("ou=system" + sBadDN, "(uid=" + sBad + ")", 1, false, null); // $ Alert } @RequestMapping - public void testSpringBad2(@RequestParam String sBad, @RequestParam String sBadDNLNBuilder, LdapTemplate c) { - c.authenticate(LdapNameBuilder.newInstance("ou=system" + sBadDNLNBuilder).build(), "(uid=" + sBad + ")", "pass"); + public void testSpringBad2(@RequestParam String sBad, @RequestParam String sBadDNLNBuilder, LdapTemplate c) { // $ Source + c.authenticate(LdapNameBuilder.newInstance("ou=system" + sBadDNLNBuilder).build(), "(uid=" + sBad + ")", "pass"); // $ Alert } @RequestMapping - public void testSpringBad3(@RequestParam String sBad, @RequestParam String sBadDNLNBuilderAdd, LdapTemplate c) { - c.searchForObject(LdapNameBuilder.newInstance().add("ou=system" + sBadDNLNBuilderAdd).build(), "(uid=" + sBad + ")", null); + public void testSpringBad3(@RequestParam String sBad, @RequestParam String sBadDNLNBuilderAdd, LdapTemplate c) { // $ Source + c.searchForObject(LdapNameBuilder.newInstance().add("ou=system" + sBadDNLNBuilderAdd).build(), "(uid=" + sBad + ")", null); // $ Alert } @RequestMapping - public void testSpringBad4(@RequestParam String sBadLdapQuery, LdapTemplate c) { - c.findOne(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")"), null); + public void testSpringBad4(@RequestParam String sBadLdapQuery, LdapTemplate c) { // $ Source + c.findOne(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")"), null); // $ Alert } @RequestMapping - public void testSpringBad5(@RequestParam String sBadFilter, @RequestParam String sBadDNLdapUtils, LdapTemplate c) { - c.find(LdapUtils.newLdapName("ou=system" + sBadDNLdapUtils), new HardcodedFilter("(uid=" + sBadFilter + ")"), null, null); + public void testSpringBad5(@RequestParam String sBadFilter, @RequestParam String sBadDNLdapUtils, LdapTemplate c) { // $ Source + c.find(LdapUtils.newLdapName("ou=system" + sBadDNLdapUtils), new HardcodedFilter("(uid=" + sBadFilter + ")"), null, null); // $ Alert } @RequestMapping - public void testSpringBad6(@RequestParam String sBadLdapQuery, LdapTemplate c) { - c.searchForContext(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")")); + public void testSpringBad6(@RequestParam String sBadLdapQuery, LdapTemplate c) { // $ Source + c.searchForContext(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")")); // $ Alert } @RequestMapping - public void testSpringBad7(@RequestParam String sBadLdapQuery2, LdapTemplate c) { + public void testSpringBad7(@RequestParam String sBadLdapQuery2, LdapTemplate c) { // $ Source LdapQuery q = LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery2 + ")"); - c.searchForContext(q); + c.searchForContext(q); // $ Alert } @RequestMapping - public void testSpringBad8(@RequestParam String sBadLdapQueryWithFilter, LdapTemplate c) { - c.searchForContext(LdapQueryBuilder.query().filter(new HardcodedFilter("(uid=" + sBadLdapQueryWithFilter + ")"))); + public void testSpringBad8(@RequestParam String sBadLdapQueryWithFilter, LdapTemplate c) { // $ Source + c.searchForContext(LdapQueryBuilder.query().filter(new HardcodedFilter("(uid=" + sBadLdapQueryWithFilter + ")"))); // $ Alert } @RequestMapping - public void testSpringBad9(@RequestParam String sBadLdapQueryWithFilter2, LdapTemplate c) { + public void testSpringBad9(@RequestParam String sBadLdapQueryWithFilter2, LdapTemplate c) { // $ Source org.springframework.ldap.filter.Filter f = new HardcodedFilter("(uid=" + sBadLdapQueryWithFilter2 + ")"); - c.searchForContext(LdapQueryBuilder.query().filter(f)); + c.searchForContext(LdapQueryBuilder.query().filter(f)); // $ Alert } @RequestMapping - public void testSpringBad10(@RequestParam String sBadLdapQueryBase, LdapTemplate c) { - c.find(LdapQueryBuilder.query().base(sBadLdapQueryBase).base(), null, null, null); + public void testSpringBad10(@RequestParam String sBadLdapQueryBase, LdapTemplate c) { // $ Source + c.find(LdapQueryBuilder.query().base(sBadLdapQueryBase).base(), null, null, null); // $ Alert } @RequestMapping - public void testSpringBad11(@RequestParam String sBadLdapQueryComplex, LdapTemplate c) { - c.searchForContext(LdapQueryBuilder.query().base(sBadLdapQueryComplex).where("uid").is("test")); + public void testSpringBad11(@RequestParam String sBadLdapQueryComplex, LdapTemplate c) { // $ Source + c.searchForContext(LdapQueryBuilder.query().base(sBadLdapQueryComplex).where("uid").is("test")); // $ Alert } @RequestMapping - public void testSpringBad12(@RequestParam String sBadFilterToString, LdapTemplate c) { - c.search("", new HardcodedFilter("(uid=" + sBadFilterToString + ")").toString(), 1, false, null); + public void testSpringBad12(@RequestParam String sBadFilterToString, LdapTemplate c) { // $ Source + c.search("", new HardcodedFilter("(uid=" + sBadFilterToString + ")").toString(), 1, false, null); // $ Alert } @RequestMapping - public void testSpringBad13(@RequestParam String sBadFilterEncode, LdapTemplate c) { + public void testSpringBad13(@RequestParam String sBadFilterEncode, LdapTemplate c) { // $ Source StringBuffer s = new StringBuffer(); new HardcodedFilter("(uid=" + sBadFilterEncode + ")").encode(s); - c.search("", s.toString(), 1, false, null); + c.search("", s.toString(), 1, false, null); // $ Alert } @RequestMapping @@ -311,39 +311,39 @@ public class LdapInjection { // Apache LDAP API @RequestMapping - public void testApacheBad1(@RequestParam String aBad, @RequestParam String aBadDN, LdapConnection c) + public void testApacheBad1(@RequestParam String aBad, @RequestParam String aBadDN, LdapConnection c) // $ Source throws LdapException { - c.search("ou=system" + aBadDN, "(uid=" + aBad + ")", null); + c.search("ou=system" + aBadDN, "(uid=" + aBad + ")", null); // $ Alert } @RequestMapping - public void testApacheBad2(@RequestParam String aBad, @RequestParam String aBadDNObjToString, LdapNetworkConnection c) + public void testApacheBad2(@RequestParam String aBad, @RequestParam String aBadDNObjToString, LdapNetworkConnection c) // $ Source throws LdapException { - c.search(new Dn("ou=system" + aBadDNObjToString).getName(), "(uid=" + aBad + ")", null); + c.search(new Dn("ou=system" + aBadDNObjToString).getName(), "(uid=" + aBad + ")", null); // $ Alert } @RequestMapping - public void testApacheBad3(@RequestParam String aBadSearchRequest, LdapConnection c) + public void testApacheBad3(@RequestParam String aBadSearchRequest, LdapConnection c) // $ Source throws LdapException { org.apache.directory.api.ldap.model.message.SearchRequest s = new SearchRequestImpl(); s.setFilter("(uid=" + aBadSearchRequest + ")"); - c.search(s); + c.search(s); // $ Alert } @RequestMapping - public void testApacheBad4(@RequestParam String aBadSearchRequestImpl, @RequestParam String aBadDNObj, LdapConnection c) + public void testApacheBad4(@RequestParam String aBadSearchRequestImpl, @RequestParam String aBadDNObj, LdapConnection c) // $ Source throws LdapException { SearchRequestImpl s = new SearchRequestImpl(); s.setBase(new Dn("ou=system" + aBadDNObj)); - c.search(s); + c.search(s); // $ Alert } @RequestMapping - public void testApacheBad5(@RequestParam String aBadDNSearchRequestGet, LdapConnection c) + public void testApacheBad5(@RequestParam String aBadDNSearchRequestGet, LdapConnection c) // $ Source throws LdapException { org.apache.directory.api.ldap.model.message.SearchRequest s = new SearchRequestImpl(); s.setBase(new Dn("ou=system" + aBadDNSearchRequestGet)); - c.search(s.getBase(), "(uid=test", null); + c.search(s.getBase(), "(uid=test", null); // $ Alert } @RequestMapping diff --git a/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref b/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref index 53b04e4c00f..01bec30b84b 100644 --- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref +++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-090/LdapInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.java b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.java index 71d4145adfc..bfa94bbe3a8 100644 --- a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.java +++ b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.java @@ -4,11 +4,11 @@ import javax.validation.ConstraintValidatorContext; public class InsecureBeanValidation implements ConstraintValidator { @Override - public boolean isValid(String object, ConstraintValidatorContext constraintContext) { + public boolean isValid(String object, ConstraintValidatorContext constraintContext) { // $ Source String value = object + " is invalid"; // Bad: Bean properties (normally user-controlled) are passed directly to `buildConstraintViolationWithTemplate` - constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation(); + constraintContext.buildConstraintViolationWithTemplate(value).addConstraintViolation().disableDefaultConstraintViolation(); // $ Alert // Good: Using message parameters constraintContext.buildConstraintViolationWithTemplate("literal {message_parameter}").addConstraintViolation().disableDefaultConstraintViolation(); diff --git a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.qlref b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.qlref index 73254e55f93..d65ecf968f5 100644 --- a/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.qlref +++ b/java/ql/test/query-tests/security/CWE-094/InsecureBeanValidation.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-094/InsecureBeanValidation.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.qlref b/java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.qlref index 9f05b219bfe..8f21e578165 100644 --- a/java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.qlref +++ b/java/ql/test/query-tests/security/CWE-1104/semmle/tests/MavenPomDependsOnBintray.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +query: Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-1104/semmle/tests/bad-bintray-pom.xml b/java/ql/test/query-tests/security/CWE-1104/semmle/tests/bad-bintray-pom.xml index 7e133256428..e5a87437df7 100644 --- a/java/ql/test/query-tests/security/CWE-1104/semmle/tests/bad-bintray-pom.xml +++ b/java/ql/test/query-tests/security/CWE-1104/semmle/tests/bad-bintray-pom.xml @@ -19,13 +19,13 @@ JCenter https://jcenter.bintray.com - + jcenter-snapshots JCenter https://jcenter.bintray.com - + @@ -33,7 +33,7 @@ JCenter https://jcenter.bintray.com - + @@ -41,7 +41,7 @@ JCenter https://dl.bintray.com/groovy/maven - + @@ -49,6 +49,6 @@ JCenter https://jcenter.bintray.com - + diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.java b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.java index b2ea8780e8e..abe71180838 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.java +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.java @@ -19,14 +19,14 @@ public class ResponseSplitting extends HttpServlet { // BAD: setting a cookie with an unvalidated parameter // can lead to HTTP splitting { - Cookie cookie = new Cookie("name", request.getParameter("name")); - response.addCookie(cookie); + Cookie cookie = new Cookie("name", request.getParameter("name")); // $ Source + response.addCookie(cookie); // $ Alert } // BAD: setting a header with an unvalidated parameter // can lead to HTTP splitting - response.addHeader("Content-type", request.getParameter("contentType")); - response.setHeader("Content-type", request.getParameter("contentType")); + response.addHeader("Content-type", request.getParameter("contentType")); // $ Alert + response.setHeader("Content-type", request.getParameter("contentType")); // $ Alert // GOOD: remove special characters before putting them in the header { @@ -50,13 +50,13 @@ public class ResponseSplitting extends HttpServlet { } public void sanitizerTests(HttpServletRequest request, HttpServletResponse response){ - String t = request.getParameter("contentType"); + String t = request.getParameter("contentType"); // $ Source // GOOD: whitelist-based sanitization response.setHeader("h", t.replaceAll("[^a-zA-Z]", "")); // BAD: not replacing all problematic characters - response.setHeader("h", t.replaceFirst("[^a-zA-Z]", "")); + response.setHeader("h", t.replaceFirst("[^a-zA-Z]", "")); // $ Alert // GOOD: replace all line breaks response.setHeader("h", t.replace('\n', ' ').replace('\r', ' ')); diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.qlref b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.qlref index 897d985e9d4..561c8aa65a3 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.qlref +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-113/ResponseSplitting.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.qlref b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.qlref index fc09d33596a..883151805d4 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.qlref +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.qlref b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.qlref index 4cff7c39aa6..e8277291432 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.qlref +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionCodeSpecified.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.qlref b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.qlref index 4dd969c5476..b9d7cd83e49 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.qlref +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexCodeSpecified.qlref b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexCodeSpecified.qlref index b267f488b34..98cc770b734 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexCodeSpecified.qlref +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexCodeSpecified.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-129/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-129/semmle/tests/Test.java index c7be8b0031c..956912f0aba 100644 --- a/java/ql/test/query-tests/security/CWE-129/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-129/semmle/tests/Test.java @@ -11,12 +11,12 @@ class Test { public static void basic() { int array[] = { 0, 1, 2, 3, 4 }; - String userProperty = System.getProperty("userProperty"); + String userProperty = System.getProperty("userProperty"); // $ Source[java/improper-validation-of-array-index] try { int index = Integer.parseInt(userProperty.trim()); // BAD Accessing array without conditional check - System.out.println(array[index]); + System.out.println(array[index]); // $ Alert[java/improper-validation-of-array-index] if (index >= 0 && index < array.length) { // GOOD Accessing array under conditions @@ -38,10 +38,10 @@ class Test { public static void random() { int array[] = { 0, 1, 2, 3, 4 }; - int index = (new SecureRandom()).nextInt(10); + int index = (new SecureRandom()).nextInt(10); // $ Source[java/improper-validation-of-array-index-code-specified] // BAD Accessing array without conditional check - System.out.println(array[index]); + System.out.println(array[index]); // $ Alert[java/improper-validation-of-array-index-code-specified] if (index < array.length) { // GOOD Accessing array under conditions @@ -56,10 +56,10 @@ class Test { public static void apacheRandom() { int array[] = { 0, 1, 2, 3, 4 }; - int index = RandomUtils.nextInt(0, 10); + int index = RandomUtils.nextInt(0, 10); // $ Source[java/improper-validation-of-array-index-code-specified] // BAD Accessing array without conditional check - System.out.println(array[index]); + System.out.println(array[index]); // $ Alert[java/improper-validation-of-array-index-code-specified] if (index < array.length) { // GOOD Accessing array under conditions @@ -73,20 +73,20 @@ class Test { public static void construction() { - String userProperty = System.getProperty("userProperty"); + String userProperty = System.getProperty("userProperty"); // $ Source[java/improper-validation-of-array-construction] try { int size = Integer.parseInt(userProperty.trim()); - int[] array = new int[size]; + int[] array = new int[size]; // $ Sink[java/improper-validation-of-array-construction] // BAD The array was created without checking the size, so this access may be dubious - System.out.println(array[0]); + System.out.println(array[0]); // $ Alert[java/improper-validation-of-array-construction] if (size >= 0) { - int[] array2 = new int[size]; + int[] array2 = new int[size]; // $ Sink[java/improper-validation-of-array-construction] // BAD The array was created without checking that the size is greater than zero - System.out.println(array2[0]); + System.out.println(array2[0]); // $ Alert[java/improper-validation-of-array-construction] } if (size > 0) { @@ -102,12 +102,12 @@ class Test { public static void constructionBounded() { - int size = 0; + int size = 0; // $ Source[java/improper-validation-of-array-construction-code-specified] - int[] array = new int[size]; + int[] array = new int[size]; // $ Sink[java/improper-validation-of-array-construction-code-specified] // BAD Array may be empty. - System.out.println(array[0]); + System.out.println(array[0]); // $ Alert[java/improper-validation-of-array-construction-code-specified] int index = 0; if (index < array.length) { diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.qlref b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.qlref index 6309a7eb502..ee54ac69fe1 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.qlref +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/ExternallyControlledFormatString.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-134/ExternallyControlledFormatString.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-134/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-134/semmle/tests/Test.java index 140c9974086..56c9930f94d 100644 --- a/java/ql/test/query-tests/security/CWE-134/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-134/semmle/tests/Test.java @@ -14,29 +14,29 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; class Test { public static void basic() { - String userProperty = System.getProperty("userProperty"); + String userProperty = System.getProperty("userProperty"); // $ Source // BAD User provided value as format string for String.format - String.format(userProperty); + String.format(userProperty); // $ Alert // BAD User provided value as format string for PrintStream.format - System.out.format(userProperty); + System.out.format(userProperty); // $ Alert // BAD User provided value as format string for PrintStream.printf - System.out.printf(userProperty); + System.out.printf(userProperty); // $ Alert // BAD User provided value as format string for Formatter.format - new Formatter().format(userProperty); + new Formatter().format(userProperty); // $ Alert // BAD User provided value as format string for Formatter.format - new Formatter().format(Locale.ENGLISH, userProperty); + new Formatter().format(Locale.ENGLISH, userProperty); // $ Alert } public class FileUploadServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String userParameter = request.getParameter("userProvidedParameter"); + String userParameter = request.getParameter("userProvidedParameter"); // $ Source formatString(userParameter); } private void formatString(String format) { // BAD This is used with user provided parameter - System.out.format(format); + System.out.format(format); // $ Alert } } } diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java index 04020aac31f..0167af87497 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java @@ -14,7 +14,7 @@ public class ArithmeticTainted { try { - readerInputStream = new InputStreamReader(System.in, "UTF-8"); + readerInputStream = new InputStreamReader(System.in, "UTF-8"); // $ Source[java/tainted-arithmetic] readerBuffered = new BufferedReader(readerInputStream); String stringNumber = readerBuffered.readLine(); if (stringNumber != null) { @@ -29,7 +29,7 @@ public class ArithmeticTainted { { // BAD: may overflow if input data is very large - int scaled = data + 10; + int scaled = data + 10; // $ Alert[java/tainted-arithmetic] } { @@ -37,7 +37,7 @@ public class ArithmeticTainted { if (data > Integer.MIN_VALUE) { System.out.println("I'm guarded"); } - int output = data - 10; + int output = data - 10; // $ Alert[java/tainted-arithmetic] } { @@ -47,7 +47,7 @@ public class ArithmeticTainted { } else { System.out.println("I'm not guarded"); } - int output = data + 1; + int output = data + 1; // $ Alert[java/tainted-arithmetic] } { @@ -68,7 +68,7 @@ public class ArithmeticTainted { // GOOD int output_ok = ok + 1; // BAD - int output = herring + 1; + int output = herring + 1; // $ Alert[java/tainted-arithmetic] } { @@ -92,7 +92,7 @@ public class ArithmeticTainted { { // BAD: tainted int value is widened to type long, but subsequently // cast to narrower type int - int widenedThenNarrowed = (int) (data + 10L); + int widenedThenNarrowed = (int) (data + 10L); // $ Alert[java/tainted-arithmetic] } // The following test case has an arbitrary guard on hashcode @@ -126,19 +126,19 @@ public class ArithmeticTainted { public static void test(int data) { // BAD: may overflow if input data is very large - data++; + data++; // $ Alert[java/tainted-arithmetic] } public static void test2(int data) { // BAD: may overflow if input data is very large - ++data; + ++data; // $ Alert[java/tainted-arithmetic] } public static void test3(int data) { // BAD: may underflow if input data is very small - data--; + data--; // $ Alert[java/tainted-arithmetic] } public static void test4(int data) { // BAD: may underflow if input data is very small - --data; + --data; // $ Alert[java/tainted-arithmetic] } public static void boundsCheckGood(byte[] bs, int off, int len) { diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.qlref index 938a60cfc01..38ee81494e1 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-190/ArithmeticTainted.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.qlref index c6d57c73510..e298fb9edc1 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticUncontrolled.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-190/ArithmeticUncontrolled.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticWithExtremeValues.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticWithExtremeValues.qlref index 0eaecb36941..f01d5c0f24f 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticWithExtremeValues.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticWithExtremeValues.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.java b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.java index 88c520307a4..ace1fff92c1 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.java +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.java @@ -1,7 +1,7 @@ public class ComparisonWithWiderType { public void testLt(long l) { // BAD: loop variable is an int, but the upper bound is a long - for (int i = 0; i < l; i++) { + for (int i = 0; i < l; i++) { // $ Alert[java/comparison-with-wider-type] System.out.println(i); } @@ -13,7 +13,7 @@ public class ComparisonWithWiderType { public void testGt(short c) { // BAD: loop variable is a byte, but the upper bound is a short - for (byte b = 0; c > b; b++) { + for (byte b = 0; c > b; b++) { // $ Alert[java/comparison-with-wider-type] System.out.println(b); } } @@ -24,4 +24,4 @@ public class ComparisonWithWiderType { System.out.println(l); } } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.qlref index 4605189317f..f836a00c9c4 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/ComparisonWithWiderType.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-190/ComparisonWithWiderType.ql \ No newline at end of file +query: Security/CWE/CWE-190/ComparisonWithWiderType.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.qlref index ce7d4116a76..c9ab00052ae 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/InformationLoss.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/InformationLoss.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.qlref b/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.qlref index 9f172bbac42..4616a5ea9dc 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.qlref +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/IntMultToLong.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/IntMultToLong.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-190/semmle/tests/Test.java index f24d16a236c..ed1cf0bbe1f 100644 --- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/Test.java @@ -18,21 +18,21 @@ class Test { // BAD: result of multiplication will be too large for // int, and will overflow before being stored in the long - long timeInNanos = timeInSeconds * 1000000000; + long timeInNanos = timeInSeconds * 1000000000; // $ Alert[java/integer-multiplication-cast-to-long] } { int timeInSeconds = 1000000; // BAD - long timeInNanos = timeInSeconds * 1000000000 + 4; + long timeInNanos = timeInSeconds * 1000000000 + 4; // $ Alert[java/integer-multiplication-cast-to-long] } { int timeInSeconds = 1000000; // BAD - long timeInNanos = true ? timeInSeconds * 1000000000 + 4 : 0; + long timeInNanos = true ? timeInSeconds * 1000000000 + 4 : 0; // $ Alert[java/integer-multiplication-cast-to-long] } { @@ -65,7 +65,7 @@ class Test { while (i < 1000000) { // BAD: getLargeNumber is implicitly narrowed to an integer // which will result in overflows if it is large - i += getLargeNumber(); + i += getLargeNumber(); // $ Alert[java/implicit-cast-in-compound-assignment] } } @@ -84,16 +84,16 @@ class Test { // FALSE POSITIVE: the query check purely based on the type, it // can't try to // determine whether the value may in fact always be in bounds - i += j; + i += j; // $ Alert[java/implicit-cast-in-compound-assignment] } // ArithmeticWithExtremeValues { int i = 0; - i = Integer.MAX_VALUE; + i = Integer.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] int j = 0; // BAD: overflow - j = i + 1; + j = i + 1; // $ Alert[java/extreme-value-arithmetic] } { @@ -106,9 +106,9 @@ class Test { } { - long i = Long.MIN_VALUE; + long i = Long.MIN_VALUE; // $ Source[java/extreme-value-arithmetic] // BAD: overflow - long j = i - 1; + long j = i - 1; // $ Alert[java/extreme-value-arithmetic] } { @@ -135,16 +135,16 @@ class Test { int i = Integer.MAX_VALUE; if (i < Integer.MAX_VALUE) { // BAD: reassigned after guard - i = Integer.MAX_VALUE; - long j = i + 1; + i = Integer.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] + long j = i + 1; // $ Alert[java/extreme-value-arithmetic] } } { - int i = Integer.MAX_VALUE; + int i = Integer.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] // BAD: guarded the wrong way if (i > Integer.MIN_VALUE) { - long j = i + 1; + long j = i + 1; // $ Alert[java/extreme-value-arithmetic] } } @@ -182,32 +182,32 @@ class Test { } { - byte b = Byte.MAX_VALUE; + byte b = Byte.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] // BAD: extreme byte value is widened to type int, but subsequently // cast to narrower type byte - byte widenedThenNarrowed = (byte) (b + 1); + byte widenedThenNarrowed = (byte) (b + 1); // $ Alert[java/extreme-value-arithmetic] } { - short s = Short.MAX_VALUE; + short s = Short.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] // BAD: extreme short value is widened to type int, but subsequently // cast to narrower type short - short widenedThenNarrowed = (short) (s + 1); + short widenedThenNarrowed = (short) (s + 1); // $ Alert[java/extreme-value-arithmetic] } { - int i = Integer.MAX_VALUE; + int i = Integer.MAX_VALUE; // $ Source[java/extreme-value-arithmetic] // BAD: extreme int value is widened to type long, but subsequently // cast to narrower type int - int widenedThenNarrowed = (int) (i + 1L); + int widenedThenNarrowed = (int) (i + 1L); // $ Alert[java/extreme-value-arithmetic] } // ArithmeticUncontrolled - int data = (new java.security.SecureRandom()).nextInt(); + int data = (new java.security.SecureRandom()).nextInt(); // $ Source[java/uncontrolled-arithmetic] { // BAD: may overflow if data is large - int output = data + 1; + int output = data + 1; // $ Alert[java/uncontrolled-arithmetic] } { @@ -238,15 +238,15 @@ class Test { { // BAD: uncontrolled int value is widened to type long, but // subsequently cast to narrower type int - int widenedThenNarrowed = (int) (data + 10L); + int widenedThenNarrowed = (int) (data + 10L); // $ Alert[java/uncontrolled-arithmetic] } // ArithmeticUncontrolled using Apache RandomUtils - int data2 = RandomUtils.nextInt(); + int data2 = RandomUtils.nextInt(); // $ Source[java/uncontrolled-arithmetic] { // BAD: may overflow if data is large - int output = data2 + 1; + int output = data2 + 1; // $ Alert[java/uncontrolled-arithmetic] } { @@ -277,7 +277,7 @@ class Test { { // BAD: uncontrolled int value is widened to type long, but // subsequently cast to narrower type int - int widenedThenNarrowed = (int) (data2 + 10L); + int widenedThenNarrowed = (int) (data2 + 10L); // $ Alert[java/uncontrolled-arithmetic] } // InformationLoss @@ -286,11 +286,11 @@ class Test { while (arr[2] < 1000000) { // BAD: getLargeNumber is implicitly narrowed to an integer // which will result in overflows if it is large - arr[2] += getLargeNumber(); + arr[2] += getLargeNumber(); // $ Alert[java/implicit-cast-in-compound-assignment] } // BAD. - getAnIntArray()[0] += getLargeNumber(); + getAnIntArray()[0] += getLargeNumber(); // $ Alert[java/implicit-cast-in-compound-assignment] } } diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Files.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Files.java index cc8c1a736ad..89875947d76 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Files.java +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Files.java @@ -7,12 +7,12 @@ public class Files { private static final int TEMP_DIR_ATTEMPTS = 10000; public static File createTempDir() { - File baseDir = new File(System.getProperty("java.io.tmpdir")); + File baseDir = new File(System.getProperty("java.io.tmpdir")); // $ Alert String baseName = System.currentTimeMillis() + "-"; for (int counter = 0; counter < TEMP_DIR_ATTEMPTS; counter++) { File tempDir = new File(baseDir, baseName + counter); - if (tempDir.mkdir()) { + if (tempDir.mkdir()) { // $ Sink return tempDir; } } diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.qlref index b7836c96d60..5c3a603d216 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.qlref +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/TempDirLocalInformationDisclosure.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Test.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Test.java index e1ec05ac51c..45a455a6232 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Test.java +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/TempDirLocalInformationDisclosure/Test.java @@ -17,7 +17,7 @@ public class Test { void vulnerableFileCreateTempFile() throws IOException { // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file"); + File tempVuln = File.createTempFile("random", "file"); // $ Alert // TO MAKE SAFE REWRITE TO: File tempSafe = Files.createTempFile("random", "file").toFile(); @@ -25,7 +25,7 @@ public class Test { void vulnerableFileCreateTempFileNull() throws IOException { // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file", null); + File tempVuln = File.createTempFile("random", "file", null); // $ Alert // TO MAKE SAFE REWRITE TO: File tempSafe = Files.createTempFile("random", "file").toFile(); @@ -33,10 +33,10 @@ public class Test { void vulnerableFileCreateTempFileTainted() throws IOException { // GIVEN: - File tempDir = new File(System.getProperty("java.io.tmpdir")); + File tempDir = new File(System.getProperty("java.io.tmpdir")); // $ Alert // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file", tempDir); + File tempVuln = File.createTempFile("random", "file", tempDir); // $ Sink // TO MAKE SAFE REWRITE TO (v1): File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile(); @@ -47,10 +47,10 @@ public class Test { void vulnerableFileCreateTempFileChildTainted() throws IOException { // GIVEN: - File tempDirChild = new File(new File(System.getProperty("java.io.tmpdir")), "/child"); + File tempDirChild = new File(new File(System.getProperty("java.io.tmpdir")), "/child"); // $ Alert // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file", tempDirChild); + File tempVuln = File.createTempFile("random", "file", tempDirChild); // $ Sink // TO MAKE SAFE REWRITE TO: File tempSafe = Files.createTempFile(tempDirChild.toPath(), "random", "file").toFile(); @@ -58,10 +58,10 @@ public class Test { void vulnerableFileCreateTempFileCanonical() throws IOException { // GIVEN: - File tempDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile(); + File tempDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile(); // $ Alert // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file", tempDir); + File tempVuln = File.createTempFile("random", "file", tempDir); // $ Sink // TO MAKE SAFE REWRITE TO (v1): File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile(); @@ -72,10 +72,10 @@ public class Test { void vulnerableFileCreateTempFileAbsolute() throws IOException { // GIVEN: - File tempDir = new File(System.getProperty("java.io.tmpdir")).getAbsoluteFile(); + File tempDir = new File(System.getProperty("java.io.tmpdir")).getAbsoluteFile(); // $ Alert // VULNERABLE VERSION: - File tempVuln = File.createTempFile("random", "file", tempDir); + File tempVuln = File.createTempFile("random", "file", tempDir); // $ Sink // TO MAKE SAFE REWRITE TO (v1): File tempSafe1 = Files.createTempFile(tempDir.toPath(), "random", "file").toFile(); @@ -94,7 +94,7 @@ public class Test { void vulnerableGuavaFilesCreateTempDir() { // VULNERABLE VERSION: - File tempDir = com.google.common.io.Files.createTempDir(); + File tempDir = com.google.common.io.Files.createTempDir(); // $ Alert // TO MAKE SAFE REWRITE TO: File tempSafe; @@ -107,10 +107,10 @@ public class Test { void vulnerableFileCreateTempFileMkdirTainted() { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child"); // $ Alert // VULNERABLE VERSION: - tempDirChild.mkdir(); + tempDirChild.mkdir(); // $ Sink // TO MAKE SAFE REWRITE TO (v1): File tempSafe1; @@ -131,10 +131,10 @@ public class Test { void vulnerableFileCreateTempFileMkdirsTainted() { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child"); // $ Alert // VULNERABLE VERSION: - tempDirChild.mkdirs(); + tempDirChild.mkdirs(); // $ Sink // TO MAKE SAFE REWRITE TO (v1): File tempSafe1; @@ -155,8 +155,8 @@ public class Test { void vulnerableFileCreateTempFilesWrite1() throws IOException { // VULNERABLE VERSION: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt"); - Files.write(tempDirChild.toPath(), Arrays.asList("secret"), StandardCharsets.UTF_8, StandardOpenOption.CREATE); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt"); // $ Alert + Files.write(tempDirChild.toPath(), Arrays.asList("secret"), StandardCharsets.UTF_8, StandardOpenOption.CREATE); // $ Sink // TO MAKE SAFE REWRITE TO (v1): // Use this version if you care that the file has the exact path of `[java.io.tmpdir]/child.txt` @@ -184,8 +184,8 @@ public class Test { byte[] byteArrray = secret.getBytes(); // VULNERABLE VERSION: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt"); - Files.write(tempDirChild.toPath(), byteArrray, StandardOpenOption.CREATE); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child.txt"); // $ Alert + Files.write(tempDirChild.toPath(), byteArrray, StandardOpenOption.CREATE); // $ Sink // TO MAKE SAFE REWRITE TO (v1): // Use this version if you care that the file has the exact path of `[java.io.tmpdir]/child.txt` @@ -201,10 +201,10 @@ public class Test { void vulnerableFileCreateTempFilesNewBufferedWriter() throws IOException { // GIVEN: - Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-buffered-writer.txt").toPath(); + Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-buffered-writer.txt").toPath(); // $ Alert // VULNERABLE VERSION: - Files.newBufferedWriter(tempDirChild); + Files.newBufferedWriter(tempDirChild); // $ Sink // TO MAKE SAFE REWRITE TO: Files.createFile(tempDirChild, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))); @@ -213,10 +213,10 @@ public class Test { void vulnerableFileCreateTempFilesNewOutputStream() throws IOException { // GIVEN: - Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-output-stream.txt").toPath(); + Path tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-output-stream.txt").toPath(); // $ Alert // VULNERABLE VERSION: - Files.newOutputStream(tempDirChild).close(); + Files.newOutputStream(tempDirChild).close(); // $ Sink // TO MAKE SAFE REWRITE TO: Files.createFile(tempDirChild, PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))); @@ -225,10 +225,10 @@ public class Test { void vulnerableFileCreateTempFilesCreateFile() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt"); // $ Alert // VULNERABLE VERSION: - Files.createFile(tempDirChild.toPath()); + Files.createFile(tempDirChild.toPath()); // $ Sink // TO MAKE SAFE REWRITE TO: Files.createFile(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))); @@ -246,10 +246,10 @@ public class Test { void vulnerableFileCreateDirectory() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert // VULNERABLE VERSION: - Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + Files.createDirectory(tempDirChild.toPath()); // $ Sink // Creates with permissions 'drwxr-xr-x' // TO MAKE SAFE REWRITE TO: Files.createDirectory(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))); @@ -257,10 +257,10 @@ public class Test { void vulnerableFileCreateDirectories() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directories/child"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directories/child"); // $ Alert // VULNERABLE VERSION: - Files.createDirectories(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + Files.createDirectories(tempDirChild.toPath()); // $ Sink // Creates with permissions 'drwxr-xr-x' // TO MAKE SAFE REWRITE TO: Files.createDirectories(tempDirChild.toPath(), PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))); @@ -291,11 +291,11 @@ public class Test { void vulnerableBecauseInvertedPosixCheck() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert // Oops, this check should be inverted if (tempDirChild.toPath().getFileSystem().supportedFileAttributeViews().contains("posix")) { - Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + Files.createDirectory(tempDirChild.toPath()); // $ Sink // Creates with permissions 'drwxr-xr-x' } } @@ -310,20 +310,20 @@ public class Test { void vulnerableBecauseCheckingForNotLinux() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert if (!SystemUtils.IS_OS_LINUX) { - Files.createDirectory(tempDirChild.toPath()); + Files.createDirectory(tempDirChild.toPath()); // $ Sink } } void vulnerableBecauseInvertedFileSeparatorCheck() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert // Oops, this check should be inverted if (File.separatorChar != '\\') { - Files.createDirectory(tempDirChild.toPath()); // Creates with permissions 'drwxr-xr-x' + Files.createDirectory(tempDirChild.toPath()); // $ Sink // Creates with permissions 'drwxr-xr-x' } } @@ -347,23 +347,23 @@ public class Test { void vulnerableBecauseFileSeparatorCheckElseCase() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert if (File.separatorChar == '\\') { Files.createDirectory(tempDirChild.toPath()); // Safe } else { - Files.createDirectory(tempDirChild.toPath()); // Vulnerable + Files.createDirectory(tempDirChild.toPath()); // $ Sink // Vulnerable } } void vulnerableBecauseInvertedFileSeperatorCheckElseCase() throws IOException { // GIVEN: - File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); + File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child-create-directory"); // $ Alert if (File.separatorChar != '/') { Files.createDirectory(tempDirChild.toPath()); // Safe } else { - Files.createDirectory(tempDirChild.toPath()); // Vulnerable + Files.createDirectory(tempDirChild.toPath()); // $ Sink // Vulnerable } } } diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.java index 7dd4aa89347..8901b40715b 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.java +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.java @@ -12,7 +12,7 @@ interface WebViewGetter { public class WebViewContentAccess extends Activity { void enableContentAccess(WebView webview) { - webview.getSettings().setAllowContentAccess(true); + webview.getSettings().setAllowContentAccess(true); // $ Alert[java/android/websettings-allow-content-access] } void disableContentAccess(WebView webview) { @@ -35,25 +35,25 @@ public class WebViewContentAccess extends Activity { void configureWebViewUnsafe(WebView view1, WebViewGetter getter) { WebSettings settings; - view1.getSettings().setAllowContentAccess(true); + view1.getSettings().setAllowContentAccess(true); // $ Alert[java/android/websettings-allow-content-access] // Cast expression - WebView view2 = (WebView) findViewById(0); + WebView view2 = (WebView) findViewById(0); // $ Alert[java/android/websettings-allow-content-access] settings = view2.getSettings(); - settings.setAllowContentAccess(true); + settings.setAllowContentAccess(true); // $ Alert[java/android/websettings-allow-content-access] // Constructor - WebView view3 = new WebView(this); + WebView view3 = new WebView(this); // $ Alert[java/android/websettings-allow-content-access] settings = view3.getSettings(); - settings.setAllowContentAccess(true); + settings.setAllowContentAccess(true); // $ Alert[java/android/websettings-allow-content-access] // Method access - WebView view4 = getter.getAWebView(); + WebView view4 = getter.getAWebView(); // $ Alert[java/android/websettings-allow-content-access] settings = view4.getSettings(); - settings.setAllowContentAccess(true); + settings.setAllowContentAccess(true); // $ Alert[java/android/websettings-allow-content-access] - enableContentAccess(getter.getAWebView()); + enableContentAccess(getter.getAWebView()); // $ Alert[java/android/websettings-allow-content-access] - WebView view5 = getter.getAWebView(); + WebView view5 = getter.getAWebView(); // $ Alert[java/android/websettings-allow-content-access] } } diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.qlref index 7c9eba28b6e..cb5fbbc2676 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.qlref +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewContentAccess.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql \ No newline at end of file +query: Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.java index f42dbfaa84a..72b054e2589 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.java +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.java @@ -5,11 +5,11 @@ class WebViewFileAccess { void configure(WebView view) { WebSettings settings = view.getSettings(); - settings.setAllowFileAccess(true); + settings.setAllowFileAccess(true); // $ Alert[java/android/websettings-file-access] - settings.setAllowFileAccessFromFileURLs(true); + settings.setAllowFileAccessFromFileURLs(true); // $ Alert[java/android/websettings-file-access] - settings.setAllowUniversalAccessFromFileURLs(true); + settings.setAllowUniversalAccessFromFileURLs(true); // $ Alert[java/android/websettings-file-access] } void configureSafe(WebView view) { diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.qlref index 6c3224a4a61..af0434e7711 100644 --- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.qlref +++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewAccess/WebViewFileAccess.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +query: Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-209/semmle/tests/SensitiveDataExposureThroughErrorMessage.qlref b/java/ql/test/query-tests/security/CWE-209/semmle/tests/SensitiveDataExposureThroughErrorMessage.qlref index 25d68a7fcef..c763b46a077 100644 --- a/java/ql/test/query-tests/security/CWE-209/semmle/tests/SensitiveDataExposureThroughErrorMessage.qlref +++ b/java/ql/test/query-tests/security/CWE-209/semmle/tests/SensitiveDataExposureThroughErrorMessage.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +query: Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-209/semmle/tests/StackTraceExposure.qlref b/java/ql/test/query-tests/security/CWE-209/semmle/tests/StackTraceExposure.qlref index ea39c4fe8c6..1e5f0d4e2b6 100644 --- a/java/ql/test/query-tests/security/CWE-209/semmle/tests/StackTraceExposure.qlref +++ b/java/ql/test/query-tests/security/CWE-209/semmle/tests/StackTraceExposure.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-209/StackTraceExposure.ql +query: Security/CWE/CWE-209/StackTraceExposure.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-209/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-209/semmle/tests/Test.java index 54d64f05ff6..51f48471be8 100644 --- a/java/ql/test/query-tests/security/CWE-209/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-209/semmle/tests/Test.java @@ -22,7 +22,7 @@ class Test extends HttpServlet { doSomeWork(); } catch (NullPointerException ex) { // BAD: printing a stack trace back to the response - ex.printStackTrace(response.getWriter()); + ex.printStackTrace(response.getWriter()); // $ Alert[java/stack-trace-exposure] return; } @@ -32,7 +32,7 @@ class Test extends HttpServlet { // BAD: printing a stack trace back to the response response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, - printTrace(ex)); + printTrace(ex)); // $ Alert[java/stack-trace-exposure] return; } @@ -42,7 +42,7 @@ class Test extends HttpServlet { // BAD: printing a stack trace back to the response response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, - printTrace2(ex)); + printTrace2(ex)); // $ Alert[java/stack-trace-exposure] return; } @@ -52,7 +52,7 @@ class Test extends HttpServlet { // BAD: printing an exception message back to the response response.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, - ex.getMessage()); + ex.getMessage()); // $ Alert[java/error-message-exposure] } } diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java index 09fdf89e0f0..77ab00cc432 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.java @@ -11,19 +11,19 @@ public class UnsafeHostnameVerification { * Test the implementation of trusting all hostnames as an anonymous class */ public void testTrustAllHostnameOfAnonymousClass() { - HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // $ @Override public boolean verify(String hostname, SSLSession session) { return true; // BAD, always returns true } - }); + }); // $ Alert[java/unsafe-hostname-verification] } /** * Test the implementation of trusting all hostnames as a lambda. */ public void testTrustAllHostnameLambda() { - HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // BAD, always returns true + HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // $ Alert[java/unsafe-hostname-verification] // BAD, always returns true } /** @@ -44,7 +44,7 @@ public class UnsafeHostnameVerification { } private void functionThatActuallyDisablesVerification() { - HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // GOOD [but detected as BAD], because we only + HttpsURLConnection.setDefaultHostnameVerifier((name, s) -> true); // $ Alert[java/unsafe-hostname-verification] // GOOD [but detected as BAD], because we only // check guards inside a function // and not across function calls. This is considerer GOOD because the call to // `functionThatActuallyDisablesVerification` is guarded by a feature flag in @@ -63,7 +63,7 @@ public class UnsafeHostnameVerification { } public void testTrustAllHostnameWithExceptions() { - HostnameVerifier verifier = new HostnameVerifier() { + HostnameVerifier verifier = new HostnameVerifier() { // $ @Override public boolean verify(String hostname, SSLSession session) { try { verify(hostname, session.getPeerCertificates()); } catch (Exception e) { throw new RuntimeException(); } @@ -77,21 +77,21 @@ public class UnsafeHostnameVerification { // `Exception` in the case of a mismatch. private void verify(String hostname, Certificate[] certs) { } - }; - HttpsURLConnection.setDefaultHostnameVerifier(verifier); + }; // $ Source[java/unsafe-hostname-verification] + HttpsURLConnection.setDefaultHostnameVerifier(verifier); // $ Alert[java/unsafe-hostname-verification] } /** * Test the implementation of trusting all hostnames as a variable */ public void testTrustAllHostnameOfVariable() { - HostnameVerifier verifier = new HostnameVerifier() { + HostnameVerifier verifier = new HostnameVerifier() { // $ @Override public boolean verify(String hostname, SSLSession session) { return true; // BAD, always returns true } - }; - HttpsURLConnection.setDefaultHostnameVerifier(verifier); + }; // $ Source[java/unsafe-hostname-verification] + HttpsURLConnection.setDefaultHostnameVerifier(verifier); // $ Alert[java/unsafe-hostname-verification] } public static final HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER = new HostnameVerifier() { @@ -113,7 +113,7 @@ public class UnsafeHostnameVerification { * This is for testing the diff-informed functionality of the query. */ public void testTrustAllHostnameOfNamedClass() { - HttpsURLConnection.setDefaultHostnameVerifier(new AlwaysTrueVerifier()); + HttpsURLConnection.setDefaultHostnameVerifier(new AlwaysTrueVerifier()); // $ Alert[java/unsafe-hostname-verification] } } diff --git a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.qlref b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.qlref index 5c82af8f3f7..fc028d3814e 100644 --- a/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.qlref +++ b/java/ql/test/query-tests/security/CWE-297/UnsafeHostnameVerification.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-297/UnsafeHostnameVerification.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.qlref b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.qlref index ee69b6e12ca..e7d9ba08897 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.qlref +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-319/HttpsUrls.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrlsTest.java b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrlsTest.java index 900718904d2..362361a7171 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrlsTest.java +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrlsTest.java @@ -20,12 +20,12 @@ class HelloImpl implements Hello { try { // HttpsUrls { - String protocol = "http://"; + String protocol = "http://"; // $ Source[java/non-https-url] URL u = new URL(protocol + "www.secret.example.org/"); // using HttpsURLConnections to enforce SSL is desirable // BAD: this will give a ClassCastException at runtime, as the // http URL cannot be used to make an HttpsURLConnection - HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); + HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); // $ Alert[java/non-https-url] hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); @@ -33,12 +33,12 @@ class HelloImpl implements Hello { } { - String protocol = "http"; + String protocol = "http"; // $ Source[java/non-https-url] URL u = new URL(protocol, "www.secret.example.org", "foo"); // using HttpsURLConnections to enforce SSL is desirable // BAD: this will give a ClassCastException at runtime, as the // http URL cannot be used to make an HttpsURLConnection - HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); + HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); // $ Alert[java/non-https-url] hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); @@ -46,13 +46,13 @@ class HelloImpl implements Hello { } { - String protocol = "http://"; + String protocol = "http://"; // $ Source[java/non-https-url] // the second URL overwrites the first, as it has a protocol URL u = new URL(new URL("https://www.secret.example.org"), protocol + "www.secret.example.org"); // using HttpsURLConnections to enforce SSL is desirable // BAD: this will give a ClassCastException at runtime, as the // http URL cannot be used to make an HttpsURLConnection - HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); + HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); // $ Alert[java/non-https-url] hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); @@ -84,12 +84,12 @@ class HelloImpl implements Hello { } { - String protocol = "http"; + String protocol = "http"; // $ Source[java/non-https-url] URL u = new URL(protocol, "internal-url", "foo"); // FALSE POSITIVE: the query has no way of knowing whether the url will // resolve to somewhere outside the internal network, where there // are unlikely to be interception attempts - HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); + HttpsURLConnection hu = (HttpsURLConnection) u.openConnection(); // $ Alert[java/non-https-url] hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); @@ -116,4 +116,4 @@ class HelloImpl implements Hello { public String sayHello() { return "Hello"; } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSL.qlref b/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSL.qlref index cd19c71e3ad..b1aaff7c300 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSL.qlref +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSL.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-319/UseSSL.ql \ No newline at end of file +query: Security/CWE/CWE-319/UseSSL.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSLTest.java b/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSLTest.java index b6ff8b57fbf..19e4951f249 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSLTest.java +++ b/java/ql/test/query-tests/security/CWE-311/CWE-319/UseSSLTest.java @@ -8,7 +8,7 @@ class UseSSLTest { if (connection instanceof HttpsURLConnection) { input = connection.getInputStream(); // OK } else { - input = connection.getInputStream(); // BAD + input = connection.getInputStream(); // $ Alert[java/non-ssl-connection] // BAD } } } diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/InsecureCookie.qlref b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/InsecureCookie.qlref index 38042f8864c..f286f8858ee 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/InsecureCookie.qlref +++ b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/InsecureCookie.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-614/InsecureCookie.ql \ No newline at end of file +query: Security/CWE/CWE-614/InsecureCookie.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java index c198f522e30..83c0038b7a0 100644 --- a/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-311/CWE-614/semmle/tests/Test.java @@ -16,7 +16,7 @@ class Test { Cookie cookie = new Cookie("secret" ,"fakesecret"); // BAD: secure flag not set - response.addCookie(cookie); + response.addCookie(cookie); // $ Alert } @@ -25,7 +25,7 @@ class Test { // BAD: secure flag set to false cookie.setSecure(false); - response.addCookie(cookie); + response.addCookie(cookie); // $ Alert } @@ -34,7 +34,7 @@ class Test { // BAD: secure flag set to something not clearly true or request.isSecure() cookie.setSecure(otherInput); - response.addCookie(cookie); + response.addCookie(cookie); // $ Alert } @@ -48,7 +48,7 @@ class Test { else secureVal = otherInput; cookie.setSecure(secureVal); - response.addCookie(cookie); + response.addCookie(cookie); // $ Alert } diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.qlref b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.qlref index 2b7a5375dab..b08b50829f8 100644 --- a/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.qlref +++ b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql \ No newline at end of file +query: Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml index 4b69c52ccae..8e33b872caa 100644 --- a/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml +++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml @@ -24,6 +24,6 @@ - + diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml index 9db4c7429fe..3a61d35c95d 100644 --- a/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml +++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml @@ -24,6 +24,6 @@ - + diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.qlref b/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.qlref index 32cbef3d0fb..4a8ddcd9e7c 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.qlref +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/BrokenCryptoAlgorithm.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.qlref b/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.qlref index 42fa4845cac..4c32da91dea 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.qlref +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql \ No newline at end of file +query: Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-327/semmle/tests/Test.java index 23aff65161c..1136594a5a5 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/Test.java @@ -16,7 +16,7 @@ class Test { { // BAD: DES is a weak algorithm - keyGenerator = KeyGenerator.getInstance("DES"); + keyGenerator = KeyGenerator.getInstance("DES"); // $ Alert[java/weak-cryptographic-algorithm] } // GOOD: RSA is a strong algorithm @@ -31,7 +31,7 @@ class Test { { // BAD: foo is an unknown algorithm that may not be secure - secretKeySpec = new SecretKeySpec(byteKey, "foo"); + secretKeySpec = new SecretKeySpec(byteKey, "foo"); // $ Alert[java/potentially-weak-cryptographic-algorithm] } // GOOD: GCM is a strong algorithm @@ -39,7 +39,7 @@ class Test { { // BAD: RC2 is a weak algorithm - cipher = Cipher.getInstance("RC2"); + cipher = Cipher.getInstance("RC2"); // $ Alert[java/weak-cryptographic-algorithm] } // GOOD: ECIES is a strong algorithm cipher = Cipher.getInstance("ECIES"); diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java b/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java index c79c025a41c..5ce2e316280 100644 --- a/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java +++ b/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java @@ -12,13 +12,13 @@ public class WeakHashing { props.load(new FileInputStream("example.properties")); // BAD: Using a weak hashing algorithm - MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); + MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $ Alert[java/potentially-weak-cryptographic-algorithm] // BAD: Using a weak hashing algorithm even with a secure default - MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); + MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $ Alert[java/potentially-weak-cryptographic-algorithm] // BAD: Using a strong hashing algorithm but with a weak default - MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); + MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $ Alert[java/potentially-weak-cryptographic-algorithm] // GOOD: Using a strong hashing algorithm MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2")); diff --git a/java/ql/test/query-tests/security/CWE-335/semmle/tests/PredictableSeed.qlref b/java/ql/test/query-tests/security/CWE-335/semmle/tests/PredictableSeed.qlref index 090a64a67ce..053e69913e0 100644 --- a/java/ql/test/query-tests/security/CWE-335/semmle/tests/PredictableSeed.qlref +++ b/java/ql/test/query-tests/security/CWE-335/semmle/tests/PredictableSeed.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-335/PredictableSeed.ql \ No newline at end of file +query: Security/CWE/CWE-335/PredictableSeed.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-335/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-335/semmle/tests/Test.java index 3c38f57d562..db7e8eabfa4 100644 --- a/java/ql/test/query-tests/security/CWE-335/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-335/semmle/tests/Test.java @@ -25,16 +25,16 @@ class Test { SecureRandom r_time1 = new SecureRandom(new BigInteger(Long.toString(time1)).toByteArray()); // BAD: SecureRandom initialized with times. SecureRandom r_time2 = new SecureRandom(new BigInteger(Long.toString(time2)).toByteArray()); - r_time1.nextInt(); r_time2.nextInt(); + r_time1.nextInt(); r_time2.nextInt(); // $ Alert // BAD: SecureRandom initialized with constant value. SecureRandom r_const = new SecureRandom(new BigInteger(Long.toString(12345L)).toByteArray()); - r_const.nextInt(); + r_const.nextInt(); // $ Alert // BAD: SecureRandom's seed set to constant with setSeed. SecureRandom r_const_set = new SecureRandom(); r_const_set.setSeed(12345L); - r_const_set.nextInt(); + r_const_set.nextInt(); // $ Alert // GOOD: SecureRandom self seeded and then seed is supplemented. SecureRandom r_selfseed = new SecureRandom(); diff --git a/java/ql/test/query-tests/security/CWE-338/semmle/tests/JHipsterGeneratedPRNG.qlref b/java/ql/test/query-tests/security/CWE-338/semmle/tests/JHipsterGeneratedPRNG.qlref index 441bcf25929..b908d757218 100644 --- a/java/ql/test/query-tests/security/CWE-338/semmle/tests/JHipsterGeneratedPRNG.qlref +++ b/java/ql/test/query-tests/security/CWE-338/semmle/tests/JHipsterGeneratedPRNG.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +query: Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-338/semmle/tests/vulnerable/RandomUtil.java b/java/ql/test/query-tests/security/CWE-338/semmle/tests/vulnerable/RandomUtil.java index 22e0c0b9150..e6707a41649 100644 --- a/java/ql/test/query-tests/security/CWE-338/semmle/tests/vulnerable/RandomUtil.java +++ b/java/ql/test/query-tests/security/CWE-338/semmle/tests/vulnerable/RandomUtil.java @@ -17,7 +17,7 @@ public final class RandomUtil { * * @return the generated password. */ - public static String generatePassword() { + public static String generatePassword() { // $ Alert return RandomStringUtils.randomAlphanumeric(DEF_COUNT); } @@ -26,7 +26,7 @@ public final class RandomUtil { * * @return the generated activation key. */ - public static String generateActivationKey() { + public static String generateActivationKey() { // $ Alert return RandomStringUtils.randomNumeric(DEF_COUNT); } @@ -35,7 +35,7 @@ public final class RandomUtil { * * @return the generated reset key. */ - public static String generateResetKey() { + public static String generateResetKey() { // $ Alert return RandomStringUtils.randomNumeric(DEF_COUNT); } @@ -45,7 +45,7 @@ public final class RandomUtil { * * @return the generated series data. */ - public static String generateSeriesData() { + public static String generateSeriesData() { // $ Alert return RandomStringUtils.randomAlphanumeric(DEF_COUNT); } @@ -54,7 +54,7 @@ public final class RandomUtil { * * @return the generated token data. */ - public static String generateTokenData() { + public static String generateTokenData() { // $ Alert return RandomStringUtils.randomAlphanumeric(DEF_COUNT); } } diff --git a/java/ql/test/query-tests/security/CWE-421/semmle/SocketAuthRace.qlref b/java/ql/test/query-tests/security/CWE-421/semmle/SocketAuthRace.qlref index 6ee9791ad63..efdf86cc251 100644 --- a/java/ql/test/query-tests/security/CWE-421/semmle/SocketAuthRace.qlref +++ b/java/ql/test/query-tests/security/CWE-421/semmle/SocketAuthRace.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-421/SocketAuthRace.ql \ No newline at end of file +query: Security/CWE/CWE-421/SocketAuthRace.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-421/semmle/Test.java b/java/ql/test/query-tests/security/CWE-421/semmle/Test.java index 0e2dc665a4b..d2850f39899 100644 --- a/java/ql/test/query-tests/security/CWE-421/semmle/Test.java +++ b/java/ql/test/query-tests/security/CWE-421/semmle/Test.java @@ -35,7 +35,7 @@ class Test { ServerSocket listenSocket = new ServerSocket(desiredPort); if (isAuthenticated(username)) { - Socket connection1 = listenSocket.accept(); + Socket connection1 = listenSocket.accept(); // $ Alert // BAD: no authentication over the socket connection1.getOutputStream().write(secretData); } @@ -48,7 +48,7 @@ class Test { if (isAuthenticated(username)) { // FP: we authenticate both beforehand and over the socket - Socket connection3 = listenSocket.accept(); + Socket connection3 = listenSocket.accept(); // $ Alert if (doAuthenticate(connection3, username)) { connection3.getOutputStream().write(secretData); } @@ -62,7 +62,7 @@ class Test { listenChannel.bind(port); if (isAuthenticated(username)) { - SocketChannel connection1 = listenChannel.accept(); + SocketChannel connection1 = listenChannel.accept(); // $ Alert // BAD: no authentication over the socket connection1.write(ByteBuffer.wrap(secretData)); } diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.java b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.java index 01cee2d59f2..90a08ada8a2 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.java +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.java @@ -20,7 +20,7 @@ public class UrlRedirect extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: a request parameter is incorporated without validation into a URL redirect - response.sendRedirect(request.getParameter("target")); + response.sendRedirect(request.getParameter("target")); // $ Alert // GOOD: the request parameter is validated against a known fixed string if (VALID_REDIRECT.equals(request.getParameter("target"))) { @@ -29,17 +29,17 @@ public class UrlRedirect extends HttpServlet { // BAD: the user attempts to clean the string, but this will fail // if the argument is "hthttp://tp://malicious.com" - response.sendRedirect(weakCleanup(request.getParameter("target"))); + response.sendRedirect(weakCleanup(request.getParameter("target"))); // $ Alert // GOOD: the user input is not used in a position that allows it to dictate // the target of the redirect response.sendRedirect("http://example.com?username=" + request.getParameter("username")); // BAD: set the "Location" header - response.setHeader("Location", request.getParameter("target")); + response.setHeader("Location", request.getParameter("target")); // $ Alert // BAD: set the "Location" header - response.addHeader(LOCATION_HEADER_KEY, request.getParameter("target")); + response.addHeader(LOCATION_HEADER_KEY, request.getParameter("target")); // $ Alert } public String weakCleanup(String input) { diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.qlref b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.qlref index 933c3569eed..f41f720f725 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.qlref +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-601/UrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect2.java b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect2.java index 9014dcae7f2..b7e8d673e3c 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect2.java +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect2.java @@ -24,7 +24,7 @@ public class UrlRedirect2 extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // BAD: a request parameter is incorporated without validation into a URL redirect - response.sendRedirect(request.getParameter("target")); + response.sendRedirect(request.getParameter("target")); // $ Alert // GOOD: the request parameter is validated against a known list of strings String target = request.getParameter("target"); diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/mad/Test.java b/java/ql/test/query-tests/security/CWE-601/semmle/tests/mad/Test.java index e222c3d9fbe..baf278ab3ae 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/mad/Test.java +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/mad/Test.java @@ -6,11 +6,11 @@ public class Test { private static HttpServletRequest request; public static Object source() { - return request.getParameter(null); + return request.getParameter(null); // $ Source } public void test(HttpResponses r) { // "org.kohsuke.stapler;HttpResponses;true;redirectTo;(String);;Argument[0];open-url;ai-generated" - r.redirectTo((String) source()); + r.redirectTo((String) source()); // $ Alert } } diff --git a/java/ql/test/query-tests/security/CWE-676/semmle/tests/PotentiallyDangerousFunction.qlref b/java/ql/test/query-tests/security/CWE-676/semmle/tests/PotentiallyDangerousFunction.qlref index 45388d46e2e..8fb8f0fceaf 100644 --- a/java/ql/test/query-tests/security/CWE-676/semmle/tests/PotentiallyDangerousFunction.qlref +++ b/java/ql/test/query-tests/security/CWE-676/semmle/tests/PotentiallyDangerousFunction.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +query: Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-676/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-676/semmle/tests/Test.java index 6d9367d2063..8e76feb1330 100644 --- a/java/ql/test/query-tests/security/CWE-676/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-676/semmle/tests/Test.java @@ -11,6 +11,6 @@ class Test { public void quit() { // Stop - worker.stop(); // BAD: Thread.stop can result in corrupted data + worker.stop(); // $ Alert // BAD: Thread.stop can result in corrupted data } } diff --git a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTainted.qlref b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTainted.qlref index f06664e19d4..fbe1ae7ab46 100644 --- a/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTainted.qlref +++ b/java/ql/test/query-tests/security/CWE-681/semmle/tests/NumericCastTainted.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-681/NumericCastTainted.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-681/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-681/semmle/tests/Test.java index f50652c032f..75862e683e0 100644 --- a/java/ql/test/query-tests/security/CWE-681/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-681/semmle/tests/Test.java @@ -8,7 +8,7 @@ class Test { long data; BufferedReader readerBuffered = new BufferedReader( - new InputStreamReader(System.in, "UTF-8")); + new InputStreamReader(System.in, "UTF-8")); // $ Source String stringNumber = readerBuffered.readLine(); if (stringNumber != null) { data = Long.parseLong(stringNumber.trim()); @@ -18,7 +18,7 @@ class Test { // AVOID: potential truncation if input data is very large, for example // 'Long.MAX_VALUE' - int scaled = (int)data; + int scaled = (int)data; // $ Alert //... @@ -30,4 +30,4 @@ class Test { throw new IllegalArgumentException("Invalid input"); } } -} \ No newline at end of file +} diff --git a/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.qlref b/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.qlref index cd90cfe2c17..d5c7df733ef 100644 --- a/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.qlref +++ b/java/ql/test/query-tests/security/CWE-732/semmle/tests/ReadingFromWorldWritableFile.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +query: Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-732/semmle/tests/Test.java b/java/ql/test/query-tests/security/CWE-732/semmle/tests/Test.java index 8717203802d..ceca3b1a384 100644 --- a/java/ql/test/query-tests/security/CWE-732/semmle/tests/Test.java +++ b/java/ql/test/query-tests/security/CWE-732/semmle/tests/Test.java @@ -14,20 +14,20 @@ class Test { public static void main(String[] args) throws IOException { // Using the File API File f = new File("file"); - setWorldWritable(f); + setWorldWritable(f); // $ Alert readFile(f); // Using the Path API Path p = Paths.get("file"); Set filePermissions = EnumSet.of(PosixFilePermission.OTHERS_WRITE); - Files.setPosixFilePermissions(p, filePermissions); + Files.setPosixFilePermissions(p, filePermissions); // $ Alert Files.readAllLines(p); // Convert file to path File f2 = new File("file2"); Set file2Permissions = new LinkedHashSet<>(); file2Permissions.add(PosixFilePermission.OTHERS_WRITE); - Files.setPosixFilePermissions(Paths.get(f2.getCanonicalPath()), file2Permissions); + Files.setPosixFilePermissions(Paths.get(f2.getCanonicalPath()), file2Permissions); // $ Alert new FileInputStream(f2); } diff --git a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.qlref b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.qlref index 8c69ea7e994..cf5503cf706 100644 --- a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.qlref +++ b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheck.qlref @@ -1,2 +1,4 @@ query: Security/CWE/CWE-807/TaintedPermissionsCheck.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheckTest.java b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheckTest.java index 622538b7e35..4a274c25b91 100644 --- a/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheckTest.java +++ b/java/ql/test/query-tests/security/CWE-807/semmle/tests/TaintedPermissionsCheckTest.java @@ -9,10 +9,10 @@ import org.apache.shiro.subject.Subject; class TaintedPermissionsCheckTest { public static void main(HttpServletRequest request) throws Exception { // Apache Shiro permissions system - String action = request.getParameter("action"); + String action = request.getParameter("action"); // $ Source[java/tainted-permissions-check] Subject subject = SecurityUtils.getSubject(); // BAD: permissions decision made using tainted data - if (subject.isPermitted("domain:sublevel:" + action)) + if (subject.isPermitted("domain:sublevel:" + action)) // $ Alert[java/tainted-permissions-check] doIt(); // GOOD: use fixed checks diff --git a/java/ql/test/query-tests/security/CWE-829/semmle/tests/InsecureDependencyResolution.qlref b/java/ql/test/query-tests/security/CWE-829/semmle/tests/InsecureDependencyResolution.qlref index 84f2c1b82cd..2e4d7f2519a 100644 --- a/java/ql/test/query-tests/security/CWE-829/semmle/tests/InsecureDependencyResolution.qlref +++ b/java/ql/test/query-tests/security/CWE-829/semmle/tests/InsecureDependencyResolution.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-829/InsecureDependencyResolution.ql +query: Security/CWE/CWE-829/InsecureDependencyResolution.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-829/semmle/tests/insecure-pom.xml b/java/ql/test/query-tests/security/CWE-829/semmle/tests/insecure-pom.xml index 7f7585d9429..9234bd68251 100644 --- a/java/ql/test/query-tests/security/CWE-829/semmle/tests/insecure-pom.xml +++ b/java/ql/test/query-tests/security/CWE-829/semmle/tests/insecure-pom.xml @@ -21,19 +21,19 @@ Insecure Repository Releases http://insecure-repository.example - + insecure-snapshots Insecure Repository Snapshots http://insecure-repository.example - + insecure-snapshots Insecure Repository Snapshots http://localhost.example - + @@ -41,7 +41,7 @@ Insecure Repository http://insecure-repository.example - + @@ -49,6 +49,6 @@ Insecure Repository Releases http://insecure-repository.example - + diff --git a/java/ql/test/query-tests/security/CWE-833/semmle/tests/LockOrderInconsistency.qlref b/java/ql/test/query-tests/security/CWE-833/semmle/tests/LockOrderInconsistency.qlref index 74ebeec5d12..3bd8029485d 100644 --- a/java/ql/test/query-tests/security/CWE-833/semmle/tests/LockOrderInconsistency.qlref +++ b/java/ql/test/query-tests/security/CWE-833/semmle/tests/LockOrderInconsistency.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-833/LockOrderInconsistency.ql +query: Security/CWE/CWE-833/LockOrderInconsistency.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/security/CWE-833/semmle/tests/MethodAccessLockOrder.java b/java/ql/test/query-tests/security/CWE-833/semmle/tests/MethodAccessLockOrder.java index e02364c05ec..684fc55f946 100644 --- a/java/ql/test/query-tests/security/CWE-833/semmle/tests/MethodAccessLockOrder.java +++ b/java/ql/test/query-tests/security/CWE-833/semmle/tests/MethodAccessLockOrder.java @@ -26,7 +26,7 @@ class MethodAccessLockOrder { public boolean initiateTransfer(boolean fromSavings, int amount) { // AVOID: inconsistent lock order if (fromSavings) { - return primary.transferFrom(savings, amount); + return primary.transferFrom(savings, amount); // $ Alert } else { return savings.transferFrom(primary, amount); } diff --git a/java/ql/test/query-tests/security/CWE-833/semmle/tests/ReentrantLockOrder.java b/java/ql/test/query-tests/security/CWE-833/semmle/tests/ReentrantLockOrder.java index 83d395ccad5..65903ec0034 100644 --- a/java/ql/test/query-tests/security/CWE-833/semmle/tests/ReentrantLockOrder.java +++ b/java/ql/test/query-tests/security/CWE-833/semmle/tests/ReentrantLockOrder.java @@ -8,7 +8,7 @@ class ReentrantLockOrder { public boolean transferToSavings(int amount) { try { - primaryLock.lock(); + primaryLock.lock(); // $ Alert savingsLock.lock(); if (amount>0 && primaryAccountBalance>=amount) { primaryAccountBalance -= amount; @@ -25,7 +25,7 @@ class ReentrantLockOrder { // AVOID: lock order is different from "transferToSavings" // and may result in deadlock try { - savingsLock.lock(); + savingsLock.lock(); // $ Alert primaryLock.lock(); if (amount>0 && primaryAccountBalance>=amount) { primaryAccountBalance -= amount; diff --git a/java/ql/test/query-tests/security/CWE-833/semmle/tests/SynchronizedStmtLockOrder.java b/java/ql/test/query-tests/security/CWE-833/semmle/tests/SynchronizedStmtLockOrder.java index f4a2e626e86..1da9afd01fe 100644 --- a/java/ql/test/query-tests/security/CWE-833/semmle/tests/SynchronizedStmtLockOrder.java +++ b/java/ql/test/query-tests/security/CWE-833/semmle/tests/SynchronizedStmtLockOrder.java @@ -5,7 +5,7 @@ class SynchronizedStmtLockOrder { private Object savingsLock = new Object(); public boolean transferToSavings(int amount) { - synchronized(primaryLock) { + synchronized(primaryLock) { // $ Alert synchronized(savingsLock) { if (amount>0 && primaryAccountBalance>=amount) { primaryAccountBalance -= amount; @@ -19,7 +19,7 @@ class SynchronizedStmtLockOrder { public boolean transferToPrimary(int amount) { // AVOID: lock order is different from "transferToSavings" // and may result in deadlock - synchronized(savingsLock) { + synchronized(savingsLock) { // $ Alert synchronized(primaryLock) { if (amount>0 && savingsAccountBalance>=amount) { savingsAccountBalance -= amount; diff --git a/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.java b/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.java index 69a23502aa3..75c54016267 100644 --- a/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.java +++ b/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.java @@ -1,7 +1,7 @@ class Test { public void bad() { for (int i=0; i<10; i++) { - for (int j=0; i<10; j++) { + for (int j=0; i<10; j++) { // $ Alert // potentially infinite loop due to test on wrong variable if (shouldBreak()) break; } diff --git a/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.qlref b/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.qlref index caed88100e6..51b2ad7ece7 100644 --- a/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.qlref +++ b/java/ql/test/query-tests/security/CWE-835/semmle/tests/InfiniteLoop.qlref @@ -1 +1,2 @@ -Security/CWE/CWE-835/InfiniteLoop.ql +query: Security/CWE/CWE-835/InfiniteLoop.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/Consume.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/Consume.java index 70f5a0b2bee..6bd0966ff28 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/Consume.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/Consume.java @@ -38,7 +38,7 @@ public @interface Consume { /** * The uri to consume from */ - String value() default ""; + String value() default ""; // $ Alert[java/dead-function] /** * The uri to consume from @@ -46,12 +46,12 @@ public @interface Consume { * @deprecated use value instead */ @Deprecated - String uri() default ""; + String uri() default ""; // $ Alert[java/dead-function] /** * Use the field or getter on the bean to provide the uri to consume from */ - String property() default ""; + String property() default ""; // $ Alert[java/dead-function] /** * Optional predicate (using simple language) to only consume if the predicate matches . This can be used to filter @@ -60,5 +60,5 @@ public @interface Consume { * Notice that only the first method that matches the predicate will be used. And if no predicate matches then the * message is dropped. */ - String predicate() default ""; + String predicate() default ""; // $ Alert[java/dead-function] } diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/ExpressionClause.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/ExpressionClause.java index 2dcc3ad5a7a..e90e607e50c 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/ExpressionClause.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/ExpressionClause.java @@ -20,6 +20,6 @@ package org.apache.camel.builder; * Represents an expression clause within the DSL which when the expression is complete the clause continues to another * part of the DSL */ -public class ExpressionClause { +public class ExpressionClause { // $ Alert[java/dead-class] public T method(String ref) { return null; } } diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/RouteBuilder.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/RouteBuilder.java index 9c1b8c45d68..0cb300895bc 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/RouteBuilder.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/builder/RouteBuilder.java @@ -31,9 +31,9 @@ public abstract class RouteBuilder implements RoutesBuilder { * @param uri the from uri * @return the builder */ - public RouteDefinition from(String uri) { + public RouteDefinition from(String uri) { // $ Alert[java/dead-function] return null; } - public abstract void configure() throws Exception; + public abstract void configure() throws Exception; // $ Alert[java/dead-function] } diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/impl/DefaultCamelContext.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/impl/DefaultCamelContext.java index 2180623054b..22140d4b2f5 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/impl/DefaultCamelContext.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/impl/DefaultCamelContext.java @@ -21,7 +21,7 @@ import org.apache.camel.RoutesBuilder; public class DefaultCamelContext implements ModelCamelContext { - public void configure() throws Exception {} + public void configure() throws Exception {} // $ Alert[java/dead-function] public void addRoutes(RoutesBuilder arg0) {} diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/FilterDefinition.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/FilterDefinition.java index 1138c8d3783..d3bed4347b5 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/FilterDefinition.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/FilterDefinition.java @@ -16,4 +16,4 @@ */ package org.apache.camel.model; -public class FilterDefinition { } +public class FilterDefinition { } // $ Alert[java/dead-class] diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/OutputDefinition.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/OutputDefinition.java index cfe55f5cc17..5c4045cdc95 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/OutputDefinition.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/OutputDefinition.java @@ -19,5 +19,5 @@ package org.apache.camel.model; /** * A useful base class for output types */ -public class OutputDefinition> extends ProcessorDefinition { +public class OutputDefinition> extends ProcessorDefinition { // $ Alert[java/dead-class] } diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/ProcessorDefinition.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/ProcessorDefinition.java index 2423e907b01..37931b91796 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/ProcessorDefinition.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/ProcessorDefinition.java @@ -18,7 +18,7 @@ package org.apache.camel.model; import org.apache.camel.builder.ExpressionClause; -public abstract class ProcessorDefinition> { +public abstract class ProcessorDefinition> { // $ Alert[java/dead-class] public Type to(String uri) { return null; } public Type bean(Object bean) { return null; } diff --git a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/RouteDefinition.java b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/RouteDefinition.java index 2ab31d2126a..2052e6a0cdd 100644 --- a/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/RouteDefinition.java +++ b/java/ql/test/stubs/apache-camel-4.0.6/org/apache/camel/model/RouteDefinition.java @@ -16,7 +16,7 @@ */ package org.apache.camel.model; -public class RouteDefinition extends OutputDefinition { +public class RouteDefinition extends OutputDefinition { // $ Alert[java/dead-class] }