diff --git a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql index 799ebdbe159..b4abf091758 100644 --- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql @@ -11,6 +11,7 @@ import java import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.frameworks.javase.URL import DataFlow::PathGraph class HTTPString extends StringLiteral { @@ -29,18 +30,6 @@ class HTTPString extends StringLiteral { } } -class URLConstructor extends ClassInstanceExpr { - URLConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" } - - Expr protocolArg() { - // In all cases except where the first parameter is a URL, the argument - // containing the protocol is the first one, otherwise it is the second. - if this.getConstructor().getParameter(0).getType().getName() = "URL" - then result = this.getArgument(1) - else result = this.getArgument(0) - } -} - class URLOpenMethod extends Method { URLOpenMethod() { this.getDeclaringType().getQualifiedName() = "java.net.URL" and diff --git a/java/ql/src/experimental/CWE-918/RequestForgery.java b/java/ql/src/experimental/CWE-918/RequestForgery.java new file mode 100644 index 00000000000..7c764b630a9 --- /dev/null +++ b/java/ql/src/experimental/CWE-918/RequestForgery.java @@ -0,0 +1,20 @@ +import java.net.http.HttpClient; + +public class SSRF extends HttpServlet { + private static final String VALID_URI = "http://lgtm.com"; + private HttpClient client = HttpClient.newHttpClient(); + + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + URI uri = new URI(request.getParameter("uri")); + // BAD: a request parameter is incorporated without validation into a Http request + HttpRequest r = HttpRequest.newBuilder(uri).build(); + client.send(r, null); + + // GOOD: the request parameter is validated against a known fixed string + if (VALID_URI.equals(request.getParameter("uri"))) { + HttpRequest r2 = HttpRequest.newBuilder(uri).build(); + client.send(r2, null); + } + } +} diff --git a/java/ql/src/experimental/CWE-918/RequestForgery.qhelp b/java/ql/src/experimental/CWE-918/RequestForgery.qhelp new file mode 100644 index 00000000000..0a34747413d --- /dev/null +++ b/java/ql/src/experimental/CWE-918/RequestForgery.qhelp @@ -0,0 +1,37 @@ + + + + + +

Directly incorporating user input into a HTTP request without validating the input +can facilitate Server Side Request Forgery (SSRF) attacks. In these attacks, the server +may be tricked into making a request and interacting with an attacker-controlled server. +

+ + + + +

To guard against SSRF attacks, it is advisable to avoid putting user input +directly into the request URL. Instead, maintain a list of authorized +URLs on the server; then choose from that list based on the user input provided.

+ + + + +

The following example shows an HTTP request parameter being used directly in a forming a +new request without validating the input, which facilitates SSRF attacks. +It also shows how to remedy the problem by validating the user input against a known fixed string. +

+ + + + + +
  • + OWASP SSRF +
    • + +     +     diff --git a/java/ql/src/experimental/CWE-918/RequestForgery.ql b/java/ql/src/experimental/CWE-918/RequestForgery.ql new file mode 100644 index 00000000000..f8cb7481c44 --- /dev/null +++ b/java/ql/src/experimental/CWE-918/RequestForgery.ql @@ -0,0 +1,21 @@ +/** + * @name Server Sider Request Forgery (SSRF) from remote source + * @description Making web requests based on unvalidated user-input + * may cause server to communicate with malicious servers. + * @kind path-problem + * @problem.severity error + * @precision high + * @id java/ssrf + * @tags security + * external/cwe/cwe-918 + */ + +import java +import semmle.code.java.dataflow.FlowSources +import RequestForgery::RequestForgery +import DataFlow::PathGraph + +from DataFlow::PathNode source, DataFlow::PathNode sink, RequestForgeryRemoteConfiguration conf +where conf.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Potential server side request forgery due to $@.", + source.getNode(), "a user-provided value" diff --git a/java/ql/src/experimental/CWE-918/RequestForgery.qll b/java/ql/src/experimental/CWE-918/RequestForgery.qll new file mode 100644 index 00000000000..2cb447bbc02 --- /dev/null +++ b/java/ql/src/experimental/CWE-918/RequestForgery.qll @@ -0,0 +1,57 @@ +import java +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.javase.URI +import semmle.code.java.frameworks.javase.URL +import semmle.code.java.frameworks.javase.Http +import semmle.code.java.dataflow.DataFlow + +module RequestForgery { + import RequestForgeryCustomizations::RequestForgery + + /** + * A taint-tracking configuration for reasoning about request forgery. + */ + class RequestForgeryRemoteConfiguration extends TaintTracking::Configuration { + RequestForgeryRemoteConfiguration() { this = "Server Side Request Forgery" } + + override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + additionalStep(pred, succ) + } + } +} + +predicate additionalStep(DataFlow::Node pred, DataFlow::Node succ) { + // propagate to a URI when its host is assigned to + exists(UriConstructor c | c.hostArg() = pred.asExpr() | succ.asExpr() = c) + or + // propagate to a URL when its host is assigned to + exists(UrlConstructor c | c.hostArg() = pred.asExpr() | succ.asExpr() = c) + or + // propagate to a RequestEntity when its url is assigned to + exists(MethodAccess m | + m.getMethod().getDeclaringType() instanceof SpringRequestEntity and + ( + m.getMethod().hasName(["get", "post", "head", "delete", "options", "patch", "put"]) and + m.getArgument(0) = pred.asExpr() and + m = succ.asExpr() + ) + or + m.getMethod().hasName("method") and + m.getArgument(1) = pred.asExpr() and + m = succ.asExpr() + ) + or + // propagate from a `RequestEntity<>$BodyBuilder` to a `RequestEntity` + // when the builder is tainted + exists(MethodAccess m, RefType t | + m.getMethod().getDeclaringType() = t and + t.hasQualifiedName("org.springframework.http", "RequestEntity<>$BodyBuilder") and + m.getMethod().hasName("body") and + m.getQualifier() = pred.asExpr() and + m = succ.asExpr() + ) +} diff --git a/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll b/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll new file mode 100644 index 00000000000..7c16646d333 --- /dev/null +++ b/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll @@ -0,0 +1,137 @@ +/** A module to reason about request forgery vulnerabilities. */ + +import java +import semmle.code.java.frameworks.Networking +import semmle.code.java.frameworks.javase.URI +import semmle.code.java.frameworks.javase.URL +import semmle.code.java.frameworks.JaxWS +import semmle.code.java.frameworks.javase.Http +import semmle.code.java.dataflow.DataFlow + +/** A module to reason about request forgery vulnerabilities. */ +module RequestForgery { + /** A data flow sink for request forgery vulnerabilities. */ + abstract class Sink extends DataFlow::Node { } + + /** + * An argument to an url `openConnection` or `openStream` call + * taken as a sink for request forgery vulnerabilities. + */ + private class UrlOpen extends Sink { + UrlOpen() { + exists(MethodAccess ma | + ma.getMethod() instanceof UrlOpenConnectionMethod or + ma.getMethod() instanceof UrlOpenStreamMethod + | + this.asExpr() = ma.getQualifier() + ) + } + } + + /** + * An argument to an Apache `setURI` call taken as a + * sink for request forgery vulnerabilities. + */ + private class ApacheSetUri extends Sink { + ApacheSetUri() { + exists(MethodAccess ma | + ma.getReceiverType() instanceof TypeApacheHttpRequest and + ma.getMethod().hasName("setURI") + | + this.asExpr() = ma.getArgument(0) + ) + } + } + + /** + * An argument to any Apache Request Instantiation call taken as a + * sink for request forgery vulnerabilities. + */ + private class ApacheHttpRequestInstantiation extends Sink { + ApacheHttpRequestInstantiation() { + exists(ClassInstanceExpr c | c.getConstructedType() instanceof TypeApacheHttpRequest | + this.asExpr() = c.getArgument(0) + ) + } + } + + /** + * An argument to a Apache RequestBuilder method call taken as a + * sink for request forgery vulnerabilities. + */ + private class ApacheHttpRequestBuilderArgument extends Sink { + ApacheHttpRequestBuilderArgument() { + exists(MethodAccess ma | + ma.getReceiverType() instanceof TypeApacheHttpRequestBuilder and + ma.getMethod().hasName(["setURI", "get", "post", "put", "optons", "head", "delete"]) + | + this.asExpr() = ma.getArgument(0) + ) + } + } + + /** + * An argument to any Java.net.http.request Instantiation call taken as a + * sink for request forgery vulnerabilities. + */ + private class HttpRequestNewBuilder extends Sink { + HttpRequestNewBuilder() { + exists(MethodAccess call | + call.getCallee().hasName("newBuilder") and + call.getMethod().getDeclaringType().getName() = "HttpRequest" + | + this.asExpr() = call.getArgument(0) + ) + } + } + + /** + * An argument to an Http Builder `uri` call taken as a + * sink for request forgery vulnerabilities. + */ + private class HttpBuilderUriArgument extends Sink { + HttpBuilderUriArgument() { + exists(MethodAccess ma | ma.getMethod() instanceof HttpBuilderUri | + this.asExpr() = ma.getArgument(0) + ) + } + } + + /** + * An argument to a Spring Rest Template method call taken as a + * sink for request forgery vulnerabilities. + */ + private class SpringRestTemplateArgument extends Sink { + SpringRestTemplateArgument() { + exists(MethodAccess ma | + this.asExpr() = ma.getMethod().(SpringRestTemplateUrlMethods).getUrlArgument(ma) + ) + } + } + + /** + * An argument to `javax.ws.rs.Client`s `target` method call taken as a + * sink for request forgery vulnerabilities. + */ + private class JaxRsClientTarget extends Sink { + JaxRsClientTarget() { + exists(MethodAccess ma, JaxRsClient t | + // ma.getMethod().getDeclaringType().getQualifiedName() ="javax.ws.rs.client.Client" and + ma.getMethod().getDeclaringType() instanceof JaxRsClient and + ma.getMethod().hasName("target") + | + this.asExpr() = ma.getArgument(0) + ) + } + } + + /** + * A URI argument to `org.springframework.http.RequestEntity`s constructor call + * taken as a sink for request forgery vulnerabilities. + */ + private class RequestEntityUriArg extends Sink { + RequestEntityUriArg() { + exists(SpringRequestEntityInstanceExpr e | e.getUriArg() = this.asExpr()) + } + } +} diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql index 5e1c84b9ea1..dc7b687e2e3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql @@ -10,6 +10,7 @@ import java import semmle.code.java.frameworks.Networking +import semmle.code.java.frameworks.ApacheHttp import semmle.code.java.dataflow.TaintTracking import DataFlow::PathGraph @@ -21,19 +22,6 @@ private string getPrivateHostRegex() { "(?i)localhost(?:[:/?#].*)?|127\\.0\\.0\\.1(?:[:/?#].*)?|10(?:\\.[0-9]+){3}(?:[:/?#].*)?|172\\.16(?:\\.[0-9]+){2}(?:[:/?#].*)?|192.168(?:\\.[0-9]+){2}(?:[:/?#].*)?|\\[?0:0:0:0:0:0:0:1\\]?(?:[:/?#].*)?|\\[?::1\\]?(?:[:/?#].*)?" } -/** - * The Java class `org.apache.http.client.methods.HttpRequestBase`. Popular subclasses include `HttpGet`, `HttpPost`, and `HttpPut`. - * And the Java class `org.apache.http.message.BasicHttpRequest`. - */ -class ApacheHttpRequest extends RefType { - ApacheHttpRequest() { - this - .getASourceSupertype*() - .hasQualifiedName("org.apache.http.client.methods", "HttpRequestBase") or - this.getASourceSupertype*().hasQualifiedName("org.apache.http.message", "BasicHttpRequest") - } -} - /** * Class of Java URL constructor. */ @@ -167,7 +155,7 @@ class HttpURLOpenMethod extends Method { /** Constructor of `ApacheHttpRequest` */ predicate apacheHttpRequest(DataFlow::Node node1, DataFlow::Node node2) { exists(ConstructorCall cc | - cc.getConstructedType() instanceof ApacheHttpRequest and + cc.getConstructedType() instanceof TypeApacheHttpRequestBase and node2.asExpr() = cc and cc.getAnArgument() = node1.asExpr() ) diff --git a/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll b/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll index 5bea8497a97..92d1f8a7e7e 100644 --- a/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll +++ b/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll @@ -13,3 +13,32 @@ class ApacheHttpEntityGetContent extends Method { this.getName() = "getContent" } } + +/** + * A class derived from the `HttpRequestBase` or the `BasicHttpRequest` + * class of the Apache Http Client `org.apache.http` library + */ +class TypeApacheHttpRequestBase extends RefType { + TypeApacheHttpRequestBase() { + this + .getASourceSupertype*() + .hasQualifiedName("org.apache.http.client.methods", "HttpRequestBase") or + this.getASourceSupertype*().hasQualifiedName("org.apache.http.message", "BasicHttpRequest") + } +} + +/* + * Any class which can be used to make an HTTP request using the Apache Http Client library + * Examples include `HttpGet`,`HttpPost` etc. + */ + +class TypeApacheHttpRequest extends Class { + TypeApacheHttpRequest() { exists(TypeApacheHttpRequestBase t | this.extendsOrImplements(t)) } +} + +/* A class representing the `RequestBuilder` class of the Apache Http Client library */ +class TypeApacheHttpRequestBuilder extends Class { + TypeApacheHttpRequestBuilder() { + hasQualifiedName("org.apache.http.client.methods", "RequestBuilder") + } +} diff --git a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll index fdd483d29b4..6effa413f6c 100644 --- a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll @@ -170,6 +170,13 @@ class JaxRsResponseBuilder extends Class { JaxRsResponseBuilder() { this.hasQualifiedName("javax.ws.rs.core", "ResponseBuilder") } } +/** + * The class `javax.ws.rs.client.Client` + */ +class JaxRsClient extends RefType { + JaxRsClient() { this.hasQualifiedName("javax.ws.rs.client", "Client") } +} + /** * A constructor that may be called by a JaxRS container to construct an instance to inject into a * resource method or resource class constructor. diff --git a/java/ql/src/semmle/code/java/frameworks/javase/Http.qll b/java/ql/src/semmle/code/java/frameworks/javase/Http.qll new file mode 100644 index 00000000000..d48b61b0cf5 --- /dev/null +++ b/java/ql/src/semmle/code/java/frameworks/javase/Http.qll @@ -0,0 +1,20 @@ +import java +import semmle.code.java.dataflow.FlowSources + +/** A class representing `HttpRequest.Builder`. */ +class TypeHttpRequestBuilder extends Interface { + TypeHttpRequestBuilder() { hasQualifiedName("java.net.http", "HttpRequest$Builder") } +} + +/** A class representing `java.net.http.HttpRequest`. */ +class TypeHttpRequest extends Interface { + TypeHttpRequest() { hasQualifiedName("java.net.http", "HttpRequest") } +} + +/** A class representing `java.net.http.HttpRequest$Builder`'s `uri` method. */ +class HttpBuilderUri extends Method { + HttpBuilderUri() { + this.getDeclaringType() instanceof TypeHttpRequestBuilder and + this.getName() = "uri" + } +} diff --git a/java/ql/src/semmle/code/java/frameworks/javase/URI.qll b/java/ql/src/semmle/code/java/frameworks/javase/URI.qll new file mode 100644 index 00000000000..c195962e56e --- /dev/null +++ b/java/ql/src/semmle/code/java/frameworks/javase/URI.qll @@ -0,0 +1,43 @@ +import java +import semmle.code.java.dataflow.FlowSources + +/** Any expresion or call which returns a new URI.*/ +abstract class UriCreation extends Top { + /** + * Returns the host of the newly created URI. + * In the case where the host is specified separately, this returns only the host. + * In the case where the uri is parsed from an input string, + * such as in `URI(`http://foo.com/mypath')`, + * this returns the entire argument passed i.e. `http://foo.com/mypath'. + */ + + abstract Expr hostArg(); +} + +/** An URI constructor expression */ +class UriConstructor extends ClassInstanceExpr, UriCreation { + UriConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URI" } + + override Expr hostArg() { + // URI​(String str) + result = this.getArgument(0) and this.getNumArgument() = 1 + or + // URI(String scheme, String ssp, String fragment) + // URI​(String scheme, String host, String path, String fragment) + // URI​(String scheme, String authority, String path, String query, String fragment) + result = this.getArgument(1) and this.getNumArgument() = [3, 4, 5] + or + // URI​(String scheme, String userInfo, String host, int port, String path, String query, + // String fragment) + result = this.getArgument(2) and this.getNumArgument() = 7 + } +} + +class UriCreate extends Call, UriCreation { + UriCreate() { + this.getCallee().getName() = "create" and + this.getCallee().getDeclaringType() instanceof TypeUri + } + + override Expr hostArg() { result = this.getArgument(0) } +} diff --git a/java/ql/src/semmle/code/java/frameworks/javase/URL.qll b/java/ql/src/semmle/code/java/frameworks/javase/URL.qll new file mode 100644 index 00000000000..681319ff562 --- /dev/null +++ b/java/ql/src/semmle/code/java/frameworks/javase/URL.qll @@ -0,0 +1,47 @@ +import java +import semmle.code.java.dataflow.FlowSources + +/* Am URL constructor expression */ +class UrlConstructor extends ClassInstanceExpr { + UrlConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" } + + Expr hostArg() { + // URL(String spec) + this.getNumArgument() = 1 and result = this.getArgument(0) + or + // URL(String protocol, String host, int port, String file) + // URL(String protocol, String host, int port, String file, URLStreamHandler handler) + this.getNumArgument() = [4,5] and result = this.getArgument(1) + or + // URL(String protocol, String host, String file) + // but not + // URL(URL context, String spec, URLStreamHandler handler) + ( + this.getNumArgument() = 3 and + this.getConstructor().getParameter(2).getType() instanceof TypeString + ) and + result = this.getArgument(1) + } + + Expr protocolArg() { + // In all cases except where the first parameter is a URL, the argument + // containing the protocol is the first one, otherwise it is the second. + if this.getConstructor().getParameter(0).getType().getName() = "URL" + then result = this.getArgument(1) + else result = this.getArgument(0) + } +} + +class UrlOpenStreamMethod extends Method { + UrlOpenStreamMethod() { + this.getDeclaringType() instanceof TypeUrl and + this.getName() = "openStream" + } +} + +class UrlOpenConnectionMethod extends Method { + UrlOpenConnectionMethod() { + this.getDeclaringType() instanceof TypeUrl and + this.getName() = "openConnection" + } +} diff --git a/java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll b/java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll index 59016df25f8..bbc10c652c9 100644 --- a/java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll +++ b/java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll @@ -4,6 +4,7 @@ */ import java +import semmle.code.java.frameworks.Networking /** The class `org.springframework.http.HttpEntity` or an instantiation of it. */ class SpringHttpEntity extends Class { @@ -38,3 +39,17 @@ class SpringResponseEntityBodyBuilder extends Interface { class SpringHttpHeaders extends Class { SpringHttpHeaders() { this.hasQualifiedName("org.springframework.http", "HttpHeaders") } } + +/** Models `org.springframework.http.RequestEntity`s instantiation expressions. */ +class SpringRequestEntityInstanceExpr extends ClassInstanceExpr { + int numArgs; + + SpringRequestEntityInstanceExpr() { + this.getConstructedType() instanceof SpringRequestEntity and + numArgs = this.getNumArgument() + } + + Argument getUriArg() { + exists(Argument a | this.getAnArgument() = a and a.getType() instanceof TypeUri | result = a) + } +} diff --git a/java/ql/src/semmle/code/java/frameworks/spring/SpringWebClient.qll b/java/ql/src/semmle/code/java/frameworks/spring/SpringWebClient.qll index 3a8d4bb084a..14bbb99db68 100644 --- a/java/ql/src/semmle/code/java/frameworks/spring/SpringWebClient.qll +++ b/java/ql/src/semmle/code/java/frameworks/spring/SpringWebClient.qll @@ -27,3 +27,116 @@ class SpringWebClient extends Interface { this.hasQualifiedName("org.springframework.web.reactive.function.client", "WebClient") } } + +/** + * An abstract class representing all Spring Rest Template methods + * which take an URL as an argument. + */ +abstract class SpringRestTemplateUrlMethods extends Method { + /** Gets the argument which corresponds to a URL */ + abstract Argument getUrlArgument(MethodAccess ma); +} + +/** Models `RestTemplate` class's `doExecute` method */ +class RestTemplateDoExecute extends SpringRestTemplateUrlMethods { + RestTemplateDoExecute() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("doExecute") + } + + override Argument getUrlArgument(MethodAccess ma) { + // doExecute(URI url, HttpMethod method, RequestCallback requestCallback, + // ResponseExtractor responseExtractor) + result = ma.getArgument(0) + } +} + +/** Models `RestTemplate` class's `exchange` method */ +class RestTemplateExchange extends SpringRestTemplateUrlMethods { + RestTemplateExchange() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("exchange") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `execute` method */ +class RestTemplateExecute extends SpringRestTemplateUrlMethods { + RestTemplateExecute() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("execute") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `getForEntity` method */ +class RestTemplateGetForEntity extends SpringRestTemplateUrlMethods { + RestTemplateGetForEntity() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("getForEntity") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `getForObject` method */ +class RestTemplateGetForObject extends SpringRestTemplateUrlMethods { + RestTemplateGetForObject() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("getForObject") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `patchForObject` method */ +class RestTemplatePatchForObject extends SpringRestTemplateUrlMethods { + RestTemplatePatchForObject() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("patchForObject") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `postForEntity` method */ +class RestTemplatePostForEntity extends SpringRestTemplateUrlMethods { + RestTemplatePostForEntity() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("postForEntity") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `postForLocation` method */ +class RestTemplatePostForLocation extends SpringRestTemplateUrlMethods { + RestTemplatePostForLocation() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("postForLocation") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `postForObject` method */ +class RestTemplatePostForObject extends SpringRestTemplateUrlMethods { + RestTemplatePostForObject() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("postForObject") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} + +/** Models `RestTemplate` class's `put` method */ +class RestTemplatePut extends SpringRestTemplateUrlMethods { + RestTemplatePut() { + this.getDeclaringType() instanceof SpringRestTemplate and + this.hasName("put") + } + + override Argument getUrlArgument(MethodAccess ma) { result = ma.getArgument(0) } +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/JaxWsSSRF.java b/java/ql/test/experimental/query-tests/security/CWE-918/JaxWsSSRF.java new file mode 100644 index 00000000000..c710c09c64b --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/JaxWsSSRF.java @@ -0,0 +1,11 @@ +import javax.ws.rs.client.*; + +public class JaxWsSSRF { + public static void main(String[] args) { + Client client = ClientBuilder.newClient(); + String url = args[1]; + client.target(url); + } +} + + diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.expected b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.expected new file mode 100644 index 00000000000..a7795b52f1a --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.expected @@ -0,0 +1,64 @@ +edges +| JaxWsSSRF.java:4:29:4:41 | args : String[] | JaxWsSSRF.java:7:23:7:25 | url | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:55:32:55:35 | url1 | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:58:32:58:35 | url1 | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:59:30:59:33 | url1 | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:63:65:63:68 | uri2 | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:64:59:64:61 | uri | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:67:43:67:45 | uri | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:69:29:69:32 | uri2 | +| RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:22:52:22:54 | uri | +| RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:27:57:27:59 | uri | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:17:73:17:93 | ... + ... | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:21:69:21:82 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:25:68:25:81 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:28:73:28:86 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:36:59:36:72 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:39:74:39:96 | new URI(...) | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:43:57:43:70 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:46:58:46:71 | fooResourceUrl | +| SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:49:30:49:43 | fooResourceUrl | +nodes +| JaxWsSSRF.java:4:29:4:41 | args : String[] | semmle.label | args : String[] | +| JaxWsSSRF.java:7:23:7:25 | url | semmle.label | url | +| RequestForgery2.java:23:27:23:53 | getParameter(...) : String | semmle.label | getParameter(...) : String | +| RequestForgery2.java:55:32:55:35 | url1 | semmle.label | url1 | +| RequestForgery2.java:58:32:58:35 | url1 | semmle.label | url1 | +| RequestForgery2.java:59:30:59:33 | url1 | semmle.label | url1 | +| RequestForgery2.java:63:65:63:68 | uri2 | semmle.label | uri2 | +| RequestForgery2.java:64:59:64:61 | uri | semmle.label | uri | +| RequestForgery2.java:67:43:67:45 | uri | semmle.label | uri | +| RequestForgery2.java:69:29:69:32 | uri2 | semmle.label | uri2 | +| RequestForgery.java:19:31:19:57 | getParameter(...) : String | semmle.label | getParameter(...) : String | +| RequestForgery.java:22:52:22:54 | uri | semmle.label | uri | +| RequestForgery.java:27:57:27:59 | uri | semmle.label | uri | +| SpringSSRF.java:11:29:11:41 | args : String[] | semmle.label | args : String[] | +| SpringSSRF.java:17:73:17:93 | ... + ... | semmle.label | ... + ... | +| SpringSSRF.java:21:69:21:82 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:25:68:25:81 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:28:73:28:86 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:36:59:36:72 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:39:74:39:96 | new URI(...) | semmle.label | new URI(...) | +| SpringSSRF.java:43:57:43:70 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:46:58:46:71 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:49:30:49:43 | fooResourceUrl | semmle.label | fooResourceUrl | +#select +| JaxWsSSRF.java:7:23:7:25 | url | JaxWsSSRF.java:4:29:4:41 | args : String[] | JaxWsSSRF.java:7:23:7:25 | url | Potential server side request forgery due to $@. | JaxWsSSRF.java:4:29:4:41 | args | a user-provided value | +| RequestForgery2.java:55:32:55:35 | url1 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:55:32:55:35 | url1 | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:58:32:58:35 | url1 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:58:32:58:35 | url1 | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:59:30:59:33 | url1 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:59:30:59:33 | url1 | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:63:65:63:68 | uri2 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:63:65:63:68 | uri2 | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:64:59:64:61 | uri | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:64:59:64:61 | uri | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:67:43:67:45 | uri | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:67:43:67:45 | uri | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery2.java:69:29:69:32 | uri2 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:69:29:69:32 | uri2 | Potential server side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value | +| RequestForgery.java:22:52:22:54 | uri | RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:22:52:22:54 | uri | Potential server side request forgery due to $@. | RequestForgery.java:19:31:19:57 | getParameter(...) | a user-provided value | +| RequestForgery.java:27:57:27:59 | uri | RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:27:57:27:59 | uri | Potential server side request forgery due to $@. | RequestForgery.java:19:31:19:57 | getParameter(...) | a user-provided value | +| SpringSSRF.java:17:73:17:93 | ... + ... | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:17:73:17:93 | ... + ... | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:21:69:21:82 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:21:69:21:82 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:25:68:25:81 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:25:68:25:81 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:28:73:28:86 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:28:73:28:86 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:36:59:36:72 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:36:59:36:72 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:39:74:39:96 | new URI(...) | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:39:74:39:96 | new URI(...) | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:43:57:43:70 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:43:57:43:70 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:46:58:46:71 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:46:58:46:71 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | +| SpringSSRF.java:49:30:49:43 | fooResourceUrl | SpringSSRF.java:11:29:11:41 | args : String[] | SpringSSRF.java:49:30:49:43 | fooResourceUrl | Potential server side request forgery due to $@. | SpringSSRF.java:11:29:11:41 | args | a user-provided value | diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.java b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.java new file mode 100644 index 00000000000..a9e41a8172f --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.java @@ -0,0 +1,34 @@ +import java.io.IOException; +import java.net.URI; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class RequestForgery extends HttpServlet { + private static final String VALID_URI = "http://lgtm.com"; + private HttpClient client = HttpClient.newHttpClient(); + + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + try { + + URI uri = new URI(request.getParameter("uri")); + // BAD: a request parameter is incorporated without validation into a Http + // request + HttpRequest r = HttpRequest.newBuilder(uri).build(); + client.send(r, null); + + // GOOD: the request parameter is validated against a known fixed string + if (VALID_URI.equals(request.getParameter("uri"))) { + HttpRequest r2 = HttpRequest.newBuilder(uri).build(); + client.send(r2, null); + } + } catch (Exception e) { + // TODO: handle exception + } + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.qlref b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.qlref new file mode 100644 index 00000000000..3d529ae5a2c --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.qlref @@ -0,0 +1 @@ +experimental/CWE-918/RequestForgery.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery2.java b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery2.java new file mode 100644 index 00000000000..eb910bedd36 --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery2.java @@ -0,0 +1,84 @@ +import java.io.IOException; +import java.net.URI; +import java.net.*; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.Proxy.Type; +import java.io.InputStream; + +import org.apache.http.client.methods.HttpGet; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class RequestForgery2 extends HttpServlet { + private static final String VALID_URI = "http://lgtm.com"; + private HttpClient client = HttpClient.newHttpClient(); + + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + try { + + String sink = request.getParameter("uri"); + // URI(String str) + URI uri = new URI(sink); + + // URI(String scheme, String ssp, String fragment) + URI uri2 = new URI("http", sink, "fragement"); + + // URI(String scheme, String userInfo, String host, int port, String path, + // String query, String fragment) + URI uri3 = new URI("http", "userinfo", "host", 1, "path", "query", "fragment"); + // URI(String scheme, String host, String path, String fragment) + URI uri4 = new URI("http", "host", "path", "fragment"); + // URI(String scheme, String authority, String path, String query, String + // fragment) + URI uri5 = new URI("http", "authority", "path", "query", "fragment"); + URI uri6 = URI.create("http://foo.com/"); + + // URL(String spec) + URL url1 = new URL(sink); + // URL(String protocol, String host, int port, String file) + URL url2 = new URL("http", "host", 1, "file"); + // URL(String protocol, String host, String file) + URL url3 = new URL("http", "host", "file"); + // URL(URL context, String spec) + URL url4 = new URL(url3, "http"); + // URL(String protocol, String host, int port, String file, URLStreamHandler + // handler) + URL url5 = new URL("http", "host", 1, "file", new Helper2()); + + // URL(URL context, String spec, URLStreamHandler handler) + URL url6 = new URL(url3, "spec", new Helper2()); + + URLConnection c1 = url1.openConnection(); + SocketAddress sa = new SocketAddress() { + }; + URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa)); + InputStream c3 = url1.openStream(); + + // java.net.http + HttpClient client = HttpClient.newHttpClient(); + HttpRequest request2 = HttpRequest.newBuilder().uri(uri2).build(); + HttpRequest request3 = HttpRequest.newBuilder(uri).build(); + + // Apache HTTPlib + HttpGet httpGet = new HttpGet(uri); + HttpGet httpGet2 = new HttpGet(); + httpGet2.setURI(uri2); + } catch (Exception e) { + // TODO: handle exception + } + } +} + + +class Helper2 extends URLStreamHandler { + Helper2() { + } + + protected URLConnection openConnection(URL u) throws IOException { + return null; + } +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/Sinks.java b/java/ql/test/experimental/query-tests/security/CWE-918/Sinks.java new file mode 100644 index 00000000000..f5d686c9af2 --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/Sinks.java @@ -0,0 +1,72 @@ +import java.io.IOException; +import java.io.InputStream; +import java.net.Proxy; +import java.net.SocketAddress; +import java.net.URI; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; +import java.net.Proxy.Type; +import org.apache.http.client.methods.HttpGet; +// import java.net.http.HttpClient; +// import java.net.http.HttpRequest; + +public class Sinks { + public static void main(String[] args) throws Exception { + // URI(String str) + URI uri = new URI("uri1"); + + // URI(String scheme, String ssp, String fragment) + URI uri2 = new URI("http", "ssp", "fragement"); + + // URI(String scheme, String userInfo, String host, int port, String path, + // String query, String fragment) + URI uri3 = new URI("http", "userinfo", "host", 1, "path", "query", "fragment"); + // URI(String scheme, String host, String path, String fragment) + URI uri4 = new URI("http", "host", "path", "fragment"); + // URI(String scheme, String authority, String path, String query, String + // fragment) + URI uri5 = new URI("http", "authority", "path", "query", "fragment"); + URI uri6 = URI.create("http://foo.com/"); + + // URL(String spec) + URL url1 = new URL("spec"); + // URL(String protocol, String host, int port, String file) + URL url2 = new URL("http", "host", 1, "file"); + // URL(String protocol, String host, String file) + URL url3 = new URL("http", "host", "file"); + // URL(URL context, String spec) + URL url4 = new URL(url3, "http"); + // URL(String protocol, String host, int port, String file, URLStreamHandler + // handler) + URL url5 = new URL("http", "host", 1, "file", new Helper()); + + // URL(URL context, String spec, URLStreamHandler handler) + URL url6 = new URL(url3, "spec", new Helper()); + + URLConnection c1 = url1.openConnection(); + SocketAddress sa = new SocketAddress() { + }; + URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa)); + InputStream c3 = url1.openStream(); + + // java.net.http + // HttpClient client = HttpClient.newHttpClient(); + // HttpRequest request2 = HttpRequest.newBuilder().uri(uri2).build(); + // HttpRequest request3 = HttpRequest.newBuilder(uri).build(); + + // Apache HTTPlib + HttpGet httpGet = new HttpGet(uri); + HttpGet httpGet2 = new HttpGet(); + httpGet2.setURI(uri2); + + } + +} + +class Helper extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL arg0) throws IOException { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/SpringSSRF.java b/java/ql/test/experimental/query-tests/security/CWE-918/SpringSSRF.java new file mode 100644 index 00000000000..8aca1f3083a --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/SpringSSRF.java @@ -0,0 +1,52 @@ +import org.springframework.web.client.RestTemplate; +import org.springframework.http.RequestEntity; +import org.springframework.http.ResponseEntity; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpStatus; +import java.net.URI; +import org.springframework.http.HttpMethod; + +public class SpringSSRF { + + public static void main(String[] args) throws Exception { + RestTemplate restTemplate = new RestTemplate(); + String fooResourceUrl = args[1]; + HttpEntity request = new HttpEntity<>(new String("bar")); + + { + ResponseEntity response = restTemplate.getForEntity(fooResourceUrl + "/1", String.class); + } + + { + ResponseEntity response = restTemplate.exchange(fooResourceUrl, HttpMethod.POST, request, + String.class); + } + { + ResponseEntity response = restTemplate.execute(fooResourceUrl, HttpMethod.POST, null, null, "test"); + } + { + ResponseEntity response = restTemplate.getForEntity(fooResourceUrl, String.class, "test"); + } + { + String body = new String("body"); + RequestEntity requestEntity = RequestEntity.post(new URI(fooResourceUrl)).body(body); + ResponseEntity response = restTemplate.exchange(requestEntity, String.class); + } + { + String response = restTemplate.patchForObject(fooResourceUrl, new String("object"), String.class, "hi"); + } + { + ResponseEntity response = restTemplate.postForEntity(new URI(fooResourceUrl), new String("object"), + String.class); + } + { + URI response = restTemplate.postForLocation(fooResourceUrl, new String("object")); + } + { + String response = restTemplate.postForObject(fooResourceUrl, new String("object"), String.class); + } + { + restTemplate.put(fooResourceUrl, new String("object")); + } + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/security/CWE-918/options b/java/ql/test/experimental/query-tests/security/CWE-918/options new file mode 100644 index 00000000000..c0475f077af --- /dev/null +++ b/java/ql/test/experimental/query-tests/security/CWE-918/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/apache-httpclient-4.5.12/:${testdir}/../../../../stubs/servlet-api-2.4/ \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpGet.java b/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpGet.java new file mode 100644 index 00000000000..1ab81d0c83f --- /dev/null +++ b/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpGet.java @@ -0,0 +1,19 @@ +package org.apache.http.client.methods; + +public class HttpGet extends org.apache.http.client.methods.HttpRequestBase { + + public static final java.lang.String METHOD_NAME = "GET"; + + public HttpGet() { + } + + public HttpGet(java.net.URI uri) { + } + + public HttpGet(java.lang.String uri) { + } + + public java.lang.String getMethod() { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpRequestBase.java b/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpRequestBase.java new file mode 100644 index 00000000000..c5e9cade9f7 --- /dev/null +++ b/java/ql/test/experimental/stubs/apache-httpclient-4.5.12/org/apache/http/client/methods/HttpRequestBase.java @@ -0,0 +1,17 @@ +package org.apache.http.client.methods; + +public abstract class HttpRequestBase { + + private java.net.URI uri; + + public HttpRequestBase() { + } + + public java.net.URI getURI() { + return null; + } + + public void setURI(java.net.URI uri) { + } + +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/Client.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/Client.java new file mode 100644 index 00000000000..cddcf668d14 --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/Client.java @@ -0,0 +1,12 @@ +package javax.ws.rs.client; + +public abstract interface Client extends javax.ws.rs.core.Configurable { + + public abstract javax.ws.rs.client.WebTarget target(java.lang.String arg0); + + public abstract javax.ws.rs.client.WebTarget target(java.net.URI arg0); + + public abstract javax.ws.rs.client.WebTarget target(javax.ws.rs.core.UriBuilder arg0); + + public abstract javax.ws.rs.client.WebTarget target(javax.ws.rs.core.Link arg0); +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/ClientBuilder.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/ClientBuilder.java new file mode 100644 index 00000000000..7cc5b4d0610 --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/ClientBuilder.java @@ -0,0 +1,19 @@ +package javax.ws.rs.client; + +public abstract class ClientBuilder implements javax.ws.rs.core.Configurable { + + protected ClientBuilder() { + } + + public static javax.ws.rs.client.ClientBuilder newBuilder() { + return null; + } + + public static javax.ws.rs.client.Client newClient() { + return null; + } + + public static javax.ws.rs.client.Client newClient(javax.ws.rs.core.Configuration configuration) { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/WebTarget.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/WebTarget.java new file mode 100644 index 00000000000..e975c93d71a --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/WebTarget.java @@ -0,0 +1,4 @@ +package javax.ws.rs.client; + +public abstract interface WebTarget extends javax.ws.rs.core.Configurable { +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configurable.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configurable.java new file mode 100644 index 00000000000..e132dd5b418 --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configurable.java @@ -0,0 +1,6 @@ +package javax.ws.rs.core; + +public abstract interface Configurable { + + public abstract javax.ws.rs.core.Configuration getConfiguration(); +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configuration.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configuration.java new file mode 100644 index 00000000000..fe964429d4c --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configuration.java @@ -0,0 +1,3 @@ +package javax.ws.rs.core; + +public abstract interface Configuration {} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Link.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Link.java new file mode 100644 index 00000000000..38ed9572dca --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Link.java @@ -0,0 +1,61 @@ +package javax.ws.rs.core; + +public abstract class Link { + + public static final java.lang.String TITLE = "title"; + + public static final java.lang.String REL = "rel"; + + public static final java.lang.String TYPE = "type"; + + public Link() { + } + + public abstract java.net.URI getUri(); + + public abstract javax.ws.rs.core.UriBuilder getUriBuilder(); + + public abstract java.lang.String getRel(); + + public abstract java.util.List getRels(); + + public abstract java.lang.String getTitle(); + + public abstract java.lang.String getType(); + + public abstract java.util.Map getParams(); + + public abstract java.lang.String toString(); + + public static javax.ws.rs.core.Link valueOf(java.lang.String value) { + return null; + } + + // public static javax.ws.rs.core.Link.Builder fromUri(java.net.URI uri) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromUri(java.lang.String uri) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromUriBuilder(javax.ws.rs.core.UriBuilder uriBuilder) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromLink(javax.ws.rs.core.Link link) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromPath(java.lang.String path) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromResource(java.lang.Class resource) { + // return null; + // } + + // public static javax.ws.rs.core.Link.Builder fromMethod(java.lang.Class resource, java.lang.String method) { + // return null; + // } +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilder.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilder.java new file mode 100644 index 00000000000..d32f96c5043 --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilder.java @@ -0,0 +1,62 @@ +// Failed to get sources. Instead, stub sources have been generated by the disassembler. +// Implementation of methods is unavailable. +package javax.ws.rs.core; + +public abstract class UriBuilder { + + protected UriBuilder() { + } + + protected static javax.ws.rs.core.UriBuilder newInstance() { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromUri(java.net.URI uri) { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromUri(java.lang.String uriTemplate) { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromLink(javax.ws.rs.core.Link link) { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromPath(java.lang.String path) + throws java.lang.IllegalArgumentException { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromResource(java.lang.Class resource) { + return null; + } + + public static javax.ws.rs.core.UriBuilder fromMethod(java.lang.Class resource, java.lang.String method) { + return null; + } + + public abstract javax.ws.rs.core.UriBuilder clone(); + + public abstract javax.ws.rs.core.UriBuilder uri(java.net.URI arg0); + + public abstract javax.ws.rs.core.UriBuilder uri(java.lang.String arg0); + + public abstract java.net.URI buildFromMap(java.util.Map arg0); + + public abstract java.net.URI buildFromMap(java.util.Map arg0, boolean arg1) + throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException; + + public abstract java.net.URI buildFromEncodedMap(java.util.Map arg0) + throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException; + + public abstract java.net.URI build(java.lang.Object... arg0) + throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException; + + public abstract java.net.URI build(java.lang.Object[] arg0, boolean arg1) + throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException; + + public abstract java.net.URI buildFromEncoded(java.lang.Object... arg0) + throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException; + +} \ No newline at end of file diff --git a/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilderException.java b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilderException.java new file mode 100644 index 00000000000..55aad43d041 --- /dev/null +++ b/java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilderException.java @@ -0,0 +1,18 @@ +package javax.ws.rs.core; + +public class UriBuilderException extends java.lang.RuntimeException { + + private static final long serialVersionUID = 956255913370721193L; + + public UriBuilderException() { + } + + public UriBuilderException(java.lang.String msg) { + } + + public UriBuilderException(java.lang.String msg, java.lang.Throwable cause) { + } + + public UriBuilderException(java.lang.Throwable cause) { + } +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/javase/Uri.java b/java/ql/test/library-tests/frameworks/javase/Uri.java new file mode 100644 index 00000000000..cdbb1033df4 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/Uri.java @@ -0,0 +1,59 @@ +import java.io.IOException; +import java.io.InputStream; +import java.net.Proxy; +import java.net.SocketAddress; +import java.net.URI; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; +import java.net.Proxy.Type; + +public class Uri { + public static void main(String[] args) throws Exception { + // URI(String str) + URI uri = new URI("uri1"); + + // URI(String scheme, String ssp, String fragment) + URI ur2 = new URI("http", "ssp", "fragement"); + + // URI(String scheme, String userInfo, String host, int port, String path, + // String query, String fragment) + URI uri3 = new URI("http", "userinfo", "host", 1, "path", "query", "fragment"); + // URI(String scheme, String host, String path, String fragment) + URI uri4 = new URI("http", "host", "path", "fragment"); + // URI(String scheme, String authority, String path, String query, String + // fragment) + URI uri5 = new URI("http", "authority", "path", "query", "fragment"); + + // URI.create​(String str) + URI uri6 = URI.create("http://foo.com/"); + + // URL(String spec) + URL url1 = new URL("spec"); + // URL(String protocol, String host, int port, String file) + URL url2 = new URL("http", "host", 1, "file"); + // URL(String protocol, String host, String file) + URL url3 = new URL("http", "host", "file"); + // URL(URL context, String spec) + URL url4 = new URL(url3, "http"); + // URL(String protocol, String host, int port, String file, URLStreamHandler + // handler) + URL url5 = new URL("http", "host", 1, "file", new Helper()); + + // URL(URL context, String spec, URLStreamHandler handler) + URL url6 = new URL(url3, "spec", new Helper()); + + URLConnection c1 = url1.openConnection(); + SocketAddress sa = new SocketAddress() { + }; + URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa)); + InputStream c3 = url1.openStream(); + } +} + +class Helper extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL arg0) throws IOException { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/javase/openConnection.expected b/java/ql/test/library-tests/frameworks/javase/openConnection.expected new file mode 100644 index 00000000000..f1e0ce4f82e --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/openConnection.expected @@ -0,0 +1,2 @@ +| Uri.java:46:28:46:48 | openConnection(...) | +| Uri.java:49:28:49:72 | openConnection(...) | diff --git a/java/ql/test/library-tests/frameworks/javase/openConnection.ql b/java/ql/test/library-tests/frameworks/javase/openConnection.ql new file mode 100644 index 00000000000..05d900d9f92 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/openConnection.ql @@ -0,0 +1,5 @@ +import java +import semmle.code.java.frameworks.javase.URL + +from UrlOpenConnectionMethod m +select m.getAReference() diff --git a/java/ql/test/library-tests/frameworks/javase/openStream.expected b/java/ql/test/library-tests/frameworks/javase/openStream.expected new file mode 100644 index 00000000000..b61032da149 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/openStream.expected @@ -0,0 +1 @@ +| Uri.java:50:26:50:42 | openStream(...) | diff --git a/java/ql/test/library-tests/frameworks/javase/openStream.ql b/java/ql/test/library-tests/frameworks/javase/openStream.ql new file mode 100644 index 00000000000..8fc076ae3f7 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/openStream.ql @@ -0,0 +1,5 @@ +import java +import semmle.code.java.frameworks.javase.URL + +from UrlOpenStreamMethod m +select m.getAReference() diff --git a/java/ql/test/library-tests/frameworks/javase/uri.expected b/java/ql/test/library-tests/frameworks/javase/uri.expected new file mode 100644 index 00000000000..594339d2bd7 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/uri.expected @@ -0,0 +1,6 @@ +| Uri.java:14:19:14:33 | new URI(...) | Uri.java:14:27:14:32 | "uri1" | +| Uri.java:17:19:17:53 | new URI(...) | Uri.java:17:35:17:39 | "ssp" | +| Uri.java:21:20:21:86 | new URI(...) | Uri.java:21:48:21:53 | "host" | +| Uri.java:23:20:23:62 | new URI(...) | Uri.java:23:36:23:41 | "host" | +| Uri.java:26:20:26:76 | new URI(...) | Uri.java:26:36:26:46 | "authority" | +| Uri.java:29:20:29:48 | create(...) | Uri.java:29:31:29:47 | "http://foo.com/" | diff --git a/java/ql/test/library-tests/frameworks/javase/uri.ql b/java/ql/test/library-tests/frameworks/javase/uri.ql new file mode 100644 index 00000000000..4e814d7184b --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/uri.ql @@ -0,0 +1,5 @@ +import java +import semmle.code.java.frameworks.javase.URI + +from UriCreation c +select c, c.hostArg() \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/javase/url.expected b/java/ql/test/library-tests/frameworks/javase/url.expected new file mode 100644 index 00000000000..b000f9bc982 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/url.expected @@ -0,0 +1,4 @@ +| Uri.java:32:20:32:34 | new URL(...) | Uri.java:32:28:32:33 | "spec" | +| Uri.java:34:20:34:53 | new URL(...) | Uri.java:34:36:34:41 | "host" | +| Uri.java:36:20:36:50 | new URL(...) | Uri.java:36:36:36:41 | "host" | +| Uri.java:41:20:41:67 | new URL(...) | Uri.java:41:36:41:41 | "host" | diff --git a/java/ql/test/library-tests/frameworks/javase/url.ql b/java/ql/test/library-tests/frameworks/javase/url.ql new file mode 100644 index 00000000000..903b412d5b2 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javase/url.ql @@ -0,0 +1,5 @@ +import java +import semmle.code.java.frameworks.javase.URL + +from UrlConstructor c +select c, c.hostArg() \ No newline at end of file diff --git a/java/ql/test/stubs/servlet-api-2.4/javax/servlet/ServletInputStream.java b/java/ql/test/stubs/servlet-api-2.4/javax/servlet/ServletInputStream.java index 171aa3e2287..67e73da45d6 100644 --- a/java/ql/test/stubs/servlet-api-2.4/javax/servlet/ServletInputStream.java +++ b/java/ql/test/stubs/servlet-api-2.4/javax/servlet/ServletInputStream.java @@ -30,5 +30,6 @@ public abstract class ServletInputStream extends InputStream { protected ServletInputStream() { } public int readLine(byte[] b, int off, int len) throws IOException { + return 0; } } diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/core/ParameterizedTypeReference.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/core/ParameterizedTypeReference.java new file mode 100644 index 00000000000..805e0b56dc9 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/core/ParameterizedTypeReference.java @@ -0,0 +1,27 @@ +package org.springframework.core; + +public abstract class ParameterizedTypeReference { + public java.lang.reflect.Type getType() { + return null; + } + + public boolean equals(java.lang.Object other) { + return false; + } + + public int hashCode() { + return 0; + } + + public java.lang.String toString() { + return null; + } + + public static org.springframework.core.ParameterizedTypeReference forType(java.lang.reflect.Type type) { + return null; + } + + private static java.lang.Class findParameterizedTypeReferenceSubclass(java.lang.Class child) { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpEntity.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpEntity.java new file mode 100644 index 00000000000..79375edc822 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpEntity.java @@ -0,0 +1,40 @@ +package org.springframework.http; + +public class HttpEntity { + + protected HttpEntity() { + } + + public HttpEntity(T body) { + } + + public HttpEntity(org.springframework.util.MultiValueMap headers) { + } + + public HttpEntity(T body, org.springframework.util.MultiValueMap headers) { + } + + public org.springframework.http.HttpHeaders getHeaders() { + return null; + } + + public T getBody() { + return null; + } + + public boolean hasBody() { + return false; + } + + public boolean equals(java.lang.Object other) { + return false; + } + + public int hashCode() { + return 0; + } + + public java.lang.String toString() { + return null; + } +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpHeaders.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpHeaders.java new file mode 100644 index 00000000000..107a5fdff20 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpHeaders.java @@ -0,0 +1,4 @@ +package org.springframework.http; + +public class HttpHeaders implements java.io.Serializable { +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpMethod.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpMethod.java new file mode 100644 index 00000000000..488cf91d01f --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpMethod.java @@ -0,0 +1,20 @@ +package org.springframework.http; + +public enum HttpMethod { + + GET, + + HEAD, + + POST, + + PUT, + + PATCH, + + DELETE, + + OPTIONS, + + TRACE, +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpStatus.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpStatus.java new file mode 100644 index 00000000000..1e216370728 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/HttpStatus.java @@ -0,0 +1,147 @@ +package org.springframework.http; + +public enum HttpStatus { + + CONTINUE, + + SWITCHING_PROTOCOLS, + + PROCESSING, + + CHECKPOINT, + + OK, + + CREATED, + + ACCEPTED, + + NON_AUTHORITATIVE_INFORMATION, + + NO_CONTENT, + + RESET_CONTENT, + + PARTIAL_CONTENT, + + MULTI_STATUS, + + ALREADY_REPORTED, + + IM_USED, + + MULTIPLE_CHOICES, + + MOVED_PERMANENTLY, + + FOUND, + + @java.lang.Deprecated + MOVED_TEMPORARILY, + + SEE_OTHER, + + NOT_MODIFIED, + + @java.lang.Deprecated + USE_PROXY, + + TEMPORARY_REDIRECT, + + PERMANENT_REDIRECT, + + BAD_REQUEST, + + UNAUTHORIZED, + + PAYMENT_REQUIRED, + + FORBIDDEN, + + NOT_FOUND, + + METHOD_NOT_ALLOWED, + + NOT_ACCEPTABLE, + + PROXY_AUTHENTICATION_REQUIRED, + + REQUEST_TIMEOUT, + + CONFLICT, + + GONE, + + LENGTH_REQUIRED, + + PRECONDITION_FAILED, + + PAYLOAD_TOO_LARGE, + + @java.lang.Deprecated + REQUEST_ENTITY_TOO_LARGE, + + URI_TOO_LONG, + + @java.lang.Deprecated + REQUEST_URI_TOO_LONG, + + UNSUPPORTED_MEDIA_TYPE, + + REQUESTED_RANGE_NOT_SATISFIABLE, + + EXPECTATION_FAILED, + + I_AM_A_TEAPOT, + + @java.lang.Deprecated + INSUFFICIENT_SPACE_ON_RESOURCE, + + @java.lang.Deprecated + METHOD_FAILURE, + + @java.lang.Deprecated + DESTINATION_LOCKED, + + UNPROCESSABLE_ENTITY, + + LOCKED, + + FAILED_DEPENDENCY, + + TOO_EARLY, + + UPGRADE_REQUIRED, + + PRECONDITION_REQUIRED, + + TOO_MANY_REQUESTS, + + REQUEST_HEADER_FIELDS_TOO_LARGE, + + UNAVAILABLE_FOR_LEGAL_REASONS, + + INTERNAL_SERVER_ERROR, + + NOT_IMPLEMENTED, + + BAD_GATEWAY, + + SERVICE_UNAVAILABLE, + + GATEWAY_TIMEOUT, + + HTTP_VERSION_NOT_SUPPORTED, + + VARIANT_ALSO_NEGOTIATES, + + INSUFFICIENT_STORAGE, + + LOOP_DETECTED, + + BANDWIDTH_LIMIT_EXCEEDED, + + NOT_EXTENDED, + + NETWORK_AUTHENTICATION_REQUIRED, +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/RequestEntity.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/RequestEntity.java new file mode 100644 index 00000000000..fd1cca65ef5 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/RequestEntity.java @@ -0,0 +1,70 @@ +package org.springframework.http; + +public class RequestEntity extends org.springframework.http.HttpEntity { + + public RequestEntity(org.springframework.http.HttpMethod method, java.net.URI url) { + } + + public RequestEntity(T body, org.springframework.http.HttpMethod method, java.net.URI url) { + } + + public RequestEntity(T body, org.springframework.http.HttpMethod method, java.net.URI url, + java.lang.reflect.Type type) { + } + + public RequestEntity(org.springframework.util.MultiValueMap headers, + org.springframework.http.HttpMethod method, java.net.URI url) { + } + + public RequestEntity(T body, org.springframework.util.MultiValueMap headers, + org.springframework.http.HttpMethod method, java.net.URI url) { + } + + public RequestEntity(T body, org.springframework.util.MultiValueMap headers, + org.springframework.http.HttpMethod method, java.net.URI url, java.lang.reflect.Type type) { + } + + public java.net.URI getUrl() { + return null; + } + + public static org.springframework.http.RequestEntity.BodyBuilder method(org.springframework.http.HttpMethod method, + java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.HeadersBuilder get(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.HeadersBuilder head(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.BodyBuilder post(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.BodyBuilder put(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.BodyBuilder patch(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.HeadersBuilder delete(java.net.URI url) { + return null; + } + + public static org.springframework.http.RequestEntity.HeadersBuilder options(java.net.URI url) { + return null; + } + + class HeadersBuilder { + } + + public class BodyBuilder { + public RequestEntity body(Object body){return null;}; + } +} diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/ResponseEntity.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/ResponseEntity.java new file mode 100644 index 00000000000..602b0eb2b5c --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/ResponseEntity.java @@ -0,0 +1,12 @@ +package org.springframework.http; + +public class ResponseEntity extends org.springframework.http.HttpEntity { + + // private final java.lang.Object status; + + // public ResponseEntity(org.springframework.http.HttpStatus status) { + // } + + // public ResponseEntity(T body, org.springframework.http.HttpStatus status) { + // } + } \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/client/ClientHttpResponse.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/client/ClientHttpResponse.java new file mode 100644 index 00000000000..348f96da6c5 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/http/client/ClientHttpResponse.java @@ -0,0 +1,12 @@ +package org.springframework.http.client; + +public abstract interface ClientHttpResponse { + + public abstract org.springframework.http.HttpStatus getStatusCode() throws java.io.IOException; + + public abstract int getRawStatusCode() throws java.io.IOException; + + public abstract java.lang.String getStatusText() throws java.io.IOException; + + public abstract void close(); +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RequestCallback.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RequestCallback.java new file mode 100644 index 00000000000..f1d5d7e8eee --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RequestCallback.java @@ -0,0 +1,4 @@ +package org.springframework.web.client; + +public abstract interface RequestCallback { +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/ResponseExtractor.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/ResponseExtractor.java new file mode 100644 index 00000000000..f46aa9fbee7 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/ResponseExtractor.java @@ -0,0 +1,4 @@ +package org.springframework.web.client; + +public abstract interface ResponseExtractor { +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestClientException.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestClientException.java new file mode 100644 index 00000000000..125cafb5e8c --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestClientException.java @@ -0,0 +1,12 @@ +package org.springframework.web.client; + +public class RestClientException extends Exception { + + private static final long serialVersionUID = -4084444984163796577L; + + public RestClientException(java.lang.String msg) { + } + + public RestClientException(java.lang.String msg, java.lang.Throwable ex) { + } +} \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestTemplate.java b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestTemplate.java new file mode 100644 index 00000000000..79f8feaa4aa --- /dev/null +++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/client/RestTemplate.java @@ -0,0 +1,237 @@ +package org.springframework.web.client; + +public class RestTemplate { + + public T getForObject(java.lang.String url, java.lang.Class responseType, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public T getForObject(java.lang.String url, java.lang.Class responseType, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T getForObject(java.net.URI url, java.lang.Class responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity getForEntity(java.lang.String url, + java.lang.Class responseType, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity getForEntity(java.lang.String url, + java.lang.Class responseType, java.util.Map uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity getForEntity(java.net.URI url, + java.lang.Class responseType) throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.HttpHeaders headForHeaders(java.lang.String url, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.HttpHeaders headForHeaders(java.lang.String url, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.HttpHeaders headForHeaders(java.net.URI url) + throws org.springframework.web.client.RestClientException { + return null; + } + + public java.net.URI postForLocation(java.lang.String url, java.lang.Object request, + java.lang.Object... uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public java.net.URI postForLocation(java.lang.String url, java.lang.Object request, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public java.net.URI postForLocation(java.net.URI url, java.lang.Object request) + throws org.springframework.web.client.RestClientException { + return null; + } + + public T postForObject(java.lang.String url, java.lang.Object request, java.lang.Class responseType, + java.lang.Object... uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T postForObject(java.lang.String url, java.lang.Object request, java.lang.Class responseType, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T postForObject(java.net.URI url, java.lang.Object request, java.lang.Class responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity postForEntity(java.lang.String url, java.lang.Object request, + java.lang.Class responseType, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity postForEntity(java.lang.String url, java.lang.Object request, + java.lang.Class responseType, java.util.Map uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity postForEntity(java.net.URI url, java.lang.Object request, + java.lang.Class responseType) throws org.springframework.web.client.RestClientException { + return null; + } + + public void put(java.lang.String url, java.lang.Object request, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + } + + public void put(java.lang.String url, java.lang.Object request, java.util.Map uriVariables) + throws org.springframework.web.client.RestClientException { + } + + public void put(java.net.URI url, java.lang.Object request) + throws org.springframework.web.client.RestClientException { + } + + public T patchForObject(java.lang.String url, java.lang.Object request, java.lang.Class responseType, + java.lang.Object... uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T patchForObject(java.lang.String url, java.lang.Object request, java.lang.Class responseType, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T patchForObject(java.net.URI url, java.lang.Object request, java.lang.Class responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public void delete(java.lang.String url, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + } + + public void delete(java.lang.String url, java.util.Map uriVariables) + throws org.springframework.web.client.RestClientException { + } + + public void delete(java.net.URI url) throws org.springframework.web.client.RestClientException { + } + + public java.util.Set optionsForAllow(java.lang.String url, + java.lang.Object... uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public java.util.Set optionsForAllow(java.lang.String url, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public java.util.Set optionsForAllow(java.net.URI url) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.lang.String url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + java.lang.Class responseType, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.lang.String url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + java.lang.Class responseType, java.util.Map uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.net.URI url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + java.lang.Class responseType) throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.lang.String url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + org.springframework.core.ParameterizedTypeReference responseType, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.lang.String url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + org.springframework.core.ParameterizedTypeReference responseType, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange(java.net.URI url, + org.springframework.http.HttpMethod method, org.springframework.http.HttpEntity requestEntity, + org.springframework.core.ParameterizedTypeReference responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange( + org.springframework.http.RequestEntity requestEntity, java.lang.Class responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public org.springframework.http.ResponseEntity exchange( + org.springframework.http.RequestEntity requestEntity, + org.springframework.core.ParameterizedTypeReference responseType) + throws org.springframework.web.client.RestClientException { + return null; + } + + public T execute(java.lang.String url, org.springframework.http.HttpMethod method, + org.springframework.web.client.RequestCallback requestCallback, + org.springframework.web.client.ResponseExtractor responseExtractor, java.lang.Object... uriVariables) + throws org.springframework.web.client.RestClientException { + return null; + } + + public T execute(java.lang.String url, org.springframework.http.HttpMethod method, + org.springframework.web.client.RequestCallback requestCallback, + org.springframework.web.client.ResponseExtractor responseExtractor, + java.util.Map uriVariables) throws org.springframework.web.client.RestClientException { + return null; + } + + public T execute(java.net.URI url, org.springframework.http.HttpMethod method, + org.springframework.web.client.RequestCallback requestCallback, + org.springframework.web.client.ResponseExtractor responseExtractor) + throws org.springframework.web.client.RestClientException { + return null; + } + + protected T doExecute(java.net.URI url, org.springframework.http.HttpMethod method, + org.springframework.web.client.RequestCallback requestCallback, + org.springframework.web.client.ResponseExtractor responseExtractor) + throws org.springframework.web.client.RestClientException { + return null; + } + + protected void handleResponse(java.net.URI url, org.springframework.http.HttpMethod method, + org.springframework.http.client.ClientHttpResponse response) throws java.io.IOException { + } +} \ No newline at end of file