hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource

Browse Source
This commit is contained in:
haby0
2021-04-19 20:05:49 +08:00
parent 86ef2588f1 36abf8733e
commit 23b508c5e7
378 changed files with 10416 additions and 3945 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/test/stubs/fastjson-1.2.74/com/alibaba/fastjson/JSON.java
View File

@@ -26,6 +26,10 @@ import com.alibaba.fastjson.parser.*;
import com.alibaba.fastjson.parser.deserializer.ParseProcess;
public abstract class JSON {
public static String toJSONString(Object object) {
return null;
}
public static Object parse(String text) {
return null;
}

7
java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java Normal file
View File

@@ -0,0 +1,7 @@
package com.google.gson;
public final class Gson {
public String toJson(Object src) {
return null;
}
}

3
java/ql/test/stubs/java-ee-el/javax/el/ELContext.java Normal file
View File

@@ -0,0 +1,3 @@
package javax.el;
public class ELContext {}

5
java/ql/test/stubs/java-ee-el/javax/el/ELManager.java Normal file
View File

@@ -0,0 +1,5 @@
package javax.el;
public class ELManager {
public static ExpressionFactory getExpressionFactory() { return null; }
}

8
java/ql/test/stubs/java-ee-el/javax/el/ELProcessor.java Normal file
View File

@@ -0,0 +1,8 @@
package javax.el;
public class ELProcessor {
public Object eval(String expression) { return null; }
public Object getValue(String expression, Class<?> expectedType) { return null; }
public void setValue(String expression, Object value) {}
public void setVariable(String var, String expression) {}
}

17
java/ql/test/stubs/java-ee-el/javax/el/ExpressionFactory.java Normal file
View File

@@ -0,0 +1,17 @@
package javax.el;
public class ExpressionFactory {
public MethodExpression createMethodExpression(ELContext context, String expression, Class<?> expectedReturnType,
Class<?>[] expectedParamTypes) {
return null;
}
public ValueExpression createValueExpression(ELContext context, String expression, Class<?> expectedType) {
return null;
}
public ValueExpression createValueExpression(Object instance, Class<?> expectedType) {
return null;
}
}

8
java/ql/test/stubs/java-ee-el/javax/el/LambdaExpression.java Normal file
View File

@@ -0,0 +1,8 @@
package javax.el;
import java.util.List;
public class LambdaExpression {
public LambdaExpression(List<String> formalParameters, ValueExpression expression) {}
public Object invoke(Object... args) { return null; }
}

5
java/ql/test/stubs/java-ee-el/javax/el/MethodExpression.java Normal file
View File

@@ -0,0 +1,5 @@
package javax.el;
public class MethodExpression {
public Object invoke(ELContext context, Object[] params) { return null; }
}

5
java/ql/test/stubs/java-ee-el/javax/el/StandardELContext.java Normal file
View File

@@ -0,0 +1,5 @@
package javax.el;
public class StandardELContext extends ELContext {
public StandardELContext(ExpressionFactory factory) {}
}

6
java/ql/test/stubs/java-ee-el/javax/el/ValueExpression.java Normal file
View File

@@ -0,0 +1,6 @@
package javax.el;
public class ValueExpression {
public Object getValue(ELContext context) { return null; }
public void setValue(ELContext context, Object value) {}
}

33
java/ql/test/stubs/jaxb-api-2.3.1/javax/xml/bind/JAXBContext.java Normal file
View File

@@ -0,0 +1,33 @@
package javax.xml.bind;
import java.util.Map;
abstract public class JAXBContext {
protected JAXBContext() { }
// public static final String JAXB_CONTEXT_FACTORY;
//
// public Binder<Node> createBinder() { return null; }
//
// public Binder<T> createBinder(Class<T> p0) { return null; }
//
// public JAXBIntrospector createJAXBIntrospector() { return null; }
//
// abstract public Marshaller createMarshaller();
abstract public Unmarshaller createUnmarshaller();
// abstract public Validator createValidator();
//
// public void generateSchema(SchemaOutputResolver p0) { }
public static JAXBContext newInstance(Class... p0) { return null; }
public static JAXBContext newInstance(Class<?>[] p0, Map<String,?> p1) { return null; }
public static JAXBContext newInstance(String p0) { return null; }
public static JAXBContext newInstance(String p0, ClassLoader p1) { return null; }
public static JAXBContext newInstance(String p0, ClassLoader p1, Map<String,?> p2) { return null; }
}

76
java/ql/test/stubs/jaxb-api-2.3.1/javax/xml/bind/Unmarshaller.java Normal file
View File

@@ -0,0 +1,76 @@
package javax.xml.bind;
import java.net.URL;
import java.io.Reader;
import java.io.InputStream;
import java.io.File;
import javax.xml.transform.Source;
abstract public interface Unmarshaller {
abstract public static class Listener {
public Listener() { }
public void afterUnmarshal(Object p0, Object p1) { }
public void beforeUnmarshal(Object p0, Object p1) { }
}
// abstract public A getAdapter(Class<A> p0);
//
// abstract public AttachmentUnmarshaller getAttachmentUnmarshaller();
//
// abstract public ValidationEventHandler getEventHandler();
//
// abstract public Listener getListener();
abstract public Object getProperty(String p0);
// abstract public Schema getSchema();
//
// abstract public UnmarshallerHandler getUnmarshallerHandler();
abstract public boolean isValidating();
// abstract public void setAdapter(Class<A> p0, A p1);
//
// abstract public void setAdapter(XmlAdapter p0);
//
// abstract public void setAttachmentUnmarshaller(AttachmentUnmarshaller p0);
//
// abstract public void setEventHandler(ValidationEventHandler p0);
//
// abstract public void setListener(Listener p0);
//
// abstract public void setProperty(String p0, Object p1);
//
// abstract public void setSchema(Schema p0);
abstract public void setValidating(boolean p0);
abstract public Object unmarshal(File p0);
abstract public Object unmarshal(InputStream p0);
abstract public Object unmarshal(Reader p0);
abstract public Object unmarshal(URL p0);
// abstract public Object unmarshal(XMLEventReader p0);
//
// abstract public JAXBElement<T> unmarshal(XMLEventReader p0, Class<T> p1);
//
// abstract public Object unmarshal(XMLStreamReader p0);
//
// abstract public JAXBElement<T> unmarshal(XMLStreamReader p0, Class<T> p1);
abstract public Object unmarshal(Source p0);
// abstract public JAXBElement<T> unmarshal(Source p0, Class<T> p1);
//
// abstract public Object unmarshal(Node p0);
//
// abstract public JAXBElement<T> unmarshal(Node p0, Class<T> p1);
//
// abstract public Object unmarshal(InputSource p0);
}

154
java/ql/test/stubs/jsr311-api-1.1.1/javax/ws/rs/core/Cookie.java Normal file
View File

@@ -0,0 +1,154 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2010-2015 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* http://glassfish.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package javax.ws.rs.core;
/**
* Represents the value of a HTTP cookie, transferred in a request.
* RFC 2109 specifies the legal characters for name,
* value, path and domain. The default version of 1 corresponds to RFC 2109.
*
* @author Paul Sandoz
* @author Marc Hadley
* @see <a href="http://www.ietf.org/rfc/rfc2109.txt">IETF RFC 2109</a>
* @since 1.0
*/
public class Cookie {
/**
* Cookies using the default version correspond to RFC 2109.
*/
public static final int DEFAULT_VERSION = 1;
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @param path the URI path for which the cookie is valid.
* @param domain the host domain for which the cookie is valid.
* @param version the version of the specification to which the cookie complies.
* @throws IllegalArgumentException if name is {@code null}.
*/
public Cookie(final String name, final String value, final String path, final String domain, final int version)
throws IllegalArgumentException {
}
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @param path the URI path for which the cookie is valid.
* @param domain the host domain for which the cookie is valid.
* @throws IllegalArgumentException if name is {@code null}.
*/
public Cookie(final String name, final String value, final String path, final String domain)
throws IllegalArgumentException {
}
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @throws IllegalArgumentException if name is {@code null}.
*/
public Cookie(final String name, final String value)
throws IllegalArgumentException {
}
/**
* Creates a new instance of {@code Cookie} by parsing the supplied string.
*
* @param value the cookie string.
* @return the newly created {@code Cookie}.
* @throws IllegalArgumentException if the supplied string cannot be parsed
* or is {@code null}.
*/
public static Cookie valueOf(final String value) {
return null;
}
/**
* Get the name of the cookie.
*
* @return the cookie name.
*/
public String getName() {
return null;
}
/**
* Get the value of the cookie.
*
* @return the cookie value.
*/
public String getValue() {
return null;
}
/**
* Get the version of the cookie.
*
* @return the cookie version.
*/
public int getVersion() {
return -1;
}
/**
* Get the domain of the cookie.
*
* @return the cookie domain.
*/
public String getDomain() {
return null;
}
/**
* Get the path of the cookie.
*
* @return the cookie path.
*/
public String getPath() {
return null;
}
}

314
java/ql/test/stubs/jsr311-api-1.1.1/javax/ws/rs/core/NewCookie.java Normal file
View File

@@ -0,0 +1,314 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2010-2015 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* http://glassfish.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package javax.ws.rs.core;
import java.util.Date;
/**
* Used to create a new HTTP cookie, transferred in a response.
*
* @author Paul Sandoz
* @author Marc Hadley
* @see <a href="http://www.ietf.org/rfc/rfc2109.txt">IETF RFC 2109</a>
* @since 1.0
*/
public class NewCookie extends Cookie {
/**
* Specifies that the cookie expires with the current application/browser session.
*/
public static final int DEFAULT_MAX_AGE = -1;
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @throws IllegalArgumentException if name is {@code null}.
*/
public NewCookie(String name, String value) {
super("", "");
}
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @param path the URI path for which the cookie is valid.
* @param domain the host domain for which the cookie is valid.
* @param comment the comment.
* @param maxAge the maximum age of the cookie in seconds.
* @param secure specifies whether the cookie will only be sent over a secure connection.
* @throws IllegalArgumentException if name is {@code null}.
*/
public NewCookie(String name,
String value,
String path,
String domain,
String comment,
int maxAge,
boolean secure) {
super("", "");
}
/**
* Create a new instance.
*
* @param name the name of the cookie.
* @param value the value of the cookie.
* @param path the URI path for which the cookie is valid.
* @param domain the host domain for which the cookie is valid.
* @param comment the comment.
* @param maxAge the maximum age of the cookie in seconds.
* @param secure specifies whether the cookie will only be sent over a secure connection.
* @param httpOnly if {@code true} make the cookie HTTP only, i.e. only visible as part of an HTTP request.
* @throws IllegalArgumentException if name is {@code null}.
* @since 2.0
*/
public NewCookie(String name,
String value,
String path,
String domain,
String comment,
int maxAge,
boolean secure,
boolean httpOnly) {
super("", "");
}
/**
* Create a new instance.
*
* @param name the name of the cookie
* @param value the value of the cookie
* @param path the URI path for which the cookie is valid
* @param domain the host domain for which the cookie is valid
* @param version the version of the specification to which the cookie complies
* @param comment the comment
* @param maxAge the maximum age of the cookie in seconds
* @param secure specifies whether the cookie will only be sent over a secure connection
* @throws IllegalArgumentException if name is {@code null}.
*/
public NewCookie(String name,
String value,
String path,
String domain,
int version,
String comment,
int maxAge,
boolean secure) {
super("", "");
}
/**
* Create a new instance.
*
* @param name the name of the cookie
* @param value the value of the cookie
* @param path the URI path for which the cookie is valid
* @param domain the host domain for which the cookie is valid
* @param version the version of the specification to which the cookie complies
* @param comment the comment
* @param maxAge the maximum age of the cookie in seconds
* @param expiry the cookie expiry date.
* @param secure specifies whether the cookie will only be sent over a secure connection
* @param httpOnly if {@code true} make the cookie HTTP only, i.e. only visible as part of an HTTP request.
* @throws IllegalArgumentException if name is {@code null}.
* @since 2.0
*/
public NewCookie(String name,
String value,
String path,
String domain,
int version,
String comment,
int maxAge,
Date expiry,
boolean secure,
boolean httpOnly) {
super("", "");
}
/**
* Create a new instance copying the information in the supplied cookie.
*
* @param cookie the cookie to clone.
* @throws IllegalArgumentException if cookie is {@code null}.
*/
public NewCookie(Cookie cookie) {
super("", "");
}
/**
* Create a new instance supplementing the information in the supplied cookie.
*
* @param cookie the cookie to clone.
* @param comment the comment.
* @param maxAge the maximum age of the cookie in seconds.
* @param secure specifies whether the cookie will only be sent over a secure connection.
* @throws IllegalArgumentException if cookie is {@code null}.
*/
public NewCookie(Cookie cookie, String comment, int maxAge, boolean secure) {
super("", "");
}
/**
* Create a new instance supplementing the information in the supplied cookie.
*
* @param cookie the cookie to clone.
* @param comment the comment.
* @param maxAge the maximum age of the cookie in seconds.
* @param expiry the cookie expiry date.
* @param secure specifies whether the cookie will only be sent over a secure connection.
* @param httpOnly if {@code true} make the cookie HTTP only, i.e. only visible as part of an HTTP request.
* @throws IllegalArgumentException if cookie is {@code null}.
* @since 2.0
*/
public NewCookie(Cookie cookie, String comment, int maxAge, Date expiry, boolean secure, boolean httpOnly) {
super("", "");
}
/**
* Creates a new instance of NewCookie by parsing the supplied string.
*
* @param value the cookie string.
* @return the newly created {@code NewCookie}.
* @throws IllegalArgumentException if the supplied string cannot be parsed
* or is {@code null}.
*/
public static NewCookie valueOf(String value) {
return null;
}
/**
* Get the comment associated with the cookie.
*
* @return the comment or null if none set
*/
public String getComment() {
return null;
}
/**
* Get the maximum age of the the cookie in seconds. Cookies older than
* the maximum age are discarded. A cookie can be unset by sending a new
* cookie with maximum age of 0 since it will overwrite any existing cookie
* and then be immediately discarded. The default value of {@code -1} indicates
* that the cookie will be discarded at the end of the browser/application session.
* <p>
* Note that it is recommended to use {@code Max-Age} to control cookie
* expiration, however some browsers do not understand {@code Max-Age}, in which case
* setting {@link #getExpiry()} Expires} parameter may be necessary.
* </p>
*
* @return the maximum age in seconds.
* @see #getExpiry()
*/
public int getMaxAge() {
return -1;
}
/**
* Get the cookie expiry date. Cookies whose expiry date has passed are discarded.
* A cookie can be unset by setting a new cookie with an expiry date in the past,
* typically the lowest possible date that can be set.
* <p>
* Note that it is recommended to use {@link #getMaxAge() Max-Age} to control cookie
* expiration, however some browsers do not understand {@code Max-Age}, in which case
* setting {@code Expires} parameter may be necessary.
* </p>
*
* @return cookie expiry date or {@code null} if no expiry date was set.
* @see #getMaxAge()
* @since 2.0
*/
public Date getExpiry() {
return null;
}
/**
* Whether the cookie will only be sent over a secure connection. Defaults
* to {@code false}.
*
* @return {@code true} if the cookie will only be sent over a secure connection,
* {@code false} otherwise.
*/
public boolean isSecure() {
return false;
}
/**
* Returns {@code true} if this cookie contains the {@code HttpOnly} attribute.
* This means that the cookie should not be accessible to scripting engines,
* like javascript.
*
* @return {@code true} if this cookie should be considered http only, {@code false}
* otherwise.
* @since 2.0
*/
public boolean isHttpOnly() {
return false;
}
/**
* Obtain a new instance of a {@link Cookie} with the same name, value, path,
* domain and version as this {@code NewCookie}. This method can be used to
* obtain an object that can be compared for equality with another {@code Cookie};
* since a {@code Cookie} will never compare equal to a {@code NewCookie}.
*
* @return a {@link Cookie}
*/
public Cookie toCookie() {
return null;
}
/**
* Convert the cookie to a string suitable for use as the value of the
* corresponding HTTP header.
*
* @return a stringified cookie.
*/
@Override
public String toString() {
return null;
}
}

5
java/ql/test/stubs/juel-2.2/de/odysseus/el/ExpressionFactoryImpl.java Normal file
View File

@@ -0,0 +1,5 @@
package de.odysseus.el;
import javax.el.ExpressionFactory;
public class ExpressionFactoryImpl extends ExpressionFactory {}

5
java/ql/test/stubs/juel-2.2/de/odysseus/el/util/SimpleContext.java Normal file
View File

@@ -0,0 +1,5 @@
package de.odysseus.el.util;
import javax.el.ELContext;
public class SimpleContext extends ELContext {}

48
java/ql/test/stubs/servlet-api-2.4/javax/servlet/http/Cookie.java
View File

@@ -24,61 +24,61 @@
package javax.servlet.http;
public class Cookie implements Cloneable {
private String name; // NAME= ... "$Name" style is reserved
private String value; // value of NAME
private String comment; // ;Comment=VALUE ... describes cookie's use
private String domain; // ;Domain=VALUE ... domain that sees cookie
private int maxAge = -1; // ;Max-Age=VALUE ... cookies auto-expire
private String path; // ;Path=VALUE ... URLs that see the cookie
private boolean secure; // ;Secure ... e.g. use SSL
private int version = 0; // ;Version=1 ... means RFC 2109++ style
public Cookie(String name, String value) {
this.name = name;
this.value = value;
}
public void setComment(String purpose) {
comment = purpose;
}
public String getComment() {
return comment;
return null;
}
public void setDomain(String pattern) {
domain = pattern.toLowerCase(); // IE allegedly needs this
}
public String getDomain() {
return domain;
return null;
}
public void setMaxAge(int expiry) {
maxAge = expiry;
}
public int getMaxAge() {
return maxAge;
return -1;
}
public void setPath(String uri) {
path = uri;
}
public String getPath() {
return path;
return null;
}
public void setSecure(boolean flag) {
secure = flag;
}
public boolean getSecure() {
return secure;
return false;
}
public String getName() {
return name;
return null;
}
public void setValue(String newValue) {
value = newValue;
}
public String getValue() {
return value;
return null;
}
public int getVersion() {
return version;
return -1;
}
public void setVersion(int v) {
}
public void setHttpOnly(boolean isHttpOnly) {
}
public boolean isHttpOnly() {
return false;
}
/**
* Convert the cookie to a string suitable for use as the value of the
* corresponding HTTP header.
*
* @return a stringified cookie.
*/
@Override
public String toString() {
return null;
}
}

50
java/ql/test/stubs/springframework-5.2.3/org/springframework/security/web/csrf/CsrfToken.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.csrf;
import java.io.Serializable;
/**
* Provides the information about an expected CSRF token.
*
* @author Rob Winch
* @since 3.2
* @see DefaultCsrfToken
*/
public interface CsrfToken extends Serializable {
/**
* Gets the HTTP header that the CSRF is populated on the response and can be placed
* on requests instead of the parameter. Cannot be null.
* @return the HTTP header that the CSRF is populated on the response and can be
* placed on requests instead of the parameter
*/
String getHeaderName();
/**
* Gets the HTTP parameter name that should contain the token. Cannot be null.
* @return the HTTP parameter name that should contain the token.
*/
String getParameterName();
/**
* Gets the token value. Cannot be null.
* @return the token value
*/
String getToken();
}