Merge pull request #5686 from smowton/haby0/JsonHijacking

Java: JSONP Injection w/cleanups

java/ql/test/stubs/fastjson-1.2.74/com/alibaba/fastjson/JSON.java

@@ -26,6 +26,10 @@ import com.alibaba.fastjson.parser.*;
 import com.alibaba.fastjson.parser.deserializer.ParseProcess;
 
 public abstract class JSON {
+    public static String toJSONString(Object object) {
+        return null;
+    }
+
     public static Object parse(String text) {
         return null;
     }

java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java

@@ -0,0 +1,7 @@
+package com.google.gson;
+
+public final class Gson {
+    public String toJson(Object src) {
+        return null;
+    }
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/core/annotation/AliasFor.java

@@ -0,0 +1,21 @@
+package org.springframework.core.annotation;
+
+import java.lang.annotation.Annotation;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD})
+@Documented
+public @interface AliasFor {
+    @AliasFor("attribute")
+    String value() default "";
+
+    @AliasFor("value")
+    String attribute() default "";
+ 
+    Class<? extends Annotation> annotation() default Annotation.class;
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/stereotype/Controller.java

@@ -1,9 +1,15 @@
 package org.springframework.stereotype;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 
-@Target(value=ElementType.TYPE)
-@Retention(value=RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
 @Documented
 @Component
-public @interface Controller { }
+public @interface Controller {
+    String value() default "";
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/GetMapping.java

@@ -0,0 +1,51 @@
+package org.springframework.web.bind.annotation;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.springframework.core.annotation.AliasFor;
+
+@Target({ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@RequestMapping(
+    method = {RequestMethod.GET}
+)
+public @interface GetMapping {
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String name() default "";
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] value() default {};
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] path() default {};
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] params() default {};
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] headers() default {};
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] consumes() default {};
+
+    @AliasFor(
+        annotation = RequestMapping.class
+    )
+    String[] produces() default {};
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/Mapping.java

@@ -0,0 +1,4 @@
+package org.springframework.web.bind.annotation;
+
+public @interface Mapping {
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestMapping.java

@@ -1,11 +1,32 @@
 package org.springframework.web.bind.annotation;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.springframework.core.annotation.AliasFor;
 
 @Target(value={ElementType.METHOD,ElementType.TYPE})
 @Retention(value=RetentionPolicy.RUNTIME)
 @Documented
+@Mapping
 public @interface RequestMapping {
+    String name() default "";
+
+    @AliasFor("path")
+    String[] value() default {};
+
+    @AliasFor("value")
+    String[] path() default {};
 
     RequestMethod[] method() default {};
+
+    String[] params() default {};
+
+    String[] headers() default {};
+
+    String[] consumes() default {};
+
+    String[] produces() default {};
 }

java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestParam.java

@@ -1,8 +1,23 @@
 package org.springframework.web.bind.annotation;
 
-import java.lang.annotation.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.springframework.core.annotation.AliasFor;
 
-@Target(value=ElementType.PARAMETER)
-@Retention(value=RetentionPolicy.RUNTIME)
+@Target({ElementType.PARAMETER})
+@Retention(RetentionPolicy.RUNTIME)
 @Documented
-public @interface RequestParam { }
+public @interface RequestParam {
+    @AliasFor("name")
+    String value() default "";
+
+    @AliasFor("value")
+    String name() default "";
+
+    boolean required() default true;
+
+    String defaultValue() default "\n\t\t\n\t\t\n\ue000\ue001\ue002\n\t\t\t\t\n";
+}

java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/ResponseBody.java

@@ -0,0 +1,13 @@
+package org.springframework.web.bind.annotation;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface ResponseBody {
+}