mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
Merge pull request #10096 from erik-krogh/acronyms-part1
make acronyms camelcase
This commit is contained in:
Erik Krogh Kristensen
@@ -1,5 +1,5 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide.
|
||||
* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
|
||||
The old name still exists as a deprecated alias.
|
||||
@@ -19,33 +19,45 @@ class EnterpriseBean extends RefType {
|
||||
}
|
||||
|
||||
/** A local EJB home interface. */
|
||||
class LocalEJBHomeInterface extends Interface {
|
||||
LocalEJBHomeInterface() {
|
||||
class LocalEjbHomeInterface extends Interface {
|
||||
LocalEjbHomeInterface() {
|
||||
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i))
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for LocalEjbHomeInterface */
|
||||
deprecated class LocalEJBHomeInterface = LocalEjbHomeInterface;
|
||||
|
||||
/** A remote EJB home interface. */
|
||||
class RemoteEJBHomeInterface extends Interface {
|
||||
RemoteEJBHomeInterface() {
|
||||
class RemoteEjbHomeInterface extends Interface {
|
||||
RemoteEjbHomeInterface() {
|
||||
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i))
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for RemoteEjbHomeInterface */
|
||||
deprecated class RemoteEJBHomeInterface = RemoteEjbHomeInterface;
|
||||
|
||||
/** A local EJB interface. */
|
||||
class LocalEJBInterface extends Interface {
|
||||
LocalEJBInterface() {
|
||||
class LocalEjbInterface extends Interface {
|
||||
LocalEjbInterface() {
|
||||
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i))
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for LocalEjbInterface */
|
||||
deprecated class LocalEJBInterface = LocalEjbInterface;
|
||||
|
||||
/** A remote EJB interface. */
|
||||
class RemoteEJBInterface extends Interface {
|
||||
RemoteEJBInterface() {
|
||||
class RemoteEjbInterface extends Interface {
|
||||
RemoteEjbInterface() {
|
||||
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i))
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for RemoteEjbInterface */
|
||||
deprecated class RemoteEJBInterface = RemoteEjbInterface;
|
||||
|
||||
/** A message bean. */
|
||||
class MessageBean extends Class {
|
||||
MessageBean() {
|
||||
|
||||
@@ -314,21 +314,27 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
|
||||
/**
|
||||
* Entry point for EJB home interfaces.
|
||||
*/
|
||||
class EJBHome extends Interface, EntryPoint {
|
||||
EJBHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
|
||||
class EjbHome extends Interface, EntryPoint {
|
||||
EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
|
||||
|
||||
override Callable getALiveCallable() { result = this.getACallable() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbHome */
|
||||
deprecated class EJBHome = EjbHome;
|
||||
|
||||
/**
|
||||
* Entry point for EJB object interfaces.
|
||||
*/
|
||||
class EJBObject extends Interface, EntryPoint {
|
||||
EJBObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
|
||||
class EjbObject extends Interface, EntryPoint {
|
||||
EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
|
||||
|
||||
override Callable getALiveCallable() { result = this.getACallable() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbObject */
|
||||
deprecated class EJBObject = EjbObject;
|
||||
|
||||
class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
GsonDeserializationEntryPoint() {
|
||||
// Assume any class with a gson annotated field can be deserialized.
|
||||
|
||||
@@ -10,19 +10,22 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations
|
||||
/**
|
||||
* A string describing a URI specified in an Apache Camel "to" declaration.
|
||||
*/
|
||||
class CamelToURI extends string {
|
||||
CamelToURI() {
|
||||
exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getURI()) or
|
||||
exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getURI())
|
||||
class CamelToUri extends string {
|
||||
CamelToUri() {
|
||||
exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getUri()) or
|
||||
exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getUri())
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelToUri */
|
||||
deprecated class CamelToURI = CamelToUri;
|
||||
|
||||
/**
|
||||
* A string describing a URI specified in an Apache Camel "to" declaration that maps to a
|
||||
* SpringBean.
|
||||
*/
|
||||
class CamelToBeanURI extends CamelToURI {
|
||||
CamelToBeanURI() {
|
||||
class CamelToBeanUri extends CamelToUri {
|
||||
CamelToBeanUri() {
|
||||
// A `<to>` element references a bean if the URI starts with "bean:", or there is no scheme.
|
||||
matches("bean:%") or
|
||||
not exists(indexOf(":"))
|
||||
@@ -51,6 +54,9 @@ class CamelToBeanURI extends CamelToURI {
|
||||
SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelToBeanUri */
|
||||
deprecated class CamelToBeanURI = CamelToBeanUri;
|
||||
|
||||
/**
|
||||
* A Class whose methods may be called in response to an Apache Camel message.
|
||||
*/
|
||||
@@ -64,7 +70,7 @@ class CamelTargetClass extends Class {
|
||||
this = camelXmlBeanRef.getBeanType()
|
||||
)
|
||||
or
|
||||
exists(CamelToBeanURI toBeanURI | this = toBeanURI.getRefBean().getClass())
|
||||
exists(CamelToBeanUri toBeanUri | this = toBeanUri.getRefBean().getClass())
|
||||
or
|
||||
exists(SpringCamelXmlMethodElement xmlMethod |
|
||||
this = xmlMethod.getRefBean().getClass() or
|
||||
|
||||
@@ -134,14 +134,17 @@ deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRe
|
||||
/**
|
||||
* The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`.
|
||||
*/
|
||||
class HttpServletRequestGetRequestURIMethod extends Method {
|
||||
HttpServletRequestGetRequestURIMethod() {
|
||||
class HttpServletRequestGetRequestUriMethod extends Method {
|
||||
HttpServletRequestGetRequestUriMethod() {
|
||||
this.getDeclaringType() instanceof HttpServletRequest and
|
||||
this.hasName("getRequestURI") and
|
||||
this.getNumberOfParameters() = 0
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for HttpServletRequestGetRequestUriMethod */
|
||||
deprecated class HttpServletRequestGetRequestURIMethod = HttpServletRequestGetRequestUriMethod;
|
||||
|
||||
/**
|
||||
* The method `getRemoteUser()` declared in `javax.servlet.http.HttpServletRequest`.
|
||||
*/
|
||||
|
||||
@@ -41,7 +41,10 @@ class CamelJavaDSLToDecl extends ProcessorDefinitionElement {
|
||||
/**
|
||||
* Gets the URI specified by this `to` declaration.
|
||||
*/
|
||||
string getURI() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
|
||||
string getUri() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = getUri() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -92,19 +92,25 @@ private predicate jsniComment(Javadoc jsni, Method m) {
|
||||
* A JavaScript Native Interface (JSNI) comment that contains JavaScript code
|
||||
* implementing a native method.
|
||||
*/
|
||||
class JSNIComment extends Javadoc {
|
||||
JSNIComment() { jsniComment(this, _) }
|
||||
class JsniComment extends Javadoc {
|
||||
JsniComment() { jsniComment(this, _) }
|
||||
|
||||
/** Gets the method implemented by this comment. */
|
||||
Method getImplementedMethod() { jsniComment(this, result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JsniComment */
|
||||
deprecated class JSNIComment = JsniComment;
|
||||
|
||||
/**
|
||||
* A JavaScript Native Interface (JSNI) method.
|
||||
*/
|
||||
class JSNIMethod extends Method {
|
||||
JSNIMethod() { jsniComment(_, this) }
|
||||
class JsniMethod extends Method {
|
||||
JsniMethod() { jsniComment(_, this) }
|
||||
|
||||
/** Gets the comment containing the JavaScript code for this method. */
|
||||
JSNIComment getImplementation() { jsniComment(result, this) }
|
||||
JsniComment getImplementation() { jsniComment(result, this) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JsniMethod */
|
||||
deprecated class JSNIMethod = JsniMethod;
|
||||
|
||||
@@ -17,7 +17,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
|
||||
GwtUiBinderTemplateElement() {
|
||||
this.getParent() instanceof GwtUiTemplateXmlFile and
|
||||
this.getName() = "UiBinder" and
|
||||
this.getNamespace().getURI() = "urn:ui:com.google.gwt.uibinder"
|
||||
this.getNamespace().getUri() = "urn:ui:com.google.gwt.uibinder"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ class GwtUiBinderTemplateElement extends XmlElement {
|
||||
class GwtComponentTemplateElement extends XmlElement {
|
||||
GwtComponentTemplateElement() {
|
||||
exists(GwtUiBinderTemplateElement templateElement | this = templateElement.getAChild*() |
|
||||
this.getNamespace().getURI().substring(0, 10) = "urn:import"
|
||||
this.getNamespace().getUri().substring(0, 10) = "urn:import"
|
||||
)
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ class GwtComponentTemplateElement extends XmlElement {
|
||||
*/
|
||||
Class getClass() {
|
||||
exists(string namespace |
|
||||
namespace = this.getNamespace().getURI() and
|
||||
namespace = this.getNamespace().getUri() and
|
||||
result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + this.getName()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -7,8 +7,8 @@ import java
|
||||
/**
|
||||
* An Objective-C Native Interface (OCNI) comment.
|
||||
*/
|
||||
class OCNIComment extends Javadoc {
|
||||
OCNIComment() {
|
||||
class OcniComment extends Javadoc {
|
||||
OcniComment() {
|
||||
// The comment must start with `-[` ...
|
||||
this.getChild(0).getText().matches("-[%") and
|
||||
// ... and it must end with `]-`.
|
||||
@@ -16,8 +16,11 @@ class OCNIComment extends Javadoc {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniComment */
|
||||
deprecated class OCNIComment = OcniComment;
|
||||
|
||||
/** Auxiliary predicate: `ocni` is an OCNI comment associated with method `m`. */
|
||||
private predicate ocniComment(OCNIComment ocni, Method m) {
|
||||
private predicate ocniComment(OcniComment ocni, Method m) {
|
||||
// The associated callable must be marked as `native` ...
|
||||
m.isNative() and
|
||||
// ... and the comment has to be contained in `m`.
|
||||
@@ -30,21 +33,27 @@ private predicate ocniComment(OCNIComment ocni, Method m) {
|
||||
* An Objective-C Native Interface (OCNI) comment that contains Objective-C code
|
||||
* implementing a native method.
|
||||
*/
|
||||
class OCNIMethodComment extends OCNIComment {
|
||||
OCNIMethodComment() { ocniComment(this, _) }
|
||||
class OcniMethodComment extends OcniComment {
|
||||
OcniMethodComment() { ocniComment(this, _) }
|
||||
|
||||
/** Gets the method implemented by this comment. */
|
||||
Method getImplementedMethod() { ocniComment(this, result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniMethodComment */
|
||||
deprecated class OCNIMethodComment = OcniMethodComment;
|
||||
|
||||
/**
|
||||
* An Objective-C Native Interface (OCNI) native import comment.
|
||||
*/
|
||||
class OCNIImport extends OCNIComment {
|
||||
OCNIImport() {
|
||||
class OcniImport extends OcniComment {
|
||||
OcniImport() {
|
||||
this.getAChild().getText().regexpMatch(".*#(import|include).*") and
|
||||
not exists(RefType rt | rt.getFile() = this.getFile() |
|
||||
rt.getLocation().getStartLine() < this.getLocation().getStartLine()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniImport */
|
||||
deprecated class OCNIImport = OcniImport;
|
||||
|
||||
@@ -14,8 +14,8 @@ abstract class EJB extends Class {
|
||||
/**
|
||||
* A session EJB.
|
||||
*/
|
||||
class SessionEJB extends EJB {
|
||||
SessionEJB() {
|
||||
class SessionEjb extends EJB {
|
||||
SessionEjb() {
|
||||
// Subtype of `javax.ejb.SessionBean`.
|
||||
this instanceof SessionBean or
|
||||
// EJB annotations.
|
||||
@@ -50,8 +50,8 @@ class SessionEJB extends EJB {
|
||||
* using either an annotation or an XML deployment descriptor.
|
||||
*/
|
||||
private BusinessInterface getAnExplicitBusinessInterface() {
|
||||
result.(AnnotatedBusinessInterface).getAnEJB() = this or
|
||||
result.(XmlSpecifiedBusinessInterface).getAnEJB() = this
|
||||
result.(AnnotatedBusinessInterface).getAnEjb() = this or
|
||||
result.(XmlSpecifiedBusinessInterface).getAnEjb() = this
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -69,40 +69,40 @@ class SessionEJB extends EJB {
|
||||
LegacyEjbRemoteInterface getARemoteInterface() {
|
||||
result = this.getASupertype() and result instanceof ExtendedRemoteInterface
|
||||
or
|
||||
exists(AnnotatedRemoteHomeInterface i | i.getAnEJB() = this |
|
||||
exists(AnnotatedRemoteHomeInterface i | i.getAnEjb() = this |
|
||||
result = i.getAnAssociatedRemoteInterface()
|
||||
)
|
||||
or
|
||||
result.(XmlSpecifiedRemoteInterface).getAnEJB() = this
|
||||
result.(XmlSpecifiedRemoteInterface).getAnEjb() = this
|
||||
}
|
||||
|
||||
/** Any remote home interfaces of this EJB. */
|
||||
LegacyEjbRemoteHomeInterface getARemoteHomeInterface() {
|
||||
result = this.getASupertype() and result instanceof ExtendedRemoteHomeInterface
|
||||
or
|
||||
result.(AnnotatedRemoteHomeInterface).getAnEJB() = this
|
||||
result.(AnnotatedRemoteHomeInterface).getAnEjb() = this
|
||||
or
|
||||
result.(XmlSpecifiedRemoteHomeInterface).getAnEJB() = this
|
||||
result.(XmlSpecifiedRemoteHomeInterface).getAnEjb() = this
|
||||
}
|
||||
|
||||
/** Any local interfaces of this EJB. */
|
||||
LegacyEjbLocalInterface getALocalInterface() {
|
||||
result = this.getASupertype() and result instanceof ExtendedLocalInterface
|
||||
or
|
||||
exists(AnnotatedLocalHomeInterface i | i.getAnEJB() = this |
|
||||
exists(AnnotatedLocalHomeInterface i | i.getAnEjb() = this |
|
||||
result = i.getAnAssociatedLocalInterface()
|
||||
)
|
||||
or
|
||||
result.(XmlSpecifiedLocalInterface).getAnEJB() = this
|
||||
result.(XmlSpecifiedLocalInterface).getAnEjb() = this
|
||||
}
|
||||
|
||||
/** Any local home interfaces of this EJB. */
|
||||
LegacyEjbLocalHomeInterface getALocalHomeInterface() {
|
||||
result = this.getASupertype() and result instanceof ExtendedLocalHomeInterface
|
||||
or
|
||||
result.(AnnotatedLocalHomeInterface).getAnEJB() = this
|
||||
result.(AnnotatedLocalHomeInterface).getAnEjb() = this
|
||||
or
|
||||
result.(XmlSpecifiedLocalHomeInterface).getAnEJB() = this
|
||||
result.(XmlSpecifiedLocalHomeInterface).getAnEjb() = this
|
||||
}
|
||||
|
||||
/** Any `ejbCreate*` methods required for legacy remote or local home interfaces. */
|
||||
@@ -112,11 +112,14 @@ class SessionEJB extends EJB {
|
||||
EjbAnnotatedInitMethod getAnAnnotatedInitMethod() { this.inherits(result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SessionEjb */
|
||||
deprecated class SessionEJB = SessionEjb;
|
||||
|
||||
/**
|
||||
* A stateful session EJB.
|
||||
*/
|
||||
class StatefulSessionEJB extends SessionEJB {
|
||||
StatefulSessionEJB() {
|
||||
class StatefulSessionEjb extends SessionEjb {
|
||||
StatefulSessionEjb() {
|
||||
// EJB annotations.
|
||||
this.getAnAnnotation().getType().hasName("Stateful")
|
||||
or
|
||||
@@ -129,11 +132,14 @@ class StatefulSessionEJB extends SessionEJB {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for StatefulSessionEjb */
|
||||
deprecated class StatefulSessionEJB = StatefulSessionEjb;
|
||||
|
||||
/**
|
||||
* A stateless session EJB.
|
||||
*/
|
||||
class StatelessSessionEJB extends SessionEJB {
|
||||
StatelessSessionEJB() {
|
||||
class StatelessSessionEjb extends SessionEjb {
|
||||
StatelessSessionEjb() {
|
||||
// EJB annotations.
|
||||
this.getAnAnnotation().getType().hasName("Stateless")
|
||||
or
|
||||
@@ -146,6 +152,9 @@ class StatelessSessionEJB extends SessionEJB {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for StatelessSessionEjb */
|
||||
deprecated class StatelessSessionEJB = StatelessSessionEjb;
|
||||
|
||||
/**
|
||||
* A message-driven EJB.
|
||||
*/
|
||||
@@ -168,8 +177,8 @@ class MessageDrivenBean extends EJB {
|
||||
/**
|
||||
* An entity EJB (deprecated as of EJB 3.0).
|
||||
*/
|
||||
class EntityEJB extends EJB {
|
||||
EntityEJB() {
|
||||
class EntityEjb extends EJB {
|
||||
EntityEjb() {
|
||||
// Subtype of `javax.ejb.EntityBean`.
|
||||
this instanceof EntityBean
|
||||
or
|
||||
@@ -181,6 +190,9 @@ class EntityEJB extends EJB {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EntityEjb */
|
||||
deprecated class EntityEJB = EntityEjb;
|
||||
|
||||
/*
|
||||
* Business interfaces (applicable to session beans).
|
||||
*/
|
||||
@@ -231,7 +243,10 @@ class LocalAnnotation extends BusinessInterfaceAnnotation {
|
||||
*/
|
||||
abstract class BusinessInterface extends Interface {
|
||||
/** Gets an EJB to which this business interface belongs. */
|
||||
abstract SessionEJB getAnEJB();
|
||||
abstract SessionEjb getAnEjb();
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Holds if this business interface is declared local. */
|
||||
abstract predicate isDeclaredLocal();
|
||||
@@ -251,7 +266,7 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
|
||||
)
|
||||
}
|
||||
|
||||
override SessionEJB getAnEJB() {
|
||||
override SessionEjb getAnEjb() {
|
||||
exists(EjbJarXmlFile f, EjbJarSessionElement se |
|
||||
se = f.getASessionElement() and
|
||||
this.getQualifiedName() = se.getABusinessElement().getACharactersSet().getCharacters() and
|
||||
@@ -259,6 +274,9 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
override predicate isDeclaredLocal() {
|
||||
exists(EjbJarXmlFile f |
|
||||
this.getQualifiedName() =
|
||||
@@ -291,10 +309,13 @@ class AnnotatedBusinessInterface extends BusinessInterface {
|
||||
* Any class that has a `@Local` or `@Remote` annotation that names this interface
|
||||
* is an EJB to which this business interface belongs.
|
||||
*/
|
||||
override SessionEJB getAnEJB() {
|
||||
override SessionEjb getAnEjb() {
|
||||
result.getAnAnnotation().(BusinessInterfaceAnnotation).getANamedType() = this
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface }
|
||||
|
||||
override predicate isDeclaredRemote() { this instanceof RemoteAnnotatedBusinessInterface }
|
||||
@@ -338,7 +359,7 @@ class InitAnnotation extends Annotation {
|
||||
class EjbAnnotatedInitMethod extends Method {
|
||||
EjbAnnotatedInitMethod() {
|
||||
this.getAnAnnotation() instanceof InitAnnotation and
|
||||
exists(SessionEJB ejb | ejb.inherits(this))
|
||||
exists(SessionEjb ejb | ejb.inherits(this))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -349,7 +370,7 @@ class EjbAnnotatedInitMethod extends Method {
|
||||
class EjbCreateMethod extends Method {
|
||||
EjbCreateMethod() {
|
||||
this.getName().matches("ejbCreate%") and
|
||||
exists(SessionEJB ejb | ejb.inherits(this))
|
||||
exists(SessionEjb ejb | ejb.inherits(this))
|
||||
}
|
||||
|
||||
/** Gets the suffix of the method name without the `ejbCreate` prefix. */
|
||||
@@ -405,8 +426,8 @@ abstract class LegacyEjbHomeInterface extends LegacyEjbInterface {
|
||||
/** A legacy remote interface. */
|
||||
abstract class LegacyEjbRemoteInterface extends LegacyEjbInterface { }
|
||||
|
||||
/** A legacy remote interface that extends `javax.ejb.EJBObject`. */
|
||||
class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterface { }
|
||||
/** A legacy remote interface that extends `javax.ejb.EjbObject`. */
|
||||
class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEjbInterface { }
|
||||
|
||||
/** A legacy remote interface specified within an XML deployment descriptor. */
|
||||
class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
|
||||
@@ -421,20 +442,23 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
|
||||
* Gets a session EJB specified in the XML deployment descriptor
|
||||
* for this legacy EJB remote interface.
|
||||
*/
|
||||
SessionEJB getAnEJB() {
|
||||
SessionEjb getAnEjb() {
|
||||
exists(EjbJarXmlFile f, EjbJarSessionElement se |
|
||||
se = f.getASessionElement() and
|
||||
this.getQualifiedName() = se.getARemoteElement().getACharactersSet().getCharacters() and
|
||||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy remote home interface. */
|
||||
abstract class LegacyEjbRemoteHomeInterface extends LegacyEjbHomeInterface { }
|
||||
|
||||
/** A legacy remote home interface that extends `javax.ejb.EJBHome`. */
|
||||
class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEJBHomeInterface { }
|
||||
/** A legacy remote home interface that extends `javax.ejb.EjbHome`. */
|
||||
class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEjbHomeInterface { }
|
||||
|
||||
/** A legacy remote home interface specified by means of a `@RemoteHome` annotation. */
|
||||
class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
|
||||
@@ -444,7 +468,10 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
|
||||
}
|
||||
|
||||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEJB getAnEJB() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
|
||||
SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Gets a remote interface associated with this legacy remote home interface. */
|
||||
Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() }
|
||||
@@ -460,20 +487,23 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
|
||||
}
|
||||
|
||||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEJB getAnEJB() {
|
||||
SessionEjb getAnEjb() {
|
||||
exists(EjbJarXmlFile f, EjbJarSessionElement se |
|
||||
se = f.getASessionElement() and
|
||||
this.getQualifiedName() = se.getARemoteHomeElement().getACharactersSet().getCharacters() and
|
||||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy local interface. */
|
||||
abstract class LegacyEjbLocalInterface extends LegacyEjbInterface { }
|
||||
|
||||
/** A legacy local interface that extends `javax.ejb.EJBLocalObject`. */
|
||||
class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface { }
|
||||
class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEjbInterface { }
|
||||
|
||||
/** A legacy local interface specified within an XML deployment descriptor. */
|
||||
class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
|
||||
@@ -485,20 +515,23 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
|
||||
}
|
||||
|
||||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEJB getAnEJB() {
|
||||
SessionEjb getAnEjb() {
|
||||
exists(EjbJarXmlFile f, EjbJarSessionElement se |
|
||||
se = f.getASessionElement() and
|
||||
this.getQualifiedName() = se.getALocalElement().getACharactersSet().getCharacters() and
|
||||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy local home interface. */
|
||||
abstract class LegacyEjbLocalHomeInterface extends LegacyEjbHomeInterface { }
|
||||
|
||||
/** A legacy local home interface that extends `javax.ejb.EJBLocalHome`. */
|
||||
class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEJBHomeInterface { }
|
||||
class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEjbHomeInterface { }
|
||||
|
||||
/** A legacy local home interface specified by means of a `@LocalHome` annotation. */
|
||||
class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
|
||||
@@ -508,7 +541,10 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
|
||||
}
|
||||
|
||||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEJB getAnEJB() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
|
||||
SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Gets a local interface associated with this legacy local home interface. */
|
||||
Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() }
|
||||
@@ -524,13 +560,16 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
|
||||
}
|
||||
|
||||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEJB getAnEJB() {
|
||||
SessionEjb getAnEjb() {
|
||||
exists(EjbJarXmlFile f, EjbJarSessionElement se |
|
||||
se = f.getASessionElement() and
|
||||
this.getQualifiedName() = se.getALocalHomeElement().getACharactersSet().getCharacters() and
|
||||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -541,19 +580,22 @@ class RemoteInterface extends Interface {
|
||||
RemoteInterface() {
|
||||
this instanceof RemoteAnnotatedBusinessInterface or
|
||||
this.(XmlSpecifiedBusinessInterface).isDeclaredRemote() or
|
||||
exists(SessionEJB ejb | this = ejb.getARemoteInterface())
|
||||
exists(SessionEjb ejb | this = ejb.getARemoteInterface())
|
||||
}
|
||||
|
||||
/**
|
||||
* Any EJBs associated with this `RemoteInterface`
|
||||
* by means of annotations or `ejb-jar.xml` configuration files.
|
||||
*/
|
||||
SessionEJB getAnEJB() {
|
||||
SessionEjb getAnEjb() {
|
||||
result.getAnAnnotation().(RemoteAnnotation).getANamedType() = this or
|
||||
result = this.(XmlSpecifiedRemoteInterface).getAnEJB() or
|
||||
result = this.(XmlSpecifiedRemoteInterface).getAnEjb() or
|
||||
result.getARemoteInterface() = this
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/**
|
||||
* A "remote method" is a method that is available on the remote
|
||||
* interface (either because it's declared or inherited).
|
||||
@@ -585,8 +627,8 @@ class RemoteInterface extends Interface {
|
||||
* but the EJB is not a subtype of this remote interface.
|
||||
*/
|
||||
Method getARemoteMethodImplementationUnchecked() {
|
||||
exists(SessionEJB ejb, Method rm |
|
||||
ejb = this.getAnEJB() and
|
||||
exists(SessionEjb ejb, Method rm |
|
||||
ejb = this.getAnEjb() and
|
||||
not ejb.getAnAncestor() = this and
|
||||
rm = this.getARemoteMethod() and
|
||||
result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and
|
||||
@@ -648,13 +690,13 @@ private predicate throwsExplicitUncheckedException(Method m, Exception ex) {
|
||||
}
|
||||
|
||||
/** Gets a method (inherited by `ejb`) matching the signature `sig`. (Ignores `throws` clauses.) */
|
||||
Method getAnInheritedMatchingMethodIgnoreThrows(SessionEJB ejb, string sig) {
|
||||
Method getAnInheritedMatchingMethodIgnoreThrows(SessionEjb ejb, string sig) {
|
||||
ejb.inherits(result) and
|
||||
sig = result.getSignature()
|
||||
}
|
||||
|
||||
/** Holds if `ejb` inherits a method matching the given signature. (Ignores `throws` clauses.) */
|
||||
predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
|
||||
predicate inheritsMatchingMethodIgnoreThrows(SessionEjb ejb, string signature) {
|
||||
exists(getAnInheritedMatchingMethodIgnoreThrows(ejb, signature))
|
||||
}
|
||||
|
||||
@@ -662,7 +704,7 @@ predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) {
|
||||
* If `ejb` inherits a method matching the signature of `m` except for the `throws` clause,
|
||||
* then return any type in the `throws` clause that does not match.
|
||||
*/
|
||||
Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
|
||||
Type inheritsMatchingMethodExceptThrows(SessionEjb ejb, Method m) {
|
||||
exists(Method n, string sig |
|
||||
ejb.inherits(n) and
|
||||
sig = n.getSignature() and
|
||||
@@ -679,7 +721,7 @@ Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) {
|
||||
* (Ignores `throws` clauses.)
|
||||
*/
|
||||
predicate inheritsMatchingCreateMethodIgnoreThrows(
|
||||
StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm
|
||||
StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm
|
||||
) {
|
||||
exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
|
||||
cm.getMethodSuffix() = icm.getMethodSuffix() and
|
||||
@@ -705,7 +747,7 @@ predicate inheritsMatchingCreateMethodIgnoreThrows(
|
||||
* If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m` except for the `throws` clause,
|
||||
* then return any type in the `throws` clause that does not match.
|
||||
*/
|
||||
Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm) {
|
||||
Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm) {
|
||||
exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() |
|
||||
cm.getMethodSuffix() = icm.getMethodSuffix() and
|
||||
cm.getNumberOfParameters() = icm.getNumberOfParameters() and
|
||||
@@ -814,10 +856,13 @@ class DependsOnAnnotation extends Annotation {
|
||||
/**
|
||||
* A `@javax.ejb.EJB` annotation.
|
||||
*/
|
||||
class EJBAnnotation extends Annotation {
|
||||
EJBAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
|
||||
class EjbAnnotation extends Annotation {
|
||||
EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbAnnotation */
|
||||
deprecated class EJBAnnotation = EjbAnnotation;
|
||||
|
||||
/**
|
||||
* A `@javax.ejb.EJBs` annotation.
|
||||
*/
|
||||
|
||||
@@ -16,7 +16,7 @@ class SpringBean extends SpringXmlElement {
|
||||
SpringBean() {
|
||||
this.getName() = "bean" and
|
||||
// Do not capture Camel beans, which are different
|
||||
not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring"
|
||||
not this.getNamespace().getUri() = "http://camel.apache.org/schema/spring"
|
||||
}
|
||||
|
||||
override string toString() { result = this.getBeanIdentifier() }
|
||||
|
||||
@@ -10,7 +10,7 @@ import semmle.code.java.frameworks.spring.SpringBean
|
||||
* An Apache Camel element in a Spring Beans file.
|
||||
*/
|
||||
class SpringCamelXmlElement extends SpringXmlElement {
|
||||
SpringCamelXmlElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" }
|
||||
SpringCamelXmlElement() { getNamespace().getUri() = "http://camel.apache.org/schema/spring" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SpringCamelXmlElement */
|
||||
@@ -114,7 +114,10 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
|
||||
/**
|
||||
* Gets the URI attribute for this `<to>` element.
|
||||
*/
|
||||
string getURI() { result = getAttribute("uri").getValue() }
|
||||
string getUri() { result = getAttribute("uri").getValue() }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = getUri() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SpringCamelXmlToElement */
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
|
||||
import java
|
||||
|
||||
class SSLClass extends RefType {
|
||||
SSLClass() {
|
||||
class SslClass extends RefType {
|
||||
SslClass() {
|
||||
exists(Class c | this.getAnAncestor() = c |
|
||||
c.hasQualifiedName("javax.net.ssl", _) or
|
||||
c.hasQualifiedName("javax.rmi.ssl", _)
|
||||
@@ -13,6 +13,9 @@ class SSLClass extends RefType {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslClass */
|
||||
deprecated class SSLClass = SslClass;
|
||||
|
||||
class X509TrustManager extends RefType {
|
||||
X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
|
||||
}
|
||||
@@ -25,34 +28,52 @@ class HttpsUrlConnection extends RefType {
|
||||
/** DEPRECATED: Alias for HttpsUrlConnection */
|
||||
deprecated class HttpsURLConnection = HttpsUrlConnection;
|
||||
|
||||
class SSLSocketFactory extends RefType {
|
||||
SSLSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
|
||||
class SslSocketFactory extends RefType {
|
||||
SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
|
||||
}
|
||||
|
||||
class SSLContext extends RefType {
|
||||
SSLContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
|
||||
/** DEPRECATED: Alias for SslSocketFactory */
|
||||
deprecated class SSLSocketFactory = SslSocketFactory;
|
||||
|
||||
class SslContext extends RefType {
|
||||
SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
|
||||
}
|
||||
|
||||
/** The `javax.net.ssl.SSLSession` class. */
|
||||
class SSLSession extends RefType {
|
||||
SSLSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
|
||||
/** DEPRECATED: Alias for SslContext */
|
||||
deprecated class SSLContext = SslContext;
|
||||
|
||||
/** The `javax.net.ssl.SslSession` class. */
|
||||
class SslSession extends RefType {
|
||||
SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
|
||||
}
|
||||
|
||||
/** The `javax.net.ssl.SSLEngine` class. */
|
||||
class SSLEngine extends RefType {
|
||||
SSLEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
|
||||
/** DEPRECATED: Alias for SslSession */
|
||||
deprecated class SSLSession = SslSession;
|
||||
|
||||
/** The `javax.net.ssl.SslEngine` class. */
|
||||
class SslEngine extends RefType {
|
||||
SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
|
||||
}
|
||||
|
||||
/** The `javax.net.ssl.SSLSocket` class. */
|
||||
class SSLSocket extends RefType {
|
||||
SSLSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
|
||||
/** DEPRECATED: Alias for SslEngine */
|
||||
deprecated class SSLEngine = SslEngine;
|
||||
|
||||
/** The `javax.net.ssl.SslSocket` class. */
|
||||
class SslSocket extends RefType {
|
||||
SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
|
||||
}
|
||||
|
||||
/** The `javax.net.ssl.SSLParameters` class. */
|
||||
class SSLParameters extends RefType {
|
||||
SSLParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
|
||||
/** DEPRECATED: Alias for SslSocket */
|
||||
deprecated class SSLSocket = SslSocket;
|
||||
|
||||
/** The `javax.net.ssl.SslParameters` class. */
|
||||
class SslParameters extends RefType {
|
||||
SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslParameters */
|
||||
deprecated class SSLParameters = SslParameters;
|
||||
|
||||
class HostnameVerifier extends RefType {
|
||||
HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
|
||||
}
|
||||
@@ -73,7 +94,7 @@ class HostnameVerifierVerify extends Method {
|
||||
this.hasName("verify") and
|
||||
this.getDeclaringType().getAnAncestor() instanceof HostnameVerifier and
|
||||
this.getParameterType(0) instanceof TypeString and
|
||||
this.getParameterType(1) instanceof SSLSession
|
||||
this.getParameterType(1) instanceof SslSession
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,22 +108,22 @@ class TrustManagerCheckMethod extends Method {
|
||||
class CreateSocket extends Method {
|
||||
CreateSocket() {
|
||||
this.hasName("createSocket") and
|
||||
this.getDeclaringType() instanceof SSLSocketFactory
|
||||
this.getDeclaringType() instanceof SslSocketFactory
|
||||
}
|
||||
}
|
||||
|
||||
class GetSocketFactory extends Method {
|
||||
GetSocketFactory() {
|
||||
this.hasName("getSocketFactory") and
|
||||
this.getDeclaringType() instanceof SSLContext
|
||||
this.getDeclaringType() instanceof SslContext
|
||||
}
|
||||
}
|
||||
|
||||
/** The `createSSLEngine` method of the class `javax.net.ssl.SSLContext`. */
|
||||
/** The `createSSLEngine` method of the class `javax.net.ssl.SslContext`. */
|
||||
class CreateSslEngineMethod extends Method {
|
||||
CreateSslEngineMethod() {
|
||||
this.hasName("createSSLEngine") and
|
||||
this.getDeclaringType() instanceof SSLContext
|
||||
this.getDeclaringType() instanceof SslContext
|
||||
}
|
||||
}
|
||||
|
||||
@@ -128,35 +149,35 @@ class SetDefaultHostnameVerifierMethod extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
/** The `beginHandshake` method of the class `javax.net.ssl.SSLEngine`. */
|
||||
/** The `beginHandshake` method of the class `javax.net.ssl.SslEngine`. */
|
||||
class BeginHandshakeMethod extends Method {
|
||||
BeginHandshakeMethod() {
|
||||
this.hasName("beginHandshake") and
|
||||
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
|
||||
this.getDeclaringType().getAnAncestor() instanceof SslEngine
|
||||
}
|
||||
}
|
||||
|
||||
/** The `wrap` method of the class `javax.net.ssl.SSLEngine`. */
|
||||
/** The `wrap` method of the class `javax.net.ssl.SslEngine`. */
|
||||
class SslWrapMethod extends Method {
|
||||
SslWrapMethod() {
|
||||
this.hasName("wrap") and
|
||||
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
|
||||
this.getDeclaringType().getAnAncestor() instanceof SslEngine
|
||||
}
|
||||
}
|
||||
|
||||
/** The `unwrap` method of the class `javax.net.ssl.SSLEngine`. */
|
||||
/** The `unwrap` method of the class `javax.net.ssl.SslEngine`. */
|
||||
class SslUnwrapMethod extends Method {
|
||||
SslUnwrapMethod() {
|
||||
this.hasName("unwrap") and
|
||||
this.getDeclaringType().getAnAncestor() instanceof SSLEngine
|
||||
this.getDeclaringType().getAnAncestor() instanceof SslEngine
|
||||
}
|
||||
}
|
||||
|
||||
/** The `getSession` method of the class `javax.net.ssl.SSLSession`. */
|
||||
/** The `getSession` method of the class `javax.net.ssl.SslSession`. */
|
||||
class GetSslSessionMethod extends Method {
|
||||
GetSslSessionMethod() {
|
||||
this.hasName("getSession") and
|
||||
this.getDeclaringType().getAnAncestor() instanceof SSLSession
|
||||
this.getDeclaringType().getAnAncestor() instanceof SslSession
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -126,7 +126,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
||||
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
|
||||
deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
|
||||
|
||||
/** An external API which is used with untrusted data. */
|
||||
private newtype TExternalApi =
|
||||
/** An untrusted API method `m` where untrusted data is passed at `index`. */
|
||||
TExternalApiParameter(Method m, int index) {
|
||||
exists(UntrustedExternalApiDataNode n |
|
||||
m = n.getMethod() and
|
||||
|
||||
@@ -26,7 +26,7 @@ private class DefaultInsecureTrustManagerSink extends InsecureTrustManagerSink {
|
||||
DefaultInsecureTrustManagerSink() {
|
||||
exists(MethodAccess ma, Method m |
|
||||
m.hasName("init") and
|
||||
m.getDeclaringType() instanceof SSLContext and
|
||||
m.getDeclaringType() instanceof SslContext and
|
||||
ma.getMethod() = m
|
||||
|
|
||||
ma.getArgument(1) = this.asExpr()
|
||||
|
||||
@@ -41,5 +41,5 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
|
||||
sanitizer.getType() instanceof TypeType
|
||||
}
|
||||
|
||||
override predicate isSanitizerIn(Node node) { isSource(node) }
|
||||
override predicate isSanitizerIn(Node node) { this.isSource(node) }
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
|
||||
SslEngineServerMode() {
|
||||
exists(MethodAccess ma, Method m |
|
||||
m.hasName("setUseClientMode") and
|
||||
m.getDeclaringType().getAnAncestor() instanceof SSLEngine and
|
||||
m.getDeclaringType().getAnAncestor() instanceof SslEngine and
|
||||
ma.getMethod() = m and
|
||||
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and
|
||||
this.asExpr() = ma.getQualifier()
|
||||
@@ -69,9 +69,9 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
|
||||
* or the qualifier of `createSocket` is an instance of `SSLSocketFactory`.
|
||||
*/
|
||||
private predicate isSslSocket(MethodAccess createSocket) {
|
||||
createSocket = any(CastExpr ce | ce.getType() instanceof SSLSocket).getExpr()
|
||||
createSocket = any(CastExpr ce | ce.getType() instanceof SslSocket).getExpr()
|
||||
or
|
||||
createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SSLSocketFactory
|
||||
createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SslSocketFactory
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -44,7 +44,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodAccess ma, RefType t | t instanceof SSLSocket or t instanceof SSLEngine |
|
||||
exists(MethodAccess ma, RefType t | t instanceof SslSocket or t instanceof SslEngine |
|
||||
ma.getMethod().hasName("setSSLParameters") and
|
||||
ma.getMethod().getDeclaringType().getAnAncestor() = t and
|
||||
ma.getArgument(0) = sink.asExpr()
|
||||
@@ -58,7 +58,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration {
|
||||
private class SafeSetEndpointIdentificationAlgorithm extends MethodAccess {
|
||||
SafeSetEndpointIdentificationAlgorithm() {
|
||||
this.getMethod().hasName("setEndpointIdentificationAlgorithm") and
|
||||
this.getMethod().getDeclaringType() instanceof SSLParameters and
|
||||
this.getMethod().getDeclaringType() instanceof SslParameters and
|
||||
not this.getArgument(0) instanceof NullLiteral and
|
||||
not this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = ""
|
||||
}
|
||||
|
||||
@@ -324,7 +324,7 @@ Expr configOptionIsSupportingExternalEntities() {
|
||||
/**
|
||||
* An `XmlInputFactory` specific expression that indicates whether DTD is supported.
|
||||
*/
|
||||
Expr configOptionSupportDTD() {
|
||||
Expr configOptionSupportDtd() {
|
||||
result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD"
|
||||
or
|
||||
exists(Field f |
|
||||
@@ -334,6 +334,9 @@ Expr configOptionSupportDTD() {
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for configOptionSupportDtd */
|
||||
deprecated Expr configOptionSupportDTD() { result = configOptionSupportDtd() }
|
||||
|
||||
/**
|
||||
* A safely configured `XmlInputFactory`.
|
||||
*/
|
||||
@@ -345,7 +348,7 @@ class SafeXmlInputFactory extends VarAccess {
|
||||
config.disables(configOptionIsSupportingExternalEntities())
|
||||
) and
|
||||
exists(XmlInputFactoryConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configOptionSupportDTD())
|
||||
config.disables(configOptionSupportDtd())
|
||||
)
|
||||
)
|
||||
}
|
||||
@@ -907,7 +910,7 @@ class XmlConstants extends RefType {
|
||||
}
|
||||
|
||||
/** A configuration specific for transformers and schema. */
|
||||
Expr configAccessExternalDTD() {
|
||||
Expr configAccessExternalDtd() {
|
||||
result.(ConstantStringExpr).getStringValue() =
|
||||
"http://javax.xml.XMLConstants/property/accessExternalDTD"
|
||||
or
|
||||
@@ -918,6 +921,9 @@ Expr configAccessExternalDTD() {
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for configAccessExternalDtd */
|
||||
deprecated Expr configAccessExternalDTD() { result = configAccessExternalDtd() }
|
||||
|
||||
/** A configuration specific for transformers. */
|
||||
Expr configAccessExternalStyleSheet() {
|
||||
result.(ConstantStringExpr).getStringValue() =
|
||||
@@ -1040,7 +1046,7 @@ class SafeTransformerFactory extends VarAccess {
|
||||
SafeTransformerFactory() {
|
||||
exists(Variable v | v = this.getVariable() |
|
||||
exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalDTD())
|
||||
config.disables(configAccessExternalDtd())
|
||||
) and
|
||||
exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalStyleSheet())
|
||||
@@ -1141,7 +1147,7 @@ class SafeSchemaFactory extends VarAccess {
|
||||
SafeSchemaFactory() {
|
||||
exists(Variable v | v = this.getVariable() |
|
||||
exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalDTD())
|
||||
config.disables(configAccessExternalDtd())
|
||||
) and
|
||||
exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalSchema())
|
||||
|
||||
@@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File {
|
||||
XmlElement getARootElement() { result = this.getAChild() }
|
||||
|
||||
/** Gets a DTD associated with this XML file. */
|
||||
XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) }
|
||||
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
|
||||
|
||||
/** DEPRECATED: Alias for getADtd */
|
||||
deprecated XmlDtd getADTD() { result = this.getADtd() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlFile */
|
||||
@@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile;
|
||||
* <!ELEMENT lastName (#PCDATA)>
|
||||
* ```
|
||||
*/
|
||||
class XmlDTD extends XmlLocatable, @xmldtd {
|
||||
class XmlDtd extends XmlLocatable, @xmldtd {
|
||||
/** Gets the name of the root element of this DTD. */
|
||||
string getRoot() { xmlDTDs(this, result, _, _, _) }
|
||||
|
||||
@@ -174,8 +177,8 @@ class XmlDTD extends XmlLocatable, @xmldtd {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlDTD */
|
||||
deprecated class XMLDTD = XmlDTD;
|
||||
/** DEPRECATED: Alias for XmlDtd */
|
||||
deprecated class XMLDTD = XmlDtd;
|
||||
|
||||
/**
|
||||
* An XML element in an XML file.
|
||||
@@ -282,15 +285,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
||||
string getPrefix() { xmlNs(this, result, _, _) }
|
||||
|
||||
/** Gets the URI of this namespace. */
|
||||
string getURI() { xmlNs(this, _, result, _) }
|
||||
string getUri() { xmlNs(this, _, result, _) }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = this.getUri() }
|
||||
|
||||
/** Holds if this namespace has no prefix. */
|
||||
predicate isDefault() { this.getPrefix() = "" }
|
||||
|
||||
override string toString() {
|
||||
this.isDefault() and result = this.getURI()
|
||||
this.isDefault() and result = this.getUri()
|
||||
or
|
||||
not this.isDefault() and result = this.getPrefix() + ":" + this.getURI()
|
||||
not this.isDefault() and result = this.getPrefix() + ":" + this.getUri()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -81,7 +81,7 @@ predicate exceptions(Class c, Field f) {
|
||||
// Stateless session beans are not normally serialized during their usual life-cycle
|
||||
// but are forced by their expected supertype to be serializable.
|
||||
// Arguably, warnings for their non-serializable fields can therefore be suppressed in practice.
|
||||
c instanceof StatelessSessionEJB
|
||||
c instanceof StatelessSessionEjb
|
||||
or
|
||||
// Enum types are serialized by name, so it doesn't matter if they have non-serializable fields.
|
||||
c instanceof EnumType
|
||||
|
||||
@@ -33,10 +33,10 @@ where
|
||||
or
|
||||
c instanceof Socket and type = "socket"
|
||||
) and
|
||||
not c instanceof SSLClass and
|
||||
not c instanceof SslClass and
|
||||
not exists(RefType t |
|
||||
exprTypeFlow(m.getQualifier(), t, _) and
|
||||
t instanceof SSLClass
|
||||
t instanceof SslClass
|
||||
) and
|
||||
(
|
||||
m.getMethod().getName() = "getInputStream" or
|
||||
|
||||
@@ -65,7 +65,7 @@ predicate query(MethodAccess m, Method def, int paramNo, string message, Element
|
||||
// an SSL factory, ...
|
||||
usesFactory(def, paramNo) and
|
||||
evidence = m.getArgument(paramNo) and
|
||||
not evidence.(Expr).getType() instanceof SSLClass and
|
||||
not evidence.(Expr).getType() instanceof SslClass and
|
||||
message = "has a non-SSL factory argument "
|
||||
or
|
||||
// ... or there is an overloaded method on the same type that does take a factory,
|
||||
|
||||
@@ -107,8 +107,8 @@ class CommentedOutCode extends JavadocFirst {
|
||||
CommentedOutCode() {
|
||||
anyCount(this) > 0 and
|
||||
codeCount(this).(float) / anyCount(this).(float) > 0.5 and
|
||||
not this instanceof JSNIComment and
|
||||
not this instanceof OCNIComment
|
||||
not this instanceof JsniComment and
|
||||
not this instanceof OcniComment
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -87,7 +87,7 @@ predicate isTestMethod(MethodAccess ma) {
|
||||
}
|
||||
|
||||
/** Holds if `MethodAccess` ma disables SSL endpoint check. */
|
||||
predicate isInsecureSSLEndpoint(MethodAccess ma) {
|
||||
predicate isInsecureSslEndpoint(MethodAccess ma) {
|
||||
(
|
||||
ma.getMethod() instanceof SetSystemPropertyMethod and
|
||||
isPropertyDisableLdapEndpointId(ma.getArgument(0)) and
|
||||
@@ -105,6 +105,6 @@ predicate isInsecureSSLEndpoint(MethodAccess ma) {
|
||||
|
||||
from MethodAccess ma
|
||||
where
|
||||
isInsecureSSLEndpoint(ma) and
|
||||
isInsecureSslEndpoint(ma) and
|
||||
not isTestMethod(ma)
|
||||
select ma, "LDAPS configuration allows insecure endpoint identification"
|
||||
|
||||
@@ -27,7 +27,7 @@ class UnsafeTlsVersionConfig extends TaintTracking::Configuration {
|
||||
class SslContextGetInstanceSink extends DataFlow::ExprNode {
|
||||
SslContextGetInstanceSink() {
|
||||
exists(StaticMethodAccess ma, Method m | m = ma.getMethod() |
|
||||
m.getDeclaringType() instanceof SSLContext and
|
||||
m.getDeclaringType() instanceof SslContext and
|
||||
m.hasName("getInstance") and
|
||||
ma.getArgument(0) = asExpr()
|
||||
)
|
||||
@@ -40,7 +40,7 @@ class SslContextGetInstanceSink extends DataFlow::ExprNode {
|
||||
*/
|
||||
class CreateSslParametersSink extends DataFlow::ExprNode {
|
||||
CreateSslParametersSink() {
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof SSLParameters |
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof SslParameters |
|
||||
cc.getArgument(1) = asExpr()
|
||||
)
|
||||
}
|
||||
@@ -53,7 +53,7 @@ class CreateSslParametersSink extends DataFlow::ExprNode {
|
||||
class SslParametersSetProtocolsSink extends DataFlow::ExprNode {
|
||||
SslParametersSetProtocolsSink() {
|
||||
exists(MethodAccess ma, Method m | m = ma.getMethod() |
|
||||
m.getDeclaringType() instanceof SSLParameters and
|
||||
m.getDeclaringType() instanceof SslParameters and
|
||||
m.hasName("setProtocols") and
|
||||
ma.getArgument(0) = asExpr()
|
||||
)
|
||||
@@ -70,9 +70,9 @@ class SetEnabledProtocolsSink extends DataFlow::ExprNode {
|
||||
m = ma.getMethod() and type = m.getDeclaringType()
|
||||
|
|
||||
(
|
||||
type instanceof SSLSocket or
|
||||
type instanceof SSLServerSocket or
|
||||
type instanceof SSLEngine
|
||||
type instanceof SslSocket or
|
||||
type instanceof SslServerSocket or
|
||||
type instanceof SslEngine
|
||||
) and
|
||||
m.hasName("setEnabledProtocols") and
|
||||
ma.getArgument(0) = asExpr()
|
||||
@@ -94,6 +94,6 @@ class UnsafeTlsVersion extends StringLiteral {
|
||||
}
|
||||
}
|
||||
|
||||
class SSLServerSocket extends RefType {
|
||||
SSLServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
|
||||
class SslServerSocket extends RefType {
|
||||
SslServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ predicate isBasicAuthEnv(MethodAccess ma) {
|
||||
/**
|
||||
* Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`.
|
||||
*/
|
||||
predicate isSSLEnv(MethodAccess ma) {
|
||||
predicate isSslEnv(MethodAccess ma) {
|
||||
hasFieldValueEnv(ma, "java.naming.security.protocol", "ssl") or
|
||||
hasFieldNameEnv(ma, "SECURITY_PROTOCOL", "ssl")
|
||||
}
|
||||
@@ -182,13 +182,13 @@ class BasicAuthFlowConfig extends DataFlow::Configuration {
|
||||
/**
|
||||
* A taint-tracking configuration for `ssl` configuration in LDAP authentication.
|
||||
*/
|
||||
class SSLFlowConfig extends DataFlow::Configuration {
|
||||
SSLFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
|
||||
class SslFlowConfig extends DataFlow::Configuration {
|
||||
SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" }
|
||||
|
||||
/** Source of `ssl` configuration. */
|
||||
override predicate isSource(DataFlow::Node src) {
|
||||
exists(MethodAccess ma |
|
||||
isSSLEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
|
||||
isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -205,6 +205,6 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureUrlFlowConfig c
|
||||
where
|
||||
config.hasFlowPath(source, sink) and
|
||||
exists(BasicAuthFlowConfig bc | bc.hasFlowTo(sink.getNode())) and
|
||||
not exists(SSLFlowConfig sc | sc.hasFlowTo(sink.getNode()))
|
||||
not exists(SslFlowConfig sc | sc.hasFlowTo(sink.getNode()))
|
||||
select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(),
|
||||
"LDAP connection string"
|
||||
|
||||
@@ -25,7 +25,7 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
|
||||
source instanceof RemoteFlowSource and
|
||||
not exists(MethodAccess ma, Method m | ma.getMethod() = m |
|
||||
(
|
||||
m instanceof HttpServletRequestGetRequestURIMethod or
|
||||
m instanceof HttpServletRequestGetRequestUriMethod or
|
||||
m instanceof HttpServletRequestGetRequestUrlMethod or
|
||||
m instanceof HttpServletRequestGetPathMethod
|
||||
) and
|
||||
|
||||
@@ -73,7 +73,7 @@ class SafeValidator extends VarAccess {
|
||||
SafeValidator() {
|
||||
exists(Variable v | v = this.getVariable() |
|
||||
exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalDTD())
|
||||
config.disables(configAccessExternalDtd())
|
||||
) and
|
||||
exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() |
|
||||
config.disables(configAccessExternalSchema())
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import java
|
||||
import semmle.code.java.frameworks.gwt.GWT
|
||||
|
||||
from JSNIComment jsni
|
||||
from JsniComment jsni
|
||||
select jsni, jsni.getImplementedMethod()
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OCNIImport |
|
||||
| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OCNIComment |
|
||||
| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OCNIMethodComment |
|
||||
| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OcniImport |
|
||||
| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OcniComment |
|
||||
| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OcniMethodComment |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import semmle.code.java.frameworks.j2objc.J2ObjC
|
||||
|
||||
from OCNIComment ocni
|
||||
from OcniComment ocni
|
||||
select ocni.getFile().getStem(), ocni.getLocation().getStartLine(),
|
||||
ocni.getLocation().getStartColumn(), ocni.getLocation().getEndLine(),
|
||||
ocni.getLocation().getEndColumn(), ocni.toString(), ocni.getAQlClass()
|
||||
|
||||
Reference in New Issue
Block a user