hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10

Browse Source
This commit is contained in:
Dave Bartolomeo
2023-07-06 10:00:46 -04:00
parent 5f6586600e b2a60bf3d1
commit 2bb9adfbf1
1654 changed files with 47750 additions and 21714 deletions
Download Patch File Download Diff File Expand all files Collapse all files

357
java/documentation/library-coverage/coverage.csv
View File

@@ -1,174 +1,183 @@
package,sink,source,summary,sink:bean-validation,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:remote,summary:taint,summary:value
android.app,35,,103,,,11,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,18,85
android.content,24,31,154,,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,4,27,,63,91
android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,41,
android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,41,81
android.support.v4.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
android.util,6,16,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,2,,
android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
androidx.core.app,6,,95,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,12,83
androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
androidx.slice,2,5,88,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61
cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,6,
com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,63,24
com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
com.google.common.flogger,29,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,
com.google.common.io,8,,73,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,72,1
com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14
com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,
com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,
com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,
com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,
freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,
groovy.lang,26,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.text,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.util,5,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
hudson,44,,16,,2,,,,,,,,,,,,,,36,,,,,,,,,6,,,,,,,,,,16,
io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,
io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,2,,
io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,13,143,116
io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,
io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
io.netty.util,2,,23,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,21,2
jakarta.faces.context,2,7,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55
java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3
java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
java.io,49,,45,,22,,,,,,,,,,,,,,27,,,,,,,,,,,,,,,,,,,43,2
java.lang,18,,92,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36
java.net,13,3,20,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,20,
java.nio,47,,35,,3,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,35,
java.sql,13,,3,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,1
java.util,44,,484,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440
javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.faces.context,2,7,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
javax.management.remote,2,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,
javax.naming,7,,1,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,1,
javax.net.ssl,2,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
javax.script,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
javax.servlet,5,21,2,,,,,,,1,,,,,,,,,1,,,,,,,,,,3,,,,,,,,21,2,
javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,,,,,,94,55
javax.xml.transform,2,,6,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,,,,6,
javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,
jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
kotlin,16,,1847,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,11
net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,
ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
okhttp3,4,,48,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,23,25
org.antlr.runtime,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.commons.io,111,,560,,2,,,,,,,,,,,,,,94,,,,,,,,,15,,,,,,,,,,546,14
org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,
org.apache.commons.jexl2,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,293,131
org.apache.commons.logging,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.net,9,12,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,12,,
org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,
org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,
org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,
org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,
org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,
org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hc.core5.http,73,2,45,,,,,,1,,,,,,,,,,,,,,,,,,,72,,,,,,,,,2,45,
org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,
org.apache.http,48,3,94,,,,,,2,,,,,,,,,,,,,,,,,,,46,,,,,,,,,3,86,8
org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,57,
org.apache.log4j,11,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,
org.apache.logging.log4j,359,,8,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,4,4
org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.shiro.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.tools.ant,11,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,
org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,
org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,
org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,
org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,
org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,
org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,
org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.jboss.logging,324,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,
org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,
org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,
org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
org.kohsuke.stapler,3,,1,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,1,,,,,,1,
org.mvel2,16,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,
org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.scijava.log,13,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,
org.slf4j,55,,6,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,2,4
org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.springframework.core.io,2,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,
org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,61,10
org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,
org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,
org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,
org.springframework.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.ldap,47,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
org.springframework.util,3,,142,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,90,52
org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25
org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,2,
org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24,
ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
retrofit2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:remote,summary:taint,summary:value
android.app,35,,103,,,,11,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,18,85
android.content,24,31,154,,,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,4,27,,63,91
android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,41,
android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,41,81
android.support.v4.app,11,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
android.util,6,16,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,2,,
android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
androidx.core.app,6,,95,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,12,83
androidx.fragment.app,11,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61
antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,6,
com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,63,24
com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
com.google.common.flogger,29,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,
com.google.common.io,8,,73,,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,72,1
com.google.gson,,,44,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30,14
com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,
com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,
com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,
com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,
freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,
groovy.lang,26,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.text,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.util,5,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
hudson,68,4,2334,,4,3,,,,4,,,,,,,,,,51,,,,,,,,,6,,,,,,,,,4,2258,76
io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,
io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,2,,
io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,13,143,116
io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,
io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
io.netty.util,2,,23,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,21,2
jakarta.faces.context,2,7,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55
java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3
java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
java.io,49,,45,,,22,,,,,,,,,,,,,,27,,,,,,,,,,,,,,,,,,,43,2
java.lang,31,,92,,13,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36
java.net,13,3,21,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,21,
java.nio,47,,35,,,3,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,35,
java.sql,13,,2,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,
java.util,44,,484,,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440
javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.faces.context,2,7,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
javax.management.remote,2,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,
javax.naming,7,,1,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,1,
javax.net.ssl,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
javax.portlet,,,61,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61,
javax.script,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
javax.servlet,5,21,2,,,,,,,,1,,,,,,,,,1,,,,,,,,,,3,,,,,,,,21,2,
javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,,,,,,94,55
javax.xml.transform,2,,6,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,,,,6,
javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,
jenkins,,,446,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,423,23
jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
kotlin,16,,1847,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,11
net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,321,17
net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,
ognl,6,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
okhttp3,4,,48,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,23,25
org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.commons.exec,6,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.commons.io,111,,560,,,2,,,,,,,,,,,,,,94,,,,,,,,,15,,,,,,,,,,546,14
org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,
org.apache.commons.jexl2,15,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.lang,,,765,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,594,171
org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,293,131
org.apache.commons.logging,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.net,9,12,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,12,,
org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,
org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,
org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,
org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,
org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,
org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hc.core5.http,73,2,45,,,,,,,1,,,,,,,,,,,,,,,,,,,72,,,,,,,,,2,45,
org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,
org.apache.http,48,3,94,,,,,,,2,,,,,,,,,,,,,,,,,,,46,,,,,,,,,3,86,8
org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,57,
org.apache.log4j,11,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,
org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,4,4
org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.shiro.jndi,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.tools.ant,11,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,
org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,
org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,
org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,
org.codehaus.groovy.control,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,
org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,
org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,
org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.jboss.logging,324,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,
org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,
org.jenkins.ui.icon,,,42,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,41,1
org.jenkins.ui.symbol,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,8
org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,
org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
org.kohsuke.stapler,20,24,343,,,,,,,2,,,,,,,,,,9,,,,,,,,,4,,,,5,,,,,24,332,11
org.mvel2,16,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,
org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
org.scijava.log,13,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,
org.slf4j,55,,6,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,2,4
org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.springframework.core.io,2,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,
org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,61,10
org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,
org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,
org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,
org.springframework.jndi,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.ldap,47,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
org.springframework.util,3,,142,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,90,52
org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25
org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,2,
org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24,
ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
retrofit2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
1 package sink source summary sink:bean-validation sink:command-injection sink:file-content-store sink:fragment-injection sink:groovy-injection sink:hostname-verification sink:html-injection sink:information-leak sink:intent-redirection sink:jexl-injection sink:jndi-injection sink:js-injection sink:ldap-injection sink:log-injection sink:mvel-injection sink:ognl-injection sink:path-injection sink:pending-intents sink:regex-use sink:regex-use[-1] sink:regex-use[0] sink:regex-use[] sink:regex-use[f-1] sink:regex-use[f1] sink:regex-use[f] sink:request-forgery sink:response-splitting sink:sql-injection sink:template-injection sink:url-redirection sink:xpath-injection sink:xslt-injection source:android-external-storage-dir source:contentprovider source:remote summary:taint summary:value
2 android.app 35 103 11 7 17 18 85
3 android.content 24 31 154 16 8 4 27 63 91
4 android.database 59 41 59 41
5 android.net 60 45 15
6 android.os 2 122 2 41 81
7 android.support.v4.app 11 11
8 android.util 6 16 6 16
9 android.webkit 3 2 2 1 2
10 android.widget 1 1 1 1
11 androidx.core.app 6 95 6 12 83
12 androidx.fragment.app 11 11
13 androidx.slice 2 5 88 2 5 27 61
14 cn.hutool.core.codec antlr 1 1
15 com.alibaba.druid.sql cn.hutool.core.codec 1 1
16 com.esotericsoftware.kryo.io com.alibaba.druid.sql 1 1
17 com.esotericsoftware.kryo5.io com.esotericsoftware.kryo.io 1 1
18 com.fasterxml.jackson.core com.esotericsoftware.kryo5.io 1 1
19 com.fasterxml.jackson.databind com.fasterxml.jackson.core 2 6 1 2 6 1
20 com.google.common.base com.fasterxml.jackson.databind 4 2 87 6 2 3 1 63 6 24
21 com.google.common.cache com.google.common.base 4 17 87 3 1 63 17 24
22 com.google.common.collect com.google.common.cache 553 17 2 551 17
23 com.google.common.flogger com.google.common.collect 29 553 29 2 551
24 com.google.common.io com.google.common.flogger 8 29 73 1 29 7 72 1
25 com.google.gson com.google.common.io 8 39 73 1 7 25 72 14 1
26 com.hubspot.jinjava com.google.gson 2 44 2 30 14
27 com.jcraft.jsch com.hubspot.jinjava 1 2 1 1 2 1
28 com.mitchellbosecke.pebble com.jcraft.jsch 2 1 1 1 2 1
29 com.opensymphony.xwork2.ognl com.mitchellbosecke.pebble 3 2 3 2
30 com.rabbitmq.client com.opensymphony.xwork2.ognl 3 21 7 3 21 7
31 com.thoughtworks.xstream com.rabbitmq.client 1 21 7 1 21 7
32 com.unboundid.ldap.sdk com.thoughtworks.xstream 17 1 17 1
33 com.zaxxer.hikari com.unboundid.ldap.sdk 2 17 17 2
34 flexjson com.zaxxer.hikari 2 1 2 1
35 freemarker.cache flexjson 1 1 1 1
36 freemarker.template freemarker.cache 7 1 7 1
37 groovy.lang freemarker.template 26 7 26 7
38 groovy.text groovy.lang 1 26 1 26
39 groovy.util groovy.text 5 1 5 1
40 hudson groovy.util 44 5 16 2 5 36 6 16
41 io.jsonwebtoken hudson 68 2 4 4 2334 4 3 4 51 6 2 4 4 2258 76
42 io.netty.bootstrap io.jsonwebtoken 3 2 4 3 2 4
43 io.netty.buffer io.netty.bootstrap 3 207 3 130 77
44 io.netty.channel io.netty.buffer 9 2 207 9 2 130 77
45 io.netty.handler.codec io.netty.channel 4 9 13 2 259 1 3 9 13 2 143 116
46 io.netty.handler.ssl io.netty.handler.codec 4 13 259 4 1 3 13 143 116
47 io.netty.handler.stream io.netty.handler.ssl 1 4 1 4
48 io.netty.resolver io.netty.handler.stream 1 1 1 1
49 io.netty.util io.netty.resolver 2 23 1 1 1 21 1 2
50 jakarta.faces.context io.netty.util 2 7 23 2 1 1 7 21 2
51 jakarta.json jakarta.faces.context 2 7 123 2 7 100 23
52 jakarta.ws.rs.client jakarta.json 1 123 1 100 23
53 jakarta.ws.rs.container jakarta.ws.rs.client 1 9 1 9
54 jakarta.ws.rs.core jakarta.ws.rs.container 2 9 149 2 9 94 55
55 java.awt jakarta.ws.rs.core 2 3 149 2 94 3 55
56 java.beans java.awt 1 3 1 3
57 java.io java.beans 49 45 1 22 27 43 1 2
58 java.lang java.io 18 49 92 45 22 8 5 27 4 1 56 43 36 2
59 java.net java.lang 13 31 3 20 92 13 8 5 4 1 13 3 20 56 36
60 java.nio java.net 47 13 3 35 21 3 44 13 3 35 21
61 java.sql java.nio 13 47 3 35 3 44 4 9 2 35 1
62 java.util java.sql 44 13 484 2 34 5 2 1 2 4 9 44 2 440
63 javafx.scene.web java.util 1 44 484 34 5 2 1 2 1 44 440
64 javax.faces.context javafx.scene.web 2 1 7 2 1 7
65 javax.imageio.stream javax.faces.context 2 7 1 2 7 1
66 javax.jms javax.imageio.stream 9 57 1 9 57 1
67 javax.json javax.jms 9 123 57 9 100 57 23
68 javax.management.remote javax.json 2 123 2 100 23
69 javax.naming javax.management.remote 7 2 1 6 2 1 1
70 javax.net.ssl javax.naming 2 7 1 2 6 1 1
71 javax.script javax.net.ssl 1 2 2 1
72 javax.servlet javax.portlet 5 21 2 61 1 1 3 21 2 61
73 javax.validation javax.script 1 1 1 1 1
74 javax.ws.rs.client javax.servlet 1 5 21 2 1 1 1 3 21 2
75 javax.ws.rs.container javax.validation 1 9 1 1 9 1
76 javax.ws.rs.core javax.ws.rs.client 3 1 149 1 1 2 94 55
77 javax.xml.transform javax.ws.rs.container 2 9 6 1 1 9 6
78 javax.xml.xpath javax.ws.rs.core 3 149 1 2 3 94 55
79 jodd.json javax.xml.transform 2 10 6 1 1 6 10
80 kotlin javax.xml.xpath 16 3 1847 14 2 3 1836 11
81 net.sf.saxon.s9api jenkins 5 446 5 423 23
82 ognl jodd.json 6 10 6 10
83 okhttp3 kotlin 4 16 48 1847 14 4 2 23 1836 25 11
84 org.antlr.runtime net.sf.json 1 2 338 1 2 321 17
85 org.apache.commons.codec net.sf.saxon.s9api 5 6 5 6
86 org.apache.commons.collections ognl 6 800 6 17 783
87 org.apache.commons.collections4 okhttp3 4 800 48 4 17 23 783 25
88 org.apache.commons.compress.archivers.tar org.acegisecurity 4 49 4 49
89 org.apache.commons.httpclient.util org.antlr.runtime 1 1 1 1
90 org.apache.commons.io org.apache.commons.codec 111 560 6 2 94 15 546 6 14
91 org.apache.commons.jelly org.apache.commons.collections 6 800 6 17 783
92 org.apache.commons.jexl2 org.apache.commons.collections4 15 800 15 17 783
93 org.apache.commons.jexl3 org.apache.commons.compress.archivers.tar 15 4 15 4
94 org.apache.commons.lang3 org.apache.commons.exec 6 424 6 6 293 131
95 org.apache.commons.logging org.apache.commons.httpclient.util 6 1 6 1
96 org.apache.commons.net org.apache.commons.io 9 111 12 560 2 3 94 6 15 12 546 14
97 org.apache.commons.ognl org.apache.commons.jelly 6 6 6
98 org.apache.commons.text org.apache.commons.jexl2 15 272 15 220 52
99 org.apache.directory.ldap.client.api org.apache.commons.jexl3 1 15 15 1
100 org.apache.hadoop.fs org.apache.commons.lang 10 765 10 594 171
101 org.apache.hadoop.hive.metastore org.apache.commons.lang3 3 6 424 6 3 293 131
102 org.apache.hc.client5.http.async.methods org.apache.commons.logging 84 6 6 84
103 org.apache.hc.client5.http.classic.methods org.apache.commons.net 37 9 12 3 37 6 12
104 org.apache.hc.client5.http.fluent org.apache.commons.ognl 19 6 6 19
105 org.apache.hc.core5.benchmark org.apache.commons.text 1 272 1 220 52
106 org.apache.hc.core5.function org.apache.directory.ldap.client.api 1 1 1 1
107 org.apache.hc.core5.http org.apache.hadoop.fs 73 2 45 10 1 72 2 45 10
108 org.apache.hc.core5.net org.apache.hadoop.hive.metastore 3 18 3 18
109 org.apache.hc.core5.util org.apache.hc.client5.http.async.methods 84 24 84 18 6
110 org.apache.hive.hcatalog.templeton org.apache.hc.client5.http.classic.methods 1 37 37 1
111 org.apache.http org.apache.hc.client5.http.fluent 48 19 3 94 2 46 19 3 86 8
112 org.apache.ibatis.jdbc org.apache.hc.core5.benchmark 6 1 57 1 6 57
113 org.apache.log4j org.apache.hc.core5.function 11 1 11 1
114 org.apache.logging.log4j org.apache.hc.core5.http 359 73 2 8 45 1 359 72 2 4 45 4
115 org.apache.shiro.codec org.apache.hc.core5.net 1 18 1 18
116 org.apache.shiro.jndi org.apache.hc.core5.util 1 24 1 18 6
117 org.apache.tools.ant org.apache.hive.hcatalog.templeton 11 1 11 1
118 org.apache.tools.zip org.apache.http 48 3 1 94 2 46 3 1 86 8
119 org.apache.velocity.app org.apache.ibatis.jdbc 4 6 57 6 4 57
120 org.apache.velocity.runtime org.apache.log4j 4 11 11 4
121 org.codehaus.cargo.container.installer org.apache.logging.log4j 3 359 8 359 2 1 4 4
122 org.codehaus.groovy.control org.apache.shiro.codec 1 1 1 1
123 org.dom4j org.apache.shiro.jndi 20 1 1 20
124 org.eclipse.jetty.client org.apache.tools.ant 1 11 11 1
125 org.fusesource.leveldbjni org.apache.tools.zip 1 1 1 1
126 org.geogebra.web.full.main org.apache.velocity.app 1 4 4 1
127 org.hibernate org.apache.velocity.runtime 7 4 7 4
128 org.influxdb org.codehaus.cargo.container.installer 1 3 2 1
129 org.jboss.logging org.codehaus.groovy.control 324 1 1 324
130 org.jdbi.v3.core org.dom4j 6 20 6 20
131 org.jooq org.eclipse.jetty.client 1 1 1
132 org.json org.fusesource.leveldbjni 1 236 1 198 38
133 org.kohsuke.stapler org.geogebra.web.full.main 3 1 1 1 1 1 1
134 org.mvel2 org.hibernate 16 7 16 7
135 org.openjdk.jmh.runner.options org.influxdb 1 1 1
136 org.scijava.log org.jboss.logging 13 324 13 324
137 org.slf4j org.jdbi.v3.core 55 6 6 55 6 2 4
138 org.springframework.beans org.jenkins.ui.icon 30 42 41 30 1
139 org.springframework.boot.jdbc org.jenkins.ui.symbol 1 32 1 24 8
140 org.springframework.cache org.jooq 1 13 1 13
141 org.springframework.context org.json 3 236 3 198 38
142 org.springframework.core.io org.kohsuke.stapler 2 20 24 343 2 1 9 1 4 5 24 332 11
143 org.springframework.data.repository org.mvel2 16 1 16 1
144 org.springframework.http org.openjdk.jmh.runner.options 14 1 71 1 14 61 10
145 org.springframework.jdbc.core org.scijava.log 19 13 13 19
146 org.springframework.jdbc.datasource org.slf4j 4 55 6 55 4 2 4
147 org.springframework.jdbc.object org.springframework.beans 9 30 9 30
148 org.springframework.jndi org.springframework.boot.jdbc 1 1 1
149 org.springframework.ldap org.springframework.cache 47 13 33 14 13
150 org.springframework.security.web.savedrequest org.springframework.context 6 3 6 3
151 org.springframework.ui org.springframework.core.io 2 32 1 1 32
152 org.springframework.util org.springframework.data.repository 3 142 1 3 90 52 1
153 org.springframework.validation org.springframework.http 14 13 71 14 13 61 10
154 org.springframework.web.client org.springframework.jdbc.core 13 19 3 13 19 3
155 org.springframework.web.context.request org.springframework.jdbc.datasource 4 8 4 8
156 org.springframework.web.multipart org.springframework.jdbc.object 9 12 13 9 12 13
157 org.springframework.web.reactive.function.client org.springframework.jndi 2 1 1 2
158 org.springframework.web.util org.springframework.ldap 47 165 33 14 140 25
159 org.thymeleaf org.springframework.security.web.savedrequest 2 6 2 2 6 2
160 org.xml.sax org.springframework.ui 1 32 1 32
161 org.xmlpull.v1 org.springframework.util 3 3 142 3 3 90 52
162 org.yaml.snakeyaml org.springframework.validation 1 13 1 13
163 play.libs.ws org.springframework.web.client 2 13 3 2 13 3
164 play.mvc org.springframework.web.context.request 13 8 24 13 8 24
165 ratpack.core.form org.springframework.web.multipart 12 3 13 12 3 13
166 ratpack.core.handling org.springframework.web.reactive.function.client 2 6 4 2 6 4
167 ratpack.core.http org.springframework.web.util 10 10 165 10 10 140 25
168 ratpack.exec org.thymeleaf 2 48 2 2 2 48
169 ratpack.form org.xml.sax 3 1 3 1
170 ratpack.func org.xmlpull.v1 3 35 3 35
171 ratpack.handling org.yaml.snakeyaml 6 4 1 6 4 1
172 ratpack.http play.libs.ws 2 10 10 2 10 10
173 ratpack.util play.mvc 13 35 24 13 24 35
174 retrofit2 ratpack.core.form 1 3 1 3
175 ratpack.core.handling 6 4 6 4
176 ratpack.core.http 10 10 10 10
177 ratpack.exec 48 48
178 ratpack.form 3 3
179 ratpack.func 35 35
180 ratpack.handling 6 4 6 4
181 ratpack.http 10 10 10 10
182 ratpack.util 35 35
183 retrofit2 1 1

8
java/documentation/library-coverage/coverage.rst
View File

@@ -18,10 +18,10 @@ Java framework & library support
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,7,,,,,
JBoss Logging,``org.jboss.logging``,,,324,,,,,,
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
Java Standard Library,``java.*``,3,683,184,76,,9,,,17
Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,2,4,,1,1,2
Java Standard Library,``java.*``,3,683,197,76,,9,,,17
Java extensions,"``javax.*``, ``jakarta.*``",63,672,34,2,4,,1,1,2
Kotlin Standard Library,``kotlin*``,,1847,16,14,,,,,2
`Spring <https://spring.io/>`_,``org.springframework.*``,29,483,115,4,,28,14,,35
Others,"``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,894,528,66,,18,18,,195
Totals,,255,9194,1997,263,10,122,33,1,385
Others,"``antlr``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",126,5232,577,89,6,18,18,,200
Totals,,283,13593,2059,286,16,122,33,1,390

1
java/downgrades/qlpack.yml
View File

@@ -2,3 +2,4 @@ name: codeql/java-downgrades
groups: java
downgrades: .
library: true
warnOnImplicitThis: true

24
java/kotlin-extractor/build.py
View File

@@ -133,30 +133,6 @@ def find_sources(path):
return glob.glob(path + '/**/*.kt', recursive=True) + glob.glob(path + '/**/*.java', recursive=True)
def get_kotlin_lib_folder():
x = run_process([kotlinc, '-version', '-verbose'], capture_output=True)
output = x.stderr.decode(encoding='UTF-8', errors='strict')
m = re.match(
r'.*\nlogging: using Kotlin home directory ([^\n]+)\n.*', output)
if m is None:
raise Exception('Cannot determine kotlinc home directory')
kotlin_home = m.group(1)
print("Kotlin home directory: " + kotlin_home)
return kotlin_home + '/lib'
def get_gradle_lib_folder():
x = run_process(['gradle', 'getHomeDir'], capture_output=True)
output = x.stdout.decode(encoding='UTF-8', errors='strict')
m = re.search(r'(?m)^> Task :getHomeDir\n([^\n]+)$', output)
if m is None:
print("gradle getHomeDir output:\n" + output, file=sys.stderr)
raise Exception('Cannot determine gradle home directory')
gradle_home = m.group(1)
print("Gradle home directory: " + gradle_home)
return gradle_home + '/lib'
def find_jar(path, base):
fn = path + '/' + base + '.jar'
if not os.path.isfile(fn):

215
java/kotlin-extractor/src/main/java/com/semmle/util/files/FileUtil.java
View File

@@ -27,7 +27,6 @@ import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessControlException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -279,47 +278,6 @@ public class FileUtil
|| path.charAt(2) == '\\'));
}
/**
* Copies a file
*
* @return false if failed to copy.
*/
public static boolean copy (File from, File to)
{
boolean targetFileExisted = to.exists();
try {
copyFile(from, to, false);
return true;
}
catch (IOException e) {
// If the target did not exist before, make sure
// we delete it if there was any error
if (!targetFileExisted)
to.delete();
logger.error("Cannot copy " + from + " to " + to, e);
return false;
}
}
/**
* Append all of <code>sourceFile</code> to the end of <code>targetFile</code> - like
* <code>copy</code>, but just adds to the end of the file.
*
* @return <code>true</code> iff the append succeeded
*/
public static boolean append (File sourceFile, File targetFile)
{
try {
copyFile(sourceFile, targetFile, true);
return true;
}
catch (IOException e) {
logger.error("Cannot append contents of " + sourceFile + " to " + targetFile, e);
return false;
}
}
/**
* Write the contents of the given string to the file, creating it if it does not exist and overwriting it if it does.
*
@@ -443,82 +401,6 @@ public class FileUtil
}
}
/**
* Copies a folder recursively, by overwriting files if necessary. Copies all folders but filters
* files.
* <p>
* <b>IMPORTANT:</b>The contents of <code>from</code> are copied to <code>to</code>, but a
* subdirectory is not created for them. This behaves like <code>rsync -a from/ to</code>.
* <p>
* If {@code from} is a file rather than a directory, it is copied (assuming the filter matches
* it) to the file named by {@code to} -- this must not already exist as a directory.
*
* @deprecated Use <code>FileUtil8.recursiveCopy</code> instead.
* @param from Directory whose contents should be copied, or a file.
* @param to Directory to which files and subdirectories of <code>from</code> should be copied, or
* a file path (if {@code from} is a file).
* @param filter the filter to use for selecting which files to copy, or <code>null</code>
* @return false if failed to copy.
*/
@Deprecated
public static boolean recursiveCopy (File from, File to, final FileFilter filter)
{
// Make sure we include all subfolders
FileFilter realFilter = new FileFilter() {
@Override
public boolean accept (File pathname)
{
if (filter == null || pathname.isDirectory())
return true;
else
return filter == null || filter.accept(pathname);
}
};
return strictRecursiveCopy(from, to, realFilter);
}
/**
* Copies a folder recursively, by overwriting files if necessary. Unlike
* {@link #recursiveCopy(File, File, FileFilter)}, this version applies the filter to directories
* as well, and only recurses into directories that are accepted by the filter.
* <p>
* <b>IMPORTANT:</b>The contents of <code>from</code> are copied to <code>to</code>, but a
* subdirectory is not created for them. This behaves like <code>rsync -a from/ to</code>.
* <p>
* If {@code from} is a file rather than a directory, it is copied (assuming the filter matches
* it) to the file named by {@code to} -- this must not already exist as a directory.
*
* @deprecated Use <code>FileUtil8.recursiveCopy</code> instead.
* @param from Directory whose contents should be copied, or a file.
* @param to Directory to which files and subdirectories of <code>from</code> should be copied, or
* a file path (if {@code from} is a file).
* @param filter the filter to use for selecting which files to copy, or <code>null</code>
* @return false if failed to copy.
*/
@Deprecated
public static boolean strictRecursiveCopy (File from, File to, FileFilter filter)
{
if (!from.exists()) {
return false;
}
if (from.isFile()) {
return copy(from, to);
}
else {
if (!to.exists()) {
if (!to.mkdir()) {
return false;
}
}
boolean success = true;
for (File childFrom : list(from, filter)) {
File childTo = new File(to, childFrom.getName());
success &= strictRecursiveCopy(childFrom, childTo, filter);
}
return success;
}
}
/**
* Writes the entire contents of a stream to a file. Closes input stream when writing is done
*
@@ -589,62 +471,6 @@ public class FileUtil
}
}
private static void copyFile (File from, File to, boolean append) throws IOException
{
// Try to exclude the case where the files are the same. If that happens,
// succeed except in 'append' mode since that is probably not the intention
// The logic below works if from and to both exist - and if one of them
// doesn't they can't be the same file!
from = tryMakeCanonical(from);
to = tryMakeCanonical(to);
if (from.equals(to)) {
if (append)
throw new IOException("Trying to append the contents of file " + from + " onto itself");
else
return; // Nothing to do.
}
try (FileInputStream fis = new FileInputStream(from);
InputStream in = new BufferedInputStream(fis))
{
if (!to.exists())
to.createNewFile();
try (FileOutputStream fos = new FileOutputStream(to, append);
OutputStream out = new BufferedOutputStream(fos))
{
byte[] buf = new byte[16 * 1024];
int count;
while ((count = in.read(buf)) > 0)
out.write(buf, 0, count);
}
}
to.setExecutable(canExecute(from));
}
/**
* In the current Java security model, calling {@link File#canExecute()} requires the same
* permission as calling {@link Runtime#exec(String)}. This makes it impossible to run under a
* restrictive security manager if we blindly check for a file's execute bit.
* <p>
* To work around, if an {@link AccessControlException} arises, and it seems to refer to a lack of
* {@link SecurityConstants#FILE_EXECUTE_ACTION} permission, we suppress the exception and return
* <code>false</code>. Other {@link AccessControlException}s are re-thrown, and otherwise the
* return value coincides with {@link File#canExecute()} on the argument.
*/
private static boolean canExecute (File file)
{
try {
return file.canExecute();
}
catch (AccessControlException e) {
if (e.getPermission() instanceof FilePermission
&& ((FilePermission) e.getPermission()).getActions().contains("execute"))
return false; // deliberately ignoring security failure
throw e;
}
}
private static final BitSet allowedCharacters = new BitSet(256);
static {
for (int i = 'a'; i <= 'z'; i++)
@@ -1633,22 +1459,6 @@ public class FileUtil
}
}
/**
* Copy the source properties file to the target, appending the given variable definitions as
* properties (with proper escaping). An optional marker string is printed as a comment before the
* extra variables, if any.
*/
public static void copyPropertiesFile (
File source,
File target,
Set<Pair<String, String>> extraVariables,
String extraComment)
{
if (source.isFile())
copy(source, target);
appendProperties(target, extraVariables, extraComment);
}
/**
* Append the given set of properties to a specified file, taking care of proper escaping of
* special characters.
@@ -1904,31 +1714,6 @@ public class FileUtil
+ "'.");
}
/**
* Copy a file, creating any directories as needed. If the destination file (or directory)
* exists, it is overwritten.
*
* @param src The file to be renamed. Must be non-null and must exist.
* @param dest The path to copy the file to. Must be non-null. Will be overwritten if it already exists.
*/
public static void forceCopy(File src, File dest)
{
final String errorPrefix = "FileUtil.forceCopy: ";
if (src == null)
throw new CatastrophicError(errorPrefix + "source File is null.");
if (dest == null)
throw new CatastrophicError(errorPrefix + "destination File is null.");
if (!src.exists())
throw new ResourceError(errorPrefix + "source File '" + src.toString() + "' does not exist.", new FileNotFoundException(src.toString()));
mkdirs(dest.getAbsoluteFile().getParentFile());
if (dest.exists() && !recursiveDelete(dest))
throw new ResourceError(errorPrefix + "Couldn't overwrite destination file '" + dest.toString() + "'.");
if (!copy(src, dest))
throw new ResourceError(errorPrefix + "Couldn't copy file '" + src.toString() + "' to '" + dest.toString()
+ "'.");
}
/**
* Query whether a {@link File} is non-null, and represents an existing <b>file</b> that can be
* read.

6
java/kotlin-extractor/src/main/kotlin/ExternalDeclExtractor.kt
View File

@@ -14,7 +14,7 @@ import java.util.ArrayList
import java.util.HashSet
import java.util.zip.GZIPOutputStream
class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: TrapWriter) {
class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: DiagnosticTrapWriter) {
val declBinaryNames = HashMap<IrDeclaration, String>()
val externalDeclsDone = HashSet<Pair<String, String>>()
@@ -95,8 +95,8 @@ class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: Stri
val binaryPath = getIrClassBinaryPath(containingClass)
// We want our comments to be the first thing in the file,
// so start off with a mere TrapWriter
val tw = TrapWriter(logger.loggerBase, TrapLabelManager(), trapFileBW, diagnosticTrapWriter)
// so start off with a PlainTrapWriter
val tw = PlainTrapWriter(logger.loggerBase, TrapLabelManager(), trapFileBW, diagnosticTrapWriter)
tw.writeComment("Generated by the CodeQL Kotlin extractor for external dependencies")
tw.writeComment("Part of invocation $invocationTrapFile")
if (signature != possiblyLongSignature) {

6
java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt
View File

@@ -127,7 +127,7 @@ class KotlinExtractorExtension(
val lm = TrapLabelManager()
val logCounter = LogCounter()
val loggerBase = LoggerBase(logCounter)
val tw = TrapWriter(loggerBase, lm, invocationTrapFileBW, null)
val tw = DiagnosticTrapWriter(loggerBase, lm, invocationTrapFileBW)
// The interceptor has already defined #compilation = *
val compilation: Label<DbCompilation> = StringLabel("compilation")
tw.writeCompilation_started(compilation)
@@ -324,13 +324,13 @@ private fun doFile(
trapFileWriter.getTempWriter().use { trapFileBW ->
// We want our comments to be the first thing in the file,
// so start off with a mere TrapWriter
val tw = TrapWriter(loggerBase, TrapLabelManager(), trapFileBW, fileTrapWriter)
val tw = PlainTrapWriter(loggerBase, TrapLabelManager(), trapFileBW, fileTrapWriter.getDiagnosticTrapWriter())
tw.writeComment("Generated by the CodeQL Kotlin extractor for kotlin source code")
tw.writeComment("Part of invocation $invocationTrapFile")
// Now elevate to a SourceFileTrapWriter, and populate the
// file information
val sftw = tw.makeSourceFileTrapWriter(srcFile, true)
val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter)
val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter.getDiagnosticTrapWriter())
val linesOfCode = LinesOfCode(logger, sftw, srcFile)
val fileExtractor = KotlinFileExtractor(logger, sftw, linesOfCode, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState)

18
java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
View File

@@ -1559,7 +1559,7 @@ open class KotlinFileExtractor(
val setter = p.setter
if (getter == null) {
if (p.modality != Modality.FINAL || !isExternalDeclaration(p)) {
if (!isExternalDeclaration(p)) {
logger.warnElement("IrProperty without a getter", p)
}
} else if (shouldExtractDecl(getter, extractPrivateMembers)) {
@@ -2398,9 +2398,9 @@ open class KotlinFileExtractor(
return result
}
private fun findTopLevelFunctionOrWarn(functionFilter: String, type: String, parameterTypes: Array<String>, warnAgainstElement: IrElement): IrFunction? {
private fun findTopLevelFunctionOrWarn(functionPkg: String, functionName: String, type: String, parameterTypes: Array<String>, warnAgainstElement: IrElement): IrFunction? {
val fn = getFunctionsByFqName(pluginContext, functionFilter)
val fn = getFunctionsByFqName(pluginContext, functionPkg, functionName)
.firstOrNull { fnSymbol ->
fnSymbol.owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type &&
fnSymbol.owner.valueParameters.map { it.type.classFqName?.asString() }.toTypedArray() contentEquals parameterTypes
@@ -2411,15 +2411,15 @@ open class KotlinFileExtractor(
extractExternalClassLater(fn.parentAsClass)
}
} else {
logger.errorElement("Couldn't find JVM intrinsic function $functionFilter in $type", warnAgainstElement)
logger.errorElement("Couldn't find JVM intrinsic function $functionPkg $functionName in $type", warnAgainstElement)
}
return fn
}
private fun findTopLevelPropertyOrWarn(propertyFilter: String, type: String, warnAgainstElement: IrElement): IrProperty? {
private fun findTopLevelPropertyOrWarn(propertyPkg: String, propertyName: String, type: String, warnAgainstElement: IrElement): IrProperty? {
val prop = getPropertiesByFqName(pluginContext, propertyFilter)
val prop = getPropertiesByFqName(pluginContext, propertyPkg, propertyName)
.firstOrNull { it.owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type }
?.owner
@@ -2428,7 +2428,7 @@ open class KotlinFileExtractor(
extractExternalClassLater(prop.parentAsClass)
}
} else {
logger.errorElement("Couldn't find JVM intrinsic property $propertyFilter in $type", warnAgainstElement)
logger.errorElement("Couldn't find JVM intrinsic property $propertyPkg $propertyName in $type", warnAgainstElement)
}
return prop
@@ -3020,7 +3020,7 @@ open class KotlinFileExtractor(
}
isBuiltinCall(c, "<get-java>", "kotlin.jvm") -> {
// Special case for KClass<*>.java, which is used in the Parcelize plugin. In normal cases, this is already rewritten to the property referenced below:
findTopLevelPropertyOrWarn("kotlin.jvm.java", "kotlin.jvm.JvmClassMappingKt", c)?.let { javaProp ->
findTopLevelPropertyOrWarn("kotlin.jvm", "java", "kotlin.jvm.JvmClassMappingKt", c)?.let { javaProp ->
val getter = javaProp.getter
if (getter == null) {
logger.error("Couldn't find getter of `kotlin.jvm.JvmClassMappingKt::java`")
@@ -3052,7 +3052,7 @@ open class KotlinFileExtractor(
"kotlin.jvm.internal.ArrayIteratorsKt"
}
findTopLevelFunctionOrWarn("kotlin.jvm.internal.iterator", typeFilter, arrayOf(parentClass.kotlinFqName.asString()), c)?.let { iteratorFn ->
findTopLevelFunctionOrWarn("kotlin.jvm.internal", "iterator", typeFilter, arrayOf(parentClass.kotlinFqName.asString()), c)?.let { iteratorFn ->
val dispatchReceiver = c.dispatchReceiver
if (dispatchReceiver == null) {
logger.errorElement("No dispatch receiver found for array iterator call", c)

4
java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
View File

@@ -139,13 +139,13 @@ open class KotlinUsesExtractor(
if (clsFile == null || isExternalDeclaration(cls)) {
val filePath = getIrClassBinaryPath(cls)
val newTrapWriter = tw.makeFileTrapWriter(filePath, true)
val newLoggerTrapWriter = logger.tw.makeFileTrapWriter(filePath, false)
val newLoggerTrapWriter = logger.dtw.makeFileTrapWriter(filePath, false)
val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter)
return KotlinFileExtractor(newLogger, newTrapWriter, null, filePath, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState)
}
val newTrapWriter = tw.makeSourceFileTrapWriter(clsFile, true)
val newLoggerTrapWriter = logger.tw.makeSourceFileTrapWriter(clsFile, false)
val newLoggerTrapWriter = logger.dtw.makeSourceFileTrapWriter(clsFile, false)
val newLogger = FileLogger(logger.loggerBase, newLoggerTrapWriter)
return KotlinFileExtractor(newLogger, newTrapWriter, null, clsFile.path, dependencyCollector, externalClassExtractor, primitiveTypeMapping, pluginContext, newDeclarationStack, globalExtensionState)
}

59
java/kotlin-extractor/src/main/kotlin/TrapWriter.kt
View File

@@ -57,7 +57,9 @@ class TrapLabelManager {
* share the same `TrapLabelManager` and `BufferedWriter`.
*/
// TODO lm was `protected` before anonymousTypeMapping and locallyVisibleFunctionLabelMapping moved into it. Should we re-protect it and provide accessors?
open class TrapWriter (protected val loggerBase: LoggerBase, val lm: TrapLabelManager, private val bw: BufferedWriter, val diagnosticTrapWriter: TrapWriter?) {
abstract class TrapWriter (protected val loggerBase: LoggerBase, val lm: TrapLabelManager, private val bw: BufferedWriter) {
abstract fun getDiagnosticTrapWriter(): DiagnosticTrapWriter
/**
* Returns the label that is defined to be the given key, if such
* a label exists, and `null` otherwise. Most users will want to use
@@ -223,7 +225,7 @@ open class TrapWriter (protected val loggerBase: LoggerBase, val lm: TrapLabelMa
val len = str.length
val newLen = UTF8Util.encodablePrefixLength(str, MAX_STRLEN)
if (newLen < len) {
loggerBase.warn(diagnosticTrapWriter ?: this,
loggerBase.warn(this.getDiagnosticTrapWriter(),
"Truncated string of length $len",
"Truncated string of length $len, starting '${str.take(100)}', ending '${str.takeLast(100)}'")
return str.take(newLen)
@@ -237,14 +239,43 @@ open class TrapWriter (protected val loggerBase: LoggerBase, val lm: TrapLabelMa
* writer etc), but using the given `filePath` for locations.
*/
fun makeFileTrapWriter(filePath: String, populateFileTables: Boolean) =
FileTrapWriter(loggerBase, lm, bw, diagnosticTrapWriter, filePath, populateFileTables)
FileTrapWriter(loggerBase, lm, bw, this.getDiagnosticTrapWriter(), filePath, populateFileTables)
/**
* Gets a FileTrapWriter like this one (using the same label manager,
* writer etc), but using the given `IrFile` for locations.
*/
fun makeSourceFileTrapWriter(file: IrFile, populateFileTables: Boolean) =
SourceFileTrapWriter(loggerBase, lm, bw, diagnosticTrapWriter, file, populateFileTables)
SourceFileTrapWriter(loggerBase, lm, bw, this.getDiagnosticTrapWriter(), file, populateFileTables)
}
/**
* A `PlainTrapWriter` has no additional context of its own.
*/
class PlainTrapWriter (
loggerBase: LoggerBase,
lm: TrapLabelManager,
bw: BufferedWriter,
val dtw: DiagnosticTrapWriter
): TrapWriter (loggerBase, lm, bw) {
override fun getDiagnosticTrapWriter(): DiagnosticTrapWriter {
return dtw
}
}
/**
* A `DiagnosticTrapWriter` is a TrapWriter that diagnostics can be
* written to; i.e. it has the #compilation label defined. In practice,
* this means that it is a TrapWriter for the invocation TRAP file.
*/
class DiagnosticTrapWriter (
loggerBase: LoggerBase,
lm: TrapLabelManager,
bw: BufferedWriter
): TrapWriter (loggerBase, lm, bw) {
override fun getDiagnosticTrapWriter(): DiagnosticTrapWriter {
return this
}
}
/**
@@ -259,16 +290,20 @@ open class FileTrapWriter (
loggerBase: LoggerBase,
lm: TrapLabelManager,
bw: BufferedWriter,
diagnosticTrapWriter: TrapWriter?,
val dtw: DiagnosticTrapWriter,
val filePath: String,
populateFileTables: Boolean
): TrapWriter (loggerBase, lm, bw, diagnosticTrapWriter) {
): TrapWriter (loggerBase, lm, bw) {
/**
* The ID for the file that we are extracting from.
*/
val fileId = mkFileId(filePath, populateFileTables)
override fun getDiagnosticTrapWriter(): DiagnosticTrapWriter {
return dtw
}
private fun offsetMinOf(default: Int, vararg options: Int?): Int {
if (default == UNDEFINED_OFFSET || default == SYNTHETIC_OFFSET) {
return default
@@ -349,10 +384,10 @@ class SourceFileTrapWriter (
loggerBase: LoggerBase,
lm: TrapLabelManager,
bw: BufferedWriter,
diagnosticTrapWriter: TrapWriter?,
dtw: DiagnosticTrapWriter,
val irFile: IrFile,
populateFileTables: Boolean) :
FileTrapWriter(loggerBase, lm, bw, diagnosticTrapWriter, irFile.path, populateFileTables) {
FileTrapWriter(loggerBase, lm, bw, dtw, irFile.path, populateFileTables) {
/**
* The file entry for the file that we are extracting from.
@@ -363,14 +398,14 @@ class SourceFileTrapWriter (
override fun getLocation(startOffset: Int, endOffset: Int): Label<DbLocation> {
if (startOffset == UNDEFINED_OFFSET || endOffset == UNDEFINED_OFFSET) {
if (startOffset != endOffset) {
loggerBase.warn(this, "Location with inconsistent offsets (start $startOffset, end $endOffset)", null)
loggerBase.warn(dtw, "Location with inconsistent offsets (start $startOffset, end $endOffset)", null)
}
return getWholeFileLocation()
}
if (startOffset == SYNTHETIC_OFFSET || endOffset == SYNTHETIC_OFFSET) {
if (startOffset != endOffset) {
loggerBase.warn(this, "Location with inconsistent offsets (start $startOffset, end $endOffset)", null)
loggerBase.warn(dtw, "Location with inconsistent offsets (start $startOffset, end $endOffset)", null)
}
return getWholeFileLocation()
}
@@ -390,14 +425,14 @@ class SourceFileTrapWriter (
override fun getLocationString(e: IrElement): String {
if (e.startOffset == UNDEFINED_OFFSET || e.endOffset == UNDEFINED_OFFSET) {
if (e.startOffset != e.endOffset) {
loggerBase.warn(this, "Location with inconsistent offsets (start ${e.startOffset}, end ${e.endOffset})", null)
loggerBase.warn(dtw, "Location with inconsistent offsets (start ${e.startOffset}, end ${e.endOffset})", null)
}
return "<unknown location while processing $filePath>"
}
if (e.startOffset == SYNTHETIC_OFFSET || e.endOffset == SYNTHETIC_OFFSET) {
if (e.startOffset != e.endOffset) {
loggerBase.warn(this, "Location with inconsistent offsets (start ${e.startOffset}, end ${e.endOffset})", null)
loggerBase.warn(dtw, "Location with inconsistent offsets (start ${e.startOffset}, end ${e.endOffset})", null)
}
return "<synthetic location while processing $filePath>"
}

25
java/kotlin-extractor/src/main/kotlin/utils/GetByFqName.kt
View File

@@ -1,33 +1,18 @@
package com.github.codeql.utils
import org.jetbrains.kotlin.backend.common.extensions.FirIncompatiblePluginAPI
import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
import org.jetbrains.kotlin.ir.symbols.*
import org.jetbrains.kotlin.name.FqName
import org.jetbrains.kotlin.name.Name
fun getClassByFqName(pluginContext: IrPluginContext, fqName: String): IrClassSymbol? {
return getClassByFqName(pluginContext, FqName(fqName))
}
fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
@OptIn(FirIncompatiblePluginAPI::class)
return pluginContext.referenceClass(fqName)
fun getFunctionsByFqName(pluginContext: IrPluginContext, pkgName: String, name: String): Collection<IrSimpleFunctionSymbol> {
return getFunctionsByFqName(pluginContext, FqName(pkgName), Name.identifier(name))
}
fun getFunctionsByFqName(pluginContext: IrPluginContext, fqName: String): Collection<IrSimpleFunctionSymbol> {
return getFunctionsByFqName(pluginContext, FqName(fqName))
}
private fun getFunctionsByFqName(pluginContext: IrPluginContext, fqName: FqName): Collection<IrSimpleFunctionSymbol> {
@OptIn(FirIncompatiblePluginAPI::class)
return pluginContext.referenceFunctions(fqName)
}
fun getPropertiesByFqName(pluginContext: IrPluginContext, fqName: String): Collection<IrPropertySymbol> {
return getPropertiesByFqName(pluginContext, FqName(fqName))
}
private fun getPropertiesByFqName(pluginContext: IrPluginContext, fqName: FqName): Collection<IrPropertySymbol> {
@OptIn(FirIncompatiblePluginAPI::class)
return pluginContext.referenceProperties(fqName)
fun getPropertiesByFqName(pluginContext: IrPluginContext, pkgName: String, name: String): Collection<IrPropertySymbol> {
return getPropertiesByFqName(pluginContext, FqName(pkgName), Name.identifier(name))
}

57
java/kotlin-extractor/src/main/kotlin/utils/Logger.kt
View File

@@ -107,7 +107,7 @@ open class LoggerBase(val logCounter: LogCounter) {
file_number_diagnostic_number = 0
}
fun diagnostic(tw: TrapWriter, severity: Severity, msg: String, extraInfo: String?, locationString: String? = null, mkLocationId: () -> Label<DbLocation> = { tw.unknownLocation }) {
fun diagnostic(dtw: DiagnosticTrapWriter, severity: Severity, msg: String, extraInfo: String?, locationString: String? = null, mkLocationId: () -> Label<DbLocation> = { dtw.unknownLocation }) {
val diagnosticLoc = getDiagnosticLocation()
val diagnosticLocStr = if(diagnosticLoc == null) "<unknown location>" else diagnosticLoc
val suffix =
@@ -121,7 +121,7 @@ open class LoggerBase(val logCounter: LogCounter) {
// counting machinery
if (verbosity >= 1) {
val message = "Severity mismatch ($severity vs ${oldInfo.first}) at $diagnosticLoc"
emitDiagnostic(tw, Severity.Error, "Inconsistency", message, message)
emitDiagnostic(dtw, Severity.Error, "Inconsistency", message, message)
}
}
val newCount = oldInfo.second + 1
@@ -149,18 +149,18 @@ open class LoggerBase(val logCounter: LogCounter) {
fullMsgBuilder.append(suffix)
val fullMsg = fullMsgBuilder.toString()
emitDiagnostic(tw, severity, diagnosticLocStr, msg, fullMsg, locationString, mkLocationId)
emitDiagnostic(dtw, severity, diagnosticLocStr, msg, fullMsg, locationString, mkLocationId)
}
private fun emitDiagnostic(tw: TrapWriter, severity: Severity, diagnosticLocStr: String, msg: String, fullMsg: String, locationString: String? = null, mkLocationId: () -> Label<DbLocation> = { tw.unknownLocation }) {
private fun emitDiagnostic(dtw: DiagnosticTrapWriter, severity: Severity, diagnosticLocStr: String, msg: String, fullMsg: String, locationString: String? = null, mkLocationId: () -> Label<DbLocation> = { dtw.unknownLocation }) {
val locStr = if (locationString == null) "" else "At " + locationString + ": "
val kind = if (severity <= Severity.WarnHigh) "WARN" else "ERROR"
val logMessage = LogMessage(kind, "Diagnostic($diagnosticLocStr): $locStr$fullMsg")
// We don't actually make the location until after the `return` above
val locationId = mkLocationId()
val diagLabel = tw.getFreshIdLabel<DbDiagnostic>()
tw.writeDiagnostics(diagLabel, "CodeQL Kotlin extractor", severity.sev, "", msg, "${logMessage.timestamp} $fullMsg", locationId)
tw.writeDiagnostic_for(diagLabel, StringLabel("compilation"), file_number, file_number_diagnostic_number++)
val diagLabel = dtw.getFreshIdLabel<DbDiagnostic>()
dtw.writeDiagnostics(diagLabel, "CodeQL Kotlin extractor", severity.sev, "", msg, "${logMessage.timestamp} $fullMsg", locationId)
dtw.writeDiagnostic_for(diagLabel, StringLabel("compilation"), file_number, file_number_diagnostic_number++)
logStream.write(logMessage.toJsonLine())
}
@@ -188,28 +188,25 @@ open class LoggerBase(val logCounter: LogCounter) {
}
}
fun warn(tw: TrapWriter, msg: String, extraInfo: String?) {
fun warn(dtw: DiagnosticTrapWriter, msg: String, extraInfo: String?) {
if (verbosity >= 2) {
diagnostic(tw, Severity.Warn, msg, extraInfo)
diagnostic(dtw, Severity.Warn, msg, extraInfo)
}
}
fun error(tw: TrapWriter, msg: String, extraInfo: String?) {
fun error(dtw: DiagnosticTrapWriter, msg: String, extraInfo: String?) {
if (verbosity >= 1) {
diagnostic(tw, Severity.Error, msg, extraInfo)
diagnostic(dtw, Severity.Error, msg, extraInfo)
}
}
fun printLimitedDiagnosticCounts(tw: TrapWriter) {
fun printLimitedDiagnosticCounts(dtw: DiagnosticTrapWriter) {
for((caller, info) in logCounter.diagnosticInfo) {
val severity = info.first
val count = info.second
if(count >= logCounter.diagnosticLimit) {
// We don't know if this location relates to an error
// or a warning, so we just declare hitting the limit
// to be an error regardless.
val message = "Total of $count diagnostics (reached limit of ${logCounter.diagnosticLimit}) from $caller."
if (verbosity >= 1) {
emitDiagnostic(tw, severity, "Limit", message, message)
emitDiagnostic(dtw, severity, "Limit", message, message)
}
}
}
@@ -224,28 +221,28 @@ open class LoggerBase(val logCounter: LogCounter) {
}
}
open class Logger(val loggerBase: LoggerBase, open val tw: TrapWriter) {
open class Logger(val loggerBase: LoggerBase, open val dtw: DiagnosticTrapWriter) {
fun flush() {
tw.flush()
dtw.flush()
loggerBase.flush()
}
fun trace(msg: String) {
loggerBase.trace(tw, msg)
loggerBase.trace(dtw, msg)
}
fun trace(msg: String, exn: Throwable) {
trace(msg + "\n" + exn.stackTraceToString())
}
fun debug(msg: String) {
loggerBase.debug(tw, msg)
loggerBase.debug(dtw, msg)
}
fun info(msg: String) {
loggerBase.info(tw, msg)
loggerBase.info(dtw, msg)
}
private fun warn(msg: String, extraInfo: String?) {
loggerBase.warn(tw, msg, extraInfo)
loggerBase.warn(dtw, msg, extraInfo)
}
fun warn(msg: String, exn: Throwable) {
warn(msg, exn.stackTraceToString())
@@ -255,7 +252,7 @@ open class Logger(val loggerBase: LoggerBase, open val tw: TrapWriter) {
}
private fun error(msg: String, extraInfo: String?) {
loggerBase.error(tw, msg, extraInfo)
loggerBase.error(dtw, msg, extraInfo)
}
fun error(msg: String) {
error(msg, null)
@@ -265,16 +262,16 @@ open class Logger(val loggerBase: LoggerBase, open val tw: TrapWriter) {
}
}
class FileLogger(loggerBase: LoggerBase, override val tw: FileTrapWriter): Logger(loggerBase, tw) {
class FileLogger(loggerBase: LoggerBase, val ftw: FileTrapWriter): Logger(loggerBase, ftw.getDiagnosticTrapWriter()) {
fun warnElement(msg: String, element: IrElement, exn: Throwable? = null) {
val locationString = tw.getLocationString(element)
val mkLocationId = { tw.getLocation(element) }
loggerBase.diagnostic(tw, Severity.Warn, msg, exn?.stackTraceToString(), locationString, mkLocationId)
val locationString = ftw.getLocationString(element)
val mkLocationId = { ftw.getLocation(element) }
loggerBase.diagnostic(ftw.getDiagnosticTrapWriter(), Severity.Warn, msg, exn?.stackTraceToString(), locationString, mkLocationId)
}
fun errorElement(msg: String, element: IrElement, exn: Throwable? = null) {
val locationString = tw.getLocationString(element)
val mkLocationId = { tw.getLocation(element) }
loggerBase.diagnostic(tw, Severity.Error, msg, exn?.stackTraceToString(), locationString, mkLocationId)
val locationString = ftw.getLocationString(element)
val mkLocationId = { ftw.getLocation(element) }
loggerBase.diagnostic(ftw.getDiagnosticTrapWriter(), Severity.Error, msg, exn?.stackTraceToString(), locationString, mkLocationId)
}
}

5
java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/FirIncompatiblePluginAPI.kt
View File

@@ -1,5 +0,0 @@
package org.jetbrains.kotlin.backend.common.extensions
@RequiresOptIn("This API is not available after FIR")
annotation class FirIncompatiblePluginAPI

20
java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/ReferenceEntity.kt Normal file
View File

@@ -0,0 +1,20 @@
package com.github.codeql.utils
import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
import org.jetbrains.kotlin.ir.symbols.*
import org.jetbrains.kotlin.name.FqName
import org.jetbrains.kotlin.name.Name
fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
return pluginContext.referenceClass(fqName)
}
fun getFunctionsByFqName(pluginContext: IrPluginContext, pkgName: FqName, name: Name): Collection<IrSimpleFunctionSymbol> {
val fqName = pkgName.child(name)
return pluginContext.referenceFunctions(fqName)
}
fun getPropertiesByFqName(pluginContext: IrPluginContext, pkgName: FqName, name: Name): Collection<IrPropertySymbol> {
val fqName = pkgName.child(name)
return pluginContext.referenceProperties(fqName)
}

4
java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/FirIncompatiblePluginAPI.kt
View File

@@ -1,4 +0,0 @@
package com.github.codeql
// The compiler provides the annotation class, so we don't need to do
// anything

24
java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt Normal file
View File

@@ -0,0 +1,24 @@
package com.github.codeql.utils
import org.jetbrains.kotlin.backend.common.extensions.FirIncompatiblePluginAPI
import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
import org.jetbrains.kotlin.ir.symbols.*
import org.jetbrains.kotlin.name.ClassId
import org.jetbrains.kotlin.name.CallableId
import org.jetbrains.kotlin.name.FqName
import org.jetbrains.kotlin.name.Name
fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
val id = ClassId.topLevel(fqName)
return pluginContext.referenceClass(id)
}
fun getFunctionsByFqName(pluginContext: IrPluginContext, pkgName: FqName, name: Name): Collection<IrSimpleFunctionSymbol> {
val id = CallableId(pkgName, name)
return pluginContext.referenceFunctions(id)
}
fun getPropertiesByFqName(pluginContext: IrPluginContext, pkgName: FqName, name: Name): Collection<IrPropertySymbol> {
val id = CallableId(pkgName, name)
return pluginContext.referenceProperties(id)
}

1
java/ql/consistency-queries/qlpack.yml
View File

@@ -2,3 +2,4 @@ name: codeql-java-consistency-queries
version: 0.0.0
dependencies:
codeql/java-all: '*'
warnOnImplicitThis: true

1
java/ql/examples/qlpack.yml
View File

@@ -4,3 +4,4 @@ groups:
- examples
dependencies:
codeql/java-all: ${workspace}
warnOnImplicitThis: true

3
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/project/build.gradle.kts
View File

@@ -54,6 +54,9 @@ android {
versionName = "1.0"
}
lintOptions {
disable("Instantiatable")
}
}
androidComponents {

1
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.expected
View File

@@ -13,6 +13,7 @@ xmlFiles
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml:0:0:0:0 | project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |

3
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/project/build.gradle.kts
View File

@@ -54,6 +54,9 @@ android {
versionName = "1.0"
}
lintOptions {
disable("Instantiatable")
}
}
androidComponents {

1
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.expected
View File

@@ -13,6 +13,7 @@ xmlFiles
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml:0:0:0:0 | project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |

4
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/project/build.gradle
View File

@@ -55,4 +55,8 @@ android {
}
variantFilter { variant -> if (variant.buildType.name == "debug") { setIgnore(true) } }
lintOptions {
disable "Instantiatable"
}
}

1
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.expected
View File

@@ -13,6 +13,7 @@ xmlFiles
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml:0:0:0:0 | project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |

4
java/ql/integration-tests/all-platforms/java/android-sample-old-style/project/build.gradle
View File

@@ -55,4 +55,8 @@ android {
}
variantFilter { variant -> if (variant.buildType.name == "debug") { setIgnore(true) } }
lintOptions {
disable "Instantiatable"
}
}

1
java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.expected
View File

@@ -13,6 +13,7 @@ xmlFiles
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml:0:0:0:0 | project/build/intermediates/lint_vital_partial_results/release/out/lint-issues-release.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |

1
java/ql/integration-tests/all-platforms/java/qlpack.yml
View File

@@ -2,3 +2,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/all-platforms/kotlin/annotation-id-consistency/qlpack.yml
View File

@@ -5,3 +5,4 @@ dependencies:
codeql/java-queries: '*'
dataExtensions:
ext/*.model.yml
warnOnImplicitThis: true

1
java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/qlpack.yml
View File

@@ -5,3 +5,4 @@ dependencies:
codeql/java-queries: '*'
dataExtensions:
ext/*.model.yml
warnOnImplicitThis: true

2
java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.expected
View File

@@ -0,0 +1,2 @@
failures
testFailures

10
java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
View File

@@ -19,12 +19,10 @@ module Config implements DataFlow::ConfigSig {
module Flow = TaintTracking::Global<Config>;
class InlineFlowTest extends InlineExpectationsTest {
InlineFlowTest() { this = "HasFlowTest" }
module InlineFlowTest implements TestSig {
string getARelevantTag() { result = "flow" }
override string getARelevantTag() { result = "flow" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "flow" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.getLocation() = location and
@@ -33,3 +31,5 @@ class InlineFlowTest extends InlineExpectationsTest {
)
}
}
import MakeTest<InlineFlowTest>

1
java/ql/integration-tests/all-platforms/kotlin/gradle_kotlinx_serialization/qlpack.yml
View File

@@ -3,3 +3,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/qlpack.yml
View File

@@ -3,3 +3,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/qlpack.yml
View File

@@ -3,3 +3,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/all-platforms/kotlin/qlpack.yml
View File

@@ -2,3 +2,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/linux-only/kotlin/custom_plugin/qlpack.yml
View File

@@ -1,3 +1,4 @@
name: integrationtest-custom-plugin
dependencies:
codeql/java-all: '*'
warnOnImplicitThis: true

1
java/ql/integration-tests/linux-only/kotlin/qlpack.yml
View File

@@ -1,2 +1,3 @@
dependencies:
codeql/java-all: '*'
warnOnImplicitThis: true

2
java/ql/integration-tests/posix-only/kotlin/qlpack.yml
View File

@@ -2,4 +2,4 @@ dependencies:
codeql/java-all: '*'
codeql/java-tests: '*'
codeql/java-queries: '*'
warnOnImplicitThis: true

4
java/ql/lib/change-notes/2023-04-19-deprecated-execcallable.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.

4
java/ql/lib/change-notes/2023-05-22-hudson-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more models for the Hudson framework.

4
java/ql/lib/change-notes/2023-05-22-stapler-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more models for the Stapler framework.

4
java/ql/lib/change-notes/2023-06-08-type-strengthening.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.

8
java/ql/lib/change-notes/2023-06-14-jenkins-autogenerated-models.md Normal file
View File

@@ -0,0 +1,8 @@
---
category: minorAnalysis
---
* Added automatically-generated dataflow models for the following frameworks and libraries:
* `hudson`
* `jenkins`
* `net.sf.json`
* `stapler`

4
java/ql/lib/change-notes/2023-06-22-url-tostring-model.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added a missing summary model for the method `java.net.URL.toString`.

4
java/ql/lib/change-notes/2023-06-28-javax-portlet-autogenerated-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added automatically-generated dataflow models for `javax.portlet`.

6
java/ql/lib/ext/experimental/com.jcraft.jsch.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: experimentalSinkModel
data:
- ["com.jcraft.jsch", "ChannelExec", True, "setCommand", "", "", "Argument[0]", "command-injection", "manual", "jsch-os-injection"]

190
java/ql/lib/ext/generated/javax.portlet.model.yml Normal file
View File

@@ -0,0 +1,190 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
# Definitions of models for the Java Portlet framework.
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["javax.portlet.filter", "ActionRequestWrapper", true, "ActionRequestWrapper", "(ActionRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ActionRequestWrapper", true, "setRequest", "(ActionRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ActionResponseWrapper", true, "ActionResponseWrapper", "(ActionResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ActionResponseWrapper", true, "setResponse", "(ActionResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "EventRequestWrapper", true, "EventRequestWrapper", "(EventRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "EventRequestWrapper", true, "setRequest", "(EventRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "EventResponseWrapper", true, "EventResponseWrapper", "(EventResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "EventResponseWrapper", true, "setResponse", "(EventResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletRequestWrapper", true, "PortletRequestWrapper", "(PortletRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletRequestWrapper", true, "getRequest", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletRequestWrapper", true, "setRequest", "(PortletRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletResponseWrapper", true, "PortletResponseWrapper", "(PortletResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletResponseWrapper", true, "getResponse", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet.filter", "PortletResponseWrapper", true, "setResponse", "(PortletResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "RenderRequestWrapper", true, "RenderRequestWrapper", "(RenderRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "RenderRequestWrapper", true, "setRequest", "(RenderRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "RenderResponseWrapper", true, "RenderResponseWrapper", "(RenderResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "RenderResponseWrapper", true, "setResponse", "(RenderResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ResourceRequestWrapper", true, "ResourceRequestWrapper", "(ResourceRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ResourceRequestWrapper", true, "setRequest", "(ResourceRequest)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ResourceResponseWrapper", true, "ResourceResponseWrapper", "(ResourceResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet.filter", "ResourceResponseWrapper", true, "setResponse", "(ResourceResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "GenericPortlet", true, "getPortletConfig", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "Portlet", true, "init", "(PortletConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletException", true, "PortletException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletException", true, "PortletException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletException", true, "PortletException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletMode", true, "PortletMode", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletMode", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(String,PortletMode)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(String,PortletMode)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(String,Throwable,PortletMode)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(String,Throwable,PortletMode)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(String,Throwable,PortletMode)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "PortletModeException", "(Throwable,PortletMode)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletModeException", true, "getMode", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "PortletSecurityException", true, "PortletSecurityException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletSecurityException", true, "PortletSecurityException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletSecurityException", true, "PortletSecurityException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "PortletSessionUtil", true, "decodeAttributeName", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "ReadOnlyException", true, "ReadOnlyException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ReadOnlyException", true, "ReadOnlyException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ReadOnlyException", true, "ReadOnlyException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "UnavailableException", true, "UnavailableException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "UnavailableException", true, "UnavailableException", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(String,Collection)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(String,Collection)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(String,Throwable,Collection)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(String,Throwable,Collection)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(String,Throwable,Collection)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "ValidatorException", "(Throwable,Collection)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "ValidatorException", true, "getFailedKeys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "WindowState", true, "WindowState", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowState", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(String,Throwable,WindowState)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(String,Throwable,WindowState)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(String,Throwable,WindowState)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(String,WindowState)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(String,WindowState)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "WindowStateException", "(Throwable,WindowState)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["javax.portlet", "WindowStateException", true, "getState", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["javax.portlet", "ActionResponse", "sendRedirect", "(String)", "summary", "df-generated"]
- ["javax.portlet", "ActionResponse", "sendRedirect", "(String,String)", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getCharacterEncoding", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getContentLength", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getContentType", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getMethod", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getPortletInputStream", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "getReader", "()", "summary", "df-generated"]
- ["javax.portlet", "ClientDataRequest", "setCharacterEncoding", "(String)", "summary", "df-generated"]
- ["javax.portlet", "EventPortlet", "processEvent", "(EventRequest,EventResponse)", "summary", "df-generated"]
- ["javax.portlet", "EventRequest", "getEvent", "()", "summary", "df-generated"]
- ["javax.portlet", "EventRequest", "getMethod", "()", "summary", "df-generated"]
- ["javax.portlet", "EventResponse", "setRenderParameters", "(EventRequest)", "summary", "df-generated"]
- ["javax.portlet", "GenericPortlet", "init", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "createActionURL", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "createRenderURL", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "createResourceURL", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "flushBuffer", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getBufferSize", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getCacheControl", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getCharacterEncoding", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getContentType", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getLocale", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getPortletOutputStream", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "getWriter", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "isCommitted", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "reset", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "resetBuffer", "()", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "setBufferSize", "(int)", "summary", "df-generated"]
- ["javax.portlet", "MimeResponse", "setContentType", "(String)", "summary", "df-generated"]
- ["javax.portlet", "Portlet", "destroy", "()", "summary", "df-generated"]
- ["javax.portlet", "Portlet", "processAction", "(ActionRequest,ActionResponse)", "summary", "df-generated"]
- ["javax.portlet", "Portlet", "render", "(RenderRequest,RenderResponse)", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getContainerRuntimeOptions", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getDefaultNamespace", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getInitParameter", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getInitParameterNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getPortletContext", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getPortletName", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getProcessingEventQNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getPublicRenderParameterNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getPublishingEventQNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getResourceBundle", "(Locale)", "summary", "df-generated"]
- ["javax.portlet", "PortletConfig", "getSupportedLocales", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletException", "PortletException", "(Throwable)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest$P3PUserInfos", "toString", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getAttribute", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getAttributeNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getAuthType", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getContextPath", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getCookies", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getLocale", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getLocales", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getParameter", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getParameterMap", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getParameterNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getParameterValues", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPortalContext", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPortletMode", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPortletSession", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPortletSession", "(boolean)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPreferences", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPrivateParameterMap", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getProperties", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getProperty", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPropertyNames", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getPublicParameterMap", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getRemoteUser", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getRequestedSessionId", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getResponseContentType", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getResponseContentTypes", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getScheme", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getServerName", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getServerPort", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getUserPrincipal", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getWindowID", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "getWindowState", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "isPortletModeAllowed", "(PortletMode)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "isRequestedSessionIdValid", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "isSecure", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "isUserInRole", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "isWindowStateAllowed", "(WindowState)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "removeAttribute", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletRequest", "setAttribute", "(String,Object)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "addProperty", "(Cookie)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "addProperty", "(String,Element)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "addProperty", "(String,String)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "createElement", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "encodeURL", "(String)", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "getNamespace", "()", "summary", "df-generated"]
- ["javax.portlet", "PortletResponse", "setProperty", "(String,String)", "summary", "df-generated"]
- ["javax.portlet", "PortletSecurityException", "PortletSecurityException", "(Throwable)", "summary", "df-generated"]
- ["javax.portlet", "PortletSessionUtil", "decodeScope", "(String)", "summary", "df-generated"]
- ["javax.portlet", "ReadOnlyException", "ReadOnlyException", "(Throwable)", "summary", "df-generated"]
- ["javax.portlet", "RenderRequest", "getETag", "()", "summary", "df-generated"]
- ["javax.portlet", "RenderResponse", "setNextPossiblePortletModes", "(Collection)", "summary", "df-generated"]
- ["javax.portlet", "RenderResponse", "setTitle", "(String)", "summary", "df-generated"]
- ["javax.portlet", "ResourceRequest", "getCacheability", "()", "summary", "df-generated"]
- ["javax.portlet", "ResourceRequest", "getETag", "()", "summary", "df-generated"]
- ["javax.portlet", "ResourceRequest", "getPrivateRenderParameterMap", "()", "summary", "df-generated"]
- ["javax.portlet", "ResourceRequest", "getResourceID", "()", "summary", "df-generated"]
- ["javax.portlet", "ResourceResponse", "setCharacterEncoding", "(String)", "summary", "df-generated"]
- ["javax.portlet", "ResourceResponse", "setContentLength", "(int)", "summary", "df-generated"]
- ["javax.portlet", "ResourceResponse", "setLocale", "(Locale)", "summary", "df-generated"]
- ["javax.portlet", "ResourceServingPortlet", "serveResource", "(ResourceRequest,ResourceResponse)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "getPortletMode", "()", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "getRenderParameterMap", "()", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "getWindowState", "()", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "removePublicRenderParameter", "(String)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setEvent", "(QName,Serializable)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setEvent", "(String,Serializable)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setPortletMode", "(PortletMode)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setRenderParameter", "(String,String)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setRenderParameter", "(String,String[])", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setRenderParameters", "(Map)", "summary", "df-generated"]
- ["javax.portlet", "StateAwareResponse", "setWindowState", "(WindowState)", "summary", "df-generated"]
- ["javax.portlet", "UnavailableException", "getUnavailableSeconds", "()", "summary", "df-generated"]
- ["javax.portlet", "UnavailableException", "isPermanent", "()", "summary", "df-generated"]

598
java/ql/lib/ext/generated/jenkins-json-lib.model.yml Normal file
View File

@@ -0,0 +1,598 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
# Definitions of models for the Jenkins JSON Lib framework.
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["net.sf.json.groovy", "JsonSlurper", true, "parse", "(String)", "", "Argument[0]", "request-forgery", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", true, "parse", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["net.sf.json.filters", "AndPropertyFilter", true, "AndPropertyFilter", "(PropertyFilter,PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "AndPropertyFilter", true, "AndPropertyFilter", "(PropertyFilter,PropertyFilter)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "CompositePropertyFilter", true, "CompositePropertyFilter", "(List)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "CompositePropertyFilter", true, "addPropertyFilter", "(PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "MappingPropertyFilter", true, "MappingPropertyFilter", "(Map)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "MappingPropertyFilter", true, "addPropertyFilter", "(Object,PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "MappingPropertyFilter", true, "addPropertyFilter", "(Object,PropertyFilter)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "NotPropertyFilter", true, "NotPropertyFilter", "(PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "OrPropertyFilter", true, "OrPropertyFilter", "(PropertyFilter,PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.filters", "OrPropertyFilter", true, "OrPropertyFilter", "(PropertyFilter,PropertyFilter)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonGroovyBuilder", true, "getJsonConfig", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonGroovyBuilder", true, "setJsonConfig", "(JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", true, "JsonSlurper", "(JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", true, "parse", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", true, "parse", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", true, "parseText", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.regexp", "RegexpMatcher", true, "getGroupIfMatches", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "JSONBuilder", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "array", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "endArray", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "endObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "key", "(String)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "object", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(double)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONBuilder", true, "value", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "JSONTokener", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "next", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "nextValue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "nextValue", "(JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "nextValue", "(JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONTokener", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "convertToJavaIdentifier", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "convertToJavaIdentifier", "(String,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "getFunctionBody", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "getFunctionParams", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "getProperties", "(JSONObject)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "stripQuotes", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "valueToCanonicalString", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "valueToString", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JSONUtils", false, "valueToString", "(Object,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "JavaIdentifierTransformer", true, "transformToJavaIdentifier", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "PropertySetStrategy", true, "setProperty", "(Object,String,Object)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"]
- ["net.sf.json.util", "PropertySetStrategy", true, "setProperty", "(Object,String,Object)", "", "Argument[2]", "Argument[0]", "taint", "df-generated"]
- ["net.sf.json.util", "PropertySetStrategy", true, "setProperty", "(Object,String,Object,JsonConfig)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"]
- ["net.sf.json.util", "PropertySetStrategy", true, "setProperty", "(Object,String,Object,JsonConfig)", "", "Argument[2]", "Argument[0]", "taint", "df-generated"]
- ["net.sf.json.util", "WebHijackPreventionStrategy", true, "protect", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "WebUtils", true, "protect", "(JSON)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "WebUtils", true, "protect", "(JSON,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.util", "WebUtils", true, "toString", "(JSON)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "addNamespace", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "addNamespace", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "addNamespace", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "addNamespace", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "addNamespace", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "getArrayName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "getElementName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "getExpandableProperties", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "getObjectName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "getRootName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setArrayName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setElementName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setExpandableProperties", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setNamespace", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setNamespace", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setNamespace", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setNamespace", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setNamespace", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setObjectName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", true, "setRootName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSON", true, "toString", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSON", true, "toString", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSON", true, "write", "(Writer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSON", true, "writeCanonical", "(Writer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "add", "(Object,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "add", "(int,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "addAll", "(Collection,JsonConfig)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "addAll", "(int,Collection,JsonConfig)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "discard", "(Object)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "discard", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Collection)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Collection)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Collection,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Collection,JsonConfig)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(JSONNull)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(JSONNull)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(JSONObject)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(JSONObject)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Map)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Map)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Map)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Map,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Map,JsonConfig)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(Object,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(String,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(String,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(double)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Collection)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Collection)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Collection,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Collection,JsonConfig)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Map)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Map)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Map,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Map,JsonConfig)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Object)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,String,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,String,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,double)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(int,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "element", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "fromObject", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "fromObject", "(Object,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "getJSONArray", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "getJSONObject", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "getString", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "join", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "join", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "join", "(String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "join", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "opt", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "optJSONArray", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "optJSONObject", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "optString", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "optString", "(int,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "optString", "(int,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "set", "(int,Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "set", "(int,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toCollection", "(JSONArray)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toCollection", "(JSONArray,Class)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toCollection", "(JSONArray,JsonConfig)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toCollection", "(JSONArray,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toJSONObject", "(JSONArray)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toJSONObject", "(JSONArray)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,Class)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,Class,Map)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,JsonConfig)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,Object,JsonConfig)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toList", "(JSONArray,Object,JsonConfig)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONArray", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "JSONFunction", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "JSONFunction", "(String[],String)", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "JSONFunction", "(String[],String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "getParams", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "getText", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "parse", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONFunction", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,Object,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,double)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,double)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,double)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulate", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulateAll", "(Map)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "accumulateAll", "(Map,JsonConfig)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "discard", "(String)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection,JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection,JsonConfig)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Collection,JsonConfig)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map,JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map,JsonConfig)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Map,JsonConfig)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,double)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,double)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,double)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "element", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object,JsonConfig)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object,JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "elementOpt", "(String,Object,JsonConfig)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "fromObject", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "fromObject", "(Object,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "fromObject", "(Object,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "get", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "getJSONArray", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "getJSONObject", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "getString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "names", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "names", "(JsonConfig)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "opt", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "optJSONArray", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "optJSONObject", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "optString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "optString", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "optString", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "putAll", "(Map,JsonConfig)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "remove", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Class)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Class,Map)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,JsonConfig)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Object,JsonConfig)", "", "Argument[0].Element", "Argument[1]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Object,JsonConfig)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Object,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Object,JsonConfig)", "", "Argument[2]", "Argument[1]", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toBean", "(JSONObject,Object,JsonConfig)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toJSONArray", "(JSONArray)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONObject", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJSON", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJSON", "(Object,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJSON", "(Object,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJava", "(JSON)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJava", "(JSON,JsonConfig)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JSONSerializer", true, "toJava", "(JSON,JsonConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "addIgnoreFieldAnnotation", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "addJsonEventListener", "(JsonEventListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "copy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findDefaultValueProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJavaPropertyNameProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJsonBeanProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJsonPropertyNameProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJsonValueProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJsonValueProcessor", "(Class,Class,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findJsonValueProcessor", "(Class,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "findPropertyNameProcessor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getClassMap", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getCycleDetectionStrategy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getDefaultValueProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getExcludes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getIgnoreFieldAnnotations", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJavaIdentifierTransformer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJavaPropertyFilter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJavaPropertyNameProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJsonBeanProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJsonEventListeners", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJsonPropertyFilter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJsonPropertyNameProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getJsonValueProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getMergedExcludes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getMergedExcludes", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getNewBeanInstanceStrategy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getPropertyExclusionClassMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getPropertyNameProcessorMatcher", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "getPropertySetStrategy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerDefaultValueProcessor", "(Class,DefaultValueProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJavaPropertyNameProcessor", "(Class,PropertyNameProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonBeanProcessor", "(Class,JsonBeanProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonPropertyNameProcessor", "(Class,PropertyNameProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonValueProcessor", "(Class,Class,JsonValueProcessor)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonValueProcessor", "(Class,JsonValueProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonValueProcessor", "(Class,String,JsonValueProcessor)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonValueProcessor", "(String,JsonValueProcessor)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerJsonValueProcessor", "(String,JsonValueProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "registerPropertyNameProcessor", "(Class,PropertyNameProcessor)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setClassMap", "(Map)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setCycleDetectionStrategy", "(CycleDetectionStrategy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setDefaultValueProcessorMatcher", "(DefaultValueProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setExcludes", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJavaIdentifierTransformer", "(JavaIdentifierTransformer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJavaPropertyFilter", "(PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJavaPropertyNameProcessorMatcher", "(PropertyNameProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJsonBeanProcessorMatcher", "(JsonBeanProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJsonPropertyFilter", "(PropertyFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJsonPropertyNameProcessorMatcher", "(PropertyNameProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setJsonValueProcessorMatcher", "(JsonValueProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setNewBeanInstanceStrategy", "(NewBeanInstanceStrategy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setPropertyExclusionClassMatcher", "(PropertyExclusionClassMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setPropertyNameProcessorMatcher", "(PropertyNameProcessorMatcher)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["net.sf.json", "JsonConfig", true, "setPropertySetStrategy", "(PropertySetStrategy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["net.sf.json.filters", "CompositePropertyFilter", "removePropertyFilter", "(PropertyFilter)", "summary", "df-generated"]
- ["net.sf.json.filters", "MappingPropertyFilter", "removePropertyFilter", "(Object)", "summary", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", "parse", "(File)", "summary", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", "parse", "(String)", "summary", "df-generated"]
- ["net.sf.json.groovy", "JsonSlurper", "parse", "(URL)", "summary", "df-generated"]
- ["net.sf.json.processors", "DefaultValueProcessor", "getDefaultValue", "(Class)", "summary", "df-generated"]
- ["net.sf.json.processors", "DefaultValueProcessorMatcher", "getMatch", "(Class,Set)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonBeanProcessor", "processBean", "(Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonBeanProcessorMatcher", "getMatch", "(Class,Set)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonValueProcessor", "processArrayValue", "(Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonValueProcessor", "processObjectValue", "(String,Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonValueProcessorMatcher", "getMatch", "(Class,Set)", "summary", "df-generated"]
- ["net.sf.json.processors", "JsonVerifier", "isValidJsonValue", "(Object)", "summary", "df-generated"]
- ["net.sf.json.processors", "PropertyNameProcessorMatcher", "getMatch", "(Class,Set)", "summary", "df-generated"]
- ["net.sf.json.regexp", "JdkRegexpMatcher", "JdkRegexpMatcher", "(String)", "summary", "df-generated"]
- ["net.sf.json.regexp", "JdkRegexpMatcher", "JdkRegexpMatcher", "(String,boolean)", "summary", "df-generated"]
- ["net.sf.json.regexp", "Perl5RegexpMatcher", "Perl5RegexpMatcher", "(String)", "summary", "df-generated"]
- ["net.sf.json.regexp", "Perl5RegexpMatcher", "Perl5RegexpMatcher", "(String,boolean)", "summary", "df-generated"]
- ["net.sf.json.regexp", "RegexpMatcher", "getGroupIfMatches", "(String,int)", "summary", "df-generated"]
- ["net.sf.json.regexp", "RegexpMatcher", "matches", "(String)", "summary", "df-generated"]
- ["net.sf.json.regexp", "RegexpUtils", "getMatcher", "(String)", "summary", "df-generated"]
- ["net.sf.json.regexp", "RegexpUtils", "getMatcher", "(String,boolean)", "summary", "df-generated"]
- ["net.sf.json.regexp", "RegexpUtils", "isJDK13", "()", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSON,JSON)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONArray,JSONArray)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONArray,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONFunction,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONNull,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONObject,JSONObject)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(JSONObject,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSON,JSON)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONArray)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONArray,JSONArray)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONArray,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONFunction)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONFunction,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONNull)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONNull,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONObject)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONObject,JSONObject)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,JSONObject,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,String,JSONArray)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,String,JSONFunction)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,String,JSONNull)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertEquals", "(String,String,JSONObject)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertJsonEquals", "(String,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertJsonEquals", "(String,String,String)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertNotNull", "(JSON)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertNotNull", "(String,JSON)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertNull", "(JSON)", "summary", "df-generated"]
- ["net.sf.json.test", "JSONAssert", "assertNull", "(String,JSON)", "summary", "df-generated"]
- ["net.sf.json.util", "CycleDetectionStrategy", "handleRepeatedReferenceAsArray", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "CycleDetectionStrategy", "handleRepeatedReferenceAsObject", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "EnumMorpher", "EnumMorpher", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONStringer", "toString", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "back", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "dehexchar", "(char)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "length", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "matches", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "more", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "next", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "next", "(char)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "nextClean", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "nextString", "(char)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "nextTo", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "nextTo", "(char)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "peek", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "reset", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "skipPast", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "skipTo", "(char)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONTokener", "syntaxError", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "doubleToString", "(double)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "getInnerComponentType", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "getMorpherRegistry", "()", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "getTypeClass", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "hasQuotes", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "hashCode", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isArray", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isArray", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isBoolean", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isBoolean", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isDouble", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isFunction", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isFunctionHeader", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isJavaIdentifier", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isJsonKeyword", "(String,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isNull", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isNumber", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isNumber", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isObject", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isString", "(Class)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "isString", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "mayBeJSON", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "newDynaBean", "(JSONObject)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "newDynaBean", "(JSONObject,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "numberToString", "(Number)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "quote", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "quoteCanonical", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "testValidity", "(Object)", "summary", "df-generated"]
- ["net.sf.json.util", "JSONUtils", "transformNumber", "(Number)", "summary", "df-generated"]
- ["net.sf.json.util", "JavaIdentifierTransformer", "transformToJavaIdentifier", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "NewBeanInstanceStrategy", "newInstance", "(Class,JSONObject)", "summary", "df-generated"]
- ["net.sf.json.util", "PropertyExclusionClassMatcher", "getMatch", "(Class,Set)", "summary", "df-generated"]
- ["net.sf.json.util", "PropertyFilter", "apply", "(Object,String,Object)", "summary", "df-generated"]
- ["net.sf.json.util", "PropertySetStrategy", "setProperty", "(Object,String,Object)", "summary", "df-generated"]
- ["net.sf.json.util", "WebHijackPreventionStrategy", "protect", "(String)", "summary", "df-generated"]
- ["net.sf.json.util", "WebUtils", "getWebHijackPreventionStrategy", "()", "summary", "df-generated"]
- ["net.sf.json.util", "WebUtils", "setWebHijackPreventionStrategy", "(WebHijackPreventionStrategy)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "clearNamespaces", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "clearNamespaces", "(String)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isForceTopLevelObject", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isNamespaceLenient", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isRemoveNamespacePrefixFromElements", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isSkipNamespaces", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isSkipWhitespace", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isTrimSpaces", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isTypeHintsCompatibility", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "isTypeHintsEnabled", "()", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "read", "(String)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "readFromFile", "(File)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "readFromFile", "(String)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "readFromStream", "(InputStream)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "removeNamespace", "(String)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "removeNamespace", "(String,String)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setForceTopLevelObject", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setNamespaceLenient", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setRemoveNamespacePrefixFromElements", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setSkipNamespaces", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setSkipWhitespace", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setTrimSpaces", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setTypeHintsCompatibility", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "setTypeHintsEnabled", "(boolean)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "write", "(JSON)", "summary", "df-generated"]
- ["net.sf.json.xml", "XMLSerializer", "write", "(JSON,String)", "summary", "df-generated"]
- ["net.sf.json", "JSON", "isArray", "()", "summary", "df-generated"]
- ["net.sf.json", "JSON", "isEmpty", "()", "summary", "df-generated"]
- ["net.sf.json", "JSON", "size", "()", "summary", "df-generated"]
- ["net.sf.json", "JSON", "toString", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSON", "toString", "(int,int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "contains", "(Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "containsAll", "(Collection,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getBoolean", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getCollectionType", "(PropertyDescriptor,boolean)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getDimensions", "(JSONArray)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getDouble", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getInt", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "getLong", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "isExpandElements", "()", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optBoolean", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optBoolean", "(int,boolean)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optDouble", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optDouble", "(int,double)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optInt", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optInt", "(int,int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optLong", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "optLong", "(int,long)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "removeAll", "(Collection,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "retainAll", "(Collection,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "setExpandElements", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "toArray", "(JSONArray)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "toArray", "(JSONArray,Class)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "toArray", "(JSONArray,Class,Map)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "toArray", "(JSONArray,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONArray", "toArray", "(JSONArray,Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONException", "JSONException", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONException", "JSONException", "(String,Throwable)", "summary", "df-generated"]
- ["net.sf.json", "JSONException", "JSONException", "(Throwable)", "summary", "df-generated"]
- ["net.sf.json", "JSONNull", "getInstance", "()", "summary", "df-generated"]
- ["net.sf.json", "JSONNull", "toString", "()", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "JSONObject", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "containsValue", "(Object,JsonConfig)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "getBoolean", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "getDouble", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "getInt", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "getLong", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "has", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "isNullObject", "()", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optBoolean", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optBoolean", "(String,boolean)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optDouble", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optDouble", "(String,double)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optInt", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optInt", "(String,int)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optLong", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "optLong", "(String,long)", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "toBean", "()", "summary", "df-generated"]
- ["net.sf.json", "JSONObject", "toBean", "(JSONObject)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "addIgnoreFieldAnnotation", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearJavaPropertyNameProcessors", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearJsonBeanProcessors", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearJsonEventListeners", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearJsonPropertyNameProcessors", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearJsonValueProcessors", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearPropertyExclusions", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "clearPropertyNameProcessors", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "disableEventTriggering", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "enableEventTriggering", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "getArrayMode", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "getCollectionType", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "getEnclosedType", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "getRootClass", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isAllowNonStringKeys", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isEventTriggeringEnabled", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isHandleJettisonEmptyElement", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isHandleJettisonSingleElementArray", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isIgnoreDefaultExcludes", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isIgnoreJPATransient", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isIgnorePublicFields", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isIgnoreTransientFields", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isIgnoreUnreadableProperty", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isJavascriptCompliant", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "isSkipJavaIdentifierTransformationInMapKeys", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "registerPropertyExclusion", "(Class,String)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "registerPropertyExclusions", "(Class,String[])", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "removeIgnoreFieldAnnotation", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "removeIgnoreFieldAnnotation", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "removeJsonEventListener", "(JsonEventListener)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "reset", "()", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setAllowNonStringKeys", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setArrayMode", "(int)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setCollectionType", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setEnclosedType", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setHandleJettisonEmptyElement", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setHandleJettisonSingleElementArray", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setIgnoreDefaultExcludes", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setIgnoreJPATransient", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setIgnorePublicFields", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setIgnoreTransientFields", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setIgnoreUnreadableProperty", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setJavascriptCompliant", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setRootClass", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "setSkipJavaIdentifierTransformationInMapKeys", "(boolean)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterDefaultValueProcessor", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJavaPropertyNameProcessor", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonBeanProcessor", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonPropertyNameProcessor", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonValueProcessor", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonValueProcessor", "(Class,Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonValueProcessor", "(Class,String)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterJsonValueProcessor", "(String)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterPropertyExclusion", "(Class,String)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterPropertyExclusions", "(Class)", "summary", "df-generated"]
- ["net.sf.json", "JsonConfig", "unregisterPropertyNameProcessor", "(Class)", "summary", "df-generated"]

8330
java/ql/lib/ext/generated/jenkins.model.yml Normal file
View File

File diff suppressed because it is too large Load Diff

1695
java/ql/lib/ext/generated/org.apache.commons.lang.model.yml Normal file
View File

File diff suppressed because it is too large Load Diff

679
java/ql/lib/ext/generated/stapler.model.yml Normal file
View File

@@ -0,0 +1,679 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
# Definitions of models for the Stapler framework.
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["org.kohsuke.stapler.bind", "Bound", true, "getProxyScript", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.bind", "Bound", true, "getTarget", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.bind", "Bound", true, "getURL", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable$Table", true, "getDynamic", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable", true, "bind", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.compression", "FilterServletOutputStream", true, "FilterServletOutputStream", "(OutputStream,ServletOutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.compression", "FilterServletOutputStream", true, "FilterServletOutputStream", "(OutputStream,ServletOutputStream)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ClassAttributeBehaviour", true, "simple", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ClassAttributeBehaviour", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", true, "getExportConfig", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", true, "name", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", true, "value", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "getClassAttribute", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "getExportInterceptor", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withClassAttribute", "(ClassAttributeBehaviour)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withClassAttribute", "(ClassAttributeBehaviour)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withExportInterceptor", "(ExportInterceptor)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withExportInterceptor", "(ExportInterceptor)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withFlavor", "(Flavor)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withPrettyPrint", "(boolean)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", true, "withSkipIfFail", "(boolean)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "Flavor", true, "createDataWriter", "(Object,StaplerResponse)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Flavor", true, "createDataWriter", "(Object,Writer)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Flavor", true, "createDataWriter", "(Object,Writer,ExportConfig)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Flavor", true, "createDataWriter", "(Object,Writer,ExportConfig)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Model", true, "getProperties", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Model", true, "writeTo", "(Object,DataWriter)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Model", true, "writeTo", "(Object,TreePruner,DataWriter)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Model", true, "writeTo", "(Object,int,DataWriter)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ModelBuilder", true, "get", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ModelBuilder", true, "get", "(Class,Class,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "ModelBuilder", true, "getOrNull", "(Class,Class,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", true, "NotExportableException", "(Class,Class,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", true, "NotExportableException", "(String,Class)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", true, "getJavadoc", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", true, "writeTo", "(Object,TreePruner,DataWriter)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", true, "writeTo", "(Object,int,DataWriter)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Range", true, "apply", "(Collection)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Range", true, "apply", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Range", true, "apply", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "Range", true, "apply", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "SchemaGenerator", true, "SchemaGenerator", "(Model)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner", true, "accept", "(Object,Property)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner", true, "accept", "(Object,Property)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner", true, "getRange", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "TypeUtil", true, "getBaseClass", "(Type,Class)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.export", "TypeUtil", true, "getTypeArgument", "(Type,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "Adjunct", true, "Adjunct", "(AdjunctManager,String,ClassLoader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "Adjunct", true, "Adjunct", "(AdjunctManager,String,ClassLoader)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "Adjunct", true, "getPackageUrl", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String,long)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "AdjunctManager", "(ServletContext,ClassLoader,String,long)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "doDynamic", "(StaplerRequest,StaplerResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "get", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "get", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", true, "get", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "assumeIncluded", "(Collection)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "assumeIncluded", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "generate", "(XMLOutput,String[])", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "get", "(StaplerRequest)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "getIncluded", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", true, "spool", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "NoSuchAdjunctException", true, "NoSuchAdjunctException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "NoSuchAdjunctException", true, "NoSuchAdjunctException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.errors", "ErrorObject", true, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.errors", "NoHomeDirError", true, "NoHomeDirError", "(File)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "AtomicFileWriter", true, "AtomicFileWriter", "(File)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "AtomicFileWriter", true, "getTemporaryFile", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "ByteBuffer", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "ByteBuffer", true, "writeTo", "(OutputStream)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "CharSpool", false, "writeTo", "(Writer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "IOException2", true, "IOException2", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "IOException2", true, "IOException2", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "WriterOutputStream", true, "WriterOutputStream", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "WriterOutputStream", true, "WriterOutputStream", "(Writer,Charset)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.framework", "AbstractWebAppMain", true, "getInitializer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "Interceptor", true, "setTarget", "(Function)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "JsonOutputFilter$FilterPropertyFilter", true, "FilterPropertyFilter", "(Set,Set)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "JsonOutputFilter$FilterPropertyFilter", true, "FilterPropertyFilter", "(Set,Set)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "JsonOutputFilter$FilterPropertyFilter", true, "FilterPropertyFilter", "(String[],String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "JsonOutputFilter$FilterPropertyFilter", true, "FilterPropertyFilter", "(String[],String[])", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovierJellyScript", true, "GroovierJellyScript", "(Class,URL)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassLoaderTearOff", true, "GroovyClassLoaderTearOff", "(MetaClassLoader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassLoaderTearOff", true, "parse", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassLoaderTearOff", true, "parseGSP", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassTearOff", false, "GroovyClassTearOff", "(MetaClass)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassTearOff", false, "createDispatcher", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClassTearOff", false, "createDispatcher", "(Object,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClosureScript", true, "getDelegate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyClosureScript", true, "setDelegate", "(GroovyObject)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyServerPageScript", true, "getOut", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyServerPageTearOff", true, "GroovyServerPageTearOff", "(MetaClass)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyServerPageTearOff", true, "createDispatcher", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovyServerPageTearOff", true, "createDispatcher", "(Object,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "JellyBuilder", "(JellyContext,XMLOutput)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "JellyBuilder", "(JellyContext,XMLOutput)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getBuilder", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getContext", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getOutput", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getRequest", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getResponse", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "getRootURL", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "jelly", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "namespace", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "namespace", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "namespace", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "namespace", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "namespace", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "res", "(Object,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "res", "(Object,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "setOutput", "(XMLOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "setOutput", "(XMLOutput)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", false, "with", "(XMLOutput,Closure)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "StaplerClosureScript", true, "gettext", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "StaplerClosureScript", true, "gettext", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AdjunctTag", true, "setAssumes", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AdjunctTag", true, "setIncludes", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "BindTag", true, "setValue", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "BindTag", true, "setVar", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ContentTypeTag", true, "setValue", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CopyStreamTag", true, "setInputStream", "(InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CopyStreamTag", true, "setReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CustomTagLibrary", false, "CustomTagLibrary", "(JellyContext,ClassLoader,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CustomTagLibrary", false, "CustomTagLibrary", "(JellyContext,ClassLoader,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CustomTagLibrary", false, "CustomTagLibrary", "(JellyContext,ClassLoader,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CustomTagLibrary", false, "CustomTagLibrary", "(JellyContext,ClassLoader,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "DoctypeTag", true, "setPublicId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "DoctypeTag", true, "setSystemId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "FindAncestorTag", true, "setTag", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "FindAncestorTag", true, "setVar", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "HeaderTag", true, "setName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "HeaderTag", true, "setValue", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", true, "setFrom", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", true, "setIt", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", true, "setPage", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "InternationalizedStringExpression$RawHtmlArgument", false, "RawHtmlArgument", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "InternationalizedStringExpression", true, "InternationalizedStringExpression", "(ResourceBundle,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "InternationalizedStringExpression", true, "InternationalizedStringExpression", "(ResourceBundle,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "InternationalizedStringExpression", true, "getArguments", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IsUserInRoleTag", true, "setRole", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassLoaderTearOff", true, "JellyClassLoaderTearOff", "(MetaClassLoader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassTearOff", true, "JellyClassTearOff", "(MetaClass)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassTearOff", true, "createDispatcher", "(Object,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassTearOff", true, "createDispatcher", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassTearOff", true, "createDispatcher", "(Object,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyRequestDispatcher", false, "JellyRequestDispatcher", "(Object,Script)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyRequestDispatcher", false, "JellyRequestDispatcher", "(Object,Script)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "JellyViewScript", "(Class,URL,Script)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "JellyViewScript", "(Class,URL,Script)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "JellyViewScript", "(Klass,URL,Script)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "JellyViewScript", "(Klass,URL,Script)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "JellyViewScript", "(Klass,URL,Script)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyViewScript", false, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "OutTag", true, "setValue", "(Expression)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "RedirectTag", true, "setUrl", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "ResourceBundle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "format", "(Locale,String,Object[])", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "getBaseName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "getFormatString", "(Locale,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "getFormatStringWithoutDefaulting", "(Locale,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "load", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundle", true, "load", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ResourceBundleFactory", true, "create", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "SetHeaderTag", true, "setName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "SetHeaderTag", true, "setValue", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "StructuredMessageFormatTag", true, "addArgument", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "StructuredMessageFormatTag", true, "setKey", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ThisTagLibrary", true, "ThisTagLibrary", "(Expression)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.json", "JsonHttpResponse", true, "JsonHttpResponse", "(JSONObject)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.json", "JsonHttpResponse", true, "JsonHttpResponse", "(JSONObject,int)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", false, "Klass", "(Object,KlassNavigator)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", false, "Klass", "(Object,KlassNavigator)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", false, "getArrayElement", "(Object,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", false, "getMapElement", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", true, "getArrayElement", "(Object,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", true, "getMapElement", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler.tags", "Include", true, "setIt", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.tags", "Include", true, "setPage", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler.util", "IllegalReflectiveAccessLogHandler", true, "get", "(IllegalAccessException)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AbstractTearOff", true, "resolveScript", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AcceptHeader", false, "AcceptHeader", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AcceptHeader", false, "select", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AcceptHeader", false, "select", "(String[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AcceptHeader", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getFullUrl", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getNext", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getNextToken", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getPrev", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getRestOfUrl", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", true, "getUrl", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", true, "AttributeKey", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "CachingScriptLoader", true, "findScript", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "CachingScriptLoader", true, "findScript", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "EvaluationTrace", true, "trace", "(StaplerResponse,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "buildIndexDispatchers", "(MetaClass,List)", "", "Argument[this]", "Argument[1].Element", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "buildIndexDispatchers", "(MetaClass,List)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "buildViewDispatchers", "(MetaClass,List)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "createRequestDispatcher", "(RequestImpl,Class,Object,String)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "createRequestDispatcher", "(RequestImpl,Klass,Object,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "createRequestDispatcher", "(RequestImpl,Klass,Object,String)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Facet", true, "createRequestDispatcher", "(RequestImpl,Klass,Object,String)", "", "Argument[3]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "optional", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "with", "(Map)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "with", "(Map)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "with", "(String,Object)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "with", "(String,Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", true, "with", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ForwardingFunction", true, "ForwardingFunction", "(Function)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Function$InstanceFunction", true, "InstanceFunction", "(Method)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Function", true, "contextualize", "(Object)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
- ["org.kohsuke.stapler", "Function", true, "getParameterNames", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "FunctionList", "(Collection)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "FunctionList", "(Function[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "annotated", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "name", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "prefix", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "signature", "(Class[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "signatureStartsWith", "(Class[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "union", "(FunctionList)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "union", "(FunctionList)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList", false, "webMethodsLegacy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpRedirect", false, "HttpRedirect", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpRedirect", false, "HttpRedirect", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses$HttpResponseException", true, "HttpResponseException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses$HttpResponseException", true, "HttpResponseException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses$HttpResponseException", true, "HttpResponseException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses$HttpResponseException", true, "HttpResponseException", "(Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", true, "error", "(Throwable)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", true, "error", "(int,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", true, "error", "(int,Throwable)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", true, "redirectTo", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", true, "redirectTo", "(int,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "JavaScriptMethodContext", false, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "MetaClass", true, "getPostConstructMethods", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "MetaClass", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "MetaClassLoader", true, "MetaClassLoader", "(ClassLoader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "MetaClassLoader", true, "get", "(ClassLoader)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "NoStaplerConstructorException", true, "NoStaplerConstructorException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RawHtmlArgument", true, "RawHtmlArgument", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RawHtmlArgument", true, "getValue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ReflectionUtils", true, "union", "(Annotation[],Annotation[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ReflectionUtils", true, "union", "(Annotation[],Annotation[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RequestImpl", true, "RequestImpl", "(Stapler,HttpServletRequest,List,TokenList)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RequestImpl", true, "RequestImpl", "(Stapler,HttpServletRequest,List,TokenList)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RequestImpl", true, "RequestImpl", "(Stapler,HttpServletRequest,List,TokenList)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RequestImpl", true, "getView", "(Klass,Object,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "RequestImpl", true, "getView", "(Klass,Object,String)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ResponseImpl", true, "ResponseImpl", "(Stapler,HttpServletResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ResponseImpl", true, "ResponseImpl", "(Stapler,HttpServletResponse)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ResponseImpl", true, "encode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ScriptLoadException", true, "ScriptLoadException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ScriptLoadException", true, "ScriptLoadException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "ScriptLoadException", true, "ScriptLoadException", "(Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "SingleLinkedList", true, "SingleLinkedList", "(Object,SingleLinkedList)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "SingleLinkedList", true, "SingleLinkedList", "(Object,SingleLinkedList)", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "SingleLinkedList", true, "grow", "(Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "SingleLinkedList", true, "grow", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "escape", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "getClassLoader", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "getViewURL", "(Class,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "getWebApp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "htmlSafeArgument", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", true, "htmlSafeArguments", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "bindJSON", "(Type,Class,Object)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "findAncestor", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "findAncestor", "(Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getAncestors", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getBindInterceptor", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getFileItem", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getOriginalRequestURI", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getOriginalRestOfPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getRestOfPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getStapler", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getSubmittedForm", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getView", "(Class,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getView", "(Klass,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getView", "(Object,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getView", "(Object,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "getWebApp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindInterceptor", "(BindInterceptor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindInterceptor", "(BindInterceptor)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindInterceptpr", "(BindInterceptor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindInterceptpr", "(BindInterceptor)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindListener", "(BindInterceptor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", true, "setBindListener", "(BindInterceptor)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", true, "getCompressedOutputStream", "(HttpServletRequest)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", true, "getCompressedWriter", "(HttpServletRequest)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", true, "getJsonConfig", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", true, "setJsonConfig", "(JsonConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponseWrapper", true, "StaplerResponseWrapper", "(StaplerResponse)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponseWrapper", true, "getWrapped", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaticViewFacet", true, "StaticViewFacet", "(Collection)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaticViewFacet", true, "StaticViewFacet", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "StaticViewFacet", true, "addExtension", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "assembleOriginalRestOfPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "assembleRestOfPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "get", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "next", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "peek", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "prev", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "TraversalMethodContext", false, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "WebApp", "(ServletContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "get", "(ServletContext)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getClassLoader", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getCrumbIssuer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getDispatchValidator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getDispatchersFilter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilterForDoActions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilterForFields", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilterForGetMethods", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilteredDispatchTriggerListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilteredDoActionTriggerListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilteredFieldTriggerListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getFilteredGetterTriggerListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getJsonInErrorMessageSanitizer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getMetaClass", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getMetaClass", "(Klass)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getMetaClass", "(Klass)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getMetaClass", "(Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getResponseRenderers", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "getSomeStapler", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setClassLoader", "(ClassLoader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setCrumbIssuer", "(CrumbIssuer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setDispatchValidator", "(DispatchValidator)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setDispatchersFilter", "(DispatchersFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilterForDoActions", "(Filter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilterForFields", "(Filter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilterForGetMethods", "(Filter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilteredDispatchTriggerListener", "(FilteredDispatchTriggerListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilteredDoActionTriggerListener", "(FilteredDoActionTriggerListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilteredFieldTriggerListener", "(FilteredFieldTriggerListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setFilteredGetterTriggerListener", "(FilteredGetterTriggerListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", true, "setJsonInErrorMessageSanitizer", "(JsonInErrorMessageSanitizer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WebMethodContext", false, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["org.kohsuke.stapler", "WrongTypeException", true, "WrongTypeException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["org.kohsuke.stapler.bind", "Bound", "getTarget", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "Bound", "getURL", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "Bound", "release", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable$Table", "doEnableLogging", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable", "bindWeak", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable", "getTable", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.bind", "BoundObjectTable", "releaseMe", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionFilter", "activate", "(ServletRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionFilter", "getUncaughtExceptionHandler", "(ServletContext)", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionFilter", "has", "(ServletRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionFilter", "setUncaughtExceptionHandler", "(ServletContext,UncaughtExceptionHandler)", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionServletResponse", "CompressionServletResponse", "(HttpServletResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionServletResponse", "activate", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "CompressionServletResponse", "close", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.compression", "UncaughtExceptionHandler", "reportException", "(Throwable,ServletContext,HttpServletRequest,HttpServletResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "as", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "from", "(File)", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "from", "(Map)", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "from", "(Properties)", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "fromEnvironmentVariables", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.config", "ConfigurationLoader", "fromSystemProperties", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.event", "FilteredDispatchTriggerListener", "onDispatchTrigger", "(StaplerRequest,StaplerResponse,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.event", "FilteredDoActionTriggerListener", "onDoActionTrigger", "(Function,StaplerRequest,StaplerResponse,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.event", "FilteredFieldTriggerListener", "onFieldTrigger", "(FieldRef,StaplerRequest,StaplerResponse,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.event", "FilteredGetterTriggerListener", "onGetterTrigger", "(Function,StaplerRequest,StaplerResponse,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "endArray", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "endObject", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "getExportConfig", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "name", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "startArray", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "startObject", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "type", "(Type,Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "value", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "valueNull", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "DataWriter", "valuePrimitive", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", "getFlavor", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", "isPrettyPrint", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportConfig", "isSkipIfFail", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "ExportInterceptor", "getValue", "(Property,Object,ExportConfig)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Flavor", "createDataWriter", "(Object,Writer,ExportConfig)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "NamedPathPruner", "NamedPathPruner", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", "NotExportableException", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", "NotExportableException", "(String,Throwable,Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", "NotExportableException", "(Throwable,Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "NotExportableException", "getType", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", "getGenericType", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", "getJavadoc", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", "getType", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Property", "getValue", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "Range", "Range", "(int,int)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "SchemaGenerator", "add", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "SchemaGenerator", "generateSchema", "(Result)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "SchemaGenerator", "getXmlTypeName", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner$ByDepth", "ByDepth", "(int)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner", "accept", "(Object,Property)", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "TreePruner", "getRange", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.export", "TypeUtil", "erasure", "(Type)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "Adjunct", "has", "(Kind)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "Adjunct", "write", "(StaplerRequest,XMLOutput)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", "get", "(ServletContext)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", "get", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", "isIncluded", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "AdjunctsInPage", "writeSpooled", "(XMLOutput)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.adjunct", "NoSuchAdjunctException", "NoSuchAdjunctException", "(Throwable)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.errors", "ErrorObject", "getMessage", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "AtomicFileWriter", "commit", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "ByteBuffer", "length", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "ByteBuffer", "newInputStream", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "IOException2", "IOException2", "(Throwable)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(ByteBuffer,Charset,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(ByteBuffer,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(File,Charset,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(File,Charset,boolean,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(File,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "LargeText", "(File,boolean,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "doProgressText", "(StaplerRequest,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "isComplete", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "length", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "markAsComplete", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "readAll", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "writeLogTo", "(long,OutputStream)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LargeText", "writeLogTo", "(long,Writer)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework.io", "LineEndNormalizingWriter", "LineEndNormalizingWriter", "(Writer)", "summary", "df-generated"]
- ["org.kohsuke.stapler.framework", "AbstractWebAppMain", "getApplication", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.interceptor", "Interceptor", "invoke", "(StaplerRequest,StaplerResponse,Object,Object[])", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "GroovierJellyScript", "run", "(JellyBuilder)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "adjunct", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "getMy", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "getServletContext", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "img", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "include", "(Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "include", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "methodMissing", "(String,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "namespace", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "raw", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "redirectToDom", "(Closure)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "set", "(String,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "taglib", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "JellyBuilder", "text", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "Namespace", "createInvoker", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "Namespace", "endPrefixMapping", "(XMLOutput)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly.groovy", "Namespace", "startPrefixMapping", "(XMLOutput)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeConstraintsTag", "setExpr", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeTag", "setDeprecated", "(boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeTag", "setName", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeTag", "setSince", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeTag", "setType", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "AttributeTag", "setUse", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CopyStreamTag", "setFile", "(File)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "CopyStreamTag", "setUrl", "(URL)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "HTMLWriterOutput", "create", "(OutputStream)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "HTMLWriterOutput", "create", "(Writer,boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "HTMLWriterOutput", "useHTML", "(boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", "setClass", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", "setClazz", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "IncludeTag", "setOptional", "(boolean)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "InternationalizedStringExpression", "makeEscapingExpression", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassLoaderTearOff", "createContext", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassLoaderTearOff", "getTagLibrary", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyClassTearOff", "serveIndexJelly", "(StaplerRequest,StaplerResponse,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyCompatibleFacet", "getClassTearOffTypes", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyCompatibleFacet", "getScriptExtensions", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyFacet", "setExpressionFactory", "(ServletContextEvent,ExpressionFactory)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyTagFileLoader", "discover", "(ClassLoader)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "JellyTagFileLoader", "load", "(CustomTagLibrary,String,ClassLoader)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ReallyStaticTagLibrary", "createTagScript", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ScriptInvoker", "invokeScript", "(StaplerRequest,StaplerResponse,Script,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "ScriptInvoker", "invokeScript", "(StaplerRequest,StaplerResponse,Script,Object,XMLOutput)", "summary", "df-generated"]
- ["org.kohsuke.stapler.jelly", "StatusCodeTag", "setValue", "(int)", "summary", "df-generated"]
- ["org.kohsuke.stapler.json", "JsonHttpResponse", "JsonHttpResponse", "(Throwable,int)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang.util", "FieldRefFilter", "wrap", "(Field)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang.util", "MethodRefFilter", "wrap", "(Method)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "AnnotatedRef", "getAnnotation", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "AnnotatedRef", "hasAnnotation", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef$Filter", "keep", "(FieldRef)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "get", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "getName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "getQualifiedName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "getReturnType", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "getSignature", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "isRoutable", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "isStatic", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "FieldRef", "wrap", "(Field)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getAncestors", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getDeclaredFields", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getDeclaredMethods", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getFields", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getFunctions", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getResource", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "getSuperClass", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "isArray", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "isMap", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "java", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "toJavaClass", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "Klass", "toString", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getAncestors", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getDeclaredFields", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getDeclaredMethods", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getFunctions", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getResource", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "getSuperClass", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "isArray", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "isMap", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "KlassNavigator", "toJavaClass", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "MethodRef", "getName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "MethodRef", "invoke", "(Object,Object[])", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "MethodRef", "isRoutable", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler.lang", "MethodRef", "wrap", "(Method)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Ancestor", "getRelativePath", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AnnotationHandler", "parse", "(StaplerRequest,Annotation,Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "appScoped", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "get", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "get", "(HttpServletRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "remove", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "remove", "(HttpServletRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "requestScoped", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "sessionScoped", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "set", "(HttpServletRequest,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "AttributeKey", "set", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "BindInterceptor", "instantiate", "(Class,JSONObject)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "BindInterceptor", "onConvert", "(Type,Class,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "CachingScriptLoader", "clearScripts", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ClassDescriptor", "ClassDescriptor", "(Class,Class[])", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ClassDescriptor", "loadConstructorParamNames", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ClassDescriptor", "loadParameterNames", "(Constructor)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ClassDescriptor", "loadParameterNames", "(Method)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "CrumbIssuer", "doCrumb", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "CrumbIssuer", "issueCrumb", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "CrumbIssuer", "issueCrumb", "(StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "CrumbIssuer", "validateCrumb", "(StaplerRequest,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "DispatchValidator", "allowDispatch", "(StaplerRequest,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "DispatchValidator", "isDispatchAllowed", "(StaplerRequest,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "DispatchValidator", "isDispatchAllowed", "(StaplerRequest,StaplerResponse,String,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "DispatchValidator", "requireDispatchAllowed", "(StaplerRequest,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "anonymizedTraceEval", "(StaplerRequest,StaplerResponse,Object,String,String[])", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "dispatch", "(RequestImpl,ResponseImpl,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "isTraceEnabled", "(StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "toString", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "trace", "(StaplerRequest,StaplerResponse,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "trace", "(StaplerRequest,StaplerResponse,String,Object[])", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "traceEval", "(StaplerRequest,StaplerResponse,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "traceEval", "(StaplerRequest,StaplerResponse,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "traceEval", "(StaplerRequest,StaplerResponse,Object,String,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Dispatcher", "traceable", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "EvaluationTrace$ApplicationTracer", "trace", "(StaplerRequest,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "EvaluationTrace", "get", "(StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "EvaluationTrace", "printHtml", "(PrintWriter)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "buildFallbackDispatchers", "(MetaClass,List)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "buildIndexDispatchers", "(MetaClass,List)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "buildViewDispatchers", "(MetaClass,List)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "createRequestDispatcher", "(RequestImpl,Klass,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "discover", "(ClassLoader)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "discoverExtensions", "(Class,ClassLoader[])", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "getKlass", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Facet", "handleIndexRequest", "(RequestImpl,ResponseImpl,Object,MetaClass)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", "ForwardToView", "(Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", "ForwardToView", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ForwardToView", "ForwardToView", "(RequestDispatcher)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getAnnotation", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getAnnotations", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getCheckedExceptionTypes", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getDeclaringClass", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getDisplayName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getGenericParameterTypes", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getParameterAnnotations", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getParameterNames", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getParameterTypes", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getQualifiedName", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getReturnType", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "getSignature", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "invoke", "(StaplerRequest,StaplerResponse,Object,Object[])", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "isStatic", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Function", "returnNull", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "FunctionList$Filter", "keep", "(Function)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpRedirect", "fromContextPath", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponse", "generateResponse", "(StaplerRequest,StaplerResponse,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponseRenderer", "generateResponse", "(StaplerRequest,StaplerResponse,Object,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "errorWithoutStack", "(int,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "forbidden", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "forwardToPreviousPage", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "forwardToView", "(Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "forwardToView", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "html", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "literalHtml", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "notFound", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "ok", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "plainText", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "redirectToContextRoot", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "redirectToDot", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "redirectViaContextPath", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "redirectViaContextPath", "(int,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "staticResource", "(URL)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "staticResource", "(URL,long)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "status", "(int)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "HttpResponses", "text", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "LocaleDrivenResourceProvider", "lookup", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "MethodHandleFactory", "get", "(Method)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "NoStaplerConstructorException", "NoStaplerConstructorException", "(String,Throwable)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "NoStaplerConstructorException", "NoStaplerConstructorException", "(Throwable)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "RawHtmlArgument", "toString", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "ReflectionUtils", "getVmDefaultValueFor", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "SingleLinkedList", "empty", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "buildResourcePaths", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "forward", "(RequestDispatcher,StaplerRequest,HttpServletResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "getClassLoader", "(ServletContext)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "getCurrent", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "getCurrentRequest", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "getCurrentResponse", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "invoke", "(HttpServletRequest,HttpServletResponse,Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "isSocketException", "(Throwable)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "lookupConverter", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "setClassLoader", "(ServletContext,ClassLoader)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "Stapler", "setRoot", "(ServletContextEvent,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerFallback", "getStaplerFallback", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindJSON", "(Class,JSONObject)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindJSON", "(Object,JSONObject)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindJSONToList", "(Class,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindParameters", "(Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindParameters", "(Class,String,int)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindParameters", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindParameters", "(Object,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "bindParametersToList", "(Class,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "checkIfModified", "(Calendar,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "checkIfModified", "(Date,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "checkIfModified", "(long,StaplerResponse)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "checkIfModified", "(long,StaplerResponse,long)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "createJavaScriptProxy", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "findAncestorObject", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "getBoundObjectTable", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "getReferer", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "getRequestURIWithQueryString", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "getRequestURLWithQueryString", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "getRootPath", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "hasParameter", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerRequest", "isJavaScriptProxyCall", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "forward", "(Object,String,StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "forwardToPreviousPage", "(StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "reverseProxyTo", "(URL,StaplerRequest)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "sendRedirect2", "(String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "sendRedirect", "(int,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveExposedBean", "(StaplerRequest,Object,ExportConfig)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveExposedBean", "(StaplerRequest,Object,Flavor)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,InputStream,long,int,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,InputStream,long,long,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,InputStream,long,long,int,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,InputStream,long,long,long,String)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,URL)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveFile", "(StaplerRequest,URL,long)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveLocalizedFile", "(StaplerRequest,URL)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "StaplerResponse", "serveLocalizedFile", "(StaplerRequest,URL,long)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TearOffSupport", "getTearOff", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TearOffSupport", "loadTearOff", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TearOffSupport", "setTearOff", "(Class,Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", "countRemainingTokens", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", "hasMore", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", "length", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", "nextAsInt", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "TokenList", "nextAsLong", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "clearMetaClassCache", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "clearScripts", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "getApp", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "getCurrent", "()", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "getFacet", "(Class)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "getKlass", "(Object)", "summary", "df-generated"]
- ["org.kohsuke.stapler", "WebApp", "setApp", "(Object)", "summary", "df-generated"]

6
java/ql/lib/ext/hudson.model.model.yml
View File

@@ -16,3 +16,9 @@ extensions:
data:
- ["hudson.model", "Node", True, "createPath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson.model", "DirectoryBrowserSupport$Path", False, "Path", "(String,String,boolean,long,boolean,long)", "", "Argument[0]", "Argument[this].SyntheticField[hudson.model.DirectoryBrowserSupport$Path.href]", "taint", "ai-manual"]
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["hudson.model", "Descriptor", True, "configure", "", "", "Parameter", "remote", "manual"]
- ["hudson.model", "Descriptor", True, "newInstance", "", "", "Parameter", "remote", "manual"]

78
java/ql/lib/ext/hudson.model.yml
View File

@@ -3,24 +3,68 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["hudson", "FilePath", False, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", False, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", False, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String,TarCompression)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "file-content-store", "ai-manual"]
- ["hudson", "FilePath", False, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyFrom", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "", "", "Argument[this]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String,TarCompression)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "file-content-store", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyTo", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyToWithPermission", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyToWithPermission", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["hudson", "FilePath", True, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "openInputStream", "(File,OpenOption[])", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "read", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "read", "(FilePath,OpenOption[])", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "readFromOffset", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "readToString", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "renameTo", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "renameTo", "", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "write", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "write", "(String,String)", "", "Argument[0]", "file-content-store", "manual"]
- ["hudson", "Launcher$ProcStarter", False, "cmds", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher$ProcStarter", False, "cmdAsSingleString", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher", True, "launch", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher", True, "launchChannel", "", "", "Argument[0]", "command-injection", "manual"]
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["hudson", "Plugin", True, "configure", "", "", "Parameter", "remote", "manual"]
- ["hudson", "Plugin", True, "newInstance", "", "", "Parameter", "remote", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["hudson", "FilePath", False, "child", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", False, "list", "(String,String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", False, "list", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", False, "list", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", False, "normalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", False, "sibling", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "FilePath", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "FilePath", "(FilePath,String)", "", "Argument[0..1]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "FilePath", "(VirtualChannel,String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "child", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String,String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "normalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "sibling", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "Util", True, "nullify", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixNull", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixEmpty", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixEmptyAndTrim", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "getFileName", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "join", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "encodeRFC2396", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "wrapToErrorSpan", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fileToPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "xmlEscape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "escape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "singleQuote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "rawEncode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fromHexString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "toHexString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "tokenize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

22
java/ql/lib/ext/hudson.util.model.yml
View File

@@ -7,6 +7,10 @@ extensions:
- ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset,boolean,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson.util", "ClasspathBuilder", True, "add", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson.util", "FormValidation", True, "errorWithMarkup", "", "", "Argument[0]", "html-injection", "manual"]
- ["hudson.util", "FormValidation", True, "okWithMarkup", "", "", "Argument[0]", "html-injection", "manual"]
- ["hudson.util", "FormValidation", True, "respond", "", "", "Argument[1]", "html-injection", "manual"]
- ["hudson.util", "FormValidation", True, "warningWithMarkup", "", "", "Argument[0]", "html-injection", "manual"]
- ["hudson.util", "IOUtils", True, "mkdirs", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson.util", "StreamTaskListener", True, "StreamTaskListener", "(File,boolean,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson.util", "TextFile", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"]
@@ -15,10 +19,28 @@ extensions:
- ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "path-injection", "manual"]
- ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "path-injection", "manual"]
- ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "path-injection", "manual"]
- ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[this]", "path-injection", "manual"]
- ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[0]", "file-content-store", "manual"]
- ["hudson.util", "HttpResponses", True, "staticResource", "(File)", "", "Argument[0]", "path-injection", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["hudson.util", "ArgumentListBuilder", True, "ArgumentListBuilder", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "add", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "clone", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "prepend", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "toCommandArray", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "toList", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "toWindowsCommand", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
# ArgumentListBuilder fluent methods
- ["hudson.util", "ArgumentListBuilder", True, "add", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addKeyValuePair", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addKeyValuePairs", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addKeyValuePairsFromPropertyString", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addMasked", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addQuoted", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "addTokenized", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "ArgumentListBuilder", True, "prepend", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
- ["hudson.util", "QuotedStringTokenizer", True, "tokenize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson.util", "TextFile", True, "TextFile", "(File)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]

32
java/ql/lib/ext/java.lang.model.yml
View File

@@ -8,30 +8,30 @@ extensions:
- ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "command", "(List)", "", "Argument[0]", "command-injection", "manual"]
- ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[],String[],File)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[],String[],File)", "", "Argument[2]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String,String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[2]", "command-injection", "ai-manual"]
# These are potential vulnerabilities, but not for command-injection. No query for this kind of vulnerability currently exists.
# - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
# These are modeled in plain CodeQL. TODO: migrate them.
# - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String,String[])", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[2]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String[],String[],File)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String[],String[],File)", "", "Argument[2]", "command-injection", "ai-manual"]
# - ["java.lang", "Runtime", True, "exec", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "String", False, "matches", "(String)", "", "Argument[0]", "regex-use[f-1]", "manual"]
- ["java.lang", "String", False, "replaceAll", "(String,String)", "", "Argument[0]", "regex-use[-1]", "manual"]
- ["java.lang", "String", False, "replaceFirst", "(String,String)", "", "Argument[0]", "regex-use[-1]", "manual"]
- ["java.lang", "String", False, "split", "(String)", "", "Argument[0]", "regex-use[-1]", "manual"]
- ["java.lang", "String", False, "split", "(String,int)", "", "Argument[0]", "regex-use[-1]", "manual"]
# These are modeled in plain CodeQL. TODO: migrate them.
# - ["java.lang", "System", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # This is actually injecting a library.
# - ["java.lang", "System", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # This is actually injecting a library.
# These are potential vulnerabilities, but not for command-injection. No query for this kind of vulnerability currently exists.
# - ["java.lang", "System", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
# - ["java.lang", "System", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "System$Logger", True, "log", "(Level,Object)", "", "Argument[1]", "log-injection", "manual"]
- ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Object[])", "", "Argument[2..3]", "log-injection", "manual"]
- ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Throwable)", "", "Argument[2]", "log-injection", "manual"]

3
java/ql/lib/ext/java.net.model.yml
View File

@@ -45,7 +45,8 @@ extensions:
- ["java.net", "URI", False, "toURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
- ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] # @atorralba: review for consistency
- ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"]
- ["java.net", "URL", False, "toExternalForm", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.net", "URL", False, "toURI", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.net", "URL", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.net", "URLDecoder", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

6
java/ql/lib/ext/java.sql.model.yml
View File

@@ -21,7 +21,6 @@ extensions:
extensible: summaryModel
data:
- ["java.sql", "Connection", True, "nativeSQL", "(String)", "", "Argument[0]", "ReturnValue", "taint", "hq-manual"]
- ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[this]", "value", "manual"]
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- addsTo:
@@ -31,13 +30,14 @@ extensions:
- ["java.sql", "Connection", "createStatement", "()", "summary", "manual"]
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "summary", "manual"]
- ["java.sql", "PreparedStatement", "executeQuery", "()", "summary", "manual"]
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "summary", "manual"]
- ["java.sql", "PreparedStatement", "setLong", "(int,long)", "summary", "manual"]
- ["java.sql", "PreparedStatement", "setString", "(int,String)", "summary", "manual"]
- ["java.sql", "ResultSet", "next", "()", "summary", "manual"]
- ["java.sql", "Statement", "close", "()", "summary", "manual"]
# The below APIs have numeric flow and are currently being stored as neutral models.
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "summary", "manual"] # value-numeric
- ["java.sql", "PreparedStatement", "setLong", "(int,long)", "summary", "manual"] # value-numeric
- ["java.sql", "ResultSet", "getInt", "(int)", "summary", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getInt", "(String)", "summary", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getLong", "(String)", "summary", "manual"] # taint-numeric

11
java/ql/lib/ext/org.apache.commons.exec.model.yml Normal file
View File

@@ -0,0 +1,11 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.apache.commons.exec", "CommandLine", True, "parse", "(String)", "", "Argument[0]", "command-injection", "manual"]
- ["org.apache.commons.exec", "CommandLine", True, "parse", "(String,Map)", "", "Argument[0]", "command-injection", "manual"]
- ["org.apache.commons.exec", "CommandLine", True, "addArguments", "(String)", "", "Argument[0]", "command-injection", "manual"]
- ["org.apache.commons.exec", "CommandLine", True, "addArguments", "(String,boolean)", "", "Argument[0]", "command-injection", "manual"]
- ["org.apache.commons.exec", "CommandLine", True, "addArguments", "(String[])", "", "Argument[0]", "command-injection", "manual"]
- ["org.apache.commons.exec", "CommandLine", True, "addArguments", "(String[],boolean)", "", "Argument[0]", "command-injection", "manual"]

6
java/ql/lib/ext/org.kohsuke.stapler.bind.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["org.kohsuke.stapler.bind", "JavaScriptMethod", True, "", "", "Annotated", "Parameter", "remote", "manual"]

7
java/ql/lib/ext/org.kohsuke.stapler.json.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["org.kohsuke.stapler.json", "SubmittedForm", True, "", "", "Annotated", "Parameter", "remote", "manual"]
- ["org.kohsuke.stapler.json", "JsonBody", True, "", "", "Annotated", "Parameter", "remote", "manual"]

42
java/ql/lib/ext/org.kohsuke.stapler.model.yml
View File

@@ -4,4 +4,46 @@ extensions:
extensible: sinkModel
data:
- ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"]
- ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(int,String)", "", "Argument[1]", "url-redirection", "manual"]
- ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL,long)", "", "Argument[0]", "request-forgery", "manual"]
- ["org.kohsuke.stapler", "HttpResponses", True, "html", "(String)", "", "Argument[0]", "html-injection", "manual"]
- ["org.kohsuke.stapler", "HttpResponses", True, "literalHtml", "(String)", "", "Argument[0]", "html-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "forward", "(Object,String,StaplerRequest)", "", "Argument[1]", "request-forgery", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "sendRedirect2", "(String)", "", "Argument[0]", "url-redirection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "sendRedirect", "(int,String)", "", "Argument[1]", "url-redirection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "sendRedirect", "(String)", "", "Argument[0]", "url-redirection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,URL)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,URL,long)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveLocalizedFile", "(StaplerRequest,URL)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveLocalizedFile", "(StaplerRequest,URL,long)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,InputStream,long,long,long,String)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,InputStream,long,long,int,String)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,InputStream,long,long,String)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "serveFile", "(StaplerRequest,InputStream,long,int,String)", "", "Argument[1]", "path-injection", "manual"]
- ["org.kohsuke.stapler", "StaplerResponse", True, "reverseProxyTo", "(URL,StaplerRequest)", "", "Argument[0]", "request-forgery", "manual"]
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["org.kohsuke.stapler", "StaplerRequest", True, "getRequestURIWithQueryString", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getRequestURLWithQueryString", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getReferer", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getOriginalRequestURI", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getSubmittedForm", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getFileItem", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindParametersToList", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindParameters", "", "", "Argument[0]", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindParameters", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindJSON", "", "", "Argument[0]", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindJSON", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "bindJSONToList", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getParameter", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getParameterMap", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getParameterNames", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getParameterValues", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "StaplerRequest", True, "getRestOfPath", "", "", "ReturnValue", "remote", "manual"]
- ["org.kohsuke.stapler", "QueryParameter", True, "", "", "Annotated", "Parameter", "remote", "manual"]
- ["org.kohsuke.stapler", "Header", True, "", "", "Annotated", "Parameter", "remote", "manual"]
- ["org.kohsuke.stapler", "DataBoundConstructor", True, "", "", "Annotated", "Parameter", "remote", "manual"]
- ["org.kohsuke.stapler", "DataBoundSetter", True, "", "", "Annotated", "Parameter", "remote", "manual"]

1
java/ql/lib/qlpack.yml
View File

@@ -6,6 +6,7 @@ extractor: java
library: true
upgrades: upgrades
dependencies:
codeql/mad: ${workspace}
codeql/regex: ${workspace}
codeql/tutorial: ${workspace}
codeql/typetracking: ${workspace}

2
java/ql/lib/semmle/code/java/Constants.qll
View File

@@ -17,7 +17,6 @@ signature int getIntValSig(Expr e);
*/
module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal> {
/** Gets the value of a constant boolean expression. */
pragma[assume_small_delta]
boolean calculateBooleanValue(Expr e) {
// No casts relevant to booleans.
// `!` is the only unary operator that evaluates to a boolean.
@@ -99,7 +98,6 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
}
/** Gets the value of a constant integer expression. */
pragma[assume_small_delta]
int calculateIntValue(Expr e) {
exists(IntegralType t | e.getType() = t | t.getName().toLowerCase() != "long") and
(

4
java/ql/lib/semmle/code/java/ControlFlowGraph.qll
View File

@@ -365,7 +365,6 @@ private module ControlFlowGraphImpl {
/**
* Gets a non-overridable method that always throws an exception or calls `exit`.
*/
pragma[assume_small_delta]
private Method nonReturningMethod() {
result instanceof MethodExit
or
@@ -382,7 +381,6 @@ private module ControlFlowGraphImpl {
/**
* Gets a virtual method that always throws an exception or calls `exit`.
*/
pragma[assume_small_delta]
private EffectivelyNonVirtualMethod likelyNonReturningMethod() {
result.getReturnType() instanceof VoidType and
not exists(ReturnStmt ret | ret.getEnclosingCallable() = result) and
@@ -402,7 +400,6 @@ private module ControlFlowGraphImpl {
/**
* Gets a statement that always throws an exception or calls `exit`.
*/
pragma[assume_small_delta]
private Stmt nonReturningStmt() {
result instanceof ThrowStmt
or
@@ -424,7 +421,6 @@ private module ControlFlowGraphImpl {
/**
* Gets an expression that always throws an exception or calls `exit`.
*/
pragma[assume_small_delta]
private Expr nonReturningExpr() {
result = nonReturningMethodAccess()
or

4
java/ql/lib/semmle/code/java/Expr.qll
View File

@@ -131,7 +131,6 @@ private predicate primitiveOrString(Type t) {
* See JLS v8, section 15.28 (Constant Expressions).
*/
class CompileTimeConstantExpr extends Expr {
pragma[assume_small_delta]
CompileTimeConstantExpr() {
primitiveOrString(this.getType()) and
(
@@ -181,7 +180,6 @@ class CompileTimeConstantExpr extends Expr {
/**
* Gets the string value of this expression, where possible.
*/
pragma[assume_small_delta]
pragma[nomagic]
string getStringValue() {
result = this.(StringLiteral).getValue()
@@ -207,7 +205,6 @@ class CompileTimeConstantExpr extends Expr {
/**
* Gets the boolean value of this expression, where possible.
*/
pragma[assume_small_delta]
pragma[nomagic]
boolean getBooleanValue() {
// Literal value.
@@ -1910,7 +1907,6 @@ class TypeAccess extends Expr, Annotatable, @typeaccess {
override CompilationUnit getCompilationUnit() { result = Expr.super.getCompilationUnit() }
/** Gets a printable representation of this expression. */
pragma[assume_small_delta]
override string toString() {
result = this.getQualifier().toString() + "." + this.getType().toString()
or

12
java/ql/lib/semmle/code/java/JDK.qll
View File

@@ -199,18 +199,18 @@ class TypeFile extends Class {
// --- Standard methods ---
/**
* Any constructor of class `java.lang.ProcessBuilder`.
* DEPRECATED: Any constructor of class `java.lang.ProcessBuilder`.
*/
class ProcessBuilderConstructor extends Constructor, ExecCallable {
deprecated class ProcessBuilderConstructor extends Constructor, ExecCallable {
ProcessBuilderConstructor() { this.getDeclaringType() instanceof TypeProcessBuilder }
override int getAnExecutedArgument() { result = 0 }
}
/**
* Any of the methods named `command` on class `java.lang.ProcessBuilder`.
* DEPRECATED: Any of the methods named `command` on class `java.lang.ProcessBuilder`.
*/
class MethodProcessBuilderCommand extends Method, ExecCallable {
deprecated class MethodProcessBuilderCommand extends Method, ExecCallable {
MethodProcessBuilderCommand() {
this.hasName("command") and
this.getDeclaringType() instanceof TypeProcessBuilder
@@ -220,9 +220,9 @@ class MethodProcessBuilderCommand extends Method, ExecCallable {
}
/**
* Any method named `exec` on class `java.lang.Runtime`.
* DEPRECATED: Any method named `exec` on class `java.lang.Runtime`.
*/
class MethodRuntimeExec extends Method, ExecCallable {
deprecated class MethodRuntimeExec extends Method, ExecCallable {
MethodRuntimeExec() {
this.hasName("exec") and
this.getDeclaringType() instanceof TypeRuntime

1
java/ql/lib/semmle/code/java/Member.qll
View File

@@ -736,7 +736,6 @@ class FieldDeclaration extends ExprParent, @fielddecl, Annotatable {
/** Gets the number of fields declared in this declaration. */
int getNumField() { result = max(int idx | fieldDeclaredIn(_, this, idx) | idx) + 1 }
pragma[assume_small_delta]
override string toString() {
if this.getNumField() = 1
then result = this.getTypeAccess() + " " + this.getField(0) + ";"

1
java/ql/lib/semmle/code/java/Type.qll
View File

@@ -309,7 +309,6 @@ private predicate hasSubtypeStar1(RefType t, RefType sub) {
/**
* Holds if `hasSubtype*(t, sub)`, but manual-magic'ed with `getAWildcardLowerBound(sub)`.
*/
pragma[assume_small_delta]
pragma[nomagic]
private predicate hasSubtypeStar2(RefType t, RefType sub) {
sub = t and getAWildcardLowerBound(sub)

86
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -87,6 +87,7 @@ private import internal.FlowSummaryImplSpecific as FlowSummaryImplSpecific
private import internal.AccessPathSyntax
private import ExternalFlowExtensions as Extensions
private import FlowSummary
private import codeql.mad.ModelValidation as SharedModelVal
/**
* A class for activating additional model rows.
@@ -265,86 +266,17 @@ module ModelValidation {
)
}
private class OutdatedSinkKind extends string {
OutdatedSinkKind() {
this =
[
"sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt",
"ldap", "pending-intent-sent", "intent-start", "set-hostname-verifier",
"header-splitting", "xss", "write-file", "create-file", "read-file", "open-url",
"jdbc-url"
]
}
private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) }
private string replacementKind() {
this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap"] and
result = this + "-injection"
or
this = "url-redirect" and result = "url-redirection"
or
this = "ssti" and result = "template-injection"
or
this = "logging" and result = "log-injection"
or
this = "pending-intent-sent" and result = "pending-intents"
or
this = "intent-start" and result = "intent-redirection"
or
this = "set-hostname-verifier" and result = "hostname-verification"
or
this = "header-splitting" and result = "response-splitting"
or
this = "xss" and result = "html-injection\" or \"js-injection"
or
this = "write-file" and result = "file-content-store"
or
this = ["create-file", "read-file"] and result = "path-injection"
or
this = ["open-url", "jdbc-url"] and result = "request-forgery"
}
predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) }
string outdatedMessage() {
result =
"The kind \"" + this + "\" is outdated. Use \"" + this.replacementKind() + "\" instead."
}
predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) }
predicate neutralKind(string kind) { neutralModel(_, _, _, _, kind, _) }
}
private string getInvalidModelKind() {
exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) |
not kind = ["taint", "value"] and
result = "Invalid kind \"" + kind + "\" in summary model."
)
or
exists(string kind, string msg | sinkModel(_, _, _, _, _, _, _, kind, _) |
not kind =
[
"request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection",
"mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection",
"ognl-injection", "intent-redirection", "pending-intents", "url-redirection",
"path-injection", "file-content-store", "hostname-verification", "response-splitting",
"information-leak", "xslt-injection", "jexl-injection", "bean-validation",
"template-injection", "fragment-injection", "command-injection"
] and
not kind.matches("regex-use%") and
not kind.matches("qltest%") and
msg = "Invalid kind \"" + kind + "\" in sink model." and
// The part of this message that refers to outdated sink kinds can be deleted after June 1st, 2024.
if kind instanceof OutdatedSinkKind
then result = msg + " " + kind.(OutdatedSinkKind).outdatedMessage()
else result = msg
)
or
exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
not kind = ["remote", "contentprovider", "android-external-storage-dir"] and
not kind.matches("qltest%") and
result = "Invalid kind \"" + kind + "\" in source model."
)
or
exists(string kind | neutralModel(_, _, _, _, kind, _) |
not kind = ["summary", "source", "sink"] and
result = "Invalid kind \"" + kind + "\" in neutral model."
)
}
private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
private string getInvalidModelSignature() {
exists(
@@ -387,7 +319,7 @@ module ModelValidation {
msg =
[
getInvalidModelSignature(), getInvalidModelInput(), getInvalidModelOutput(),
getInvalidModelKind()
KindVal::getInvalidModelKind()
]
}
}

8
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -36,6 +36,14 @@ abstract class RemoteFlowSource extends DataFlow::Node {
abstract string getSourceType();
}
/**
* A module for importing frameworks that define flow sources.
*/
private module FlowSources {
private import semmle.code.java.frameworks.hudson.Hudson
private import semmle.code.java.frameworks.stapler.Stapler
}
private class ExternalRemoteFlowSource extends RemoteFlowSource {
ExternalRemoteFlowSource() { sourceNode(this, "remote") }

1
java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
View File

@@ -23,6 +23,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.Properties
private import semmle.code.java.frameworks.Protobuf
private import semmle.code.java.frameworks.ratpack.RatpackExec
private import semmle.code.java.frameworks.stapler.Stapler
private import semmle.code.java.JDK
}

5
java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
View File

@@ -149,8 +149,9 @@ class SummarizedCallableBase extends TSummarizedCallableBase {
or
result = this.asSyntheticCallable().getParameterType(pos)
or
exists(SyntheticCallable sc | sc = this.asSyntheticCallable() |
Impl::Private::summaryParameterNodeRange(this, pos) and
exists(SyntheticCallable sc, Impl::Private::SummaryNode p | sc = this.asSyntheticCallable() |
Impl::Private::summaryParameterNode(p, pos) and
this = p.getSummarizedCallable() and
not exists(sc.getParameterType(pos)) and
result instanceof TypeObject
)

2
java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
View File

@@ -42,7 +42,6 @@ EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqual
}
/** Gets an expression that is provably not `null`. */
pragma[assume_small_delta]
Expr clearlyNotNullExpr(Expr reason) {
result instanceof ClassInstanceExpr and reason = result
or
@@ -237,7 +236,6 @@ Expr directNullGuard(SsaVariable v, boolean branch, boolean isnull) {
* If `result` evaluates to `branch`, then `v` is guaranteed to be null if `isnull`
* is true, and non-null if `isnull` is false.
*/
pragma[assume_small_delta]
Guard nullGuard(SsaVariable v, boolean branch, boolean isnull) {
result = directNullGuard(v, branch, isnull) or
exists(boolean branch0 | implies_v3(result, branch, nullGuard(v, branch0, isnull), branch0))

3
java/ql/lib/semmle/code/java/dataflow/SSA.qll
View File

@@ -61,7 +61,6 @@ class SsaSourceVariable extends TSsaSourceVariable {
* accessed from nested callables are therefore associated with several
* `SsaSourceVariable`s.
*/
pragma[assume_small_delta]
cached
VarAccess getAnAccess() {
exists(LocalScopeVariable v, Callable c |
@@ -451,7 +450,6 @@ private module SsaImpl {
* Holds if `f` is live in `b` at index `i`. The rank of `i` is `rankix` as
* defined by `callDefUseRank`.
*/
pragma[assume_small_delta]
private predicate liveAtRank(TrackedField f, BasicBlock b, int rankix, int i) {
callDefUseRank(f, b, rankix, i) and
(
@@ -565,7 +563,6 @@ private module SsaImpl {
}
/** Holds if a phi node for `v` is needed at the beginning of basic block `b`. */
pragma[assume_small_delta]
cached
predicate phiNode(TrackedVar v, BasicBlock b) {
liveAtEntry(v, b) and

1
java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
View File

@@ -241,7 +241,6 @@ private module ForAll<NodeSig Node, RankedEdge<Node> E, TypePropagation T> {
* Holds if `t` is a candidate bound for `n` that is also valid for data coming
* through the edges into `n` ranked from `1` to `r`.
*/
pragma[assume_small_delta]
private predicate flowJoin(int r, Node n, T::Typ t) {
(
r = 1 and candJoinType(n, t)

1
java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -151,7 +151,6 @@ private module SsaImpl {
}
/** Holds if a phi node for `v` is needed at the beginning of basic block `b`. */
pragma[assume_small_delta]
cached
predicate phiNode(BaseSsaSourceVariable v, BasicBlock b) {
liveAtEntry(v, b) and

165
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
View File

@@ -460,7 +460,6 @@ module Impl<FullStateConfigSig Config> {
* The Boolean `cc` records whether the node is reached through an
* argument in a call.
*/
pragma[assume_small_delta]
private predicate fwdFlow(NodeEx node, Cc cc) {
sourceNode(node, _) and
if hasSourceCallCtx() then cc = true else cc = false
@@ -570,7 +569,6 @@ module Impl<FullStateConfigSig Config> {
/**
* Holds if `c` is the target of a store in the flow covered by `fwdFlow`.
*/
pragma[assume_small_delta]
pragma[nomagic]
private predicate fwdFlowConsCand(Content c) {
exists(NodeEx mid, NodeEx node |
@@ -1135,8 +1133,8 @@ module Impl<FullStateConfigSig Config> {
DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow
);
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap);
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t);
bindingset[typ, contentType]
predicate typecheckStore(Typ typ, DataFlowType contentType);
@@ -1199,20 +1197,23 @@ module Impl<FullStateConfigSig Config> {
NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap, ApApprox apa
) {
fwdFlow0(node, state, cc, summaryCtx, argT, argAp, t, ap, apa) and
PrevStage::revFlow(node, state, apa) and
filter(node, state, t, ap)
fwdFlow1(node, state, cc, summaryCtx, argT, argAp, _, t, ap, apa)
}
pragma[inline]
additional predicate fwdFlow(
private predicate fwdFlow1(
NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap
ApOption argAp, Typ t0, Typ t, Ap ap, ApApprox apa
) {
fwdFlow(node, state, cc, summaryCtx, argT, argAp, t, ap, _)
fwdFlow0(node, state, cc, summaryCtx, argT, argAp, t0, ap, apa) and
PrevStage::revFlow(node, state, apa) and
filter(node, state, t0, ap, t)
}
pragma[nomagic]
private predicate typeStrengthen(Typ t0, Ap ap, Typ t) {
fwdFlow1(_, _, _, _, _, _, t0, t, ap, _) and t0 != t
}
pragma[assume_small_delta]
pragma[nomagic]
private predicate fwdFlow0(
NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
@@ -1339,6 +1340,11 @@ module Impl<FullStateConfigSig Config> {
private predicate fwdFlowConsCand(Typ t2, Ap cons, Content c, Typ t1, Ap tail) {
fwdFlowStore(_, t1, tail, c, t2, _, _, _, _, _, _) and
cons = apCons(c, t1, tail)
or
exists(Typ t0 |
typeStrengthen(t0, cons, t2) and
fwdFlowConsCand(t0, cons, c, t1, tail)
)
}
pragma[nomagic]
@@ -1359,7 +1365,7 @@ module Impl<FullStateConfigSig Config> {
ParamNodeOption summaryCtx, TypOption argT, ApOption argAp
) {
exists(ApHeadContent apc |
fwdFlow(node1, state, cc, summaryCtx, argT, argAp, t, ap) and
fwdFlow(node1, state, cc, summaryCtx, argT, argAp, t, ap, _) and
apc = getHeadContent(ap) and
readStepCand0(node1, apc, c, node2)
)
@@ -1520,14 +1526,14 @@ module Impl<FullStateConfigSig Config> {
NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap
) {
revFlow0(node, state, returnCtx, returnAp, ap) and
fwdFlow(node, state, _, _, _, _, _, ap)
fwdFlow(node, state, _, _, _, _, _, ap, _)
}
pragma[nomagic]
private predicate revFlow0(
NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap
) {
fwdFlow(node, state, _, _, _, _, _, ap) and
fwdFlow(node, state, _, _, _, _, _, ap, _) and
sinkNode(node, state) and
(
if hasSinkCallCtx()
@@ -1780,13 +1786,13 @@ module Impl<FullStateConfigSig Config> {
boolean fwd, int nodes, int fields, int conscand, int states, int tuples
) {
fwd = true and
nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, _, _)) and
nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, _, _, _)) and
fields = count(Content f0 | fwdConsCand(f0, _, _)) and
conscand = count(Content f0, Typ t, Ap ap | fwdConsCand(f0, t, ap)) and
states = count(FlowState state | fwdFlow(_, state, _, _, _, _, _, _)) and
states = count(FlowState state | fwdFlow(_, state, _, _, _, _, _, _, _)) and
tuples =
count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap | fwdFlow(n, state, cc, summaryCtx, argT, argAp, t, ap))
ApOption argAp, Typ t, Ap ap | fwdFlow(n, state, cc, summaryCtx, argT, argAp, t, ap, _))
or
fwd = false and
nodes = count(NodeEx node | revFlow(node, _, _, _, _)) and
@@ -1963,10 +1969,10 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
PrevStage::revFlowState(state) and
exists(t) and
t0 = t and
exists(ap) and
not stateBarrier(node, state) and
(
@@ -2012,7 +2018,8 @@ module Impl<FullStateConfigSig Config> {
FlowCheckNode() {
castNode(this.asNode()) or
clearsContentCached(this.asNode(), _) or
expectsContentCached(this.asNode(), _)
expectsContentCached(this.asNode(), _) or
neverSkipInPathGraph(this.asNode())
}
}
@@ -2197,8 +2204,8 @@ module Impl<FullStateConfigSig Config> {
import BooleanCallContext
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and
exists(lcc)
@@ -2218,10 +2225,16 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
exists(state) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
// We can get away with not using type strengthening here, since we aren't
// going to use the tracked types in the construction of Stage 4 access
// paths. For Stage 4 and onwards, the tracked types must be consistent as
// the cons candidates including types are used to construct subsequent
// access path approximations.
t0 = t and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t0) else any()) and
(
notExpectsContent(node)
or
@@ -2241,6 +2254,16 @@ module Impl<FullStateConfigSig Config> {
import MkStage<Stage2>::Stage<Stage3Param>
}
bindingset[node, t0]
private predicate strengthenType(NodeEx node, DataFlowType t0, DataFlowType t) {
if castingNodeEx(node)
then
exists(DataFlowType nt | nt = node.getDataFlowType() |
if typeStrongerThan(nt, t0) then t = nt else (compatibleTypes(nt, t0) and t = t0)
)
else t = t0
}
private module Stage4Param implements MkStage<Stage3>::StageParam {
private module PrevStage = Stage3;
@@ -2274,8 +2297,8 @@ module Impl<FullStateConfigSig Config> {
pragma[nomagic]
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
@@ -2333,11 +2356,11 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
exists(state) and
not clear(node, ap) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
strengthenType(node, t0, t) and
(
notExpectsContent(node)
or
@@ -2365,7 +2388,7 @@ module Impl<FullStateConfigSig Config> {
exists(AccessPathFront apf |
Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf) and
Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, _, TAccessPathFrontSome(argApf), _,
apf)
apf, _)
)
}
@@ -2579,8 +2602,8 @@ module Impl<FullStateConfigSig Config> {
import LocalCallContext
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, lcc) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
@@ -2609,9 +2632,9 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
strengthenType(node, t0, t) and
exists(state) and
exists(ap)
}
@@ -2632,7 +2655,7 @@ module Impl<FullStateConfigSig Config> {
Stage5::parameterMayFlowThrough(p, _) and
Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0) and
Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()), _,
TAccessPathApproxSome(apa), _, apa0)
TAccessPathApproxSome(apa), _, apa0, _)
)
}
@@ -2649,7 +2672,7 @@ module Impl<FullStateConfigSig Config> {
TSummaryCtxSome(ParamNodeEx p, FlowState state, DataFlowType t, AccessPath ap) {
exists(AccessPathApprox apa | ap.getApprox() = apa |
Stage5::parameterMayFlowThrough(p, apa) and
Stage5::fwdFlow(p, state, _, _, _, _, t, apa) and
Stage5::fwdFlow(p, state, _, _, Option<DataFlowType>::some(t), _, _, apa, _) and
Stage5::revFlow(p, state, _)
)
}
@@ -2751,7 +2774,6 @@ module Impl<FullStateConfigSig Config> {
/**
* Gets the number of `AccessPath`s that correspond to `apa`.
*/
pragma[assume_small_delta]
private int countAps(AccessPathApprox apa) {
evalUnfold(apa, false) and
result = 1 and
@@ -2770,7 +2792,6 @@ module Impl<FullStateConfigSig Config> {
* that it is expanded to a precise head-tail representation.
*/
language[monotonicAggregates]
pragma[assume_small_delta]
private int countPotentialAps(AccessPathApprox apa) {
apa instanceof AccessPathApproxNil and result = 1
or
@@ -2807,7 +2828,6 @@ module Impl<FullStateConfigSig Config> {
}
private newtype TPathNode =
pragma[assume_small_delta]
TPathNodeMid(
NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t, AccessPath ap
) {
@@ -2820,9 +2840,7 @@ module Impl<FullStateConfigSig Config> {
ap = TAccessPathNil()
or
// ... or a step from an existing PathNode to another node.
pathStep(_, node, state, cc, sc, t, ap) and
Stage5::revFlow(node, state, ap.getApprox()) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any())
pathStep(_, node, state, cc, sc, t, ap)
} or
TPathNodeSink(NodeEx node, FlowState state) {
exists(PathNodeMid sink |
@@ -2894,7 +2912,6 @@ module Impl<FullStateConfigSig Config> {
override AccessPathFrontHead getFront() { result = TFrontHead(head_) }
pragma[assume_small_delta]
override AccessPathApproxCons getApprox() {
result = TConsNil(head_, t) and tail_ = TAccessPathNil()
or
@@ -2903,7 +2920,6 @@ module Impl<FullStateConfigSig Config> {
result = TCons1(head_, this.length())
}
pragma[assume_small_delta]
override int length() { result = 1 + tail_.length() }
private string toStringImpl(boolean needsSuffix) {
@@ -3340,13 +3356,23 @@ module Impl<FullStateConfigSig Config> {
ap = mid.getAp()
}
private predicate pathStep(
PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t,
AccessPath ap
) {
exists(DataFlowType t0 |
pathStep0(mid, node, state, cc, sc, t0, ap) and
Stage5::revFlow(node, state, ap.getApprox()) and
strengthenType(node, t0, t)
)
}
/**
* Holds if data may flow from `mid` to `node`. The last step in or out of
* a callable is recorded by `cc`.
*/
pragma[assume_small_delta]
pragma[nomagic]
private predicate pathStep(
private predicate pathStep0(
PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t,
AccessPath ap
) {
@@ -3557,7 +3583,6 @@ module Impl<FullStateConfigSig Config> {
)
}
pragma[assume_small_delta]
pragma[nomagic]
private predicate pathThroughCallable0(
DataFlowCall call, PathNodeMid mid, ReturnKindExt kind, FlowState state, CallContext cc,
@@ -3964,7 +3989,7 @@ module Impl<FullStateConfigSig Config> {
ap = TPartialNil() and
exists(explorationLimit())
or
partialPathNodeMk0(node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
partialPathStep(_, node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
distSrc(node.getEnclosingCallable()) <= explorationLimit()
} or
TPartialPathNodeRev(
@@ -3990,11 +4015,20 @@ module Impl<FullStateConfigSig Config> {
}
pragma[nomagic]
private predicate partialPathNodeMk0(
NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
private predicate partialPathStep(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
) {
partialPathStep(_, node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
partialPathStep1(mid, node, state, cc, sc1, sc2, sc3, sc4, _, t, ap)
}
pragma[nomagic]
private predicate partialPathStep1(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t0, DataFlowType t,
PartialAccessPath ap
) {
partialPathStep0(mid, node, state, cc, sc1, sc2, sc3, sc4, t0, ap) and
not fullBarrier(node) and
not stateBarrier(node, state) and
not clearsContentEx(node, ap.getHead()) and
@@ -4002,9 +4036,14 @@ module Impl<FullStateConfigSig Config> {
notExpectsContent(node) or
expectsContentEx(node, ap.getHead())
) and
if node.asNode() instanceof CastingNode
then compatibleTypes(node.getDataFlowType(), t)
else any()
strengthenType(node, t0, t)
}
pragma[nomagic]
private predicate partialPathTypeStrengthen(
DataFlowType t0, PartialAccessPath ap, DataFlowType t
) {
partialPathStep1(_, _, _, _, _, _, _, _, t0, t, ap) and t0 != t
}
/**
@@ -4183,7 +4222,8 @@ module Impl<FullStateConfigSig Config> {
}
}
private predicate partialPathStep(
pragma[nomagic]
private predicate partialPathStep0(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
) {
@@ -4309,6 +4349,11 @@ module Impl<FullStateConfigSig Config> {
DataFlowType t1, PartialAccessPath ap1, Content c, DataFlowType t2, PartialAccessPath ap2
) {
partialPathStoreStep(_, t1, ap1, c, _, t2, ap2)
or
exists(DataFlowType t0 |
partialPathTypeStrengthen(t0, ap2, t2) and
apConsFwd(t1, ap1, c, t0, ap2)
)
}
pragma[nomagic]

2
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -187,7 +187,6 @@ private module LambdaFlow {
else any()
}
pragma[assume_small_delta]
pragma[nomagic]
predicate revLambdaFlow0(
DataFlowCall lambdaCall, LambdaCallKind kind, Node node, DataFlowType t, boolean toReturn,
@@ -274,7 +273,6 @@ private module LambdaFlow {
)
}
pragma[assume_small_delta]
pragma[nomagic]
predicate revLambdaFlowOut(
DataFlowCall lambdaCall, LambdaCallKind kind, TReturnPositionSimple pos, DataFlowType t,

78
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
View File

@@ -54,12 +54,7 @@ private module Cached {
fa.getField() instanceof InstanceField and ia.isImplicitFieldQualifier(fa)
)
} or
TSummaryInternalNode(SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
FlowSummaryImpl::Private::summaryNodeRange(c, state)
} or
TSummaryParameterNode(SummarizedCallable c, int pos) {
FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
} or
TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
TFieldValueNode(Field f)
cached
@@ -132,8 +127,6 @@ module Public {
or
result = this.(ImplicitPostUpdateNode).getPreUpdateNode().getType()
or
result = this.(SummaryParameterNode).getTypeImpl()
or
result = this.(FieldValueNode).getField().getType()
}
@@ -378,8 +371,7 @@ module Private {
result.asCallable() = n.(ImplicitInstanceAccess).getInstanceAccess().getEnclosingCallable() or
result.asCallable() = n.(MallocNode).getClassInstanceExpr().getEnclosingCallable() or
result = nodeGetEnclosingCallable(n.(ImplicitPostUpdateNode).getPreUpdateNode()) or
n = TSummaryInternalNode(result.asSummarizedCallable(), _) or
n = TSummaryParameterNode(result.asSummarizedCallable(), _) or
result.asSummarizedCallable() = n.(FlowSummaryNode).getSummarizedCallable() or
result.asFieldScope() = n.(FieldValueNode).getField()
}
@@ -407,7 +399,7 @@ module Private {
or
this = getInstanceArgument(_)
or
this.(SummaryNode).isArgumentOf(_, _)
this.(FlowSummaryNode).isArgumentOf(_, _)
}
/**
@@ -424,7 +416,7 @@ module Private {
or
pos = -1 and this = getInstanceArgument(call.asCall())
or
this.(SummaryNode).isArgumentOf(call, pos)
this.(FlowSummaryNode).isArgumentOf(call, pos)
}
/** Gets the call in which this node is an argument. */
@@ -435,7 +427,7 @@ module Private {
class ReturnNode extends Node {
ReturnNode() {
exists(ReturnStmt ret | this.asExpr() = ret.getResult()) or
this.(SummaryNode).isReturn()
this.(FlowSummaryNode).isReturn()
}
/** Gets the kind of this returned value. */
@@ -447,61 +439,57 @@ module Private {
OutNode() {
this.asExpr() instanceof MethodAccess
or
this.(SummaryNode).isOut(_)
this.(FlowSummaryNode).isOut(_)
}
/** Gets the underlying call. */
DataFlowCall getCall() {
result.asCall() = this.asExpr()
or
this.(SummaryNode).isOut(result)
this.(FlowSummaryNode).isOut(result)
}
}
/**
* A data-flow node used to model flow summaries.
*/
class SummaryNode extends Node, TSummaryInternalNode {
private SummarizedCallable c;
private FlowSummaryImpl::Private::SummaryNodeState state;
class FlowSummaryNode extends Node, TFlowSummaryNode {
FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) }
SummaryNode() { this = TSummaryInternalNode(c, state) }
SummarizedCallable getSummarizedCallable() {
result = this.getSummaryNode().getSummarizedCallable()
}
override Location getLocation() { result = c.getLocation() }
override Location getLocation() { result = this.getSummarizedCallable().getLocation() }
override string toString() { result = "[summary] " + state + " in " + c }
override string toString() { result = this.getSummaryNode().toString() }
/** Holds if this summary node is the `i`th argument of `call`. */
predicate isArgumentOf(DataFlowCall call, int i) {
FlowSummaryImpl::Private::summaryArgumentNode(call, this, i)
FlowSummaryImpl::Private::summaryArgumentNode(call, this.getSummaryNode(), i)
}
/** Holds if this summary node is a return node. */
predicate isReturn() { FlowSummaryImpl::Private::summaryReturnNode(this, _) }
predicate isReturn() { FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), _) }
/** Holds if this summary node is an out node for `call`. */
predicate isOut(DataFlowCall call) { FlowSummaryImpl::Private::summaryOutNode(call, this, _) }
predicate isOut(DataFlowCall call) {
FlowSummaryImpl::Private::summaryOutNode(call, this.getSummaryNode(), _)
}
}
SummaryNode getSummaryNode(SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
result = TSummaryInternalNode(c, state)
}
class SummaryParameterNode extends ParameterNode, TSummaryParameterNode {
private SummarizedCallable sc;
private int pos_;
SummaryParameterNode() { this = TSummaryParameterNode(sc, pos_) }
override Location getLocation() { result = sc.getLocation() }
override string toString() { result = "[summary param] " + pos_ + " in " + sc }
override predicate isParameterOf(DataFlowCallable c, int pos) {
c.asSummarizedCallable() = sc and pos = pos_
class SummaryParameterNode extends ParameterNode, FlowSummaryNode {
SummaryParameterNode() {
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), _)
}
Type getTypeImpl() { result = sc.getParameterType(pos_) }
private int getPosition() {
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), result)
}
override predicate isParameterOf(DataFlowCallable c, int pos) {
c.asSummarizedCallable() = this.getSummarizedCallable() and pos = this.getPosition()
}
}
}
@@ -523,10 +511,12 @@ private class MallocNode extends Node, TMallocNode {
ClassInstanceExpr getClassInstanceExpr() { result = cie }
}
private class SummaryPostUpdateNode extends SummaryNode, PostUpdateNode {
private Node pre;
private class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNode {
private FlowSummaryNode pre;
SummaryPostUpdateNode() { FlowSummaryImpl::Private::summaryPostUpdateNode(this, pre) }
SummaryPostUpdateNode() {
FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(), pre.getSummaryNode())
}
override Node getPreUpdateNode() { result = pre }
}

45
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
View File

@@ -85,7 +85,8 @@ predicate jumpStep(Node node1, Node node2) {
any(AdditionalValueStep a).step(node1, node2) and
node1.getEnclosingCallable() != node2.getEnclosingCallable()
or
FlowSummaryImpl::Private::Steps::summaryJumpStep(node1, node2)
FlowSummaryImpl::Private::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(),
node2.(FlowSummaryNode).getSummaryNode())
}
/**
@@ -114,7 +115,8 @@ predicate storeStep(Node node1, Content f, Node node2) {
or
f instanceof ArrayContent and arrayStoreStep(node1, node2)
or
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, f, node2)
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), f,
node2.(FlowSummaryNode).getSummaryNode())
}
/**
@@ -145,7 +147,8 @@ predicate readStep(Node node1, Content f, Node node2) {
or
f instanceof CollectionContent and collectionReadStep(node1, node2)
or
FlowSummaryImpl::Private::Steps::summaryReadStep(node1, f, node2)
FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), f,
node2.(FlowSummaryNode).getSummaryNode())
}
/**
@@ -160,7 +163,7 @@ predicate clearsContent(Node n, Content c) {
c.(FieldContent).getField() = fa.getField()
)
or
FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c)
FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c)
}
/**
@@ -168,7 +171,7 @@ predicate clearsContent(Node n, Content c) {
* at node `n`.
*/
predicate expectsContent(Node n, ContentSet c) {
FlowSummaryImpl::Private::Steps::summaryExpectsContent(n, c)
FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c)
}
/**
@@ -176,7 +179,7 @@ predicate expectsContent(Node n, ContentSet c) {
* possible flow. A single type is used for all numeric types to account for
* numeric conversions, and otherwise the erasure is used.
*/
DataFlowType getErasedRepr(Type t) {
RefType getErasedRepr(Type t) {
exists(Type e | e = t.getErasure() |
if e instanceof NumericOrCharType
then result.(BoxedType).getPrimitiveType().getName() = "double"
@@ -189,11 +192,18 @@ DataFlowType getErasedRepr(Type t) {
t instanceof NullType and result instanceof TypeObject
}
class DataFlowType extends SrcRefType {
DataFlowType() { this = getErasedRepr(_) }
}
pragma[nomagic]
predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { t1.getASourceSupertype+() = t2 }
pragma[noinline]
DataFlowType getNodeType(Node n) {
result = getErasedRepr(n.getTypeBound())
or
result = FlowSummaryImpl::Private::summaryNodeType(n)
result = FlowSummaryImpl::Private::summaryNodeType(n.(FlowSummaryNode).getSummaryNode())
}
/** Gets a string representation of a type returned by `getErasedRepr`. */
@@ -232,6 +242,12 @@ class CastNode extends ExprNode {
CastNode() { this.getExpr() instanceof CastingExpr }
}
/**
* Holds if `n` should never be skipped over in the `PathGraph` and in path
* explanations.
*/
predicate neverSkipInPathGraph(Node n) { none() }
private newtype TDataFlowCallable =
TSrcCallable(Callable c) or
TSummarizedCallable(SummarizedCallable c) or
@@ -259,11 +275,9 @@ class DataFlowCallable extends TDataFlowCallable {
class DataFlowExpr = Expr;
class DataFlowType = RefType;
private newtype TDataFlowCall =
TCall(Call c) or
TSummaryCall(SummarizedCallable c, Node receiver) {
TSummaryCall(SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver) {
FlowSummaryImpl::Private::summaryCallbackRange(c, receiver)
}
@@ -313,12 +327,12 @@ class SrcCall extends DataFlowCall, TCall {
/** A synthesized call inside a `SummarizedCallable`. */
class SummaryCall extends DataFlowCall, TSummaryCall {
private SummarizedCallable c;
private Node receiver;
private FlowSummaryImpl::Private::SummaryNode receiver;
SummaryCall() { this = TSummaryCall(c, receiver) }
/** Gets the data flow node that this call targets. */
Node getReceiver() { result = receiver }
FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver }
override DataFlowCallable getEnclosingCallable() { result.asSummarizedCallable() = c }
@@ -378,10 +392,7 @@ predicate forceHighPrecision(Content c) {
}
/** Holds if `n` should be hidden from path explanations. */
predicate nodeIsHidden(Node n) {
n instanceof SummaryNode or
n instanceof SummaryParameterNode
}
predicate nodeIsHidden(Node n) { n instanceof FlowSummaryNode }
class LambdaCallKind = Method; // the "apply" method in the functional interface
@@ -399,7 +410,7 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c)
/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */
predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
receiver = call.(SummaryCall).getReceiver() and
receiver.(FlowSummaryNode).getSummaryNode() = call.(SummaryCall).getReceiver() and
getNodeDataFlowType(receiver)
.getSourceDeclaration()
.(FunctionalInterface)

3
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
View File

@@ -183,7 +183,8 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2) {
node1.(ArgumentNode).argumentOf(any(DataFlowCall c | c.asCall() = ma), argNo)
)
or
FlowSummaryImpl::Private::Steps::summaryLocalStep(node1, node2, true)
FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(),
node2.(FlowSummaryNode).getSummaryNode(), true)
}
/**

267
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -23,29 +23,30 @@ module Public {
* content type, or a return kind.
*/
class SummaryComponent extends TSummaryComponent {
/** Gets a textual representation of this summary component. */
string toString() {
exists(ContentSet c | this = TContentSummaryComponent(c) and result = c.toString())
or
exists(ContentSet c | this = TWithoutContentSummaryComponent(c) and result = "without " + c)
or
exists(ContentSet c | this = TWithContentSummaryComponent(c) and result = "with " + c)
/** Gets a textual representation of this component used for MaD models. */
string getMadRepresentation() {
result = getMadRepresentationSpecific(this)
or
exists(ArgumentPosition pos |
this = TParameterSummaryComponent(pos) and result = "parameter " + pos
this = TParameterSummaryComponent(pos) and
result = "Parameter[" + getArgumentPosition(pos) + "]"
)
or
exists(ParameterPosition pos |
this = TArgumentSummaryComponent(pos) and result = "argument " + pos
this = TArgumentSummaryComponent(pos) and
result = "Argument[" + getParameterPosition(pos) + "]"
)
or
exists(ReturnKind rk | this = TReturnSummaryComponent(rk) and result = "return (" + rk + ")")
or
exists(SummaryComponent::SyntheticGlobal sg |
this = TSyntheticGlobalSummaryComponent(sg) and
result = "synthetic global (" + sg + ")"
exists(string synthetic |
this = TSyntheticGlobalSummaryComponent(synthetic) and
result = "SyntheticGlobal[" + synthetic + "]"
)
or
this = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
}
/** Gets a textual representation of this summary component. */
string toString() { result = this.getMadRepresentation() }
}
/** Provides predicates for constructing summary components. */
@@ -110,7 +111,6 @@ module Public {
}
/** Gets the stack obtained by dropping the first `i` elements, if any. */
pragma[assume_small_delta]
SummaryComponentStack drop(int i) {
i = 0 and result = this
or
@@ -125,19 +125,22 @@ module Public {
this = TSingletonSummaryComponentStack(result) or result = this.tail().bottom()
}
/** Gets a textual representation of this stack. */
string toString() {
/** Gets a textual representation of this stack used for MaD models. */
string getMadRepresentation() {
exists(SummaryComponent head, SummaryComponentStack tail |
head = this.head() and
tail = this.tail() and
result = tail + "." + head
result = tail.getMadRepresentation() + "." + head.getMadRepresentation()
)
or
exists(SummaryComponent c |
this = TSingletonSummaryComponentStack(c) and
result = c.toString()
result = c.getMadRepresentation()
)
}
/** Gets a textual representation of this stack. */
string toString() { result = this.getMadRepresentation() }
}
/** Provides predicates for constructing stacks of summary components. */
@@ -166,37 +169,6 @@ module Public {
SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) }
}
/** Gets a textual representation of this component used for flow summaries. */
private string getComponent(SummaryComponent sc) {
result = getComponentSpecific(sc)
or
exists(ArgumentPosition pos |
sc = TParameterSummaryComponent(pos) and
result = "Parameter[" + getArgumentPosition(pos) + "]"
)
or
exists(ParameterPosition pos |
sc = TArgumentSummaryComponent(pos) and
result = "Argument[" + getParameterPosition(pos) + "]"
)
or
sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
}
/** Gets a textual representation of this stack used for flow summaries. */
string getComponentStack(SummaryComponentStack stack) {
exists(SummaryComponent head, SummaryComponentStack tail |
head = stack.head() and
tail = stack.tail() and
result = getComponentStack(tail) + "." + getComponent(head)
)
or
exists(SummaryComponent c |
stack = TSingletonSummaryComponentStack(c) and
result = getComponent(c)
)
}
/**
* A class that exists for QL technical reasons only (the IPA type used
* to represent component stacks needs to be bounded).
@@ -505,6 +477,9 @@ module Private {
or
// Add the post-update node corresponding to the requested argument node
outputState(c, s) and isCallbackParameter(s)
or
// Add the parameter node for parameter side-effects
outputState(c, s) and s = SummaryComponentStack::argument(_)
}
private newtype TSummaryNodeState =
@@ -530,7 +505,7 @@ module Private {
* this state represents that the components in `s` _remain to be written_ to
* the output.
*/
class SummaryNodeState extends TSummaryNodeState {
private class SummaryNodeState extends TSummaryNodeState {
/** Holds if this state is a valid input state for `c`. */
pragma[nomagic]
predicate isInputState(SummarizedCallable c, SummaryComponentStack s) {
@@ -559,6 +534,42 @@ module Private {
}
}
private newtype TSummaryNode =
TSummaryInternalNode(SummarizedCallable c, SummaryNodeState state) {
summaryNodeRange(c, state)
} or
TSummaryParameterNode(SummarizedCallable c, ParameterPosition pos) {
summaryParameterNodeRange(c, pos)
}
abstract class SummaryNode extends TSummaryNode {
abstract string toString();
abstract SummarizedCallable getSummarizedCallable();
}
private class SummaryInternalNode extends SummaryNode, TSummaryInternalNode {
private SummarizedCallable c;
private SummaryNodeState state;
SummaryInternalNode() { this = TSummaryInternalNode(c, state) }
override string toString() { result = "[summary] " + state + " in " + c }
override SummarizedCallable getSummarizedCallable() { result = c }
}
private class SummaryParamNode extends SummaryNode, TSummaryParameterNode {
private SummarizedCallable c;
private ParameterPosition pos;
SummaryParamNode() { this = TSummaryParameterNode(c, pos) }
override string toString() { result = "[summary param] " + pos + " in " + c }
override SummarizedCallable getSummarizedCallable() { result = c }
}
/**
* Holds if `state` represents having read from a parameter at position
* `pos` in `c`. In this case we are not synthesizing a data-flow node,
@@ -574,7 +585,7 @@ module Private {
* Holds if a synthesized summary node is needed for the state `state` in summarized
* callable `c`.
*/
predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) {
private predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) {
state.isInputState(c, _) and
not parameterReadState(c, state, _)
or
@@ -582,22 +593,22 @@ module Private {
}
pragma[noinline]
private Node summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) {
private SummaryNode summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) {
exists(SummaryNodeState state | state.isInputState(c, s) |
result = summaryNode(c, state)
result = TSummaryInternalNode(c, state)
or
exists(ParameterPosition pos |
parameterReadState(c, state, pos) and
result.(ParamNode).isParameterOf(inject(c), pos)
result = TSummaryParameterNode(c, pos)
)
)
}
pragma[noinline]
private Node summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) {
private SummaryNode summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) {
exists(SummaryNodeState state |
state.isOutputState(c, s) and
result = summaryNode(c, state)
result = TSummaryInternalNode(c, state)
)
}
@@ -605,12 +616,14 @@ module Private {
* Holds if a write targets `post`, which is a post-update node for a
* parameter at position `pos` in `c`.
*/
private predicate isParameterPostUpdate(Node post, SummarizedCallable c, ParameterPosition pos) {
private predicate isParameterPostUpdate(
SummaryNode post, SummarizedCallable c, ParameterPosition pos
) {
post = summaryNodeOutputState(c, SummaryComponentStack::argument(pos))
}
/** Holds if a parameter node at position `pos` is required for `c`. */
predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
private predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
parameterReadState(c, _, pos)
or
// Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
@@ -618,7 +631,7 @@ module Private {
}
private predicate callbackOutput(
SummarizedCallable c, SummaryComponentStack s, Node receiver, ReturnKind rk
SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ReturnKind rk
) {
any(SummaryNodeState state).isInputState(c, s) and
s.head() = TReturnSummaryComponent(rk) and
@@ -626,7 +639,7 @@ module Private {
}
private predicate callbackInput(
SummarizedCallable c, SummaryComponentStack s, Node receiver, ArgumentPosition pos
SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ArgumentPosition pos
) {
any(SummaryNodeState state).isOutputState(c, s) and
s.head() = TParameterSummaryComponent(pos) and
@@ -634,7 +647,7 @@ module Private {
}
/** Holds if a call targeting `receiver` should be synthesized inside `c`. */
predicate summaryCallbackRange(SummarizedCallable c, Node receiver) {
predicate summaryCallbackRange(SummarizedCallable c, SummaryNode receiver) {
callbackOutput(c, _, receiver, _)
or
callbackInput(c, _, receiver, _)
@@ -647,10 +660,10 @@ module Private {
* `getContentType()`, `getReturnType()`, `getCallbackParameterType()`, and
* `getCallbackReturnType()`.
*/
DataFlowType summaryNodeType(Node n) {
exists(Node pre |
DataFlowType summaryNodeType(SummaryNode n) {
exists(SummaryNode pre |
summaryPostUpdateNode(n, pre) and
result = getNodeType(pre)
result = summaryNodeType(pre)
)
or
exists(SummarizedCallable c, SummaryComponentStack s, SummaryComponent head | head = s.head() |
@@ -662,12 +675,12 @@ module Private {
)
or
head = TWithoutContentSummaryComponent(_) and
result = getNodeType(summaryNodeInputState(c, s.tail()))
result = summaryNodeType(summaryNodeInputState(c, s.tail()))
or
exists(ReturnKind rk |
head = TReturnSummaryComponent(rk) and
result =
getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
getCallbackReturnType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c),
s.tail())), rk)
)
or
@@ -675,6 +688,11 @@ module Private {
head = TSyntheticGlobalSummaryComponent(sg) and
result = getSyntheticGlobalType(sg)
)
or
exists(ParameterPosition pos |
head = TArgumentSummaryComponent(pos) and
result = getParameterType(c, pos)
)
)
or
n = summaryNodeOutputState(c, s) and
@@ -691,7 +709,7 @@ module Private {
or
exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) |
result =
getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
getCallbackParameterType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c),
s.tail())), pos)
)
or
@@ -703,9 +721,14 @@ module Private {
)
}
/** Holds if summary node `p` is a parameter with position `pos`. */
predicate summaryParameterNode(SummaryNode p, ParameterPosition pos) {
p = TSummaryParameterNode(_, pos)
}
/** Holds if summary node `out` contains output of kind `rk` from call `c`. */
predicate summaryOutNode(DataFlowCall c, Node out, ReturnKind rk) {
exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver |
predicate summaryOutNode(DataFlowCall c, SummaryNode out, ReturnKind rk) {
exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver |
callbackOutput(callable, s, receiver, rk) and
out = summaryNodeInputState(callable, s) and
c = summaryDataFlowCall(receiver)
@@ -713,8 +736,8 @@ module Private {
}
/** Holds if summary node `arg` is at position `pos` in the call `c`. */
predicate summaryArgumentNode(DataFlowCall c, Node arg, ArgumentPosition pos) {
exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver |
predicate summaryArgumentNode(DataFlowCall c, SummaryNode arg, ArgumentPosition pos) {
exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver |
callbackInput(callable, s, receiver, pos) and
arg = summaryNodeOutputState(callable, s) and
c = summaryDataFlowCall(receiver)
@@ -722,10 +745,10 @@ module Private {
}
/** Holds if summary node `post` is a post-update node with pre-update node `pre`. */
predicate summaryPostUpdateNode(Node post, Node pre) {
predicate summaryPostUpdateNode(SummaryNode post, SummaryNode pre) {
exists(SummarizedCallable c, ParameterPosition pos |
isParameterPostUpdate(post, c, pos) and
pre.(ParamNode).isParameterOf(inject(c), pos)
pre = TSummaryParameterNode(c, pos)
)
or
exists(SummarizedCallable callable, SummaryComponentStack s |
@@ -736,7 +759,7 @@ module Private {
}
/** Holds if summary node `ret` is a return node of kind `rk`. */
predicate summaryReturnNode(Node ret, ReturnKind rk) {
predicate summaryReturnNode(SummaryNode ret, ReturnKind rk) {
exists(SummaryComponentStack s |
ret = summaryNodeOutputState(_, s) and
s = TSingletonSummaryComponentStack(TReturnSummaryComponent(rk))
@@ -748,7 +771,9 @@ module Private {
* node, and back out to `p`.
*/
predicate summaryAllowParameterReturnInSelf(ParamNode p) {
exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(inject(c), ppos) |
exists(SummarizedCallable c, ParameterPosition ppos |
p.isParameterOf(inject(c), pragma[only_bind_into](ppos))
|
exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents |
summary(c, inputContents, outputContents, _) and
inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and
@@ -763,7 +788,7 @@ module Private {
* Holds if there is a local step from `pred` to `succ`, which is synthesized
* from a flow summary.
*/
predicate summaryLocalStep(Node pred, Node succ, boolean preservesValue) {
predicate summaryLocalStep(SummaryNode pred, SummaryNode succ, boolean preservesValue) {
exists(
SummarizedCallable c, SummaryComponentStack inputContents,
SummaryComponentStack outputContents
@@ -789,7 +814,7 @@ module Private {
* Holds if there is a read step of content `c` from `pred` to `succ`, which
* is synthesized from a flow summary.
*/
predicate summaryReadStep(Node pred, ContentSet c, Node succ) {
predicate summaryReadStep(SummaryNode pred, ContentSet c, SummaryNode succ) {
exists(SummarizedCallable sc, SummaryComponentStack s |
pred = summaryNodeInputState(sc, s.tail()) and
succ = summaryNodeInputState(sc, s) and
@@ -801,7 +826,7 @@ module Private {
* Holds if there is a store step of content `c` from `pred` to `succ`, which
* is synthesized from a flow summary.
*/
predicate summaryStoreStep(Node pred, ContentSet c, Node succ) {
predicate summaryStoreStep(SummaryNode pred, ContentSet c, SummaryNode succ) {
exists(SummarizedCallable sc, SummaryComponentStack s |
pred = summaryNodeOutputState(sc, s) and
succ = summaryNodeOutputState(sc, s.tail()) and
@@ -813,7 +838,7 @@ module Private {
* Holds if there is a jump step from `pred` to `succ`, which is synthesized
* from a flow summary.
*/
predicate summaryJumpStep(Node pred, Node succ) {
predicate summaryJumpStep(SummaryNode pred, SummaryNode succ) {
exists(SummaryComponentStack s |
s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and
pred = summaryNodeOutputState(_, s) and
@@ -840,9 +865,9 @@ module Private {
* `a` on line 2 to the post-update node for `a` on that line (via an intermediate
* node where field `b` is cleared).
*/
predicate summaryClearsContent(Node n, ContentSet c) {
predicate summaryClearsContent(SummaryNode n, ContentSet c) {
exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
n = summaryNode(sc, state) and
n = TSummaryInternalNode(sc, state) and
state.isInputState(sc, stack) and
stack.head() = SummaryComponent::withoutContent(c)
)
@@ -852,9 +877,9 @@ module Private {
* Holds if the value that is being tracked is expected to be stored inside
* content `c` at `n`.
*/
predicate summaryExpectsContent(Node n, ContentSet c) {
predicate summaryExpectsContent(SummaryNode n, ContentSet c) {
exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
n = summaryNode(sc, state) and
n = TSummaryInternalNode(sc, state) and
state.isInputState(sc, stack) and
stack.head() = SummaryComponent::withContent(c)
)
@@ -862,17 +887,17 @@ module Private {
pragma[noinline]
private predicate viableParam(
DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, ParamNode p
DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, SummaryParamNode p
) {
exists(DataFlowCallable c |
c = inject(sc) and
p.isParameterOf(c, ppos) and
p = TSummaryParameterNode(sc, ppos) and
c = viableCallable(call)
)
}
pragma[nomagic]
private ParamNode summaryArgParam0(DataFlowCall call, ArgNode arg, SummarizedCallable sc) {
private SummaryParamNode summaryArgParam(DataFlowCall call, ArgNode arg, SummarizedCallable sc) {
exists(ParameterPosition ppos |
argumentPositionMatch(call, arg, ppos) and
viableParam(call, sc, ppos, result)
@@ -884,12 +909,12 @@ module Private {
* local steps. `clearsOrExpects` records whether any node on the path from `p` to
* `n` either clears or expects contents.
*/
private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExpects) {
private predicate paramReachesLocal(SummaryParamNode p, SummaryNode n, boolean clearsOrExpects) {
viableParam(_, _, _, p) and
n = p and
clearsOrExpects = false
or
exists(Node mid, boolean clearsOrExpectsMid |
exists(SummaryNode mid, boolean clearsOrExpectsMid |
paramReachesLocal(p, mid, clearsOrExpectsMid) and
summaryLocalStep(mid, n, true) and
if
@@ -909,21 +934,33 @@ module Private {
*/
pragma[nomagic]
predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
exists(ParamNode p, ParameterPosition ppos, Node ret |
exists(SummaryParamNode p, ParameterPosition ppos, SummaryNode ret |
paramReachesLocal(p, ret, true) and
p = summaryArgParam0(_, arg, sc) and
p.isParameterOf(_, pragma[only_bind_into](ppos)) and
p = summaryArgParam(_, arg, sc) and
p = TSummaryParameterNode(_, pragma[only_bind_into](ppos)) and
isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
)
}
pragma[nomagic]
private predicate summaryReturnNodeExt(SummaryNode ret, ReturnKindExt rk) {
summaryReturnNode(ret, rk.(ValueReturnKind).getKind())
or
exists(SummaryParamNode p, SummaryNode pre, ParameterPosition pos |
paramReachesLocal(p, pre, _) and
summaryPostUpdateNode(ret, pre) and
p = TSummaryParameterNode(_, pos) and
rk.(ParamUpdateReturnKind).getPosition() = pos
)
}
bindingset[ret]
private ParamNode summaryArgParam(
ArgNode arg, ReturnNodeExt ret, OutNodeExt out, SummarizedCallable sc
private SummaryParamNode summaryArgParamRetOut(
ArgNode arg, SummaryNode ret, OutNodeExt out, SummarizedCallable sc
) {
exists(DataFlowCall call, ReturnKindExt rk |
result = summaryArgParam0(call, arg, sc) and
ret.getKind() = pragma[only_bind_into](rk) and
result = summaryArgParam(call, arg, sc) and
summaryReturnNodeExt(ret, pragma[only_bind_into](rk)) and
out = pragma[only_bind_into](rk).getAnOutNode(call)
)
}
@@ -936,9 +973,9 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) {
exists(ReturnKind rk, ReturnNode ret, DataFlowCall call |
summaryLocalStep(summaryArgParam0(call, arg, sc), ret, true) and
ret.getKind() = pragma[only_bind_into](rk) and
exists(ReturnKind rk, SummaryNode ret, DataFlowCall call |
summaryLocalStep(summaryArgParam(call, arg, sc), ret, true) and
summaryReturnNode(ret, pragma[only_bind_into](rk)) and
out = getAnOutNode(call, pragma[only_bind_into](rk))
)
}
@@ -951,7 +988,9 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) {
exists(ReturnNodeExt ret | summaryLocalStep(summaryArgParam(arg, ret, out, sc), ret, false))
exists(SummaryNode ret |
summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false)
)
}
/**
@@ -962,8 +1001,8 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
exists(Node mid, ReturnNodeExt ret |
summaryReadStep(summaryArgParam(arg, ret, out, sc), c, mid) and
exists(SummaryNode mid, SummaryNode ret |
summaryReadStep(summaryArgParamRetOut(arg, ret, out, sc), c, mid) and
summaryLocalStep(mid, ret, _)
)
}
@@ -976,8 +1015,8 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
exists(Node mid, ReturnNodeExt ret |
summaryLocalStep(summaryArgParam(arg, ret, out, sc), mid, _) and
exists(SummaryNode mid, SummaryNode ret |
summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _) and
summaryStoreStep(mid, c, ret)
)
}
@@ -1310,8 +1349,8 @@ module Private {
c.relevantSummary(input, output, preservesValue) and
csv =
c.getCallableCsv() // Callable information
+ getComponentStack(input) + ";" // input
+ getComponentStack(output) + ";" // output
+ input.getMadRepresentation() + ";" // input
+ output.getMadRepresentation() + ";" // output
+ renderKind(preservesValue) + ";" // kind
+ renderProvenance(c) // provenance
)
@@ -1344,11 +1383,11 @@ module Private {
}
private newtype TNodeOrCall =
MkNode(Node n) {
MkNode(SummaryNode n) {
exists(RelevantSummarizedCallable c |
n = summaryNode(c, _)
n = TSummaryInternalNode(c, _)
or
n.(ParamNode).isParameterOf(inject(c), _)
n = TSummaryParameterNode(c, _)
)
} or
MkCall(DataFlowCall call) {
@@ -1357,7 +1396,7 @@ module Private {
}
private class NodeOrCall extends TNodeOrCall {
Node asNode() { this = MkNode(result) }
SummaryNode asNode() { this = MkNode(result) }
DataFlowCall asCall() { this = MkCall(result) }
@@ -1377,9 +1416,11 @@ module Private {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.asNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
this.asCall().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
}

14
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -26,15 +26,17 @@ DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() =
/** Gets the parameter position of the instance parameter. */
ArgumentPosition callbackSelfParameterPosition() { result = -1 }
/** Gets the synthesized summary data-flow node for the given values. */
Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = getSummaryNode(c, state) }
/** Gets the synthesized data-flow call for `receiver`. */
SummaryCall summaryDataFlowCall(Node receiver) { result.getReceiver() = receiver }
SummaryCall summaryDataFlowCall(SummaryNode receiver) { result.getReceiver() = receiver }
/** Gets the type of content `c`. */
DataFlowType getContentType(Content c) { result = c.getType() }
/** Gets the type of the parameter at the given position. */
DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) {
result = getErasedRepr(c.getParameterType(pos))
}
/** Gets the return type of kind `rk` for callable `c`. */
DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) {
result = getErasedRepr(c.getReturnType()) and
@@ -191,8 +193,8 @@ private string getContentSpecific(Content c) {
c instanceof MapValueContent and result = "MapValue"
}
/** Gets the textual representation of the content in the format used for flow summaries. */
string getComponentSpecific(SummaryComponent sc) {
/** Gets the textual representation of the content in the format used for MaD models. */
string getMadRepresentationSpecific(SummaryComponent sc) {
exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecific(c))
}

5
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -86,6 +86,7 @@ module LocalTaintFlow<nodeSig/1 source, nodeSig/1 sink> {
cached
private module Cached {
private import DataFlowImplCommon as DataFlowImplCommon
private import DataFlowPrivate as DataFlowPrivate
cached
predicate forceCachingInSameStage() { DataFlowImplCommon::forceCachingInSameStage() }
@@ -136,7 +137,8 @@ private module Cached {
)
)
or
FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
FlowSummaryImpl::Private::Steps::summaryLocalStep(src.(DataFlowPrivate::FlowSummaryNode)
.getSummaryNode(), sink.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false)
}
/**
@@ -615,7 +617,6 @@ private MethodAccess callReturningSameType(Expr ref) {
result.getMethod().getReturnType() = ref.getType()
}
pragma[assume_small_delta]
private SrcRefType entrypointType() {
exists(RemoteFlowSource s, RefType t |
s instanceof DataFlow::ExplicitParameterNode and

1
java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
View File

@@ -31,7 +31,6 @@ private Callable dispatchCand(Call c) {
/**
* Holds if `t` and all its enclosing types are public.
*/
pragma[assume_small_delta]
private predicate veryPublic(RefType t) {
t.isPublic() and
(

1
java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
View File

@@ -206,7 +206,6 @@ private predicate relevantNodeBack(ObjNode n) {
exists(ObjNode mid | objStep(n, mid) and relevantNodeBack(mid))
}
pragma[assume_small_delta]
private predicate relevantNode(ObjNode n) {
source(_, n) and relevantNodeBack(n)
or

2
java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -53,7 +53,6 @@ private predicate hasPathAnnotation(Annotatable annotatable) {
* A method which is annotated with one or more JaxRS resource type annotations e.g. `@GET`, `@POST` etc.
*/
class JaxRsResourceMethod extends Method {
pragma[assume_small_delta]
JaxRsResourceMethod() {
exists(AnnotationType a |
a = this.getAnAnnotation().getType() and
@@ -92,7 +91,6 @@ class JaxRsResourceMethod extends Method {
* This class contains resource methods, which are executed in response to requests.
*/
class JaxRsResourceClass extends Class {
pragma[assume_small_delta]
JaxRsResourceClass() {
// A root resource class has a @Path annotation on the class.
hasPathAnnotation(this)

1
java/ql/lib/semmle/code/java/frameworks/Rmi.qll
View File

@@ -12,7 +12,6 @@ class RemoteCallableMethod extends Method {
RemoteCallableMethod() { remoteCallableMethod(this) }
}
pragma[assume_small_delta]
private predicate remoteCallableMethod(Method method) {
method.getDeclaringType().getASupertype() instanceof TypeRemote
or

29
java/ql/lib/semmle/code/java/frameworks/apache/Exec.qll
View File

@@ -1,29 +0,0 @@
/** Definitions related to the Apache Commons Exec library. */
import semmle.code.java.Type
import semmle.code.java.security.ExternalProcess
/** The class `org.apache.commons.exec.CommandLine`. */
private class TypeCommandLine extends Class {
TypeCommandLine() { this.hasQualifiedName("org.apache.commons.exec", "CommandLine") }
}
/** The `parse()` method of the class `org.apache.commons.exec.CommandLine`. */
private class MethodCommandLineParse extends Method, ExecCallable {
MethodCommandLineParse() {
this.getDeclaringType() instanceof TypeCommandLine and
this.hasName("parse")
}
override int getAnExecutedArgument() { result = 0 }
}
/** The `addArguments()` method of the class `org.apache.commons.exec.CommandLine`. */
private class MethodCommandLineAddArguments extends Method, ExecCallable {
MethodCommandLineAddArguments() {
this.getDeclaringType() instanceof TypeCommandLine and
this.hasName("addArguments")
}
override int getAnExecutedArgument() { result = 0 }
}

1
java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll
View File

@@ -45,7 +45,6 @@ private class FieldReferencedGsonDeserializableType extends GsonDeserializableTy
/** A field that may be deserialized using the Gson JSON framework. */
private class GsonDeserializableField extends DeserializableField {
pragma[assume_small_delta]
GsonDeserializableField() {
exists(GsonDeserializableType superType |
superType = this.getDeclaringType().getAnAncestor() and

38
java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll Normal file
View File

@@ -0,0 +1,38 @@
/** Provides classes and predicates related to the Hudson framework. */
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.frameworks.stapler.Stapler
private import semmle.code.java.security.XSS
/** A method declared in a subtype of `hudson.model.Descriptor` that returns an `HttpResponse`. */
class HudsonWebMethod extends Method {
HudsonWebMethod() {
this.getReturnType().(RefType).getASourceSupertype*() instanceof HttpResponse and
this.getDeclaringType().getASourceSupertype*().hasQualifiedName("hudson.model", "Descriptor")
}
}
private class FilePathRead extends LocalUserInput {
FilePathRead() {
this.asExpr()
.(MethodAccess)
.getMethod()
.hasQualifiedName("hudson", "FilePath",
[
"newInputStreamDenyingSymlinkAsNeeded", "openInputStream", "read", "readFromOffset",
"readToString"
])
}
}
private class HudsonUtilXssSanitizer extends XssSanitizer {
HudsonUtilXssSanitizer() {
this.asExpr()
.(MethodAccess)
.getMethod()
// Not including xmlEscape because it only accounts for >, <, and &.
// It does not account for ", or ', which makes it an incomplete XSS sanitizer.
.hasQualifiedName("hudson", "Util", "escape")
}
}

1
java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
View File

@@ -146,7 +146,6 @@ class JacksonSerializableField extends SerializableField {
/** A field that may be deserialized using the Jackson JSON framework. */
class JacksonDeserializableField extends DeserializableField {
pragma[assume_small_delta]
JacksonDeserializableField() {
exists(JacksonDeserializableType superType |
superType = this.getDeclaringType().getAnAncestor() and

124
java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll Normal file
View File

@@ -0,0 +1,124 @@
/** Provides classes and predicates related to the Stapler framework. */
import java
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.dataflow.FlowSteps
private import semmle.code.java.dataflow.TypeFlow
private import semmle.code.java.frameworks.hudson.Hudson
private import semmle.code.java.frameworks.JavaxAnnotations
/**
* A callable annotated with a Stapler `DataBound` annotation,
* or that has the `@stapler-constructor` Javadoc annotation.
*/
class DataBoundAnnotated extends Callable {
DataBoundAnnotated() {
exists(Annotation an |
an.getType()
.hasQualifiedName("org.kohsuke.stapler", ["DataBoundConstructor", "DataBoundSetter"])
|
this = an.getAnnotatedElement()
)
or
exists(Javadoc doc | doc.getAChild().getText().matches("%@stapler-constructor%") |
doc.getCommentedElement() = this
)
}
}
/** The interface `org.kohsuke.stapler.HttpResponse`. */
class HttpResponse extends Interface {
HttpResponse() { this.hasQualifiedName("org.kohsuke.stapler", "HttpResponse") }
}
/**
* A remote flow source for parameters annotated with an annotation
* that is itself annotated with `InjectedParameter`.
*
* Such parameters are populated with user-provided data by Stapler.
*/
private class InjectedParameterSource extends RemoteFlowSource {
InjectedParameterSource() {
this.asParameter().getAnAnnotation().getType() instanceof InjectedParameterAnnotatedType
}
override string getSourceType() { result = "Stapler injected parameter" }
}
/**
* A dataflow step from the `HttpResponse` return value of a `HudsonWebMethod`
* to the instance parameter of the `generateResponse` method of the appropriate subtype of `HttpResponse`.
*
* This models the rendering process of an `HttpResponse` by Stapler.
*/
private class HttpResponseGetDescriptionStep extends AdditionalValueStep {
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(ReturnStmt s, GenerateResponseMethod m |
s.getEnclosingCallable() instanceof HudsonWebMethod and
boundOrStaticType(s.getResult(), m.getDeclaringType().getADescendant())
|
n1.asExpr() = s.getResult() and
n2.(DataFlow::InstanceParameterNode).getCallable() = m
)
}
}
/**
* A dataflow step from the post-update node of an instance access in a `DataBoundAnnotated` method
* to the instance parameter of a `PostConstruct` method of the same type.
*
* This models the construction process of a `DataBound` object in Stapler.
*/
private class PostConstructDataBoundAdditionalStep extends AdditionalValueStep {
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(PostConstructDataBoundMethod postConstruct, DataBoundAnnotated input |
postConstruct.getDeclaringType() = input.getDeclaringType()
|
n1.(DataFlow::PostUpdateNode)
.getPreUpdateNode()
.(DataFlow::InstanceAccessNode)
.getEnclosingCallable() = input and
n2.(DataFlow::InstanceParameterNode).getCallable() = postConstruct
)
}
}
/** An annotation type annotated with the `InjectedParameter` annotation. */
private class InjectedParameterAnnotatedType extends AnnotationType {
InjectedParameterAnnotatedType() {
this.getAnAnnotation().getType().hasQualifiedName("org.kohsuke.stapler", "InjectedParameter")
}
}
/** The `generateResponse` method of `org.kohsuke.stapler.HttpResponse` or its subtypes. */
private class GenerateResponseMethod extends Method {
GenerateResponseMethod() {
this.getDeclaringType().getASourceSupertype*() instanceof HttpResponse and
this.hasName("generateResponse")
}
}
/** Holds if `t` is the static type of `e`, or an upper bound of the runtime type of `e`. */
private predicate boundOrStaticType(Expr e, RefType t) {
exprTypeFlow(e, t, false)
or
t = e.getType()
}
/**
* A method called after the construction of a `DataBound` object.
*
* That is, either the `bindResolve` method of a subtype of `org.kohsuke.stapler.DataBoundResolvable`,
* or a method annotated with `javax.annotation.PostConstruct`.
*/
private class PostConstructDataBoundMethod extends Method {
PostConstructDataBoundMethod() {
this.getDeclaringType()
.getASourceSupertype*()
.hasQualifiedName("org.kohsuke.stapler", "DataBoundResolvable") and
this.hasName("bindResolve")
or
this.getAnAnnotation() instanceof PostConstructAnnotation
}
}

10
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
View File

@@ -10,8 +10,8 @@
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.security.ExternalProcess
private import semmle.code.java.security.CommandArguments
private import semmle.code.java.security.ExternalProcess
/** A sink for command injection vulnerabilities. */
abstract class CommandInjectionSink extends DataFlow::Node { }
@@ -33,9 +33,7 @@ class CommandInjectionAdditionalTaintStep extends Unit {
}
private class DefaultCommandInjectionSink extends CommandInjectionSink {
DefaultCommandInjectionSink() {
this.asExpr() instanceof ArgumentToExec or sinkNode(this, "command-injection")
}
DefaultCommandInjectionSink() { sinkNode(this, "command-injection") }
}
private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer {
@@ -100,7 +98,7 @@ predicate execIsTainted(
RemoteUserInputToArgumentToExecFlow::PathNode sink, Expr execArg
) {
RemoteUserInputToArgumentToExecFlow::flowPath(source, sink) and
sink.getNode().asExpr() = execArg
argumentToExec(execArg, sink.getNode())
}
/**
@@ -112,7 +110,7 @@ predicate execIsTainted(
*/
deprecated predicate execTainted(DataFlow::PathNode source, DataFlow::PathNode sink, Expr execArg) {
exists(RemoteUserInputToArgumentToExecFlowConfig conf |
conf.hasFlowPath(source, sink) and sink.getNode().asExpr() = execArg
conf.hasFlowPath(source, sink) and argumentToExec(execArg, sink.getNode())
)
}

31
java/ql/lib/semmle/code/java/security/ExternalProcess.qll
View File

@@ -1,16 +1,13 @@
/** Definitions related to external processes. */
import semmle.code.java.Member
private module Instances {
private import semmle.code.java.JDK
private import semmle.code.java.frameworks.apache.Exec
}
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.security.CommandLineQuery
/**
* A callable that executes a command.
* DEPRECATED: A callable that executes a command.
*/
abstract class ExecCallable extends Callable {
abstract deprecated class ExecCallable extends Callable {
/**
* Gets the index of an argument that will be part of the command that is executed.
*/
@@ -23,13 +20,19 @@ abstract class ExecCallable extends Callable {
* to be executed.
*/
class ArgumentToExec extends Expr {
ArgumentToExec() {
exists(Call execCall, ExecCallable execCallable, int i |
execCall.getArgument(pragma[only_bind_into](i)) = this and
execCallable = execCall.getCallee() and
i = execCallable.getAnExecutedArgument()
)
}
ArgumentToExec() { argumentToExec(this, _) }
}
/**
* Holds if `e` is an expression used as an argument to a call that executes an external command.
* For calls to varargs method calls, this only includes the first argument, which will be the command
* to be executed.
*/
predicate argumentToExec(Expr e, CommandInjectionSink s) {
s.asExpr() = e
or
e.(Argument).isNthVararg(0) and
s.(DataFlow::ImplicitVarargsArray).getCall() = e.(Argument).getCall()
}
/**

27
java/ql/lib/semmle/code/java/security/LogInjection.qll
View File

@@ -46,16 +46,33 @@ private class LineBreaksLogInjectionSanitizer extends LogInjectionSanitizer {
}
}
private predicate stringMethodAccess(
MethodAccess ma, CompileTimeConstantExpr arg0, CompileTimeConstantExpr arg1
) {
ma.getMethod().getDeclaringType() instanceof TypeString and
arg0 = ma.getArgument(0) and
arg1 = ma.getArgument(1)
}
private predicate stringMethodArgument(CompileTimeConstantExpr arg) {
stringMethodAccess(_, arg, _) or stringMethodAccess(_, _, arg)
}
bindingset[match]
pragma[inline_late]
private predicate stringMethodArgumentValueMatches(CompileTimeConstantExpr const, string match) {
stringMethodArgument(const) and
const.getStringValue().matches(match)
}
/**
* Holds if the return value of `ma` is sanitized against log injection attacks
* by removing line breaks from it.
*/
private predicate logInjectionSanitizer(MethodAccess ma) {
exists(CompileTimeConstantExpr target, CompileTimeConstantExpr replacement |
ma.getMethod().getDeclaringType() instanceof TypeString and
target = ma.getArgument(0) and
replacement = ma.getArgument(1) and
not replacement.getStringValue().matches(["%\n%", "%\r%"])
stringMethodAccess(ma, target, replacement) and
not stringMethodArgumentValueMatches(replacement, ["%\n%", "%\r%"])
|
ma.getMethod().hasName("replace") and
not replacement.getIntValue() = [10, 13] and
@@ -68,7 +85,7 @@ private predicate logInjectionSanitizer(MethodAccess ma) {
(
// Replace anything not in an allow list
target.getStringValue().matches("[^%]") and
not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
not stringMethodArgumentValueMatches(target, "%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
or
// Replace line breaks
target.getStringValue() = ["\n", "\r", "\\n", "\\r", "\\R"]

5
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -5,7 +5,6 @@ private import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.SensitiveActions
import semmle.code.java.frameworks.android.Compose
import DataFlow
/** A variable that may hold sensitive information, judging by its name. */
class CredentialExpr extends Expr {
@@ -45,7 +44,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
sanitizer.getType() instanceof TypeType
}
override predicate isSanitizerIn(Node node) { this.isSource(node) }
override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
}
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
@@ -62,7 +61,7 @@ module SensitiveLoggerConfig implements DataFlow::ConfigSig {
sanitizer.getType() instanceof TypeType
}
predicate isBarrierIn(Node node) { isSource(node) }
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
module SensitiveLoggerFlow = TaintTracking::Global<SensitiveLoggerConfig>;

18
java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -28,6 +28,20 @@ private class ObjectInputStreamReadObjectMethod extends Method {
}
}
/**
* A type extending `ObjectInputStream` that makes it safe to deserialize untrusted data.
*
* * See https://commons.apache.org/proper/commons-io/javadocs/api-2.5/org/apache/commons/io/serialization/ValidatingObjectInputStream.html
* * See https://github.com/ikkisoft/SerialKiller
*/
private class SafeObjectInputStreamType extends RefType {
SafeObjectInputStreamType() {
this.getASourceSupertype*()
.hasQualifiedName("org.apache.commons.io.serialization", "ValidatingObjectInputStream") or
this.getASourceSupertype*().hasQualifiedName("org.nibblesec.tools", "SerialKiller")
}
}
private class XmlDecoderReadObjectMethod extends Method {
XmlDecoderReadObjectMethod() {
this.getDeclaringType().hasQualifiedName("java.beans", "XMLDecoder") and
@@ -135,9 +149,7 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
sink = ma.getQualifier() and
not exists(DataFlow::ExprNode node |
node.getExpr() = sink and
node.getTypeBound()
.(RefType)
.hasQualifiedName("org.apache.commons.io.serialization", "ValidatingObjectInputStream")
node.getTypeBound() instanceof SafeObjectInputStreamType
)
or
m instanceof XmlDecoderReadObjectMethod and

1
java/ql/lib/semmle/code/java/security/XSS.qll
View File

@@ -6,6 +6,7 @@ import semmle.code.java.frameworks.android.WebView
import semmle.code.java.frameworks.spring.SpringController
import semmle.code.java.frameworks.spring.SpringHttp
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
private import semmle.code.java.frameworks.hudson.Hudson
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking
private import semmle.code.java.dataflow.ExternalFlow

12
java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp
View File

@@ -3,17 +3,15 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>Extracting files from a malicious zip archive (or another archive format)
without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Extracting files from a malicious zip file, or similar type of archive,
is at risk of directory traversal attacks if filenames from the archive are
not properly validated.</p>
<p>Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

Some files were not shown because too many files have changed in this diff Show More