diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index 3f759a0f697..18a5d800df5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -25,7 +25,7 @@ string getAJaxRsPackage(string subpackage) { result = getAJaxRsPackage() + "." + */ class JaxWsEndpoint extends Class { JaxWsEndpoint() { - exists(AnnotationType a | a = this.getAnAnnotation().getType() | + exists(AnnotationType a | a = this.getAnAncestor().getAnAnnotation().getType() | a.hasName(["WebService", "WebServiceProvider", "WebServiceClient"]) ) } @@ -37,6 +37,7 @@ class JaxWsEndpoint extends Class { */ Method getARemoteMethod() { result = this.getACallable() and + result.isPublic() and not result instanceof InitializerMethod and not exists(Annotation a | a = result.getAnAnnotation() | a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and diff --git a/java/ql/test/library-tests/frameworks/JaxWs/JaxWsEndpoint.java b/java/ql/test/library-tests/frameworks/JaxWs/JaxWsEndpoint.java index 6118f88852b..b3ca779d345 100644 --- a/java/ql/test/library-tests/frameworks/JaxWs/JaxWsEndpoint.java +++ b/java/ql/test/library-tests/frameworks/JaxWs/JaxWsEndpoint.java @@ -11,27 +11,27 @@ import javax.xml.ws.WebServiceProvider; class WebServiceClass { // $ JaxWsEndpoint @WebMethod - void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod + public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod } @WebEndpoint - void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod + public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod } - String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod + public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod return null; } - String unacceptableParamType(File param) { // not an endpoint + public String unacceptableParamType(File param) { // not an endpoint return null; } - File unacceptableReturnType() { // not an endpoint + public File unacceptableReturnType() { // not an endpoint return null; } @XmlJavaTypeAdapter - File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod + public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod return null; } } @@ -41,27 +41,27 @@ class WebServiceClass { // $ JaxWsEndpoint class WebServiceProviderClass { // $ JaxWsEndpoint @WebMethod - void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod + public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod } @WebEndpoint - void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod + public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod } - String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod + public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod return null; } - String unacceptableParamType(File param) { // not an endpoint + public String unacceptableParamType(File param) { // not an endpoint return null; } - File unacceptableReturnType() { // not an endpoint + public File unacceptableReturnType() { // not an endpoint return null; } @XmlJavaTypeAdapter - File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod + public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod return null; } } @@ -71,27 +71,27 @@ class WebServiceProviderClass { // $ JaxWsEndpoint class WebServiceClientClass { // $ JaxWsEndpoint @WebMethod - void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod + public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod } @WebEndpoint - void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod + public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod } - String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod + public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod return null; } - String unacceptableParamType(File param) { // not an endpoint + public String unacceptableParamType(File param) { // not an endpoint return null; } - File unacceptableReturnType() { // not an endpoint + public File unacceptableReturnType() { // not an endpoint return null; } @XmlJavaTypeAdapter - File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod + public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod return null; }