hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into moresensitive2

Browse Source
This commit is contained in:
Geoffrey White
2025-07-23 08:50:25 +01:00
parent 918700ff6f f432cf9c4d
commit 4f6b698ca3
381 changed files with 18472 additions and 9014 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,6 +1,8 @@
## 0.4.13
No user-facing changes.
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
## 0.4.12

4
actions/ql/lib/change-notes/2025-07-11-artifact-poisoning.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.

4
actions/ql/lib/change-notes/released/0.4.13.md
View File

@@ -1,3 +1,5 @@
## 0.4.13
No user-facing changes.
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.

25
config/identical-files.json
View File

@@ -231,35 +231,10 @@
"java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
"java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
],
"CryptoAlgorithms Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
"ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll",
"rust/ql/lib/codeql/rust/security/CryptoAlgorithms.qll"
],
"CryptoAlgorithmNames Python/JS/Ruby": [
"javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
"python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
"ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll",
"rust/ql/lib/codeql/rust/security/internal/CryptoAlgorithmNames.qll"
],
"SensitiveDataHeuristics Python/JS": [
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
"swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll",
"rust/ql/lib/codeql/rust/security/internal/SensitiveDataHeuristics.qll"
],
"IncompleteUrlSubstringSanitization": [
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
"ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll"
],
"Concepts Python/Ruby/JS": [
"python/ql/lib/semmle/python/internal/ConceptsShared.qll",
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll",
"rust/ql/lib/codeql/rust/internal/ConceptsShared.qll"
],
"ApiGraphModels": [
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",

5
cpp/ql/lib/CHANGELOG.md
View File

@@ -4,8 +4,13 @@
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
### New Features
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.

4
cpp/ql/lib/change-notes/2025-07-10-final.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.

5
cpp/ql/lib/change-notes/released/5.3.0.md
View File

@@ -4,8 +4,13 @@
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
### New Features
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.

4
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -153,6 +153,10 @@ private predicate isGlobalDefImpl(
GlobalLikeVariable v, IRFunction f, int indirection, int indirectionIndex
) {
exists(VariableAddressInstruction vai |
// The right-hand side of an initialization of a global variable
// creates its own `IRFunction`. We don't want flow into that `IRFunction`
// since the variable is only initialized once.
not vai.getEnclosingFunction() = v and
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isUse(_, _, vai, indirection, indirectionIndex) and

39
cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll
View File

@@ -42,6 +42,7 @@ private newtype TOpcode =
TCompareGT() or
TCompareLE() or
TCompareGE() or
TSpaceship() or
TPointerAdd() or
TPointerSub() or
TPointerDiff() or
@@ -92,7 +93,9 @@ private newtype TOpcode =
TUninitializedGroup() or
TInlineAsm() or
TUnreached() or
TNewObj()
TNewObj() or
TTypeidExpr() or
TTypeidType()
/**
* An opcode that specifies the operation performed by an `Instruction`.
@@ -763,6 +766,15 @@ module Opcode {
final override string toString() { result = "CompareGE" }
}
/**
* The `Opcode` for a `SpaceshipInstruction`.
*
* See the `SpaceshipInstruction` documentation for more details.
*/
class Spaceship extends BinaryOpcode, TSpaceship {
final override string toString() { result = "Spaceship" }
}
/**
* The `Opcode` for a `PointerAddInstruction`.
*
@@ -1281,4 +1293,29 @@ module Opcode {
class NewObj extends Opcode, TNewObj {
final override string toString() { result = "NewObj" }
}
/**
* The `Opcode` for a `TypeidInstruction`.
*
* See the `TypeidInstruction` documentation for more details.
*/
abstract class Typeid extends Opcode { }
/**
* The `Opcode` for a `TypeidExprInstruction`.
*
* See the `TypeidExprInstruction` documentation for more details.
*/
class TypeidExpr extends Typeid, UnaryOpcode, TTypeidExpr {
final override string toString() { result = "TypeidExpr" }
}
/**
* The `Opcode` for a `TypeidTypeInstruction`.
*
* See the `TypeidTypeInstruction` documentation for more details.
*/
class TypeidType extends Typeid, TTypeidType {
final override string toString() { result = "TypeidType" }
}
}

30
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
View File

@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
override predicate isStrict() { none() }
}
/**
* An instruction that represents a three-way comparison operator.
*/
class SpaceshipInstruction extends BinaryInstruction {
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
}
/**
* An instruction that branches to one of multiple successor instructions based on the value of an
* integer operand.
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
class NewObjInstruction extends Instruction {
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
}
/**
* An instruction that returns the type info for its operand.
*/
class TypeidInstruction extends Instruction {
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as an expression in the AST.
*/
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as a type in the AST.
*/
class TypeidTypeInstruction extends TypeidInstruction {
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
}

30
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
View File

@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
override predicate isStrict() { none() }
}
/**
* An instruction that represents a three-way comparison operator.
*/
class SpaceshipInstruction extends BinaryInstruction {
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
}
/**
* An instruction that branches to one of multiple successor instructions based on the value of an
* integer operand.
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
class NewObjInstruction extends Instruction {
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
}
/**
* An instruction that returns the type info for its operand.
*/
class TypeidInstruction extends Instruction {
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as an expression in the AST.
*/
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as a type in the AST.
*/
class TypeidTypeInstruction extends TypeidInstruction {
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
}

57
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -1808,6 +1808,11 @@ private Opcode comparisonOpcode(ComparisonOperation expr) {
expr instanceof GEExpr and result instanceof Opcode::CompareGE
}
private Opcode spaceShipOpcode(SpaceshipExpr expr) {
exists(expr) and
result instanceof Opcode::Spaceship
}
/**
* IR translation of a simple binary operation.
*/
@@ -1867,7 +1872,8 @@ class TranslatedBinaryOperation extends TranslatedSingleInstructionExpr {
override Opcode getOpcode() {
result = binaryArithmeticOpcode(expr) or
result = binaryBitwiseOpcode(expr) or
result = comparisonOpcode(expr)
result = comparisonOpcode(expr) or
result = spaceShipOpcode(expr)
}
override Type getExprType() {
@@ -4185,3 +4191,52 @@ class TranslatedAssumeExpr extends TranslatedSingleInstructionExpr {
none()
}
}
class TranslatedTypeidExpr extends TranslatedSingleInstructionExpr {
override TypeidOperator expr;
final override Opcode getOpcode() {
exists(this.getOperand()) and
result instanceof Opcode::TypeidExpr
or
not exists(this.getOperand()) and
result instanceof Opcode::TypeidType
}
final override Instruction getFirstInstruction(EdgeKind kind) {
result = this.getOperand().getFirstInstruction(kind)
or
not exists(this.getOperand()) and
result = this.getInstruction(OnlyInstructionTag()) and
kind instanceof GotoEdge
}
override Instruction getALastInstructionInternal() {
result = this.getInstruction(OnlyInstructionTag())
}
final override TranslatedElement getChildInternal(int id) {
id = 0 and result = this.getOperand()
}
final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
tag = OnlyInstructionTag() and
result = this.getParent().getChildSuccessor(this, kind)
}
final override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
child = this.getOperand() and
result = this.getInstruction(OnlyInstructionTag()) and
kind instanceof GotoEdge
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = OnlyInstructionTag() and
result = this.getOperand().getResult() and
operandTag instanceof UnaryOperandTag
}
private TranslatedExpr getOperand() {
result = getTranslatedExpr(expr.getExpr().getFullyConverted())
}
}

30
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
View File

@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
override predicate isStrict() { none() }
}
/**
* An instruction that represents a three-way comparison operator.
*/
class SpaceshipInstruction extends BinaryInstruction {
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
}
/**
* An instruction that branches to one of multiple successor instructions based on the value of an
* integer operand.
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
class NewObjInstruction extends Instruction {
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
}
/**
* An instruction that returns the type info for its operand.
*/
class TypeidInstruction extends Instruction {
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as an expression in the AST.
*/
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
}
/**
* An instruction that returns the type info for its operand, where the
* operand occurs as a type in the AST.
*/
class TypeidTypeInstruction extends TypeidInstruction {
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
}

9
cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
View File

@@ -17,7 +17,6 @@
import cpp
import PrintfLike
private import semmle.code.cpp.ir.dataflow.ResolveCall
bindingset[index]
private string toCause(Function func, int index) {
@@ -37,9 +36,9 @@ private predicate wrapperFunctionStep(
not target.isVirtual() and
not source.isVirtual() and
source.hasDefinition() and
exists(Call call, Expr arg, Parameter sourceParam |
exists(FunctionCall call, Expr arg, Parameter sourceParam |
// there is a 'call' to 'target' with argument 'arg' at index 'targetParamIndex'
target = resolveCall(call) and
target = call.getTarget() and
arg = call.getArgument(targetParamIndex) and
// 'call' is enclosed in 'source'
source = call.getEnclosingFunction() and
@@ -154,8 +153,8 @@ abstract class FunctionWithWrappers extends Function {
* Whether 'arg' is an argument in a call to an outermost wrapper function of 'this' function.
*/
predicate outermostWrapperFunctionCall(Expr arg, string callChain) {
exists(Function targetFunc, Call call, int argIndex |
targetFunc = resolveCall(call) and
exists(Function targetFunc, FunctionCall call, int argIndex |
targetFunc = call.getTarget() and
this.wrapperFunction(targetFunc, argIndex, callChain) and
(
exists(Function sourceFunc | sourceFunc = call.getEnclosingFunction() |

4
cpp/ql/src/CHANGELOG.md
View File

@@ -2,7 +2,11 @@
### Minor Analysis Improvements
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
* Improved support for dataflow through function objects and lambda expressions.
* Added flow models for `pthread_create` and `std::thread`.
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
* Added flow models for the GNU C Library.
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.

11
cpp/ql/src/Metrics/Classes/CNumberOfFunctions.qhelp
View File

@@ -49,21 +49,16 @@ need to be part of the class. (A classic example of this is the
observes, there are at least two key problems with this approach:
<ul>
<li>
It may be possible to generalize some of the utility functions beyond the
<i>1. It may be possible to generalize some of the utility functions beyond the
narrow context of the class in question -- by bundling them with the class,
the class author reduces the scope for functionality reuse.
</li>
<li>
It's usually impossible for the class author to know every possible
2. It's usually impossible for the class author to know every possible
operation that the user might want to perform on the class, so the public
interface will inherently be incomplete. New utility functions will end up
having a different syntax to the privileged public functions in the class,
negatively impacting on code consistency.
</li>
</ul>
</i>
To refactor a class like this, simply move its utility functions elsewhere,
paring its public interface down to the bare minimum.

12
cpp/ql/src/Metrics/Classes/CSizeOfAPI.qhelp
View File

@@ -46,21 +46,17 @@ need to be part of the class. (A classic example of this is the
<code>std::string</code> class in the C++ Standard Library.) As [Sutter]
observes, there are at least two key problems with this approach:
<ul>
<li>
It may be possible to generalize some of the utility functions beyond the
<i>
1. It may be possible to generalize some of the utility functions beyond the
narrow context of the class in question -- by bundling them with the class,
the class author reduces the scope for functionality reuse.
</li>
<li>
It's usually impossible for the class author to know every possible
2. It's usually impossible for the class author to know every possible
operation that the user might want to perform on the class, so the public
interface will inherently be incomplete. New utility functions will end up
having a different syntax to the privileged public functions in the class,
negatively impacting on code consistency.
</li>
</ul>
</i>
To refactor a class like this, simply move its utility functions elsewhere,
paring its public interface down to the bare minimum.

2
cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
View File

@@ -23,7 +23,7 @@ predicate isProcessOperationExplanation(DataFlow::Node arg, string processOperat
exists(int processOperationArg, FunctionCall call |
isProcessOperationArgument(processOperation, processOperationArg) and
call.getTarget().getName() = processOperation and
call.getArgument(processOperationArg) = [arg.asExpr(), arg.asIndirectExpr()]
call.getArgument(processOperationArg) = arg.asIndirectExpr()
)
}

4
cpp/ql/src/change-notes/2025-07-10-pthread-and-std-thread.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added flow models for `pthread_create` and `std::thread`.

4
cpp/ql/src/change-notes/2025-07-10-wchar-fp.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.

4
cpp/ql/src/change-notes/2025-07-11-function-objects.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Improved support for dataflow through function objects and lambda expressions.

4
cpp/ql/src/change-notes/released/1.4.4.md
View File

@@ -2,7 +2,11 @@
### Minor Analysis Improvements
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
* Improved support for dataflow through function objects and lambda expressions.
* Added flow models for `pthread_create` and `std::thread`.
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
* Added flow models for the GNU C Library.
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.

6
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -6,9 +6,15 @@ uniqueEnclosingCallable
| test.cpp:1126:33:1129:1 | {...} | Node should have one enclosing callable but has 0. |
| test.cpp:1127:3:1127:13 | reads_input | Node should have one enclosing callable but has 0. |
| test.cpp:1128:3:1128:21 | not_does_read_input | Node should have one enclosing callable but has 0. |
| test.cpp:1158:18:1158:21 | call to sink | Node should have one enclosing callable but has 0. |
| test.cpp:1158:18:1158:42 | ... , ... | Node should have one enclosing callable but has 0. |
| test.cpp:1158:23:1158:31 | recursion | Node should have one enclosing callable but has 0. |
| test.cpp:1158:35:1158:40 | call to source | Node should have one enclosing callable but has 0. |
uniqueCallEnclosingCallable
| test.cpp:864:47:864:54 | call to source | Call should have one enclosing callable but has 0. |
| test.cpp:872:46:872:51 | call to source | Call should have one enclosing callable but has 0. |
| test.cpp:1158:18:1158:21 | call to sink | Call should have one enclosing callable but has 0. |
| test.cpp:1158:35:1158:40 | call to source | Call should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
missingLocation

2
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -1154,3 +1154,5 @@ namespace conflation_regression {
read_deref_deref(p);
}
}
int recursion = (sink(recursion), source()); // clean

140
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -24436,6 +24436,107 @@ ir.cpp:
# 2742| Type = [IntType] int
# 2742| ValueCategory = prvalue
# 2743| getStmt(14): [ReturnStmt] return ...
# 2747| [CopyAssignmentOperator] std::strong_ordering& std::strong_ordering::operator=(std::strong_ordering const&)
# 2747| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const strong_ordering &
# 2747| [MoveAssignmentOperator] std::strong_ordering& std::strong_ordering::operator=(std::strong_ordering&&)
# 2747| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] strong_ordering &&
# 2747| [CopyConstructor] void std::strong_ordering::strong_ordering(std::strong_ordering const&)
# 2747| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const strong_ordering &
# 2747| [MoveConstructor] void std::strong_ordering::strong_ordering(std::strong_ordering&&)
# 2747| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] strong_ordering &&
# 2747| <initializations>:
# 2747| getEntryPoint(): [BlockStmt] { ... }
# 2747| getStmt(0): [ReturnStmt] return ...
# 2748| [Constructor] void std::strong_ordering::strong_ordering(std::_Order)
# 2748| <params>:
# 2748| getParameter(0): [Parameter] v
# 2748| Type = [ScopedEnum] _Order
# 2748| <initializations>:
# 2748| getEntryPoint(): [BlockStmt] { ... }
# 2748| getStmt(0): [ReturnStmt] return ...
# 2763| [CopyAssignmentOperator] ThreeWay& ThreeWay::operator=(ThreeWay const&)
# 2763| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const ThreeWay &
# 2763| [MoveAssignmentOperator] ThreeWay& ThreeWay::operator=(ThreeWay&&)
# 2763| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] ThreeWay &&
# 2763| [Constructor] void ThreeWay::ThreeWay()
# 2763| <params>:
# 2766| [MemberFunction] std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
# 2766| <params>:
# 2766| getParameter(0): [Parameter] y
# 2766| Type = [LValueReferenceType] ThreeWay &
# 2766| getEntryPoint(): [BlockStmt] { ... }
# 2766| getStmt(0): [ReturnStmt] return ...
# 2766| getExpr(): [SpaceshipExpr] ... <=> ...
# 2766| Type = [Class] strong_ordering
# 2766| ValueCategory = prvalue
# 2766| getChild(0): [PointerFieldAccess] x
# 2766| Type = [IntType] int
# 2766| ValueCategory = prvalue(load)
# 2766| getQualifier(): [ThisExpr] this
# 2766| Type = [PointerType] ThreeWay *
# 2766| ValueCategory = prvalue(load)
# 2766| getChild(1): [ReferenceFieldAccess] x
# 2766| Type = [IntType] int
# 2766| ValueCategory = prvalue(load)
# 2766| getQualifier(): [VariableAccess] y
# 2766| Type = [LValueReferenceType] ThreeWay &
# 2766| ValueCategory = prvalue(load)
# 2766| getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
# 2766| Type = [Class] ThreeWay
# 2766| ValueCategory = lvalue
# 2769| [TopLevelFunction] void test_three_way(int, int, ThreeWay, ThreeWay)
# 2769| <params>:
# 2769| getParameter(0): [Parameter] a
# 2769| Type = [IntType] int
# 2769| getParameter(1): [Parameter] b
# 2769| Type = [IntType] int
# 2769| getParameter(2): [Parameter] c
# 2769| Type = [Class] ThreeWay
# 2769| getParameter(3): [Parameter] d
# 2769| Type = [Class] ThreeWay
# 2769| getEntryPoint(): [BlockStmt] { ... }
# 2770| getStmt(0): [DeclStmt] declaration
# 2770| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 2770| Type = [Class] strong_ordering
# 2770| getVariable().getInitializer(): [Initializer] initializer for x
# 2770| getExpr(): [SpaceshipExpr] ... <=> ...
# 2770| Type = [Class] strong_ordering
# 2770| ValueCategory = prvalue
# 2770| getChild(0): [VariableAccess] a
# 2770| Type = [IntType] int
# 2770| ValueCategory = prvalue(load)
# 2770| getChild(1): [VariableAccess] b
# 2770| Type = [IntType] int
# 2770| ValueCategory = prvalue(load)
# 2771| getStmt(1): [DeclStmt] declaration
# 2771| getDeclarationEntry(0): [VariableDeclarationEntry] definition of y
# 2771| Type = [Class] strong_ordering
# 2771| getVariable().getInitializer(): [Initializer] initializer for y
# 2771| getExpr(): [FunctionCall] call to operator<=>
# 2771| Type = [Class] strong_ordering
# 2771| ValueCategory = prvalue
# 2771| getQualifier(): [VariableAccess] c
# 2771| Type = [Class] ThreeWay
# 2771| ValueCategory = lvalue
# 2771| getArgument(0): [VariableAccess] d
# 2771| Type = [Class] ThreeWay
# 2771| ValueCategory = lvalue
# 2771| getArgument(0).getFullyConverted(): [ReferenceToExpr] (reference to)
# 2771| Type = [LValueReferenceType] ThreeWay &
# 2771| ValueCategory = prvalue
# 2772| getStmt(2): [ReturnStmt] return ...
ir23.cpp:
# 1| [TopLevelFunction] bool consteval_1()
# 1| <params>:
@@ -50174,3 +50275,42 @@ try_except.cpp:
# 52| Type = [IntType] int
# 52| ValueCategory = prvalue(load)
# 54| getStmt(2): [ReturnStmt] return ...
type_info_test.cpp:
# 3| [TopLevelFunction] void type_info_test(int)
# 3| <params>:
# 3| getParameter(0): [Parameter] x
# 3| Type = [IntType] int
# 3| getEntryPoint(): [BlockStmt] { ... }
# 4| getStmt(0): [DeclStmt] declaration
# 4| getDeclarationEntry(0): [VariableDeclarationEntry] definition of t1
# 4| Type = [LValueReferenceType] const type_info &
# 4| getVariable().getInitializer(): [Initializer] initializer for t1
# 4| getExpr(): [TypeidOperator] typeid ...
# 4| Type = [SpecifiedType] const type_info
# 4| ValueCategory = lvalue
# 4| getExpr(): [VariableAccess] x
# 4| Type = [IntType] int
# 4| ValueCategory = lvalue
# 4| getExpr().getFullyConverted(): [ReferenceToExpr] (reference to)
# 4| Type = [LValueReferenceType] const type_info &
# 4| ValueCategory = prvalue
# 5| getStmt(1): [DeclStmt] declaration
# 5| getDeclarationEntry(0): [VariableDeclarationEntry] definition of t2
# 5| Type = [LValueReferenceType] const type_info &
# 5| getVariable().getInitializer(): [Initializer] initializer for t2
# 5| getExpr(): [TypeidOperator] typeid ...
# 5| Type = [SpecifiedType] const type_info
# 5| ValueCategory = lvalue
# 5| getExpr().getFullyConverted(): [ReferenceToExpr] (reference to)
# 5| Type = [LValueReferenceType] const type_info &
# 5| ValueCategory = prvalue
# 6| getStmt(2): [ReturnStmt] return ...
typeinfo:
# 4| [CopyAssignmentOperator] std::type_info& std::type_info::operator=(std::type_info const&)
# 4| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [LValueReferenceType] const type_info &
# 4| [MoveAssignmentOperator] std::type_info& std::type_info::operator=(std::type_info&&)
# 4| <params>:
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
#-----| Type = [RValueReferenceType] type_info &&

137
cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
View File

@@ -20273,6 +20273,119 @@ ir.cpp:
# 2728| v2728_14(void) = AliasedUse : ~m2728_9
# 2728| v2728_15(void) = ExitFunction :
# 2747| void std::strong_ordering::strong_ordering(std::strong_ordering&&)
# 2747| Block 0
# 2747| v2747_1(void) = EnterFunction :
# 2747| m2747_2(unknown) = AliasedDefinition :
# 2747| m2747_3(unknown) = InitializeNonLocal :
# 2747| m2747_4(unknown) = Chi : total:m2747_2, partial:m2747_3
# 2747| r2747_5(glval<unknown>) = VariableAddress[#this] :
# 2747| m2747_6(glval<strong_ordering>) = InitializeParameter[#this] : &:r2747_5
# 2747| r2747_7(glval<strong_ordering>) = Load[#this] : &:r2747_5, m2747_6
# 2747| m2747_8(strong_ordering) = InitializeIndirection[#this] : &:r2747_7
#-----| r0_1(glval<strong_ordering &&>) = VariableAddress[(unnamed parameter 0)] :
#-----| m0_2(strong_ordering &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1
#-----| r0_3(strong_ordering &&) = Load[(unnamed parameter 0)] : &:r0_1, m0_2
#-----| m0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3
# 2747| v2747_9(void) = NoOp :
# 2747| v2747_10(void) = ReturnIndirection[#this] : &:r2747_7, m2747_8
#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, m0_4
# 2747| v2747_11(void) = ReturnVoid :
# 2747| v2747_12(void) = AliasedUse : m2747_3
# 2747| v2747_13(void) = ExitFunction :
# 2748| void std::strong_ordering::strong_ordering(std::_Order)
# 2748| Block 0
# 2748| v2748_1(void) = EnterFunction :
# 2748| m2748_2(unknown) = AliasedDefinition :
# 2748| m2748_3(unknown) = InitializeNonLocal :
# 2748| m2748_4(unknown) = Chi : total:m2748_2, partial:m2748_3
# 2748| r2748_5(glval<unknown>) = VariableAddress[#this] :
# 2748| m2748_6(glval<strong_ordering>) = InitializeParameter[#this] : &:r2748_5
# 2748| r2748_7(glval<strong_ordering>) = Load[#this] : &:r2748_5, m2748_6
# 2748| m2748_8(strong_ordering) = InitializeIndirection[#this] : &:r2748_7
# 2748| r2748_9(glval<_Order>) = VariableAddress[v] :
# 2748| m2748_10(_Order) = InitializeParameter[v] : &:r2748_9
# 2748| v2748_11(void) = NoOp :
# 2748| v2748_12(void) = ReturnIndirection[#this] : &:r2748_7, m2748_8
# 2748| v2748_13(void) = ReturnVoid :
# 2748| v2748_14(void) = AliasedUse : m2748_3
# 2748| v2748_15(void) = ExitFunction :
# 2766| std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
# 2766| Block 0
# 2766| v2766_1(void) = EnterFunction :
# 2766| m2766_2(unknown) = AliasedDefinition :
# 2766| m2766_3(unknown) = InitializeNonLocal :
# 2766| m2766_4(unknown) = Chi : total:m2766_2, partial:m2766_3
# 2766| r2766_5(glval<unknown>) = VariableAddress[#this] :
# 2766| m2766_6(glval<ThreeWay>) = InitializeParameter[#this] : &:r2766_5
# 2766| r2766_7(glval<ThreeWay>) = Load[#this] : &:r2766_5, m2766_6
# 2766| m2766_8(ThreeWay) = InitializeIndirection[#this] : &:r2766_7
# 2766| r2766_9(glval<ThreeWay &>) = VariableAddress[y] :
# 2766| m2766_10(ThreeWay &) = InitializeParameter[y] : &:r2766_9
# 2766| r2766_11(ThreeWay &) = Load[y] : &:r2766_9, m2766_10
# 2766| m2766_12(unknown) = InitializeIndirection[y] : &:r2766_11
# 2766| r2766_13(glval<strong_ordering>) = VariableAddress[#return] :
# 2766| r2766_14(glval<unknown>) = VariableAddress[#this] :
# 2766| r2766_15(ThreeWay *) = Load[#this] : &:r2766_14, m2766_6
# 2766| r2766_16(glval<int>) = FieldAddress[x] : r2766_15
# 2766| r2766_17(int) = Load[?] : &:r2766_16, ~m2766_8
# 2766| r2766_18(glval<ThreeWay &>) = VariableAddress[y] :
# 2766| r2766_19(ThreeWay &) = Load[y] : &:r2766_18, m2766_10
# 2766| r2766_20(glval<ThreeWay>) = CopyValue : r2766_19
# 2766| r2766_21(glval<int>) = FieldAddress[x] : r2766_20
# 2766| r2766_22(int) = Load[?] : &:r2766_21, ~m2766_12
# 2766| r2766_23(strong_ordering) = Spaceship : r2766_17, r2766_22
# 2766| m2766_24(strong_ordering) = Store[#return] : &:r2766_13, r2766_23
# 2766| v2766_25(void) = ReturnIndirection[#this] : &:r2766_7, m2766_8
# 2766| v2766_26(void) = ReturnIndirection[y] : &:r2766_11, m2766_12
# 2766| r2766_27(glval<strong_ordering>) = VariableAddress[#return] :
# 2766| v2766_28(void) = ReturnValue : &:r2766_27, m2766_24
# 2766| v2766_29(void) = AliasedUse : m2766_3
# 2766| v2766_30(void) = ExitFunction :
# 2769| void test_three_way(int, int, ThreeWay, ThreeWay)
# 2769| Block 0
# 2769| v2769_1(void) = EnterFunction :
# 2769| m2769_2(unknown) = AliasedDefinition :
# 2769| m2769_3(unknown) = InitializeNonLocal :
# 2769| m2769_4(unknown) = Chi : total:m2769_2, partial:m2769_3
# 2769| r2769_5(glval<int>) = VariableAddress[a] :
# 2769| m2769_6(int) = InitializeParameter[a] : &:r2769_5
# 2769| r2769_7(glval<int>) = VariableAddress[b] :
# 2769| m2769_8(int) = InitializeParameter[b] : &:r2769_7
# 2769| r2769_9(glval<ThreeWay>) = VariableAddress[c] :
# 2769| m2769_10(ThreeWay) = InitializeParameter[c] : &:r2769_9
# 2769| r2769_11(glval<ThreeWay>) = VariableAddress[d] :
# 2769| m2769_12(ThreeWay) = InitializeParameter[d] : &:r2769_11
# 2770| r2770_1(glval<strong_ordering>) = VariableAddress[x] :
# 2770| r2770_2(glval<int>) = VariableAddress[a] :
# 2770| r2770_3(int) = Load[a] : &:r2770_2, m2769_6
# 2770| r2770_4(glval<int>) = VariableAddress[b] :
# 2770| r2770_5(int) = Load[b] : &:r2770_4, m2769_8
# 2770| r2770_6(strong_ordering) = Spaceship : r2770_3, r2770_5
# 2770| m2770_7(strong_ordering) = Store[x] : &:r2770_1, r2770_6
# 2771| r2771_1(glval<strong_ordering>) = VariableAddress[y] :
# 2771| r2771_2(glval<ThreeWay>) = VariableAddress[c] :
# 2771| r2771_3(glval<unknown>) = FunctionAddress[operator<=>] :
# 2771| r2771_4(glval<ThreeWay>) = VariableAddress[d] :
# 2771| r2771_5(ThreeWay &) = CopyValue : r2771_4
# 2771| r2771_6(strong_ordering) = Call[operator<=>] : func:r2771_3, this:r2771_2, 0:r2771_5
# 2771| m2771_7(unknown) = ^CallSideEffect : ~m2769_4
# 2771| m2771_8(unknown) = Chi : total:m2769_4, partial:m2771_7
# 2771| v2771_9(void) = ^IndirectReadSideEffect[-1] : &:r2771_2, m2769_10
# 2771| v2771_10(void) = ^BufferReadSideEffect[0] : &:r2771_5, ~m2769_12
# 2771| m2771_11(ThreeWay) = ^IndirectMayWriteSideEffect[-1] : &:r2771_2
# 2771| m2771_12(ThreeWay) = Chi : total:m2769_10, partial:m2771_11
# 2771| m2771_13(unknown) = ^BufferMayWriteSideEffect[0] : &:r2771_5
# 2771| m2771_14(ThreeWay) = Chi : total:m2769_12, partial:m2771_13
# 2771| m2771_15(strong_ordering) = Store[y] : &:r2771_1, r2771_6
# 2772| v2772_1(void) = NoOp :
# 2769| v2769_13(void) = ReturnVoid :
# 2769| v2769_14(void) = AliasedUse : ~m2771_8
# 2769| v2769_15(void) = ExitFunction :
ir23.cpp:
# 1| bool consteval_1()
# 1| Block 0
@@ -39973,3 +40086,27 @@ try_except.cpp:
# 44| Block 7
# 44| v44_10(void) = Unreached :
type_info_test.cpp:
# 3| void type_info_test(int)
# 3| Block 0
# 3| v3_1(void) = EnterFunction :
# 3| m3_2(unknown) = AliasedDefinition :
# 3| m3_3(unknown) = InitializeNonLocal :
# 3| m3_4(unknown) = Chi : total:m3_2, partial:m3_3
# 3| r3_5(glval<int>) = VariableAddress[x] :
# 3| m3_6(int) = InitializeParameter[x] : &:r3_5
# 3| m3_7(unknown) = Chi : total:m3_4, partial:m3_6
# 4| r4_1(glval<type_info &>) = VariableAddress[t1] :
# 4| r4_2(glval<int>) = VariableAddress[x] :
# 4| r4_3(glval<type_info>) = TypeidExpr : r4_2
# 4| r4_4(type_info &) = CopyValue : r4_3
# 4| m4_5(type_info &) = Store[t1] : &:r4_1, r4_4
# 5| r5_1(glval<type_info &>) = VariableAddress[t2] :
# 5| r5_2(glval<type_info>) = TypeidType :
# 5| r5_3(type_info &) = CopyValue : r5_2
# 5| m5_4(type_info &) = Store[t2] : &:r5_1, r5_3
# 6| v6_1(void) = NoOp :
# 3| v3_8(void) = ReturnVoid :
# 3| v3_9(void) = AliasedUse : m3_3
# 3| v3_10(void) = ExitFunction :

29
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -2742,4 +2742,33 @@ void test_postfix_crement(int *p, int q) {
int q2 = (int)(q++);
}
namespace std {
enum class _Order : signed char { __less = -1, __equiv = 0, __greater = 1 };
class strong_ordering {
explicit constexpr strong_ordering(_Order v) {}
public:
static const strong_ordering less;
static const strong_ordering equal;
static const strong_ordering equivalent;
static const strong_ordering greater;
};
inline constexpr strong_ordering strong_ordering::less(_Order::__less);
inline constexpr strong_ordering strong_ordering::equal(_Order::__equiv);
inline constexpr strong_ordering strong_ordering::equivalent(_Order::__equiv);
inline constexpr strong_ordering strong_ordering::greater(_Order::__greater);
}
class ThreeWay {
int x;
public:
std::strong_ordering operator<=>(ThreeWay &y) { return this->x <=> y.x; }
};
void test_three_way(int a, int b, ThreeWay c, ThreeWay d) {
auto x = a <=> b;
auto y = c <=> d;
}
// semmle-extractor-options: -std=c++20 --clang

128
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -18432,6 +18432,112 @@ ir.cpp:
# 2728| v2728_12(void) = AliasedUse : ~m?
# 2728| v2728_13(void) = ExitFunction :
# 2747| void std::strong_ordering::strong_ordering(std::strong_ordering&&)
# 2747| Block 0
# 2747| v2747_1(void) = EnterFunction :
# 2747| mu2747_2(unknown) = AliasedDefinition :
# 2747| mu2747_3(unknown) = InitializeNonLocal :
# 2747| r2747_4(glval<unknown>) = VariableAddress[#this] :
# 2747| mu2747_5(glval<strong_ordering>) = InitializeParameter[#this] : &:r2747_4
# 2747| r2747_6(glval<strong_ordering>) = Load[#this] : &:r2747_4, ~m?
# 2747| mu2747_7(strong_ordering) = InitializeIndirection[#this] : &:r2747_6
#-----| r0_1(glval<strong_ordering &&>) = VariableAddress[(unnamed parameter 0)] :
#-----| mu0_2(strong_ordering &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1
#-----| r0_3(strong_ordering &&) = Load[(unnamed parameter 0)] : &:r0_1, ~m?
#-----| mu0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3
# 2747| v2747_8(void) = NoOp :
# 2747| v2747_9(void) = ReturnIndirection[#this] : &:r2747_6, ~m?
#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, ~m?
# 2747| v2747_10(void) = ReturnVoid :
# 2747| v2747_11(void) = AliasedUse : ~m?
# 2747| v2747_12(void) = ExitFunction :
# 2748| void std::strong_ordering::strong_ordering(std::_Order)
# 2748| Block 0
# 2748| v2748_1(void) = EnterFunction :
# 2748| mu2748_2(unknown) = AliasedDefinition :
# 2748| mu2748_3(unknown) = InitializeNonLocal :
# 2748| r2748_4(glval<unknown>) = VariableAddress[#this] :
# 2748| mu2748_5(glval<strong_ordering>) = InitializeParameter[#this] : &:r2748_4
# 2748| r2748_6(glval<strong_ordering>) = Load[#this] : &:r2748_4, ~m?
# 2748| mu2748_7(strong_ordering) = InitializeIndirection[#this] : &:r2748_6
# 2748| r2748_8(glval<_Order>) = VariableAddress[v] :
# 2748| mu2748_9(_Order) = InitializeParameter[v] : &:r2748_8
# 2748| v2748_10(void) = NoOp :
# 2748| v2748_11(void) = ReturnIndirection[#this] : &:r2748_6, ~m?
# 2748| v2748_12(void) = ReturnVoid :
# 2748| v2748_13(void) = AliasedUse : ~m?
# 2748| v2748_14(void) = ExitFunction :
# 2766| std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
# 2766| Block 0
# 2766| v2766_1(void) = EnterFunction :
# 2766| mu2766_2(unknown) = AliasedDefinition :
# 2766| mu2766_3(unknown) = InitializeNonLocal :
# 2766| r2766_4(glval<unknown>) = VariableAddress[#this] :
# 2766| mu2766_5(glval<ThreeWay>) = InitializeParameter[#this] : &:r2766_4
# 2766| r2766_6(glval<ThreeWay>) = Load[#this] : &:r2766_4, ~m?
# 2766| mu2766_7(ThreeWay) = InitializeIndirection[#this] : &:r2766_6
# 2766| r2766_8(glval<ThreeWay &>) = VariableAddress[y] :
# 2766| mu2766_9(ThreeWay &) = InitializeParameter[y] : &:r2766_8
# 2766| r2766_10(ThreeWay &) = Load[y] : &:r2766_8, ~m?
# 2766| mu2766_11(unknown) = InitializeIndirection[y] : &:r2766_10
# 2766| r2766_12(glval<strong_ordering>) = VariableAddress[#return] :
# 2766| r2766_13(glval<unknown>) = VariableAddress[#this] :
# 2766| r2766_14(ThreeWay *) = Load[#this] : &:r2766_13, ~m?
# 2766| r2766_15(glval<int>) = FieldAddress[x] : r2766_14
# 2766| r2766_16(int) = Load[?] : &:r2766_15, ~m?
# 2766| r2766_17(glval<ThreeWay &>) = VariableAddress[y] :
# 2766| r2766_18(ThreeWay &) = Load[y] : &:r2766_17, ~m?
# 2766| r2766_19(glval<ThreeWay>) = CopyValue : r2766_18
# 2766| r2766_20(glval<int>) = FieldAddress[x] : r2766_19
# 2766| r2766_21(int) = Load[?] : &:r2766_20, ~m?
# 2766| r2766_22(strong_ordering) = Spaceship : r2766_16, r2766_21
# 2766| mu2766_23(strong_ordering) = Store[#return] : &:r2766_12, r2766_22
# 2766| v2766_24(void) = ReturnIndirection[#this] : &:r2766_6, ~m?
# 2766| v2766_25(void) = ReturnIndirection[y] : &:r2766_10, ~m?
# 2766| r2766_26(glval<strong_ordering>) = VariableAddress[#return] :
# 2766| v2766_27(void) = ReturnValue : &:r2766_26, ~m?
# 2766| v2766_28(void) = AliasedUse : ~m?
# 2766| v2766_29(void) = ExitFunction :
# 2769| void test_three_way(int, int, ThreeWay, ThreeWay)
# 2769| Block 0
# 2769| v2769_1(void) = EnterFunction :
# 2769| mu2769_2(unknown) = AliasedDefinition :
# 2769| mu2769_3(unknown) = InitializeNonLocal :
# 2769| r2769_4(glval<int>) = VariableAddress[a] :
# 2769| mu2769_5(int) = InitializeParameter[a] : &:r2769_4
# 2769| r2769_6(glval<int>) = VariableAddress[b] :
# 2769| mu2769_7(int) = InitializeParameter[b] : &:r2769_6
# 2769| r2769_8(glval<ThreeWay>) = VariableAddress[c] :
# 2769| mu2769_9(ThreeWay) = InitializeParameter[c] : &:r2769_8
# 2769| r2769_10(glval<ThreeWay>) = VariableAddress[d] :
# 2769| mu2769_11(ThreeWay) = InitializeParameter[d] : &:r2769_10
# 2770| r2770_1(glval<strong_ordering>) = VariableAddress[x] :
# 2770| r2770_2(glval<int>) = VariableAddress[a] :
# 2770| r2770_3(int) = Load[a] : &:r2770_2, ~m?
# 2770| r2770_4(glval<int>) = VariableAddress[b] :
# 2770| r2770_5(int) = Load[b] : &:r2770_4, ~m?
# 2770| r2770_6(strong_ordering) = Spaceship : r2770_3, r2770_5
# 2770| mu2770_7(strong_ordering) = Store[x] : &:r2770_1, r2770_6
# 2771| r2771_1(glval<strong_ordering>) = VariableAddress[y] :
# 2771| r2771_2(glval<ThreeWay>) = VariableAddress[c] :
# 2771| r2771_3(glval<unknown>) = FunctionAddress[operator<=>] :
# 2771| r2771_4(glval<ThreeWay>) = VariableAddress[d] :
# 2771| r2771_5(ThreeWay &) = CopyValue : r2771_4
# 2771| r2771_6(strong_ordering) = Call[operator<=>] : func:r2771_3, this:r2771_2, 0:r2771_5
# 2771| mu2771_7(unknown) = ^CallSideEffect : ~m?
# 2771| v2771_8(void) = ^IndirectReadSideEffect[-1] : &:r2771_2, ~m?
# 2771| v2771_9(void) = ^BufferReadSideEffect[0] : &:r2771_5, ~m?
# 2771| mu2771_10(ThreeWay) = ^IndirectMayWriteSideEffect[-1] : &:r2771_2
# 2771| mu2771_11(unknown) = ^BufferMayWriteSideEffect[0] : &:r2771_5
# 2771| mu2771_12(strong_ordering) = Store[y] : &:r2771_1, r2771_6
# 2772| v2772_1(void) = NoOp :
# 2769| v2769_12(void) = ReturnVoid :
# 2769| v2769_13(void) = AliasedUse : ~m?
# 2769| v2769_14(void) = ExitFunction :
ir23.cpp:
# 1| bool consteval_1()
# 1| Block 0
@@ -38102,3 +38208,25 @@ try_except.cpp:
# 54| v54_1(void) = NoOp :
# 44| v44_9(void) = ReturnVoid :
#-----| Goto -> Block 1
type_info_test.cpp:
# 3| void type_info_test(int)
# 3| Block 0
# 3| v3_1(void) = EnterFunction :
# 3| mu3_2(unknown) = AliasedDefinition :
# 3| mu3_3(unknown) = InitializeNonLocal :
# 3| r3_4(glval<int>) = VariableAddress[x] :
# 3| mu3_5(int) = InitializeParameter[x] : &:r3_4
# 4| r4_1(glval<type_info &>) = VariableAddress[t1] :
# 4| r4_2(glval<int>) = VariableAddress[x] :
# 4| r4_3(glval<type_info>) = TypeidExpr : r4_2
# 4| r4_4(type_info &) = CopyValue : r4_3
# 4| mu4_5(type_info &) = Store[t1] : &:r4_1, r4_4
# 5| r5_1(glval<type_info &>) = VariableAddress[t2] :
# 5| r5_2(glval<type_info>) = TypeidType :
# 5| r5_3(type_info &) = CopyValue : r5_2
# 5| mu5_4(type_info &) = Store[t2] : &:r5_1, r5_3
# 6| v6_1(void) = NoOp :
# 3| v3_6(void) = ReturnVoid :
# 3| v3_7(void) = AliasedUse : ~m?
# 3| v3_8(void) = ExitFunction :

8
cpp/ql/test/library-tests/ir/ir/type_info_test.cpp Normal file
View File

@@ -0,0 +1,8 @@
#include <typeinfo>
void type_info_test(int x) {
const std::type_info &t1 = typeid(x);
const std::type_info &t2 = typeid(int);
}
// semmle-extractor-options: -I.

5
cpp/ql/test/library-tests/ir/ir/typeinfo Normal file
View File

@@ -0,0 +1,5 @@
#pragma once
namespace std{
class type_info {};
}

5
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
View File

@@ -1,9 +1,6 @@
edges
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:25:2:25:4 | *a | provenance | |
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:30:9:30:14 | *access to array | provenance | |
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:123:2:123:12 | *... = ... | provenance | |
| consts.cpp:25:2:25:4 | *a | consts.cpp:26:2:26:4 | *{...} | provenance | |
| consts.cpp:26:2:26:4 | *{...} | consts.cpp:24:7:24:9 | **gv1 | provenance | |
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance | |
| consts.cpp:30:9:30:14 | *access to array | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance | |
@@ -38,8 +35,6 @@ edges
| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance | |
nodes
| consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 |
| consts.cpp:25:2:25:4 | *a | semmle.label | *a |
| consts.cpp:26:2:26:4 | *{...} | semmle.label | *{...} |
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray |
| consts.cpp:30:9:30:14 | *access to array | semmle.label | *access to array |
| consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument |

2
csharp/documentation/library-coverage/coverage.csv
View File

@@ -43,5 +43,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
System,54,47,12139,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5903,6236
System,54,47,12165,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5929,6236
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:log-injection sink:sql-injection source:commandargs source:database source:environment source:file source:file-write source:remote source:stdin source:windows-registry summary:taint summary:value
43 Newtonsoft.Json 91 73 18
44 ServiceStack 194 7 27 75 92 7
45 SourceGenerators 5 5
46 System 54 47 12139 12165 6 5 5 4 1 33 2 6 15 17 4 3 5903 5929 6236
47 Windows.Security.Cryptography.Core 1 1

4
csharp/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",47,12139,54,5
System,"``System.*``, ``System``",47,12165,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,159,4
Totals,,107,14403,407,9
Totals,,107,14429,407,9

6
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,6 +1,8 @@
## 5.1.10
## 5.2.0
No user-facing changes.
### New Features
* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
## 5.1.9

3
csharp/ql/lib/change-notes/released/5.1.10.md
View File

@@ -1,3 +0,0 @@
## 5.1.10
No user-facing changes.

5
csharp/ql/lib/change-notes/released/5.2.0.md Normal file
View File

@@ -0,0 +1,5 @@
## 5.2.0
### New Features
* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.1.10
lastReleaseVersion: 5.2.0

2
csharp/ql/lib/ext/System.IO.model.yml
View File

@@ -47,7 +47,7 @@ extensions:
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[])", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[])", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Boolean)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Int32,System.Int32,System.Boolean)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]

13
csharp/ql/lib/ext/System.Runtime.Serialization.model.yml Normal file
View File

@@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Runtime.Serialization", "SerializationInfo", False, "AddValue", "(System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System.Runtime.Serialization", "SerializationInfo", False, "AddValue", "(System.String,System.Object,System.Type)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetString", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetValue", "(System.String,System.Type)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
# Note that SerializationEntry hasn't been modeled yet, so the model below for get_Current will not in itself provide more flow.
- ["System.Runtime.Serialization", "SerializationInfoEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.Runtime.Serialization", "SerializationInfoEnumerator", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

14
csharp/ql/lib/ext/System.Text.model.yml
View File

@@ -3,18 +3,18 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char*,System.Int32,System.Byte*,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char*,System.Int32,System.Byte*,System.Int32)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>)", "", "Argument[0].Element", "Argument[1]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", False, "GetBytes", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte*,System.Int32,System.Char*,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0]", "Argument[3]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte*,System.Int32,System.Char*,System.Int32)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetChars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", False, "GetString", "(System.Byte*,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Text", "Encoding", True, "GetString", "(System.Byte[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]

19
csharp/ql/lib/ext/System.Xml.model.yml
View File

@@ -4,6 +4,25 @@ extensions:
extensible: summaryModel
data:
- ["System.Xml", "XmlAttributeCollection", False, "CopyTo", "(System.Xml.XmlAttribute[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[5]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[3]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[5]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[1]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[1]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[3]", "ReturnValue", "taint", "manual"]
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
- ["System.Xml", "XmlDocument", False, "Load", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.Xml", "XmlDocument", False, "Load", "(System.IO.TextReader)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.Xml", "XmlDocument", False, "Load", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.1.11-dev
version: 5.2.1-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

4
csharp/ql/lib/semmle/code/asp/WebConfig.qll
View File

@@ -8,14 +8,14 @@ import csharp
* A `Web.config` file.
*/
class WebConfigXml extends XmlFile {
WebConfigXml() { this.getName().matches("%Web.config") }
WebConfigXml() { this.getName().toLowerCase().matches("%web.config") }
}
/**
* A `Web.config` transformation file.
*/
class WebConfigReleaseTransformXml extends XmlFile {
WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") }
WebConfigReleaseTransformXml() { this.getName().toLowerCase().matches("%web.release.config") }
}
/** A `<configuration>` tag in an ASP.NET configuration file. */

3
csharp/ql/lib/semmle/code/csharp/Type.qll
View File

@@ -138,6 +138,9 @@ class ValueOrRefType extends Type, Attributable, @value_or_ref_type {
/** Gets an immediate subtype of this type, if any. */
ValueOrRefType getASubType() { result.getABaseType() = this }
/** Gets an immediate supertype of this type, if any. */
ValueOrRefType getASuperType() { this.getABaseType() = result }
/** Gets a member of this type, if any. */
Member getAMember() { result.getDeclaringType() = this }

5
csharp/ql/src/CHANGELOG.md
View File

@@ -2,8 +2,13 @@
### Minor Analysis Improvements
* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
### Bug Fixes
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
## 1.3.0
### Query Metadata Changes

5
csharp/ql/src/change-notes/released/1.3.1.md
View File

@@ -2,4 +2,9 @@
### Minor Analysis Improvements
* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
### Bug Fixes
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.

128
csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
View File

@@ -12371,7 +12371,7 @@ summary
| System.IO;MemoryStream;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
| System.IO;MemoryStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
| System.IO;MemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated |
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0];Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Boolean);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
@@ -17277,30 +17277,20 @@ summary
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this];taint;manual |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this];taint;manual |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.SByte);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Single);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;SerializationInfo;(System.Type,System.Runtime.Serialization.IFormatterConverter);Argument[1];Argument[this];taint;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Name;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationObjectManager;SerializationObjectManager;(System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated |
| System.Runtime.Serialization;StreamingContext;StreamingContext;(System.Runtime.Serialization.StreamingContextStates,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];value;dfc-generated |
| System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated |
@@ -18467,12 +18457,12 @@ summary
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.Boolean);Argument[2];Argument[this];taint;df-generated |
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated |
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated |
| System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
| System.Text;ASCIIEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;ASCIIEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;ASCIIEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;ASCIIEncoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;ASCIIEncoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;ASCIIEncoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
@@ -18501,18 +18491,18 @@ summary
| System.Text;Encoding;CreateTranscodingStream;(System.IO.Stream,System.Text.Encoding,System.Text.Encoding,System.Boolean);Argument[2];ReturnValue;taint;df-generated |
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[1];Argument[this];taint;df-generated |
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[2];Argument[this];taint;df-generated |
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[]);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
| System.Text;Encoding;GetBytes;(System.String);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
@@ -18703,37 +18693,37 @@ summary
| System.Text;StringRuneEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual |
| System.Text;StringRuneEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated |
| System.Text;StringRuneEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF7Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF7Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF7Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF7Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF7Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF7Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF7Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF7Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;UTF7Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF7Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF7Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF7Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF7Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
| System.Text;UTF8Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;UTF8Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF8Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF8Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF8Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF8Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF8Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF32Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;UTF32Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UTF32Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UTF32Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF32Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UTF32Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UnicodeEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;UnicodeEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;UnicodeEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;UnicodeEncoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UnicodeEncoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;UnicodeEncoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
@@ -20868,21 +20858,27 @@ summary
| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated |
| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated |
| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[5];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[1];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |

72
csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
View File

@@ -9208,7 +9208,7 @@
| System.IO;FileSystemWatcher;remove_Error;(System.IO.ErrorEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
| System.IO;FileSystemWatcher;remove_Renamed;(System.IO.RenamedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
| System.IO;MemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated |
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0];Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Boolean);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
@@ -13222,28 +13222,20 @@
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this];taint;manual |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this];taint;manual |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.SByte);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Single);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfo;SerializationInfo;(System.Type,System.Runtime.Serialization.IFormatterConverter);Argument[1];Argument[this];taint;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;df-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Name;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue;value;dfc-generated |
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this];ReturnValue;taint;manual |
| System.Runtime.Serialization;SerializationObjectManager;SerializationObjectManager;(System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated |
| System.Runtime.Serialization;StreamingContext;StreamingContext;(System.Runtime.Serialization.StreamingContextStates,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];value;dfc-generated |
| System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated |
@@ -14074,18 +14066,18 @@
| System.Text;Encoding;CreateTranscodingStream;(System.IO.Stream,System.Text.Encoding,System.Text.Encoding,System.Boolean);Argument[2];ReturnValue;taint;df-generated |
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[1];Argument[this];taint;df-generated |
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[2];Argument[this];taint;df-generated |
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[]);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
| System.Text;Encoding;GetBytes;(System.String);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
| System.Text;Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
| System.Text;Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
| System.Text;Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
@@ -16194,21 +16186,27 @@
| System.Xml;XmlDeclaration;XmlDeclaration;(System.String,System.String,System.String,System.Xml.XmlDocument);Argument[2];Argument[this];taint;df-generated |
| System.Xml;XmlDictionary;Add;(System.String);Argument[0];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated |
| System.Xml;XmlDictionary;Add;(System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[5];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[1];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;manual |
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
| System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |

6
csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegate.cs
View File

@@ -11,11 +11,11 @@ class DeserializedDelegate
{
var formatter = new BinaryFormatter();
// BAD
var a = (Func<int>)formatter.Deserialize(fs);
var a = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// BAD
var b = (Expression<Func<int>>)formatter.Deserialize(fs);
var b = (Expression<Func<int>>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// BAD
var c = (D)formatter.Deserialize(fs);
var c = (D)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
// GOOD
var d = (int)formatter.Deserialize(fs);
}

5
csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegate.qlref
View File

@@ -1 +1,4 @@
Security Features/CWE-502/DeserializedDelegate.ql
query: Security Features/CWE-502/DeserializedDelegate.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

2
csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/DeserializedDelegateBad.cs
View File

@@ -8,7 +8,7 @@ class Bad
{
var formatter = new BinaryFormatter();
// BAD
var f = (Func<int>)formatter.Deserialize(fs);
var f = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
return f();
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/BinaryFormatterBad.cs
View File

@@ -7,6 +7,6 @@ class BadBinaryFormatter
{
var ds = new BinaryFormatter();
// BAD
return ds.Deserialize(s);
return ds.Deserialize(s); // $ Alert[cs/unsafe-deserialization]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/DataContractJsonSerializerBad.cs
View File

@@ -8,6 +8,6 @@ class BadDataContractJsonSerializer
{
var ds = new DataContractJsonSerializer(type);
// BAD
return ds.ReadObject(s);
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/DataContractSerializerBad.cs
View File

@@ -8,6 +8,6 @@ class BadDataContractSerializer
{
var ds = new DataContractSerializer(type);
// BAD
return ds.ReadObject(s);
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/ResourceReaderBad.cs
View File

@@ -6,7 +6,7 @@ class BadResourceReader
{
public static void Deserialize(Stream s)
{
var ds = new ResourceReader(s);
var ds = new ResourceReader(s); // $ Alert[cs/unsafe-deserialization]
// BAD
var dict = ds.GetEnumerator();
while (dict.MoveNext())

5
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/UnsafeDeserialization.qlref
View File

@@ -1 +1,4 @@
Security Features/CWE-502/UnsafeDeserialization.ql
query: Security Features/CWE-502/UnsafeDeserialization.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/UnsafeDeserializationBad.cs
View File

@@ -6,6 +6,6 @@ class Bad
{
JavaScriptSerializer sr = new JavaScriptSerializer(new SimpleTypeResolver());
// BAD
return sr.DeserializeObject(s);
return sr.DeserializeObject(s); // $ Alert[cs/unsafe-deserialization]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/XmlObjectSerializerBad.cs
View File

@@ -8,6 +8,6 @@ class BadXmlObjectSerializer
{
XmlObjectSerializer ds = new DataContractSerializer(type);
// BAD
return ds.ReadObject(s);
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/XmlSerializerBad.cs
View File

@@ -8,6 +8,6 @@ class BadXmlSerializer
{
var ds = new XmlSerializer(type);
// BAD
return ds.Deserialize(s);
return ds.Deserialize(s); // $ Alert[cs/unsafe-deserialization]
}
}

19
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/BinaryFormatterUntrustedInputBad.cs
View File

@@ -1,14 +1,25 @@
using System.Web.UI.WebControls;
using System.Runtime.Serialization.Formatters.Binary;
using System;
using System.IO;
using System.Runtime.Serialization.Formatters.Binary;
using System.Text;
using System.Web.UI.WebControls;
class BadBinaryFormatter
class BadBinaryFormatter1
{
public static object Deserialize(TextBox textBox)
{
var ds = new BinaryFormatter();
// BAD
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(textBox.Text)));
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(textBox.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}
class BadBinaryFormatter2
{
public static object Deserialize(TextBox type, TextBox data)
{
var ds = new BinaryFormatter();
// BAD
return ds.Deserialize(new MemoryStream(Convert.FromBase64String(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/DataContractJsonSerializerUntrustedInputBad.cs
View File

@@ -10,6 +10,6 @@ class BadDataContractJsonSerializer
{
var ds = new DataContractJsonSerializer(Type.GetType(type.Text));
// BAD
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/DataContractSerializerUntrustedInputBad.cs
View File

@@ -10,6 +10,6 @@ class BadDataContractSerializer
{
var ds = new DataContractSerializer(Type.GetType(type.Text));
// BAD
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/ResourceReaderUntrustedInputBad.cs
View File

@@ -8,7 +8,7 @@ class BadResourceReader
{
public static void Deserialize(TextBox data)
{
var ds = new ResourceReader(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
var ds = new ResourceReader(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
// BAD
var dict = ds.GetEnumerator();
while (dict.MoveNext())

27
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected
View File

@@ -1,5 +1,6 @@
#select
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
| BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | User-provided data |
| BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | User-provided data |
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
@@ -7,9 +8,12 @@
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |
edges
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:3 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | provenance | MaD:1 |
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | provenance | MaD:3 |
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | provenance | MaD:1 |
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | provenance | MaD:3 |
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | provenance | MaD:4 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
@@ -27,14 +31,19 @@ edges
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 |
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 |
models
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual |
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0].Element; Argument[this]; taint; manual |
| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
| 4 | Summary: System; Convert; false; FromBase64String; (System.String); ; Argument[0]; ReturnValue.Element; taint; manual |
nodes
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | semmle.label | access to parameter textBox : TextBox |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | semmle.label | access to property Text : String |
| BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | semmle.label | access to parameter textBox : TextBox |
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | semmle.label | access to property Text : String |
| BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | semmle.label | call to method FromBase64String : Byte[] [element] : Object |
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | semmle.label | access to property Text : String |
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |

4
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.qlref
View File

@@ -1,2 +1,4 @@
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInputBad.cs
View File

@@ -7,6 +7,6 @@ class Bad
{
JavaScriptSerializer sr = new JavaScriptSerializer(new SimpleTypeResolver());
// BAD
return sr.DeserializeObject(textBox.Text);
return sr.DeserializeObject(textBox.Text); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/XmlObjectSerializerUntrustedInputBad.cs
View File

@@ -10,6 +10,6 @@ class BadXmlObjectSerializer
{
XmlObjectSerializer ds = new DataContractSerializer(Type.GetType(type.Text));
// BAD
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

2
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/XmlSerializerUntrustedInputBad.cs
View File

@@ -10,6 +10,6 @@ class BadXmlSerializer
{
var ds = new XmlSerializer(Type.GetType(type.Text));
// BAD
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
}
}

4
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/Test.cs
View File

@@ -14,9 +14,9 @@ class Test
public static object Deserialize2(TextBox data)
{
return JsonConvert.DeserializeObject(data.Text, new JsonSerializerSettings
return JsonConvert.DeserializeObject(data.Text, new JsonSerializerSettings // $ Alert[cs/unsafe-deserialization-untrusted-input]
{
TypeNameHandling = TypeNameHandling.Auto // BAD
TypeNameHandling = TypeNameHandling.Auto
});
}

4
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.qlref
View File

@@ -1,2 +1,4 @@
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

3
docs/query-metadata-style-guide.md
View File

@@ -157,7 +157,7 @@ Each code quality related query should have **one** of these two "top-level" cat
* `@tags maintainability`for queries that detect patterns that make it harder for developers to make changes to the code.
* `@tags reliability`for queries that detect issues that affect whether the code will perform as expected during execution.
In addition to the "top-level" categories, we will also add sub-categories to further group code quality related queries:
In addition to the "top-level" categories, we may also add sub-categories to further group code quality related queries:
* `@tags maintainability`for queries that detect patterns that make it harder for developers to make changes to the code.
* `@tags readability`for queries that detect confusing patterns that make it harder for developers to read the code.
@@ -171,6 +171,7 @@ In addition to the "top-level" categories, we will also add sub-categories to fu
* `@tags concurrency`-for queries that detect concurrency related issues such as race conditions, deadlocks, thread safety, etc
* `@tags error-handling`-for queries that detect issues related to unsafe error handling such as uncaught exceptions, etc
You may use sub-categories from both top-level categories on the same query. However, if you only use sub-categories from a single top-level category, then you must also tag the query with that top-level category.
There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags:

1
go/ql/lib/CHANGELOG.md
View File

@@ -7,6 +7,7 @@
### Minor Analysis Improvements
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
## 4.2.8

4
go/ql/lib/change-notes/2025-07-08-request-forgery-sinks.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.

1
go/ql/lib/change-notes/released/4.3.0.md
View File

@@ -7,4 +7,5 @@
### Minor Analysis Improvements
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.

6
go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll
View File

@@ -4,11 +4,11 @@
*/
private import go
private import DataFlowImplSpecific
private import DataFlowImplSpecific as Impl
private import TaintTrackingImplSpecific
private import codeql.dataflow.internal.DataFlowImplConsistency
private import semmle.go.dataflow.internal.DataFlowNodes
private module Input implements InputSig<Location, GoDataFlow> { }
private module Input implements InputSig<Location, Impl::GoDataFlow> { }
module Consistency = MakeConsistency<Location, GoDataFlow, GoTaintTracking, Input>;
module Consistency = MakeConsistency<Location, Impl::GoDataFlow, GoTaintTracking, Input>;

16
go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
View File

@@ -243,4 +243,20 @@ module TaintedPath {
override predicate checks(Expr e, boolean branch) { regexpFunctionChecksExpr(this, e, branch) }
}
/**
* A call of the form `filepath.IsLocal(path)` considered as a sanitizer guard for `path`.
*/
class IsLocalCheck extends SanitizerGuard, DataFlow::CallNode {
IsLocalCheck() {
exists(Function f |
f.hasQualifiedName("path/filepath", "IsLocal") and
this = f.getACall()
)
}
override predicate checks(Expr e, boolean branch) {
e = this.getArgument(0).asExpr() and branch = true
}
}
}

4
go/ql/src/CHANGELOG.md
View File

@@ -1,6 +1,8 @@
## 1.4.1
No user-facing changes.
### Minor Analysis Improvements
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.
## 1.4.0

4
go/ql/src/change-notes/released/1.4.1.md
View File

@@ -1,3 +1,5 @@
## 1.4.1
No user-facing changes.
### Minor Analysis Improvements
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.

6
go/ql/test/query-tests/Security/CWE-022/TaintedPath.go
View File

@@ -93,4 +93,10 @@ func handler(w http.ResponseWriter, r *http.Request) {
}
data, _ = ioutil.ReadFile(part.FileName())
// GOOD: An attempt has been made to prevent path traversal
if filepath.IsLocal(tainted_path) {
data, _ = ioutil.ReadFile(tainted_path)
w.Write(data)
}
}

576
java/documentation/library-coverage/coverage.csv
View File

@@ -1,284 +1,292 @@
package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:credentials-key,sink:credentials-password,sink:credentials-username,sink:encryption-iv,sink:encryption-salt,sink:environment-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:notification,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:url-forward,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:database,source:environment,source:file,source:remote,summary:taint,summary:value
actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
android.app,77,,103,,,,,,,,,,11,,,,,7,,,,,,,42,,,17,,,,,,,,,,,,,,,,,,,,,,,18,85
android.content,24,31,154,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,8,,,,,,,4,27,,,,,63,91
android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,,41,
android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
android.os,1,2,122,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,2,,,,,,41,81
android.support.v4.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
android.util,6,16,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
androidx.core.app,47,,95,,,,,,,,,,,,,,,,,,,,,,41,,,6,,,,,,,,,,,,,,,,,,,,,,,12,83
androidx.fragment.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,5,,,,,27,61
antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
ch.ethz.ssh2,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.alibaba.druid.sql,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,1,
com.alibaba.fastjson2,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.amazonaws.auth,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.auth0.jwt.algorithms,6,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.azure.identity,3,,,,,1,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,2,,8,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,8,
com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,,,63,24
com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
com.google.common.flogger,29,,,,,,,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.google.common.io,10,,73,,,,,,,,,1,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,,,,,,,,,,72,1
com.google.gson,,,52,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,38,14
com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
com.jcraft.jsch,5,,1,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,
com.microsoft.sqlserver.jdbc,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
com.mongodb,10,,,,,,4,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.opensymphony.xwork2,56,,961,,,,,,,,,,,,,,,,,,,,,,,56,,,,,,,,,,,,,,,,,,,,,,,,,867,94
com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
com.sshtools.j2ssh.authentication,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.crypto.provider,19,,,,,17,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.jndi.ldap,4,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.net.httpserver,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.net.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.rowset,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.auth.module,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.ntlm,5,,,,,,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.sasl.digest,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
com.trilead.ssh2,13,,,,,2,4,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
groovy.lang,26,,,,,,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.text,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.util,5,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
hudson,75,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,56,,,,,,,,,6,,,,,,,,,,,,,5,4,2572,76
io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,
io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,2,,
io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,,,,,13,143,116
io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
io.netty.util,2,,23,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,21,2
io.undertow.server.handlers.resource,1,,3,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,3,
jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,2,
jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,1,
jakarta.servlet,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,
jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,3
java.beans,,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,82,95
java.io,66,1,225,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,1,,202,23
java.lang,38,3,783,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,3,,,506,277
java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,3,248,99
java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,41,,,,,,,,,1,,,,,,,,,,,,,,,302,197
java.rmi,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,23
java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,298
java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,274,18
java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
java.util,48,2,1339,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,2,,,558,781
javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,7,
javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
javax.crypto,19,,114,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61,53
javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,138,166
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
javax.lang.model,,,277,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,217,60
javax.management,2,,766,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,363,403
javax.naming,7,,341,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,191,150
javax.net,4,,136,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,49
javax.portlet,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.print,2,,133,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,102,31
javax.rmi.ssl,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6
javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
javax.servlet,10,22,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,2,,,,,,,,,22,3,
javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
javax.sql,7,,126,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,58
javax.tools,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,62,4
javax.transaction.xa,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,2,,,,,,,,,94,55
javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
javax.xml.catalog,,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,1
javax.xml.crypto,,,269,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,172,97
javax.xml.datatype,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,1
javax.xml.namespace,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,10
javax.xml.parsers,,,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,2
javax.xml.stream,,,221,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,201,20
javax.xml.transform,2,,134,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,1,,,,,,,72,62
javax.xml.validation,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
javax.xml.xpath,3,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,26,
jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23
jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
kotlin,16,,1849,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,,,,,,1836,13
liquibase.database.jvm,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
liquibase.statement.core,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
net.lingala.zip4j,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,
net.schmizz.sshj,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,321,17
net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,
ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,
okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,23,27
org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,105,,,,,,,,,15,,,,,,,,,,,,,,,556,14
org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,
org.apache.commons.jexl2,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.lang,,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,596,171
org.apache.commons.lang3,6,,425,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,294,131
org.apache.commons.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.net,13,12,,,,,2,2,,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,,,,,12,,
org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,,,,,,,,,,,,,,,,
org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.configuration.jsse,2,,,,,,,,,,,,,,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,5,,,,,,,,,
org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,5,,,,,,,,,,,,,,,,
org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hadoop.fs,3,,11,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,11,
org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,
org.apache.hadoop.hive.ql.exec,1,,1,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hadoop.hive.ql.metadata,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,
org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hc.core5.http,73,2,45,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,,,,,2,45,
org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
org.apache.http,48,3,95,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,,,,,3,86,9
org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,57,
org.apache.ibatis.mapping,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.log4j,11,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,4
org.apache.shiro.authc,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.shiro.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.shiro.mgt,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.sshd.client.session,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,3,,,,,,,,,,,3839,34
org.apache.tools.ant,14,,,,1,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,
org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,
org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,,,
org.codehaus.groovy.control,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,,
org.eclipse.jetty.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,
org.gradle.api.file,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,
org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.jboss.logging,324,,,,,,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.jboss.vfs,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,
org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1
org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8
org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
org.keycloak.models.map.storage,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
org.kohsuke.stapler,20,24,363,,,,,,,,,,,,,2,,,,,,,,,,,9,,,,,,,,,3,,,,,1,5,,,,,,,,24,352,11
org.lastaflute.web,,1,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,4,
org.mvel2,16,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.pac4j.jwt.config.encryption,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.pac4j.jwt.config.signature,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.scijava.log,13,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.slf4j,55,,6,,,,,,,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4
org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.springframework.core.io,17,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,1,,,,,,,,,,,,,,,6,
org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,67,10
org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,
org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,
org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,
org.springframework.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.ldap,47,,,,,,,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.core.userdetails,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
org.springframework.util,10,,142,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,90,52
org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,12,
org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,2,
org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,13,24,
ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,
software.amazon.awssdk.transfer.s3.model,8,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,,,,,,
sun.jvmstat.perfdata.monitor.protocol.local,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.jvmstat.perfdata.monitor.protocol.rmi,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.misc,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.net.ftp,5,,,,,,2,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.net.www.protocol.http,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.acl,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.jgss.krb5,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.krb5,9,,,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.pkcs,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.pkcs11,3,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.provider,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.x509,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.tools.jconsole,28,,,,,,13,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:credentials-key,sink:credentials-password,sink:credentials-username,sink:encryption-iv,sink:encryption-salt,sink:environment-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:notification,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:unsafe-deserialization,sink:url-forward,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:database,source:environment,source:file,source:remote,summary:taint,summary:value
actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
android.app,77,,103,,,,,,,,,,11,,,,,7,,,,,,,42,,,17,,,,,,,,,,,,,,,,,,,,,,,,18,85
android.content,24,31,154,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,8,,,,,,,,4,27,,,,,63,91
android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,,,41,
android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
android.os,1,2,122,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,2,,,,,,41,81
android.support.v4.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
android.util,6,16,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
androidx.core.app,47,,95,,,,,,,,,,,,,,,,,,,,,,41,,,6,,,,,,,,,,,,,,,,,,,,,,,,12,83
androidx.fragment.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,5,,,,,27,61
antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
ch.ethz.ssh2,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.alibaba.com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
com.alibaba.druid.sql,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,1,
com.alibaba.fastjson2,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.amazonaws.auth,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.auth0.jwt.algorithms,6,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.azure.identity,3,,,,,1,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.caucho.burlap.io,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
com.cedarsoftware.util.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.esotericsoftware.yamlbeans,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,2,,8,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,8,
com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,,,,63,24
com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
com.google.common.flogger,29,,,,,,,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.google.common.io,10,,73,,,,,,,,,1,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,,,,,,,,,,,72,1
com.google.gson,,,52,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,38,14
com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
com.jcraft.jsch,5,,1,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,
com.microsoft.sqlserver.jdbc,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
com.mongodb,10,,,,,,4,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.opensymphony.xwork2,56,,961,,,,,,,,,,,,,,,,,,,,,,,56,,,,,,,,,,,,,,,,,,,,,,,,,,867,94
com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
com.sshtools.j2ssh.authentication,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.crypto.provider,19,,,,,17,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.jndi.ldap,4,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.net.httpserver,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.net.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.rowset,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.auth.module,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.ntlm,5,,,,,,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.sun.security.sasl.digest,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
com.trilead.ssh2,13,,,,,2,4,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,
groovy.lang,26,,,,,,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.text,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.util,5,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
hudson,75,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,56,,,,,,,,,6,,,,,,,,,,,,,,5,4,2572,76
io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,
io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,2,,
io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,,,,,,13,143,116
io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
io.netty.util,2,,23,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,21,2
io.undertow.server.handlers.resource,1,,3,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,3,
jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,2,
jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,1,
jakarta.servlet,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,
jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,3
java.beans,1,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,82,95
java.io,66,1,225,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,,1,,202,23
java.lang,38,3,783,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,,3,,,506,277
java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,,3,248,99
java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,41,,,,,,,,,1,,,,,,,,,,,,,,,,302,197
java.rmi,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,23
java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,298
java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,,1,,,,274,18
java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
java.util,48,2,1339,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,781
javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,7,
javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
javax.crypto,19,,114,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61,53
javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,138,166
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
javax.lang.model,,,277,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,217,60
javax.management,2,,766,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,363,403
javax.naming,7,,341,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,191,150
javax.net,4,,136,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,49
javax.portlet,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
javax.print,2,,133,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,102,31
javax.rmi.ssl,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6
javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
javax.servlet,10,22,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,,2,,,,,,,,,22,3,
javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
javax.sql,7,,126,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,58
javax.tools,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,62,4
javax.transaction.xa,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,2,,,,,,,,,94,55
javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
javax.xml.catalog,,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,1
javax.xml.crypto,,,269,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,172,97
javax.xml.datatype,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,1
javax.xml.namespace,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,10
javax.xml.parsers,,,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,2
javax.xml.stream,,,221,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,201,20
javax.xml.transform,2,,134,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,1,,,,,,,72,62
javax.xml.validation,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
javax.xml.xpath,3,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,26,
jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23
jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
kotlin,16,,1849,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,,,,,,,1836,13
liquibase.database.jvm,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
liquibase.statement.core,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
net.lingala.zip4j,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,
net.schmizz.sshj,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,321,17
net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,
ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,
okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,23,27
org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,105,,,,,,,,,15,,,,,,,,,,,,,,,,556,14
org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,
org.apache.commons.jexl2,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.lang,1,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,596,171
org.apache.commons.lang3,7,,425,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,1,,,,,,,,,,,294,131
org.apache.commons.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.net,13,12,,,,,2,2,,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,,,,,,12,,
org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,,,,,,,,,,,,,,,,,
org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.configuration.jsse,2,,,,,,,,,,,,,,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,5,,,,,,,,,
org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,5,,,,,,,,,,,,,,,,,
org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hadoop.fs,3,,11,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,11,
org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,
org.apache.hadoop.hive.ql.exec,1,,1,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hadoop.hive.ql.metadata,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,
org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,,
org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.hc.core5.http,73,2,45,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,,,,,,2,45,
org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
org.apache.http,48,3,95,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,,,,,,3,86,9
org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,57,
org.apache.ibatis.mapping,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.log4j,11,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,4
org.apache.shiro.authc,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.shiro.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.shiro.mgt,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.sshd.client.session,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,3,,,,,,,,,,,,3839,34
org.apache.tools.ant,14,,,,1,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,
org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,
org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,,,,
org.codehaus.groovy.control,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,,
org.eclipse.jetty.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
org.exolab.castor.xml,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,
org.gradle.api.file,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,
org.ho.yaml,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,
org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
org.jabsorb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
org.jboss.logging,324,,,,,,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.jboss.vfs,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,
org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1
org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8
org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
org.keycloak.models.map.storage,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
org.kohsuke.stapler,20,24,363,,,,,,,,,,,,,2,,,,,,,,,,,9,,,,,,,,,3,,,,,,1,5,,,,,,,,24,352,11
org.lastaflute.web,,1,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,4,
org.mvel2,16,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.pac4j.jwt.config.encryption,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.pac4j.jwt.config.signature,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.scijava.log,13,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.slf4j,55,,6,,,,,,,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4
org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.springframework.core.io,17,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,1,,,,,,,,,,,,,,,,6,
org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,67,10
org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,
org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,
org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,
org.springframework.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.ldap,47,,,,,,,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.core.userdetails,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
org.springframework.util,10,,142,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,,90,52
org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,12,
org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,2,
org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,13,24,
ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,
software.amazon.awssdk.transfer.s3.model,8,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.jvmstat.perfdata.monitor.protocol.local,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.jvmstat.perfdata.monitor.protocol.rmi,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.misc,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.net.ftp,5,,,,,,2,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.net.www.protocol.http,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.acl,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.jgss.krb5,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.krb5,9,,,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.pkcs,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.pkcs11,3,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.provider,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.security.x509,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
sun.tools.jconsole,28,,,,,,13,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
1 package sink source summary sink:bean-validation sink:command-injection sink:credentials-key sink:credentials-password sink:credentials-username sink:encryption-iv sink:encryption-salt sink:environment-injection sink:file-content-store sink:fragment-injection sink:groovy-injection sink:hostname-verification sink:html-injection sink:information-leak sink:intent-redirection sink:jexl-injection sink:jndi-injection sink:js-injection sink:ldap-injection sink:log-injection sink:mvel-injection sink:notification sink:ognl-injection sink:path-injection sink:pending-intents sink:regex-use sink:regex-use[-1] sink:regex-use[0] sink:regex-use[] sink:regex-use[f-1] sink:regex-use[f1] sink:regex-use[f] sink:request-forgery sink:response-splitting sink:sql-injection sink:template-injection sink:trust-boundary-violation sink:unsafe-deserialization sink:url-forward sink:url-redirection sink:xpath-injection sink:xslt-injection source:android-external-storage-dir source:contentprovider source:database source:environment source:file source:remote summary:taint summary:value
2 actions.osgi 6 6
3 android.app 77 103 11 7 42 17 18 85
4 android.content 24 31 154 16 8 4 27 63 91
5 android.database 59 41 59 41
6 android.net 60 45 15
7 android.os 1 2 122 1 2 41 81
8 android.support.v4.app 11 11
9 android.util 6 16 6 16
10 android.webkit 3 2 2 1 2
11 android.widget 1 1 1 1
12 androidx.core.app 47 95 41 6 12 83
13 androidx.fragment.app 11 11
14 androidx.slice 2 5 88 2 5 27 61
15 antlr 1 1
16 ch.ethz.ssh2 2 1 1
17 cn.hutool.core.codec 1 1
18 com.alibaba.druid.sql com.alibaba.com.caucho.hessian.io 1 2 1 1 2 1
19 com.alibaba.fastjson2 com.alibaba.druid.sql 1 1 1 1
20 com.amazonaws.auth com.alibaba.fastjson2 2 1 2 1
21 com.auth0.jwt.algorithms com.amazonaws.auth 6 2 6 2
22 com.azure.identity com.auth0.jwt.algorithms 3 6 1 6 1 1
23 com.esotericsoftware.kryo.io com.azure.identity 3 1 1 1 1 1
24 com.esotericsoftware.kryo5.io com.caucho.burlap.io 1 1 1 1
25 com.fasterxml.jackson.core com.caucho.hessian.io 2 1 2 1
26 com.fasterxml.jackson.databind com.cedarsoftware.util.io 2 8 2 2 8
27 com.google.common.base com.esotericsoftware.kryo.io 4 87 1 3 1 63 1 24
28 com.google.common.cache com.esotericsoftware.kryo5.io 17 1 1 17
29 com.google.common.collect com.esotericsoftware.yamlbeans 1 553 1 2 551
30 com.google.common.flogger com.fasterxml.jackson.core 29 1 29 1
31 com.google.common.io com.fasterxml.jackson.databind 10 2 73 8 1 9 2 72 8 1
32 com.google.gson com.google.common.base 4 52 87 3 1 38 63 14 24
33 com.hubspot.jinjava com.google.common.cache 2 17 2 17
34 com.jcraft.jsch com.google.common.collect 5 1 553 2 2 1 1 2 551
35 com.microsoft.sqlserver.jdbc com.google.common.flogger 4 29 2 2 29
36 com.mitchellbosecke.pebble com.google.common.io 2 10 73 1 9 2 72 1
37 com.mongodb com.google.gson 10 52 4 6 38 14
38 com.opensymphony.xwork2 com.hubspot.jinjava 56 2 961 56 2 867 94
39 com.rabbitmq.client com.jcraft.jsch 5 21 7 1 2 2 1 21 7 1
40 com.sshtools.j2ssh.authentication com.microsoft.sqlserver.jdbc 3 4 1 2 2
41 com.sun.crypto.provider com.mitchellbosecke.pebble 19 2 17 2 2
42 com.sun.jndi.ldap com.mongodb 4 10 4 4 6
43 com.sun.net.httpserver com.opensymphony.xwork2 3 56 961 1 2 56 867 94
44 com.sun.net.ssl com.rabbitmq.client 3 21 7 3 21 7
45 com.sun.rowset com.sshtools.j2ssh.authentication 3 2 1 1 2
46 com.sun.security.auth.module com.sun.crypto.provider 2 19 17 2
47 com.sun.security.ntlm com.sun.jndi.ldap 5 4 3 2 4
48 com.sun.security.sasl.digest com.sun.net.httpserver 3 2 1 1 2
49 com.thoughtworks.xstream com.sun.net.ssl 1 3 3 1
50 com.trilead.ssh2 com.sun.rowset 13 3 2 4 2 7 1
51 com.unboundid.ldap.sdk com.sun.security.auth.module 17 2 2 17
52 com.zaxxer.hikari com.sun.security.ntlm 2 5 3 2 2
53 flexjson com.sun.security.sasl.digest 3 1 2 1 1
54 freemarker.cache com.thoughtworks.xstream 1 1 1
55 freemarker.template com.trilead.ssh2 7 13 2 4 7 7
56 groovy.lang com.unboundid.ldap.sdk 26 17 26 17
57 groovy.text com.zaxxer.hikari 1 2 1 2
58 groovy.util flexjson 5 1 5 1
59 hudson freemarker.cache 75 1 9 2648 4 3 2 4 56 6 1 5 4 2572 76
60 io.jsonwebtoken freemarker.template 7 2 4 7 2 4
61 io.netty.bootstrap groovy.lang 3 26 26 3
62 io.netty.buffer groovy.text 1 207 1 130 77
63 io.netty.channel groovy.util 9 5 2 5 9 2
64 io.netty.handler.codec hudson 4 75 13 9 259 2648 4 3 2 4 1 56 3 6 5 13 4 143 2572 116 76
65 io.netty.handler.ssl io.jsonwebtoken 4 2 4 4 2 4
66 io.netty.handler.stream io.netty.bootstrap 1 3 1 3
67 io.netty.resolver io.netty.buffer 1 207 1 130 77
68 io.netty.util io.netty.channel 2 9 2 23 1 1 9 2 21 2
69 io.undertow.server.handlers.resource io.netty.handler.codec 1 4 13 3 259 1 3 13 3 143 116
70 jakarta.activation io.netty.handler.ssl 2 4 2 1 4 1 2
71 jakarta.faces.context io.netty.handler.stream 4 1 7 2 2 1 7
72 jakarta.json io.netty.resolver 123 1 100 1 23
73 jakarta.persistence io.netty.util 2 1 23 1 1 2 1 21 2
74 jakarta.servlet io.undertow.server.handlers.resource 2 1 1 3 1 2 1 3
75 jakarta.ws.rs.client jakarta.activation 1 2 2 1 1 2
76 jakarta.ws.rs.container jakarta.faces.context 4 9 7 2 2 9 7
77 jakarta.ws.rs.core jakarta.json 2 149 123 2 94 100 55 23
78 jakarta.xml.bind.attachment jakarta.persistence 2 2 1 2 2 1
79 java.applet jakarta.servlet 2 1 11 2 1 11
80 java.awt jakarta.ws.rs.client 1 3 1 1 3
81 java.beans jakarta.ws.rs.container 9 177 9 82 95
82 java.io jakarta.ws.rs.core 66 2 1 225 149 22 44 2 1 202 94 23 55
83 java.lang jakarta.xml.bind.attachment 38 3 2 783 13 1 8 11 4 1 3 2 506 277
84 java.math java.applet 9 11 11 9
85 java.net java.awt 23 1 3 347 3 1 1 21 1 3 248 99 3
86 java.nio java.beans 47 1 499 177 5 41 1 1 302 82 197 95
87 java.rmi java.io 66 1 68 225 22 44 1 45 202 23
88 java.security java.lang 21 38 3 583 783 13 11 10 1 8 11 4 1 3 285 506 298 277
89 java.sql java.math 15 1 292 9 1 1 4 9 1 274 18 9
90 java.text java.net 23 3 154 347 1 1 21 3 72 248 82 99
91 java.time java.nio 47 131 499 5 41 1 27 302 104 197
92 java.util java.rmi 48 2 1339 68 1 34 3 5 2 1 2 2 558 45 781 23
93 javafx.scene.web java.security 1 21 583 11 10 1 285 298
94 javax.accessibility java.sql 15 1 63 292 1 1 4 9 1 28 274 35 18
95 javax.activation java.text 2 7 154 1 1 7 72 82
96 javax.annotation.processing java.time 28 131 25 27 3 104
97 javax.crypto java.util 19 48 2 114 1339 12 3 2 2 1 34 3 5 2 1 2 2 61 558 53 781
98 javax.faces.context javafx.scene.web 4 1 7 2 2 1 7
99 javax.imageio javax.accessibility 1 304 63 1 138 28 166 35
100 javax.jms javax.activation 2 9 57 7 1 1 9 57 7
101 javax.json javax.annotation.processing 123 28 100 25 23 3
102 javax.lang.model javax.crypto 19 277 114 12 3 2 2 217 61 60 53
103 javax.management javax.faces.context 2 4 7 766 2 2 2 7 363 403
104 javax.naming javax.imageio 7 1 341 304 6 1 1 191 138 150 166
105 javax.net javax.jms 4 9 136 57 2 2 9 87 57 49
106 javax.portlet javax.json 1 123 1 100 23
107 javax.print javax.lang.model 2 133 277 2 102 217 31 60
108 javax.rmi.ssl javax.management 2 6 766 2 363 6 403
109 javax.script javax.naming 1 7 50 341 6 1 1 14 191 36 150
110 javax.security.auth javax.net 7 4 147 136 4 3 2 2 50 87 97 49
111 javax.security.cert javax.portlet 1 5 1 5
112 javax.security.sasl javax.print 2 49 133 2 42 102 7 31
113 javax.servlet javax.rmi.ssl 10 22 3 6 1 2 3 2 2 22 3 6
114 javax.smartcardio javax.script 1 34 50 1 24 14 10 36
115 javax.sound.midi javax.security.auth 7 60 147 4 3 51 50 9 97
116 javax.sound.sampled javax.security.cert 90 5 53 5 37
117 javax.sql javax.security.sasl 7 126 49 4 3 68 42 58 7
118 javax.tools javax.servlet 10 22 66 3 1 2 3 2 2 22 62 3 4
119 javax.transaction.xa javax.smartcardio 1 34 1 24 10
120 javax.validation javax.sound.midi 1 1 60 1 1 51 9
121 javax.ws.rs.client javax.sound.sampled 1 90 1 53 37
122 javax.ws.rs.container javax.sql 7 9 126 4 3 9 68 58
123 javax.ws.rs.core javax.tools 3 149 66 1 2 94 62 55 4
124 javax.xml.bind.attachment javax.transaction.xa 2 1 2 1
125 javax.xml.catalog javax.validation 1 1 12 1 1 11 1
126 javax.xml.crypto javax.ws.rs.client 1 269 1 172 97
127 javax.xml.datatype javax.ws.rs.container 9 6 9 5 1
128 javax.xml.namespace javax.ws.rs.core 3 15 149 1 2 5 94 10 55
129 javax.xml.parsers javax.xml.bind.attachment 2 37 2 35 2
130 javax.xml.stream javax.xml.catalog 221 12 201 11 20 1
131 javax.xml.transform javax.xml.crypto 2 134 269 1 1 72 172 62 97
132 javax.xml.validation javax.xml.datatype 29 6 29 5 1
133 javax.xml.xpath javax.xml.namespace 3 26 15 3 26 5 10
134 jenkins javax.xml.parsers 523 37 500 35 23 2
135 jodd.json javax.xml.stream 10 221 201 10 20
136 kotlin javax.xml.transform 16 2 1849 134 14 1 2 1 1836 72 13 62
137 liquibase.database.jvm javax.xml.validation 1 29 1 29
138 liquibase.statement.core javax.xml.xpath 1 3 26 1 3 26
139 net.lingala.zip4j jenkins 2 523 2 500 23
140 net.schmizz.sshj jodd.json 4 10 2 2 10
141 net.sf.json kotlin 2 16 338 1849 14 2 321 1836 17 13
142 net.sf.saxon.s9api liquibase.database.jvm 5 1 1 5
143 ognl liquibase.statement.core 6 1 6 1
144 okhttp3 net.lingala.zip4j 4 2 50 2 4 23 27
145 org.acegisecurity net.schmizz.sshj 4 49 2 2 49
146 org.antlr.runtime net.sf.json 1 2 338 1 2 321 17
147 org.apache.commons.codec net.sf.saxon.s9api 5 6 5 6
148 org.apache.commons.collections ognl 6 800 6 17 783
149 org.apache.commons.collections4 okhttp3 4 800 50 4 17 23 783 27
150 org.apache.commons.compress.archivers.tar org.acegisecurity 4 49 4 49
151 org.apache.commons.exec org.antlr.runtime 10 1 6 4 1
152 org.apache.commons.httpclient.util org.apache.commons.codec 1 6 1 6
153 org.apache.commons.io org.apache.commons.collections 124 570 800 4 105 15 556 17 14 783
154 org.apache.commons.jelly org.apache.commons.collections4 6 800 6 17 783
155 org.apache.commons.jexl2 org.apache.commons.compress.archivers.tar 15 4 15 4
156 org.apache.commons.jexl3 org.apache.commons.exec 15 10 6 4 15
157 org.apache.commons.lang org.apache.commons.httpclient.util 767 1 596 1 171
158 org.apache.commons.lang3 org.apache.commons.io 6 124 425 570 4 105 6 15 294 556 131 14
159 org.apache.commons.logging org.apache.commons.jelly 6 6 6
160 org.apache.commons.net org.apache.commons.jexl2 13 15 12 2 2 15 3 6 12
161 org.apache.commons.ognl org.apache.commons.jexl3 6 15 15 6
162 org.apache.commons.text org.apache.commons.lang 1 272 767 1 220 596 52 171
163 org.apache.cxf.catalog org.apache.commons.lang3 1 7 425 6 1 1 294 131
164 org.apache.cxf.common.classloader org.apache.commons.logging 3 6 6 1 2
165 org.apache.cxf.common.jaxb org.apache.commons.net 1 13 12 2 2 1 3 6 12
166 org.apache.cxf.common.logging org.apache.commons.ognl 6 6 6
167 org.apache.cxf.configuration.jsse org.apache.commons.text 2 272 1 1 220 52
168 org.apache.cxf.helpers org.apache.cxf.catalog 10 1 5 1 5
169 org.apache.cxf.resource org.apache.cxf.common.classloader 9 3 4 1 5 2
170 org.apache.cxf.staxutils org.apache.cxf.common.jaxb 1 1
171 org.apache.cxf.tools.corba.utils org.apache.cxf.common.logging 4 6 6 4
172 org.apache.cxf.tools.util org.apache.cxf.configuration.jsse 10 2 1 10 1
173 org.apache.cxf.transform org.apache.cxf.helpers 3 10 5 5 3
174 org.apache.directory.ldap.client.api org.apache.cxf.resource 1 9 1 4 5
175 org.apache.hadoop.fs org.apache.cxf.staxutils 3 1 11 3 1 11
176 org.apache.hadoop.hive.metastore org.apache.cxf.tools.corba.utils 3 4 4 3
177 org.apache.hadoop.hive.ql.exec org.apache.cxf.tools.util 1 10 1 1 10 1
178 org.apache.hadoop.hive.ql.metadata org.apache.cxf.transform 1 3 1 3
179 org.apache.hc.client5.http.async.methods org.apache.directory.ldap.client.api 84 1 1 84
180 org.apache.hc.client5.http.classic.methods org.apache.hadoop.fs 37 3 11 3 37 11
181 org.apache.hc.client5.http.fluent org.apache.hadoop.hive.metastore 19 3 19 3
182 org.apache.hc.core5.benchmark org.apache.hadoop.hive.ql.exec 1 1 1 1 1
183 org.apache.hc.core5.function org.apache.hadoop.hive.ql.metadata 1 1 1 1
184 org.apache.hc.core5.http org.apache.hc.client5.http.async.methods 73 84 2 45 1 72 84 2 45
185 org.apache.hc.core5.net org.apache.hc.client5.http.classic.methods 37 18 37 18
186 org.apache.hc.core5.util org.apache.hc.client5.http.fluent 19 24 19 18 6
187 org.apache.hive.hcatalog.templeton org.apache.hc.core5.benchmark 1 1 1
188 org.apache.http org.apache.hc.core5.function 48 3 95 1 2 46 3 86 1 9
189 org.apache.ibatis.jdbc org.apache.hc.core5.http 6 73 2 57 45 1 72 6 2 57 45
190 org.apache.ibatis.mapping org.apache.hc.core5.net 1 18 1 18
191 org.apache.log4j org.apache.hc.core5.util 11 24 11 18 6
192 org.apache.logging.log4j org.apache.hive.hcatalog.templeton 359 1 8 359 1 4 4
193 org.apache.shiro.authc org.apache.http 48 1 3 95 2 46 1 3 86 9
194 org.apache.shiro.codec org.apache.ibatis.jdbc 6 1 57 6 1 57
195 org.apache.shiro.jndi org.apache.ibatis.mapping 1 1 1 1
196 org.apache.shiro.mgt org.apache.log4j 1 11 1 11
197 org.apache.sshd.client.session org.apache.logging.log4j 3 359 8 1 2 359 4 4
198 org.apache.struts.beanvalidation.validation.interceptor org.apache.shiro.authc 1 4 1 4
199 org.apache.struts2 org.apache.shiro.codec 14 3873 1 11 3 3839 1 34
200 org.apache.tools.ant org.apache.shiro.jndi 14 1 1 1 13
201 org.apache.tools.zip org.apache.shiro.mgt 1 1 1 1
202 org.apache.velocity.app org.apache.sshd.client.session 4 3 1 2 4
203 org.apache.velocity.runtime org.apache.struts.beanvalidation.validation.interceptor 4 4 4 4
204 org.codehaus.cargo.container.installer org.apache.struts2 3 14 3873 11 2 1 3 3839 34
205 org.codehaus.groovy.control org.apache.tools.ant 1 14 1 1 13
206 org.dom4j org.apache.tools.zip 20 1 20 1
207 org.eclipse.jetty.client org.apache.velocity.app 2 4 2 4
208 org.fusesource.leveldbjni org.apache.velocity.runtime 1 4 1 4
209 org.geogebra.web.full.main org.codehaus.cargo.container.installer 1 3 2 1 1
210 org.gradle.api.file org.codehaus.groovy.control 1 3 1 3
211 org.hibernate org.dom4j 7 20 7 20
212 org.influxdb org.eclipse.jetty.client 1 2 1 2
213 org.jboss.logging org.exolab.castor.xml 324 1 324 1
214 org.jboss.vfs org.fusesource.leveldbjni 1 1
215 org.jdbi.v3.core org.geogebra.web.full.main 6 1 6 1
216 org.jenkins.ui.icon org.gradle.api.file 49 3 48 3 1
217 org.jenkins.ui.symbol org.hibernate 7 33 7 25 8
218 org.jooq org.ho.yaml 1 8 1 8
219 org.json org.influxdb 1 236 1 198 38
220 org.keycloak.models.map.storage org.jabsorb 1 1 1
221 org.kohsuke.stapler org.jboss.logging 20 324 24 363 2 324 9 3 1 5 24 352 11
222 org.lastaflute.web org.jboss.vfs 1 1 4 1 1 4
223 org.mvel2 org.jdbi.v3.core 16 6 16 6
224 org.openjdk.jmh.runner.options org.jenkins.ui.icon 1 49 1 48 1
225 org.owasp.esapi org.jenkins.ui.symbol 1 33 1 25 8
226 org.pac4j.jwt.config.encryption org.jooq 4 1 4 1
227 org.pac4j.jwt.config.signature org.json 4 236 4 198 38
228 org.scijava.log org.keycloak.models.map.storage 13 1 13 1
229 org.slf4j org.kohsuke.stapler 55 20 24 6 363 2 55 9 3 1 5 24 2 352 4 11
230 org.springframework.beans org.lastaflute.web 1 30 4 1 4 30
231 org.springframework.boot.jdbc org.mvel2 1 16 16 1
232 org.springframework.cache org.openjdk.jmh.runner.options 1 13 1 13
233 org.springframework.context org.owasp.esapi 3 1 3 1
234 org.springframework.core.io org.pac4j.jwt.config.encryption 17 4 6 4 16 1 6
235 org.springframework.data.repository org.pac4j.jwt.config.signature 4 1 4 1
236 org.springframework.http org.scijava.log 14 13 77 13 14 67 10
237 org.springframework.jdbc.core org.slf4j 19 55 6 55 19 2 4
238 org.springframework.jdbc.datasource org.springframework.beans 4 30 4 30
239 org.springframework.jdbc.object org.springframework.boot.jdbc 9 1 1 9
240 org.springframework.jndi org.springframework.cache 1 13 1 13
241 org.springframework.ldap org.springframework.context 47 3 33 14 3
242 org.springframework.security.core.userdetails org.springframework.core.io 2 17 6 1 1 16 1 6
243 org.springframework.security.web.savedrequest org.springframework.data.repository 6 1 6 1
244 org.springframework.ui org.springframework.http 14 32 77 14 67 32 10
245 org.springframework.util org.springframework.jdbc.core 10 19 142 10 19 90 52
246 org.springframework.validation org.springframework.jdbc.datasource 4 13 4 13
247 org.springframework.web.client org.springframework.jdbc.object 13 9 3 13 9 3
248 org.springframework.web.context.request org.springframework.jndi 1 8 1 8
249 org.springframework.web.multipart org.springframework.ldap 47 12 12 33 14 12 12
250 org.springframework.web.portlet org.springframework.security.core.userdetails 2 1 1 2
251 org.springframework.web.reactive.function.client org.springframework.security.web.savedrequest 2 6 2 6
252 org.springframework.web.servlet org.springframework.ui 2 32 2 32
253 org.springframework.web.util org.springframework.util 10 9 157 142 10 9 132 90 25 52
254 org.thymeleaf org.springframework.validation 2 2 13 2 2 13
255 org.xml.sax org.springframework.web.client 13 3 1 13 3 1
256 org.xmlpull.v1 org.springframework.web.context.request 3 8 3 8
257 org.yaml.snakeyaml org.springframework.web.multipart 12 1 12 12 1 12
258 play.libs.ws org.springframework.web.portlet 2 2 2
259 play.mvc org.springframework.web.reactive.function.client 1 2 13 24 2 1 13 24
260 ratpack.core.form org.springframework.web.servlet 2 3 2 3
261 ratpack.core.handling org.springframework.web.util 6 9 4 157 6 9 4 132 25
262 ratpack.core.http org.thymeleaf 2 10 10 2 2 10 10 2
263 ratpack.exec org.xml.sax 48 1 1 48
264 ratpack.form org.xmlpull.v1 3 3 3 3
265 ratpack.func org.yaml.snakeyaml 35 1 1 35
266 ratpack.handling play.libs.ws 2 6 4 2 6 4
267 ratpack.http play.mvc 1 10 13 10 24 1 10 13 10 24
268 ratpack.util ratpack.core.form 35 3 3 35
269 retrofit2 ratpack.core.handling 1 6 1 4 1 6 1 4
270 software.amazon.awssdk.transfer.s3.model ratpack.core.http 8 10 10 8 10 10
271 sun.jvmstat.perfdata.monitor.protocol.local ratpack.exec 3 48 3 48
272 sun.jvmstat.perfdata.monitor.protocol.rmi ratpack.form 1 3 1 3
273 sun.misc ratpack.func 3 35 3 35
274 sun.net.ftp ratpack.handling 5 6 4 2 3 6 4
275 sun.net.www.protocol.http ratpack.http 3 10 10 2 1 10 10
276 sun.security.acl ratpack.util 1 35 1 35
277 sun.security.jgss.krb5 retrofit2 2 1 1 2 1 1
278 sun.security.krb5 software.amazon.awssdk.transfer.s3.model 9 8 3 6 8
279 sun.security.pkcs sun.jvmstat.perfdata.monitor.protocol.local 4 3 4 3
280 sun.security.pkcs11 sun.jvmstat.perfdata.monitor.protocol.rmi 3 1 1 2 1
281 sun.security.provider sun.misc 2 3 2 3
282 sun.security.ssl sun.net.ftp 3 5 3 2 3
283 sun.security.x509 sun.net.www.protocol.http 1 3 1 2 1
284 sun.tools.jconsole sun.security.acl 28 1 13 15 1
285 sun.security.jgss.krb5 2 2
286 sun.security.krb5 9 3 6
287 sun.security.pkcs 4 4
288 sun.security.pkcs11 3 1 2
289 sun.security.provider 2 2
290 sun.security.ssl 3 3
291 sun.security.x509 1 1
292 sun.tools.jconsole 28 13 15

8
java/documentation/library-coverage/coverage.rst
View File

@@ -11,17 +11,17 @@ Java framework & library support
Android extensions,``androidx.*``,5,183,60,,,,,,
`Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,
`Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,570,124,105,,,,,15
`Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,425,6,,,,,,
`Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,425,7,,,,,,
`Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,
`Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,183,122,,3,,,,119
`Apache Log4j 2 <https://logging.apache.org/log4j/2.0/>`_,``org.apache.logging.log4j``,,8,359,,,,,,
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
JBoss Logging,``org.jboss.logging``,,,324,,,,,,
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
Java Standard Library,``java.*``,10,4621,259,99,,9,,,26
Java Standard Library,``java.*``,10,4621,260,99,,9,,,26
Java extensions,"``javax.*``, ``jakarta.*``",69,4159,90,10,4,2,1,1,4
Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
`Spring <https://spring.io/>`_,``org.springframework.*``,38,486,143,26,,28,14,,35
Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",133,10525,908,140,6,22,18,,208
Totals,,312,26328,2635,404,16,128,33,1,409
Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",133,10525,927,140,6,22,18,,208
Totals,,312,26328,2656,404,16,128,33,1,409

2
java/kotlin-extractor/dev/wrapper.py
View File

@@ -27,7 +27,7 @@ import shutil
import io
import os
DEFAULT_VERSION = "2.1.20"
DEFAULT_VERSION = "2.2.0"
def options():

5
java/ql/integration-tests/kotlin/linux/custom_plugin/plugin/BUILD.bazel
View File

@@ -17,7 +17,10 @@ kt_jvm_library(
srcs = ["Plugin.kt"],
kotlinc_opts = ":kotlinc-options",
module_name = "test",
resource_strip_prefix = "%s/resources" % package_name(),
resource_strip_prefix = "../%s/%s/resources" % (
repo_name(),
package_name(),
),
resources = glob(["resources/**"]),
deps = [
"@kotlin-compiler-%s" % _version,

15
java/ql/integration-tests/kotlin/linux/custom_plugin/test.py → java/ql/integration-tests/kotlin/linux/custom_plugin/test.py-disabled
View File

@@ -3,6 +3,8 @@ import runs_on
import commands
# This test is temporarily disabled until it is updated to work with Kotlin 2.2
@runs_on.linux
def test(codeql, java_full, cwd, semmle_code_dir, test_dir):
build_dir = cwd / "build"
@@ -10,20 +12,15 @@ def test(codeql, java_full, cwd, semmle_code_dir, test_dir):
commands.run(
[
f"{semmle_code_dir}/tools/bazel",
f"--output_user_root={build_dir}",
"--max_idle_secs=1",
"build",
"//java/ql/integration-tests/kotlin/linux/custom_plugin/plugin",
"--spawn_strategy=local",
"--nouse_action_cache",
"--noremote_accept_cached",
"--noremote_upload_local_results",
f'--symlink_prefix={cwd / "bazel-"}',
"@codeql//java/ql/integration-tests/kotlin/linux/custom_plugin/plugin",
],
_cwd=test_dir,
_cwd=semmle_code_dir,
_env={"CODEQL_BAZEL_REMOTE_CACHE": "false"},
)
shutil.copy(
"bazel-bin/java/ql/integration-tests/kotlin/linux/custom_plugin/plugin/plugin.jar",
f"{semmle_code_dir}/bazel-bin/external/ql+/java/ql/integration-tests/kotlin/linux/custom_plugin/plugin/plugin.jar",
"plugin.jar",
)
codeql.database.create(

18
java/ql/lib/CHANGELOG.md
View File

@@ -1,6 +1,20 @@
## 7.3.3
## 7.4.0
No user-facing changes.
### Deprecated APIs
* The module `semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
* The module `semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
* The classes `UnsafeHessianInputReadObjectMethod` and `BurlapInputReadObjectMethod` in the module `semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
* The class `YamlBeansReaderReadMethod` in the module `semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
* The class `MethodApacheSerializationUtilsDeserialize` in the module `semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
### New Features
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks which do not require extra logic to determine if they are unsafe are now defined in this way.
### Minor Analysis Improvements
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.
## 7.3.2

4
java/ql/lib/change-notes/2025-07-11-unsafe-deserialization-extra-sink.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.

3
java/ql/lib/change-notes/released/7.3.3.md
View File

@@ -1,3 +0,0 @@
## 7.3.3
No user-facing changes.

17
java/ql/lib/change-notes/released/7.4.0.md Normal file
View File

@@ -0,0 +1,17 @@
## 7.4.0
### Deprecated APIs
* The module `semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
* The module `semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
* The classes `UnsafeHessianInputReadObjectMethod` and `BurlapInputReadObjectMethod` in the module `semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
* The class `YamlBeansReaderReadMethod` in the module `semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
* The class `MethodApacheSerializationUtilsDeserialize` in the module `semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
### New Features
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks that do not require extra logic to determine if they are unsafe are now defined in this way.
### Minor Analysis Improvements
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.3.3
lastReleaseVersion: 7.4.0

7
java/ql/lib/ext/com.alibaba.com.caucho.hessian.io.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.alibaba.com.caucho.hessian.io", "AbstractHessianInput", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]
- ["com.alibaba.com.caucho.hessian.io", "Hessian2StreamingInput", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]

6
java/ql/lib/ext/com.caucho.burlap.io.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.caucho.burlap.io", "BurlapInput", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]

7
java/ql/lib/ext/com.caucho.hessian.io.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.caucho.hessian.io", "AbstractHessianInput", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]
- ["com.caucho.hessian.io", "Hessian2StreamingInput", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]

7
java/ql/lib/ext/com.cedarsoftware.util.io.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.cedarsoftware.util.io", "JsonReader", False, "jsonToJava", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["com.cedarsoftware.util.io", "JsonReader", True, "readObject", "", "", "Argument[this]", "unsafe-deserialization", "manual"]

6
java/ql/lib/ext/com.esotericsoftware.yamlbeans.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.esotericsoftware.yamlbeans", "YamlReader", True, "read", "", "", "Argument[this]", "unsafe-deserialization", "manual"]

5
java/ql/lib/ext/java.beans.model.yml
View File

@@ -13,3 +13,8 @@ extensions:
- ["java.beans", "PropertyEditor", "getValue", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- ["java.beans", "PropertyEditor", "setAsText", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- ["java.beans", "PropertyEditor", "setValue", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["java.beans", "XMLDecoder", True, "readObject", "()", "", "Argument[this]", "unsafe-deserialization", "manual"]

5
java/ql/lib/ext/org.apache.commons.lang.model.yml
View File

@@ -5,3 +5,8 @@ extensions:
data:
- ["org.apache.commons.lang", "StringEscapeUtils", true, "escapeHtml", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.apache.commons.lang", "StringEscapeUtils", true, "escapeHtml", "(Writer,String)", "", "Argument[1]", "Argument[0]", "taint", "manual"]
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.apache.commons.lang", "SerializationUtils", False, "deserialize", "", "", "Argument[0]", "unsafe-deserialization", "manual"]

1
java/ql/lib/ext/org.apache.commons.lang3.model.yml
View File

@@ -3,6 +3,7 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.apache.commons.lang3", "SerializationUtils", False, "deserialize", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
# Note these sinks do not use the sink kind `regex-use[0]` because the regex injection query needs to select them separately from
# other `regex-use[0]` sinks in order to avoid FPs. As a result, these sinks are currently not used in the polynomial ReDoS query.
# TODO: refactor the `regex-use%` sink kind so that the polynomial ReDoS query can also use these sinks.

6
java/ql/lib/ext/org.exolab.castor.xml.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.exolab.castor.xml", "Unmarshaller", True, "unmarshal", "", "", "Argument[0..1]", "unsafe-deserialization", "manual"]

13
java/ql/lib/ext/org.ho.yaml.model.yml Normal file
View File

@@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.ho.yaml", "Yaml", False, "load", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "Yaml", False, "loadStream", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "Yaml", False, "loadStreamOfType", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "Yaml", False, "loadType", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "YamlConfig", False, "load", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "YamlConfig", False, "loadStream", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "YamlConfig", False, "loadStreamOfType", "", "", "Argument[0]", "unsafe-deserialization", "manual"]
- ["org.ho.yaml", "YamlConfig", False, "loadType", "", "", "Argument[0]", "unsafe-deserialization", "manual"]

6
java/ql/lib/ext/org.jabsorb.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.jabsorb", "JSONSerializer", True, "fromJSON", "", "", "Argument[0]", "unsafe-deserialization", "manual"]

Some files were not shown because too many files have changed in this diff Show More