hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

patch upper-case acronyms to be PascalCase

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-03-11 11:10:33 +01:00
parent e3a15792fa
commit 69353bb014
422 changed files with 3532 additions and 2244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/semmle/code/java/Expr.qll
View File

@@ -1668,7 +1668,10 @@ class LValue extends VarAccess {
* (such as (`+=`), both the RHS and the LHS of the compound assignment
* are source expressions of the assignment.
*/
Expr getRHS() { exists(Assignment e | e.getDest() = this and e.getSource() = result) }
Expr getRhs() { exists(Assignment e | e.getDest() = this and e.getSource() = result) }
/** DEPRECATED: Alias for getRhs */
deprecated Expr getRHS() { result = getRhs() }
}
/**

27
java/ql/lib/semmle/code/java/dataflow/SSA.qll
View File

@@ -920,7 +920,7 @@ class SsaVariable extends TSsaVariable {
}
/** Gets the `ControlFlowNode` at which this SSA variable is defined. */
ControlFlowNode getCFGNode() {
ControlFlowNode getCfgNode() {
this = TSsaPhiNode(_, result) or
this = TSsaCertainUpdate(_, result, _, _) or
this = TSsaUncertainUpdate(_, result, _, _) or
@@ -928,14 +928,17 @@ class SsaVariable extends TSsaVariable {
this = TSsaUntracked(_, result)
}
/** DEPRECATED: Alias for getCfgNode */
deprecated ControlFlowNode getCFGNode() { result = getCfgNode() }
/** Gets a textual representation of this SSA variable. */
string toString() { none() }
/** Gets the source location for this element. */
Location getLocation() { result = this.getCFGNode().getLocation() }
Location getLocation() { result = this.getCfgNode().getLocation() }
/** Gets the `BasicBlock` in which this SSA variable is defined. */
BasicBlock getBasicBlock() { result = this.getCFGNode().getBasicBlock() }
BasicBlock getBasicBlock() { result = this.getCfgNode().getBasicBlock() }
/** Gets an access of this SSA variable. */
RValue getAUse() {
@@ -990,7 +993,7 @@ class SsaUpdate extends SsaVariable {
class SsaExplicitUpdate extends SsaUpdate, TSsaCertainUpdate {
SsaExplicitUpdate() {
exists(VariableUpdate upd |
upd = this.getCFGNode() and getDestVar(upd) = this.getSourceVariable()
upd = this.getCfgNode() and getDestVar(upd) = this.getSourceVariable()
)
}
@@ -998,7 +1001,7 @@ class SsaExplicitUpdate extends SsaUpdate, TSsaCertainUpdate {
/** Gets the `VariableUpdate` defining the SSA variable. */
VariableUpdate getDefiningExpr() {
result = this.getCFGNode() and getDestVar(result) = this.getSourceVariable()
result = this.getCfgNode() and getDestVar(result) = this.getSourceVariable()
}
}
@@ -1018,10 +1021,10 @@ class SsaImplicitUpdate extends SsaUpdate {
private string getKind() {
this = TSsaUntracked(_, _) and result = "untracked"
or
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _) and
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCfgNode(), _, _) and
result = "explicit qualifier"
or
if uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _)
if uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCfgNode(), _, _)
then
if exists(this.getANonLocalUpdate())
then result = "nonlocal + nonlocal qualifier"
@@ -1038,7 +1041,7 @@ class SsaImplicitUpdate extends SsaUpdate {
exists(SsaSourceField f, Callable setter |
f = this.getSourceVariable() and
relevantFieldUpdate(setter, f.getField(), result) and
updatesNamedField(this.getCFGNode(), f, setter)
updatesNamedField(this.getCfgNode(), f, setter)
)
}
@@ -1051,8 +1054,8 @@ class SsaImplicitUpdate extends SsaUpdate {
*/
predicate assignsUnknownValue() {
this = TSsaUntracked(_, _) or
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _) or
uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCFGNode(), _, _)
certainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCfgNode(), _, _) or
uncertainVariableUpdate(this.getSourceVariable().getQualifier(), this.getCfgNode(), _, _)
}
}
@@ -1086,7 +1089,7 @@ class SsaImplicitInit extends SsaVariable, TSsaEntryDef {
*/
predicate isParameterDefinition(Parameter p) {
this.getSourceVariable() = TLocalVar(p.getCallable(), p) and
p.getCallable().getBody() = this.getCFGNode()
p.getCallable().getBody() = this.getCfgNode()
}
}
@@ -1098,7 +1101,7 @@ class SsaPhiNode extends SsaVariable, TSsaPhiNode {
SsaVariable getAPhiInput() {
exists(BasicBlock phiPred, TrackedVar v |
v = this.getSourceVariable() and
this.getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
this.getCfgNode().(BasicBlock).getABBPredecessor() = phiPred and
ssaDefReachesEndOfBlock(v, result, phiPred)
)
}

17
java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
View File

@@ -476,18 +476,21 @@ class BaseSsaVariable extends TBaseSsaVariable {
}
/** Gets the `ControlFlowNode` at which this SSA variable is defined. */
ControlFlowNode getCFGNode() {
ControlFlowNode getCfgNode() {
this = TSsaPhiNode(_, result) or
this = TSsaUpdate(_, result, _, _) or
this = TSsaEntryDef(_, result)
}
/** DEPRECATED: Alias for getCfgNode */
deprecated ControlFlowNode getCFGNode() { result = getCfgNode() }
string toString() { none() }
Location getLocation() { result = this.getCFGNode().getLocation() }
Location getLocation() { result = this.getCfgNode().getLocation() }
/** Gets the `BasicBlock` in which this SSA variable is defined. */
BasicBlock getBasicBlock() { result = this.getCFGNode().getBasicBlock() }
BasicBlock getBasicBlock() { result = this.getCfgNode().getBasicBlock() }
/** Gets an access of this SSA variable. */
RValue getAUse() { ssaDefReachesUse(_, this, result) }
@@ -533,7 +536,7 @@ class BaseSsaVariable extends TBaseSsaVariable {
class BaseSsaUpdate extends BaseSsaVariable, TSsaUpdate {
BaseSsaUpdate() {
exists(VariableUpdate upd |
upd = this.getCFGNode() and getDestVar(upd) = this.getSourceVariable()
upd = this.getCfgNode() and getDestVar(upd) = this.getSourceVariable()
)
}
@@ -541,7 +544,7 @@ class BaseSsaUpdate extends BaseSsaVariable, TSsaUpdate {
/** Gets the `VariableUpdate` defining the SSA variable. */
VariableUpdate getDefiningExpr() {
result = this.getCFGNode() and getDestVar(result) = this.getSourceVariable()
result = this.getCfgNode() and getDestVar(result) = this.getSourceVariable()
}
}
@@ -562,7 +565,7 @@ class BaseSsaImplicitInit extends BaseSsaVariable, TSsaEntryDef {
*/
predicate isParameterDefinition(Parameter p) {
this.getSourceVariable() = TLocalVar(p.getCallable(), p) and
p.getCallable().getBody() = this.getCFGNode()
p.getCallable().getBody() = this.getCfgNode()
}
}
@@ -574,7 +577,7 @@ class BaseSsaPhiNode extends BaseSsaVariable, TSsaPhiNode {
BaseSsaVariable getAPhiInput() {
exists(BasicBlock phiPred, BaseSsaSourceVariable v |
v = this.getSourceVariable() and
this.getCFGNode().(BasicBlock).getABBPredecessor() = phiPred and
this.getCfgNode().(BasicBlock).getABBPredecessor() = phiPred and
ssaDefReachesEndOfBlock(v, result, phiPred)
)
}

2
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -196,7 +196,7 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) {
exists(FieldWrite fw |
c = "" and
fw.getField() = mid.asElement() and
n.asNode().asExpr() = fw.getRHS()
n.asNode().asExpr() = fw.getRhs()
)
}

7
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -427,8 +427,8 @@ class PersistenceCallbackMethod extends CallableEntryPoint {
* A source class which is referred to by fully qualified name in the value of an arbitrary XML
* attribute which has a name containing "className" or "ClassName".
*/
class ArbitraryXMLEntryPoint extends ReflectivelyConstructedClass {
ArbitraryXMLEntryPoint() {
class ArbitraryXmlEntryPoint extends ReflectivelyConstructedClass {
ArbitraryXmlEntryPoint() {
this.fromSource() and
exists(XMLAttribute attribute |
attribute.getName() = "className" or
@@ -446,6 +446,9 @@ class ArbitraryXMLEntryPoint extends ReflectivelyConstructedClass {
}
}
/** DEPRECATED: Alias for ArbitraryXmlEntryPoint */
deprecated class ArbitraryXMLEntryPoint = ArbitraryXmlEntryPoint;
/** A Selenium PageObject, created by a call to PageFactory.initElements(..). */
class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass {
SeleniumPageObjectEntryPoint() { this instanceof SeleniumPageObject }

2
java/ql/lib/semmle/code/java/deadcode/SpringEntryPoints.qll
View File

@@ -13,7 +13,7 @@ class SpringInjectionCallableEntryPoint extends CallableEntryPoint {
this instanceof SpringBeanReflectivelyConstructed or
// A setter method specified in the context.
this instanceof SpringBeanPropertySetterMethod or
exists(this.(SpringBeanXMLAutowiredSetterMethod).getInjectedBean()) or
exists(this.(SpringBeanXmlAutowiredSetterMethod).getInjectedBean()) or
this instanceof SpringBeanAutowiredCallable
}
}

8
java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
View File

@@ -14,7 +14,7 @@ class ServletConstructedClass extends ReflectivelyConstructedClass {
// referred to as a servlet-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all `Servlet` classes as live.
(
isWebXMLIncluded()
isWebXmlIncluded()
implies
exists(WebServletClass servletClass | this = servletClass.getClass())
)
@@ -29,12 +29,12 @@ class ServletConstructedClass extends ReflectivelyConstructedClass {
*/
class ServletListenerClass extends ReflectivelyConstructedClass {
ServletListenerClass() {
this.getAnAncestor() instanceof ServletWebXMLListenerType and
this.getAnAncestor() instanceof ServletWebXmlListenerType and
// If we have seen any `web.xml` files, this listener will be considered to be live only if it is
// referred to as a listener-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all listener classes as live.
(
isWebXMLIncluded()
isWebXmlIncluded()
implies
exists(WebListenerClass listenerClass | this = listenerClass.getClass())
)
@@ -51,7 +51,7 @@ class ServletFilterClass extends ReflectivelyConstructedClass {
// If we have seen any `web.xml` files, this filter will be considered to be live only if it is
// referred to as a filter-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all filter classes as live.
(isWebXMLIncluded() implies exists(WebFilterClass filterClass | this = filterClass.getClass()))
(isWebXmlIncluded() implies exists(WebFilterClass filterClass | this = filterClass.getClass()))
}
}

10
java/ql/lib/semmle/code/java/frameworks/Camel.qll
View File

@@ -12,7 +12,7 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations
*/
class CamelToURI extends string {
CamelToURI() {
exists(SpringCamelXMLToElement toXMLElement | this = toXMLElement.getURI()) or
exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getURI()) or
exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getURI())
}
}
@@ -56,17 +56,17 @@ class CamelToBeanURI extends CamelToURI {
*/
class CamelTargetClass extends Class {
CamelTargetClass() {
exists(SpringCamelXMLBeanRef camelXMLBeanRef |
exists(SpringCamelXmlBeanRef camelXmlBeanRef |
// A target may be defined by referencing an existing Spring Bean.
this = camelXMLBeanRef.getRefBean().getClass()
this = camelXmlBeanRef.getRefBean().getClass()
or
// A target may be defined by referencing a class, which Apache Camel will create into a bean.
this = camelXMLBeanRef.getBeanType()
this = camelXmlBeanRef.getBeanType()
)
or
exists(CamelToBeanURI toBeanURI | this = toBeanURI.getRefBean().getClass())
or
exists(SpringCamelXMLMethodElement xmlMethod |
exists(SpringCamelXmlMethodElement xmlMethod |
this = xmlMethod.getRefBean().getClass() or
this = xmlMethod.getBeanType()
)

11
java/ql/lib/semmle/code/java/frameworks/Networking.qll
View File

@@ -4,7 +4,7 @@
import semmle.code.java.Type
/** The type `java.net.URLConnection`. */
/** The type `java.net.UrlConnection`. */
class TypeUrlConnection extends RefType {
TypeUrlConnection() { this.hasQualifiedName("java.net", "URLConnection") }
}
@@ -29,15 +29,18 @@ class TypeUri extends RefType {
TypeUri() { this.hasQualifiedName("java.net", "URI") }
}
/** The method `java.net.URLConnection::getInputStream`. */
class URLConnectionGetInputStreamMethod extends Method {
URLConnectionGetInputStreamMethod() {
/** The method `java.net.UrlConnection::getInputStream`. */
class UrlConnectionGetInputStreamMethod extends Method {
UrlConnectionGetInputStreamMethod() {
this.getDeclaringType() instanceof TypeUrlConnection and
this.hasName("getInputStream") and
this.hasNoParameters()
}
}
/** DEPRECATED: Alias for UrlConnectionGetInputStreamMethod */
deprecated class URLConnectionGetInputStreamMethod = UrlConnectionGetInputStreamMethod;
/** The method `java.net.Socket::getInputStream`. */
class SocketGetInputStreamMethod extends Method {
SocketGetInputStreamMethod() {

14
java/ql/lib/semmle/code/java/frameworks/Servlets.qll
View File

@@ -120,14 +120,17 @@ library class HttpServletRequestGetHeaderNamesMethod extends Method {
/**
* The method `getRequestURL()` declared in `javax.servlet.http.HttpServletRequest`.
*/
class HttpServletRequestGetRequestURLMethod extends Method {
HttpServletRequestGetRequestURLMethod() {
class HttpServletRequestGetRequestUrlMethod extends Method {
HttpServletRequestGetRequestUrlMethod() {
this.getDeclaringType() instanceof HttpServletRequest and
this.hasName("getRequestURL") and
this.getNumberOfParameters() = 0
}
}
/** DEPRECATED: Alias for HttpServletRequestGetRequestUrlMethod */
deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRequestUrlMethod;
/**
* The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`.
*/
@@ -318,8 +321,8 @@ class ServletClass extends Class {
* Note: There are a number of other listener interfaces in the `javax.servlet` package that cannot
* be configured in `web.xml` and therefore are not covered by this class.
*/
class ServletWebXMLListenerType extends RefType {
ServletWebXMLListenerType() {
class ServletWebXmlListenerType extends RefType {
ServletWebXmlListenerType() {
this.hasQualifiedName("javax.servlet", "ServletContextAttributeListener") or
this.hasQualifiedName("javax.servlet", "ServletContextListener") or
this.hasQualifiedName("javax.servlet", "ServletRequestAttributeListener") or
@@ -333,6 +336,9 @@ class ServletWebXMLListenerType extends RefType {
}
}
/** DEPRECATED: Alias for ServletWebXmlListenerType */
deprecated class ServletWebXMLListenerType = ServletWebXmlListenerType;
/** Holds if `m` is a request handler method (for example `doGet` or `doPost`). */
predicate isServletRequestMethod(Method m) {
m.getDeclaringType() instanceof ServletClass and

36
java/ql/lib/semmle/code/java/frameworks/UnboundId.qll
View File

@@ -25,12 +25,15 @@ class TypeUnboundIdLdapFilter extends Class {
}
/** The class `com.unboundid.ldap.sdk.LDAPConnection`. */
class TypeUnboundIdLDAPConnection extends Class {
TypeUnboundIdLDAPConnection() {
class TypeUnboundIdLdapConnection extends Class {
TypeUnboundIdLdapConnection() {
this.hasQualifiedName("com.unboundid.ldap.sdk", "LDAPConnection")
}
}
/** DEPRECATED: Alias for TypeUnboundIdLdapConnection */
deprecated class TypeUnboundIdLDAPConnection = TypeUnboundIdLdapConnection;
/*--- Methods ---*/
/** A method with the name `setBaseDN` declared in `com.unboundid.ldap.sdk.SearchRequest`. */
class MethodUnboundIdSearchRequestSetBaseDN extends Method {
@@ -89,25 +92,36 @@ class MethodUnboundIdFilterSimplifyFilter extends Method {
}
/** A method with the name `search` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionSearch extends Method {
MethodUnboundIdLDAPConnectionSearch() {
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
class MethodUnboundIdLdapConnectionSearch extends Method {
MethodUnboundIdLdapConnectionSearch() {
this.getDeclaringType() instanceof TypeUnboundIdLdapConnection and
this.hasName("search")
}
}
/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearch */
deprecated class MethodUnboundIdLDAPConnectionSearch = MethodUnboundIdLdapConnectionSearch;
/** A method with the name `asyncSearch` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionAsyncSearch extends Method {
MethodUnboundIdLDAPConnectionAsyncSearch() {
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
class MethodUnboundIdLdapConnectionAsyncSearch extends Method {
MethodUnboundIdLdapConnectionAsyncSearch() {
this.getDeclaringType() instanceof TypeUnboundIdLdapConnection and
this.hasName("asyncSearch")
}
}
/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionAsyncSearch */
deprecated class MethodUnboundIdLDAPConnectionAsyncSearch =
MethodUnboundIdLdapConnectionAsyncSearch;
/** A method with the name `searchForEntry` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
class MethodUnboundIdLDAPConnectionSearchForEntry extends Method {
MethodUnboundIdLDAPConnectionSearchForEntry() {
this.getDeclaringType() instanceof TypeUnboundIdLDAPConnection and
class MethodUnboundIdLdapConnectionSearchForEntry extends Method {
MethodUnboundIdLdapConnectionSearchForEntry() {
this.getDeclaringType() instanceof TypeUnboundIdLdapConnection and
this.hasName("searchForEntry")
}
}
/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearchForEntry */
deprecated class MethodUnboundIdLDAPConnectionSearchForEntry =
MethodUnboundIdLdapConnectionSearchForEntry;

2
java/ql/lib/semmle/code/java/frameworks/gwt/GwtXml.qll
View File

@@ -5,7 +5,7 @@ import semmle.code.xml.XML
/**
* Holds if any `*.gwt.xml` files are included in this snapshot.
*/
predicate isGwtXmlIncluded() { exists(GwtXmlFile webXML) }
predicate isGwtXmlIncluded() { exists(GwtXmlFile webXml) }
/** A GWT module XML file with a `.gwt.xml` suffix. */
class GwtXmlFile extends XMLFile {

6
java/ql/lib/semmle/code/java/frameworks/jOOQ.qll
View File

@@ -10,8 +10,8 @@ import semmle.code.java.dataflow.ExternalFlow
* and is prone to SQL injection.
* https://www.jooq.org/doc/current/manual/sql-building/plain-sql/
*/
private class PlainSQLType extends Annotation {
PlainSQLType() { this.getType().hasQualifiedName("org.jooq", "PlainSQL") }
private class PlainSqlType extends Annotation {
PlainSqlType() { this.getType().hasQualifiedName("org.jooq", "PlainSQL") }
}
/**
@@ -19,7 +19,7 @@ private class PlainSQLType extends Annotation {
* first argument.
*/
predicate jOOQSqlMethod(Method m) {
m.getAnAnnotation() instanceof PlainSQLType and
m.getAnAnnotation() instanceof PlainSqlType and
m.getParameterType(0) instanceof TypeString
}

11
java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
View File

@@ -14,14 +14,17 @@ private import semmle.code.java.dataflow.ExternalFlow
/**
* A `@com.fasterxml.jackson.annotation.JsonIgnore` annoation.
*/
class JacksonJSONIgnoreAnnotation extends NonReflectiveAnnotation {
JacksonJSONIgnoreAnnotation() {
class JacksonJsonIgnoreAnnotation extends NonReflectiveAnnotation {
JacksonJsonIgnoreAnnotation() {
exists(AnnotationType anntp | anntp = this.getType() |
anntp.hasQualifiedName("com.fasterxml.jackson.annotation", "JsonIgnore")
)
}
}
/** DEPRECATED: Alias for JacksonJsonIgnoreAnnotation */
deprecated class JacksonJSONIgnoreAnnotation = JacksonJsonIgnoreAnnotation;
/** A type whose values may be serialized using the Jackson JSON framework. */
abstract class JacksonSerializableType extends Type { }
@@ -143,7 +146,7 @@ class JacksonSerializableField extends SerializableField {
not superType instanceof TypeObject and
superType.fromSource()
) and
not this.getAnAnnotation() instanceof JacksonJSONIgnoreAnnotation
not this.getAnAnnotation() instanceof JacksonJsonIgnoreAnnotation
}
}
@@ -155,7 +158,7 @@ class JacksonDeserializableField extends DeserializableField {
not superType instanceof TypeObject and
superType.fromSource()
) and
not this.getAnAnnotation() instanceof JacksonJSONIgnoreAnnotation
not this.getAnAnnotation() instanceof JacksonJsonIgnoreAnnotation
}
}

4
java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll
View File

@@ -67,8 +67,8 @@ class FacesComponent extends Class {
)
or
// Or in an XML file
exists(FacesConfigComponentClass componentClassXML |
this = componentClassXML.getFacesComponentClass()
exists(FacesConfigComponentClass componentClassXml |
this = componentClassXml.getFacesComponentClass()
)
)
}

9
java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll
View File

@@ -8,8 +8,8 @@ import java
/**
* A JavaEE persistence configuration XML file (persistence.xml).
*/
class PersistenceXMLFile extends XMLFile {
PersistenceXMLFile() { this.getStem() = "persistence" }
class PersistenceXmlFile extends XMLFile {
PersistenceXmlFile() { this.getStem() = "persistence" }
/** Gets the root XML element in this `persistence.xml` file. */
PersistenceXmlRoot getRoot() { result = this.getAChild() }
@@ -26,10 +26,13 @@ class PersistenceXMLFile extends XMLFile {
}
}
/** DEPRECATED: Alias for PersistenceXmlFile */
deprecated class PersistenceXMLFile = PersistenceXmlFile;
/** The root `persistence` XML element in a `persistence.xml` file. */
class PersistenceXmlRoot extends XMLElement {
PersistenceXmlRoot() {
this.getParent() instanceof PersistenceXMLFile and
this.getParent() instanceof PersistenceXmlFile and
this.getName() = "persistence"
}

34
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
View File

@@ -22,7 +22,7 @@ class SessionEJB extends EJB {
this.getAnAnnotation().getType().hasName("Stateless") or
this.getAnAnnotation().getType().hasName("Stateful") or
// XML deployment descriptor.
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getAnEjbClassElement().getACharactersSet().getCharacters()
)
@@ -121,7 +121,7 @@ class StatefulSessionEJB extends SessionEJB {
this.getAnAnnotation().getType().hasName("Stateful")
or
// XML deployment descriptor.
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() and
se.getASessionTypeElement().isStateful()
@@ -138,7 +138,7 @@ class StatelessSessionEJB extends SessionEJB {
this.getAnAnnotation().getType().hasName("Stateless")
or
// XML deployment descriptor.
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() and
se.getASessionTypeElement().isStateless()
@@ -158,7 +158,7 @@ class MessageDrivenBean extends EJB {
this.getAnAnnotation().getType().hasName("MessageDriven")
or
// XML deployment descriptor.
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getAMessageDrivenElement().getAnEjbClassElement().getACharactersSet().getCharacters()
)
@@ -174,7 +174,7 @@ class EntityEJB extends EJB {
this instanceof EntityBean
or
// XML deployment descriptor.
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getAnEntityElement().getAnEjbClassElement().getACharactersSet().getCharacters()
)
@@ -245,14 +245,14 @@ abstract class BusinessInterface extends Interface {
*/
class XmlSpecifiedBusinessInterface extends BusinessInterface {
XmlSpecifiedBusinessInterface() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getABusinessElement().getACharactersSet().getCharacters()
)
}
override SessionEJB getAnEJB() {
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getABusinessElement().getACharactersSet().getCharacters() and
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
@@ -260,14 +260,14 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
}
override predicate isDeclaredLocal() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getABusinessLocalElement().getACharactersSet().getCharacters()
)
}
override predicate isDeclaredRemote() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getABusinessRemoteElement().getACharactersSet().getCharacters()
)
@@ -411,7 +411,7 @@ class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterfa
/** A legacy remote interface specified within an XML deployment descriptor. */
class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
XmlSpecifiedRemoteInterface() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getARemoteElement().getACharactersSet().getCharacters()
)
@@ -422,7 +422,7 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
* for this legacy EJB remote interface.
*/
SessionEJB getAnEJB() {
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getARemoteElement().getACharactersSet().getCharacters() and
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
@@ -453,7 +453,7 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
/** A legacy remote home interface specified within an XML deployment descriptor. */
class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
XmlSpecifiedRemoteHomeInterface() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getARemoteHomeElement().getACharactersSet().getCharacters()
)
@@ -461,7 +461,7 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
/** Gets an EJB to which this interface belongs. */
SessionEJB getAnEJB() {
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getARemoteHomeElement().getACharactersSet().getCharacters() and
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
@@ -478,7 +478,7 @@ class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface
/** A legacy local interface specified within an XML deployment descriptor. */
class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
XmlSpecifiedLocalInterface() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getALocalElement().getACharactersSet().getCharacters()
)
@@ -486,7 +486,7 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
/** Gets an EJB to which this interface belongs. */
SessionEJB getAnEJB() {
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getALocalElement().getACharactersSet().getCharacters() and
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
@@ -517,7 +517,7 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
/** A legacy local home interface specified within an XML deployment descriptor. */
class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
XmlSpecifiedLocalHomeInterface() {
exists(EjbJarXMLFile f |
exists(EjbJarXmlFile f |
this.getQualifiedName() =
f.getASessionElement().getALocalHomeElement().getACharactersSet().getCharacters()
)
@@ -525,7 +525,7 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
/** Gets an EJB to which this interface belongs. */
SessionEJB getAnEJB() {
exists(EjbJarXMLFile f, EjbJarSessionElement se |
exists(EjbJarXmlFile f, EjbJarSessionElement se |
se = f.getASessionElement() and
this.getQualifiedName() = se.getALocalHomeElement().getACharactersSet().getCharacters() and
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()

9
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll
View File

@@ -8,8 +8,8 @@ import java
/**
* An EJB deployment descriptor XML file named `ejb-jar.xml`.
*/
class EjbJarXMLFile extends XMLFile {
EjbJarXMLFile() { this.getStem() = "ejb-jar" }
class EjbJarXmlFile extends XMLFile {
EjbJarXmlFile() { this.getStem() = "ejb-jar" }
/** Gets the root `ejb-jar` XML element of this `ejb-jar.xml` file. */
EjbJarRootElement getRoot() { result = this.getAChild() }
@@ -35,10 +35,13 @@ class EjbJarXMLFile extends XMLFile {
}
}
/** DEPRECATED: Alias for EjbJarXmlFile */
deprecated class EjbJarXMLFile = EjbJarXmlFile;
/** The root `ejb-jar` XML element in an `ejb-jar.xml` file. */
class EjbJarRootElement extends XMLElement {
EjbJarRootElement() {
this.getParent() instanceof EjbJarXMLFile and
this.getParent() instanceof EjbJarXmlFile and
this.getName() = "ejb-jar"
}

22
java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll
View File

@@ -8,19 +8,22 @@ import default
* A JSF "application configuration resources file", typically called `faces-config.xml`, which
* contains the configuration for a JSF application
*/
class FacesConfigXMLFile extends XMLFile {
FacesConfigXMLFile() {
class FacesConfigXmlFile extends XMLFile {
FacesConfigXmlFile() {
// Contains a single top-level XML node named "faces-Config".
count(XMLElement e | e = this.getAChild()) = 1 and
this.getAChild().getName() = "faces-config"
}
}
/** DEPRECATED: Alias for FacesConfigXmlFile */
deprecated class FacesConfigXMLFile = FacesConfigXmlFile;
/**
* An XML element in a `FacesConfigXMLFile`.
*/
class FacesConfigXMLElement extends XMLElement {
FacesConfigXMLElement() { this.getFile() instanceof FacesConfigXMLFile }
class FacesConfigXmlElement extends XMLElement {
FacesConfigXmlElement() { this.getFile() instanceof FacesConfigXmlFile }
/**
* Gets the value for this element, with leading and trailing whitespace trimmed.
@@ -28,17 +31,20 @@ class FacesConfigXMLElement extends XMLElement {
string getValue() { result = this.allCharactersString().trim() }
}
/** DEPRECATED: Alias for FacesConfigXmlElement */
deprecated class FacesConfigXMLElement = FacesConfigXmlElement;
/**
* An element in a JSF config file that declares a managed bean.
*/
class FacesConfigManagedBean extends FacesConfigXMLElement {
class FacesConfigManagedBean extends FacesConfigXmlElement {
FacesConfigManagedBean() { this.getName() = "managed-bean" }
}
/**
* An element in a JSF config file that declares the Class of a managed bean.
*/
class FacesConfigManagedBeanClass extends FacesConfigXMLElement {
class FacesConfigManagedBeanClass extends FacesConfigXmlElement {
FacesConfigManagedBeanClass() {
this.getName() = "managed-bean-class" and
this.getParent() instanceof FacesConfigManagedBean
@@ -53,14 +59,14 @@ class FacesConfigManagedBeanClass extends FacesConfigXMLElement {
/**
* An element in a JSF config file that declares a custom component.
*/
class FacesConfigComponent extends FacesConfigXMLElement {
class FacesConfigComponent extends FacesConfigXmlElement {
FacesConfigComponent() { this.getName() = "component" }
}
/**
* An element in a JSF config file that declares the Class of a faces component.
*/
class FacesConfigComponentClass extends FacesConfigXMLElement {
class FacesConfigComponentClass extends FacesConfigXmlElement {
FacesConfigComponentClass() {
this.getName() = "component-class" and
this.getParent() instanceof FacesConfigComponent

4
java/ql/lib/semmle/code/java/frameworks/spring/SpringAbstractRef.qll
View File

@@ -3,7 +3,7 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.SpringBean
/** A common supertype of `SpringRef` and `SpringIdRef`. */
class SpringAbstractRef extends SpringXMLElement {
class SpringAbstractRef extends SpringXmlElement {
SpringAbstractRef() {
this.getName() = "idref" or
this.getName() = "ref"
@@ -29,7 +29,7 @@ class SpringAbstractRef extends SpringXMLElement {
}
/** Holds if `other` is also a reference and points to the same bean as this reference. */
override predicate isSimilar(SpringXMLElement other) {
override predicate isSimilar(SpringXmlElement other) {
exists(SpringAbstractRef otherRef |
otherRef = other and
this.getBean() = otherRef.getBean()

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringAlias.qll
View File

@@ -3,7 +3,7 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.SpringBean
/** An `<alias>` element in Spring XML files. */
class SpringAlias extends SpringXMLElement {
class SpringAlias extends SpringXmlElement {
SpringAlias() { this.getName() = "alias" }
/** Gets the value of the `alias` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringArgType.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** An `<arg-type>` element in Spring XML files. */
class SpringArgType extends SpringXMLElement {
class SpringArgType extends SpringXmlElement {
SpringArgType() { this.getName() = "arg-type" }
/** Gets the value of the `match` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringAttribute.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** An `<attribute>` element in Spring XML files. */
class SpringAttribute extends SpringXMLElement {
class SpringAttribute extends SpringXmlElement {
SpringAttribute() { this.getName() = "attribute" }
/** Gets the value of the `key` attribute. */

7
java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
View File

@@ -58,8 +58,8 @@ class SpringBeanPropertySetterMethod extends Method {
*
* Confusingly, this is a different form of autowiring to the `@Autowired` annotation.
*/
class SpringBeanXMLAutowiredSetterMethod extends Method {
SpringBeanXMLAutowiredSetterMethod() {
class SpringBeanXmlAutowiredSetterMethod extends Method {
SpringBeanXmlAutowiredSetterMethod() {
// The bean as marked with some form of autowiring in the XML file.
exists(string xmlAutowire |
xmlAutowire = this.getDeclaringType().(SpringBeanRefType).getSpringBean().getAutowire()
@@ -100,6 +100,9 @@ class SpringBeanXMLAutowiredSetterMethod extends Method {
}
}
/** DEPRECATED: Alias for SpringBeanXmlAutowiredSetterMethod */
deprecated class SpringBeanXMLAutowiredSetterMethod = SpringBeanXmlAutowiredSetterMethod;
/**
* A callable that is annotated with `@Autowired`.
*

4
java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll
View File

@@ -12,7 +12,7 @@ import semmle.code.java.frameworks.spring.SpringReplacedMethod
*/
/** A `<bean>` element in a Spring XML file. */
class SpringBean extends SpringXMLElement {
class SpringBean extends SpringXmlElement {
SpringBean() {
this.getName() = "bean" and
// Do not capture Camel beans, which are different
@@ -268,7 +268,7 @@ class SpringBean extends SpringXMLElement {
/**
* Holds if this bean element has the same bean identifier as `other`.
*/
override predicate isSimilar(SpringXMLElement other) {
override predicate isSimilar(SpringXmlElement other) {
this.getBeanIdentifier() = other.(SpringBean).getBeanIdentifier()
}

64
java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll
View File

@@ -9,56 +9,71 @@ import semmle.code.java.frameworks.spring.SpringBean
/**
* An Apache Camel element in a Spring Beans file.
*/
class SpringCamelXMLElement extends SpringXMLElement {
SpringCamelXMLElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" }
class SpringCamelXmlElement extends SpringXmlElement {
SpringCamelXmlElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" }
}
/** DEPRECATED: Alias for SpringCamelXmlElement */
deprecated class SpringCamelXMLElement = SpringCamelXmlElement;
/**
* An element in a Spring beans file that defines an Apache Camel context.
*
* All Apache Camel Spring elements are nested within a `<camelContext>` or a `<routeContext>`.
*/
class SpringCamelXMLContext extends SpringCamelXMLElement {
SpringCamelXMLContext() { getName() = "camelContext" }
class SpringCamelXmlContext extends SpringCamelXmlElement {
SpringCamelXmlContext() { getName() = "camelContext" }
}
/** DEPRECATED: Alias for SpringCamelXmlContext */
deprecated class SpringCamelXMLContext = SpringCamelXmlContext;
/**
* An element in a Spring beans file that defines an Apache Camel route context.
*
* A `<routeContext>` is a fragment, containing route definitions, that can be included within a
* `<camelContext>`.
*/
class SpringCamelXMLRouteContext extends SpringCamelXMLElement {
SpringCamelXMLRouteContext() { getName() = "routeContext" }
class SpringCamelXmlRouteContext extends SpringCamelXmlElement {
SpringCamelXmlRouteContext() { getName() = "routeContext" }
}
/** DEPRECATED: Alias for SpringCamelXmlRouteContext */
deprecated class SpringCamelXMLRouteContext = SpringCamelXmlRouteContext;
/**
* An element in a Spring beans files that defines an Apache Camel route.
*
* A Camel `<route>` element defines how messages that match certain criteria are handled by Apache
* Camel.
*/
class SpringCamelXMLRoute extends SpringCamelXMLElement {
SpringCamelXMLRoute() {
class SpringCamelXmlRoute extends SpringCamelXmlElement {
SpringCamelXmlRoute() {
// A route must either be in a `<routeContext>` or a `<camelContext>`.
(
getParent() instanceof SpringCamelXMLRouteContext or
getParent() instanceof SpringCamelXMLContext
getParent() instanceof SpringCamelXmlRouteContext or
getParent() instanceof SpringCamelXmlContext
) and
getName() = "route"
}
}
/** DEPRECATED: Alias for SpringCamelXmlRoute */
deprecated class SpringCamelXMLRoute = SpringCamelXmlRoute;
/**
* An element in a Spring bean file that is logically contained in an Apache Camel route.
*/
class SpringCamelXMLRouteElement extends SpringCamelXMLElement {
SpringCamelXMLRouteElement() {
getParent() instanceof SpringCamelXMLRoute or
getParent() instanceof SpringCamelXMLRouteElement
class SpringCamelXmlRouteElement extends SpringCamelXmlElement {
SpringCamelXmlRouteElement() {
getParent() instanceof SpringCamelXmlRoute or
getParent() instanceof SpringCamelXmlRouteElement
}
}
/** DEPRECATED: Alias for SpringCamelXmlRouteElement */
deprecated class SpringCamelXMLRouteElement = SpringCamelXmlRouteElement;
/**
* A reference to a Spring bean in an Apache Camel route defined in a Spring beans file.
*
@@ -66,8 +81,8 @@ class SpringCamelXMLRouteElement extends SpringCamelXMLElement {
* specifies a Spring bean that should be called in response to messages that match the enclosing
* route.
*/
class SpringCamelXMLBeanRef extends SpringCamelXMLRouteElement {
SpringCamelXMLBeanRef() { getName() = "bean" }
class SpringCamelXmlBeanRef extends SpringCamelXmlRouteElement {
SpringCamelXmlBeanRef() { getName() = "bean" }
/**
* Gets the Spring bean that is referenced by this route bean definition, if any.
@@ -83,6 +98,9 @@ class SpringCamelXMLBeanRef extends SpringCamelXMLRouteElement {
RefType getBeanType() { result.getQualifiedName() = getAttribute("beanType").getValue() }
}
/** DEPRECATED: Alias for SpringCamelXmlBeanRef */
deprecated class SpringCamelXMLBeanRef = SpringCamelXmlBeanRef;
/**
* A declaration of a target in an Apache Camel route defined in a Spring beans file.
*
@@ -90,8 +108,8 @@ class SpringCamelXMLBeanRef extends SpringCamelXMLRouteElement {
* determines the type of the target. For example, if the scheme is "bean:" then the rest of the uri
* consists of a bean name and optional method name.
*/
class SpringCamelXMLToElement extends SpringCamelXMLRouteElement {
SpringCamelXMLToElement() { getName() = "to" }
class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
SpringCamelXmlToElement() { getName() = "to" }
/**
* Gets the URI attribute for this `<to>` element.
@@ -99,6 +117,9 @@ class SpringCamelXMLToElement extends SpringCamelXMLRouteElement {
string getURI() { result = getAttribute("uri").getValue() }
}
/** DEPRECATED: Alias for SpringCamelXmlToElement */
deprecated class SpringCamelXMLToElement = SpringCamelXmlToElement;
/**
* A declaration of a Apache Camel "method" expression defined in a Spring beans file.
*
@@ -107,8 +128,8 @@ class SpringCamelXMLToElement extends SpringCamelXMLRouteElement {
* (when the "ref" or "bean" attributes are used), or a type that should be instantiated as a bean
* (if "beanType" is used.
*/
class SpringCamelXMLMethodElement extends SpringCamelXMLElement {
SpringCamelXMLMethodElement() { getName() = "method" }
class SpringCamelXmlMethodElement extends SpringCamelXmlElement {
SpringCamelXmlMethodElement() { getName() = "method" }
/**
* Gets the `SpringBean` that this method expression refers to.
@@ -123,3 +144,6 @@ class SpringCamelXMLMethodElement extends SpringCamelXMLElement {
*/
RefType getBeanType() { result.getQualifiedName() = getAttribute("beanType").getValue() }
}
/** DEPRECATED: Alias for SpringCamelXmlMethodElement */
deprecated class SpringCamelXMLMethodElement = SpringCamelXmlMethodElement;

19
java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll
View File

@@ -8,8 +8,8 @@ import semmle.code.xml.WebXML
* An element in a Spring configuration file that configures which packages are considered to be
* "base" packages when performing the Spring component scan.
*/
class SpringXMLComponentScan extends SpringXMLElement {
SpringXMLComponentScan() {
class SpringXmlComponentScan extends SpringXmlElement {
SpringXmlComponentScan() {
this.getName() = "component-scan" and
this.getNamespace().getPrefix() = "context"
}
@@ -23,6 +23,9 @@ class SpringXMLComponentScan extends SpringXMLElement {
string getAProfileExpr() { result = this.getSpringBeanFile().getAProfileExpr() }
}
/** DEPRECATED: Alias for SpringXmlComponentScan */
deprecated class SpringXMLComponentScan = SpringXmlComponentScan;
/**
* An annotation of a class that configures which packages are considered to be "base" packages
* when performing the Spring component scan.
@@ -59,11 +62,11 @@ class SpringBasePackage extends string {
exists(string basePackages |
// Interpret the contexts of the `web.xml` "contextConfigLocation" parameter as a base package,
// but only if the appropriate context class is chosen.
exists(WebXMLFile webXML |
webXML.getContextParamValue("contextClass") =
exists(WebXmlFile webXml |
webXml.getContextParamValue("contextClass") =
"org.springframework.web.context.support.AnnotationConfigWebApplicationContext"
|
basePackages = webXML.getContextParamValue("contextConfigLocation")
basePackages = webXml.getContextParamValue("contextConfigLocation")
)
or
exists(SpringComponent c, Annotation componentScan |
@@ -75,7 +78,7 @@ class SpringBasePackage extends string {
c.isLive()
)
or
exists(SpringXMLComponentScan xmlComponentScan |
exists(SpringXmlComponentScan xmlComponentScan |
basePackages = xmlComponentScan.getBasePackages() and
// The component scan profile must be active, if one is specified.
(
@@ -110,7 +113,7 @@ class SpringComponentAnnotation extends AnnotationType {
* In order for Spring XML to be "enabled", XML must have been indexed into the snapshot, and that
* XML must contain the appropriate Spring configuration files.
*/
private predicate isSpringXMLEnabled() { exists(SpringXMLElement springXMLElement) }
private predicate isSpringXmlEnabled() { exists(SpringXmlElement springXmlElement) }
/**
* A Spring component class, identified by the presence of a particular annotation.
@@ -178,7 +181,7 @@ class SpringComponent extends RefType {
// only validate whether this class is ever picked up if XML indexing is enabled. If it's
// enabled, then the package of this class must belong in one of the packages defined as a base
// package.
not isSpringXMLEnabled()
not isSpringXmlEnabled()
or
exists(SpringBasePackage sbp |
this.getPackage().getName().prefix(sbp.length() + 1) = sbp + "." or

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringConstructorArg.qll
View File

@@ -5,7 +5,7 @@ import semmle.code.java.frameworks.spring.SpringAbstractRef
import semmle.code.java.frameworks.spring.SpringValue
/** A `<constructor-arg>` element in a Spring XML file. */
class SpringConstructorArg extends SpringXMLElement {
class SpringConstructorArg extends SpringXmlElement {
SpringConstructorArg() { this.getName() = "constructor-arg" }
/** Holds if this `constructor-arg` element has an `index` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringDescription.qll
View File

@@ -6,6 +6,6 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
*
* Its contents can be accessed using `SpringXMLElement.getContentString()`.
*/
class SpringDescription extends SpringXMLElement {
class SpringDescription extends SpringXmlElement {
SpringDescription() { this.getName() = "description" }
}

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringEntry.qll
View File

@@ -6,7 +6,7 @@ import semmle.code.java.frameworks.spring.SpringKey
import semmle.code.java.frameworks.spring.SpringValue
/** An `<entry>` element in Spring XML files. */
class SpringEntry extends SpringXMLElement {
class SpringEntry extends SpringXmlElement {
SpringEntry() { this.getName() = "entry" }
/** Holds if this `entry` has a `key` attribute. */

15
java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll
View File

@@ -9,7 +9,7 @@ import semmle.code.java.frameworks.spring.SpringComponentScan
import semmle.code.java.frameworks.spring.SpringXMLElement
/** Represents a `<remoting-destination>` element in Spring XML files. */
class SpringRemotingDestination extends SpringXMLElement {
class SpringRemotingDestination extends SpringXmlElement {
SpringRemotingDestination() { this.getName() = "remoting-destination" }
/**
@@ -55,7 +55,12 @@ class SpringRemotingDestinationClass extends Class {
/**
* Gets the XML configuration of the remoting destination, if it was configured in XML.
*/
SpringRemotingDestination getRemotingDestinationXML() { this = result.getSpringBean().getClass() }
SpringRemotingDestination getRemotingDestinationXml() { this = result.getSpringBean().getClass() }
/** DEPRECATED: Alias for getRemotingDestinationXml */
deprecated SpringRemotingDestination getRemotingDestinationXML() {
result = getRemotingDestinationXml()
}
/**
* Holds if the class is operating on an "include" or "exclude" basis.
@@ -70,7 +75,7 @@ class SpringRemotingDestinationClass extends Class {
m.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude")
)
or
exists(this.getRemotingDestinationXML().getAnIncludeMethod())
exists(this.getRemotingDestinationXml().getAnIncludeMethod())
}
/**
@@ -81,10 +86,10 @@ class SpringRemotingDestinationClass extends Class {
if this.isIncluding()
then
result.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude") or
result.getName() = this.getRemotingDestinationXML().getAnIncludeMethod()
result.getName() = this.getRemotingDestinationXml().getAnIncludeMethod()
else (
not result.hasAnnotation("org.springframework.flex.remoting", "RemotingExclude") and
not result.getName() = this.getRemotingDestinationXML().getAnExcludeMethod()
not result.getName() = this.getRemotingDestinationXml().getAnExcludeMethod()
)
}
}

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringImport.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** An `<import>` element in a Spring XML file. */
class SpringImport extends SpringXMLElement {
class SpringImport extends SpringXmlElement {
SpringImport() { this.getName() = "import" }
/** Gets the value of the `resource` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringKey.qll
View File

@@ -2,6 +2,6 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<key>` element in Spring XML files. */
class SpringKey extends SpringXMLElement {
class SpringKey extends SpringXmlElement {
SpringKey() { this.getName() = "key" }
}

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringLookupMethod.qll
View File

@@ -3,7 +3,7 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.SpringBean
/** A `<lookup-method>` element in a Spring XML file. */
class SpringLookupMethod extends SpringXMLElement {
class SpringLookupMethod extends SpringXmlElement {
SpringLookupMethod() { this.getName() = "lookup-method" }
/** Gets the value of the `bean` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringMergable.qll
View File

@@ -4,7 +4,7 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
/**
* A common superclass for mergeable Spring XML elements (`list`, `map`).
*/
/*abstract*/ class SpringMergable extends SpringXMLElement {
/*abstract*/ class SpringMergable extends SpringXmlElement {
string getMergeRaw() { result = this.getAttributeValueWithDefault("merge") }
/** Holds if this element is merged, taking `default-merged` values in `<beans>` into account. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringMeta.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<meta>` element in Spring XML files. */
class SpringMeta extends SpringXMLElement {
class SpringMeta extends SpringXmlElement {
SpringMeta() { this.getName() = "meta" }
/** Gets the value of the `key` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringNull.qll
View File

@@ -2,6 +2,6 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<null>` element in Spring XML files. */
class SpringNull extends SpringXMLElement {
class SpringNull extends SpringXmlElement {
SpringNull() { this.getName() = "null" }
}

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringProp.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<prop>` element in Spring XML files. */
class SpringProp extends SpringXMLElement {
class SpringProp extends SpringXmlElement {
SpringProp() { this.getName() = "prop" }
/** Gets the value of the `key` attribute. */

4
java/ql/lib/semmle/code/java/frameworks/spring/SpringProperty.qll
View File

@@ -6,7 +6,7 @@ import semmle.code.java.frameworks.spring.SpringList
import semmle.code.java.frameworks.spring.SpringValue
/** A `<property>` element in Spring XML files. */
class SpringProperty extends SpringXMLElement {
class SpringProperty extends SpringXmlElement {
SpringProperty() { this.getName() = "property" }
override string toString() { result = this.getPropertyName() }
@@ -55,7 +55,7 @@ class SpringProperty extends SpringXMLElement {
* Holds if this property is similar to another property.
* Currently only checks the property name and references to beans.
*/
override predicate isSimilar(SpringXMLElement element) {
override predicate isSimilar(SpringXmlElement element) {
exists(SpringProperty other |
other = element and this.getPropertyName() = other.getPropertyName()
|

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringQualifier.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<qualifier>` element in a Spring XML file. */
class SpringQualifier extends SpringXMLElement {
class SpringQualifier extends SpringXmlElement {
SpringQualifier() { this.getName() = "qualifier" }
/** Gets the name of the Java class of this qualifier. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringReplacedMethod.qll
View File

@@ -3,7 +3,7 @@ import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.SpringBean
/** A `<replaced-method>` element in a Spring XML file. */
class SpringReplacedMethod extends SpringXMLElement {
class SpringReplacedMethod extends SpringXmlElement {
SpringReplacedMethod() { this.getName() = "replaced-method" }
/** Gets the value of the `name` attribute. */

2
java/ql/lib/semmle/code/java/frameworks/spring/SpringValue.qll
View File

@@ -2,7 +2,7 @@ import java
import semmle.code.java.frameworks.spring.SpringXMLElement
/** A `<value>` element in a Spring XML file. */
class SpringValue extends SpringXMLElement {
class SpringValue extends SpringXmlElement {
SpringValue() { this.getName() = "value" }
/** Gets the value of the `type` attribute. */

13
java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll
View File

@@ -3,11 +3,11 @@ import semmle.code.java.frameworks.spring.SpringBeanFile
import semmle.code.java.frameworks.spring.SpringBean
/** A common superclass for all Spring XML elements. */
class SpringXMLElement extends XMLElement {
SpringXMLElement() { this.getFile() instanceof SpringBeanFile }
class SpringXmlElement extends XMLElement {
SpringXmlElement() { this.getFile() instanceof SpringBeanFile }
/** Gets a child of this Spring XML element. */
SpringXMLElement getASpringChild() { result = this.getAChild() }
SpringXmlElement getASpringChild() { result = this.getAChild() }
/** Gets the bean file of this XML element. */
SpringBeanFile getSpringBeanFile() { result = this.getFile() }
@@ -27,13 +27,16 @@ class SpringXMLElement extends XMLElement {
SpringBean getEnclosingBean() {
if this instanceof SpringBean
then result = this
else result = this.getParent().(SpringXMLElement).getEnclosingBean()
else result = this.getParent().(SpringXmlElement).getEnclosingBean()
}
/**
* Overridden by subclasses. Used to match `value`, `property` and `ref` elements for similarity.
*/
predicate isSimilar(SpringXMLElement other) { none() }
predicate isSimilar(SpringXmlElement other) { none() }
string getContentString() { result = this.allCharactersString() }
}
/** DEPRECATED: Alias for SpringXmlElement */
deprecated class SpringXMLElement = SpringXmlElement;

4
java/ql/lib/semmle/code/java/frameworks/spring/metrics/MetricSpringBean.qll
View File

@@ -2,7 +2,7 @@ import semmle.code.java.frameworks.spring.SpringBean
import semmle.code.java.frameworks.spring.SpringBeanFile
import semmle.code.java.frameworks.spring.SpringEntry
predicate springDepends(SpringBean b1, SpringBean b2, SpringXMLElement cause) {
predicate springDepends(SpringBean b1, SpringBean b2, SpringXmlElement cause) {
b1 != b2 and
b1.getBeanParent() = b2 and
cause = b1
@@ -63,7 +63,7 @@ class MetricSpringBean extends SpringBean {
this.getSpringBeanFile() = result.getSpringBeanFile()
}
SpringXMLElement getBeanDependencyCause(SpringBean dependency) {
SpringXmlElement getBeanDependencyCause(SpringBean dependency) {
springDepends(this, dependency, result)
}
}

6
java/ql/lib/semmle/code/java/frameworks/struts/StrutsActions.qll
View File

@@ -6,7 +6,7 @@ import semmle.code.java.frameworks.struts.StrutsXML
* Gets the custom struts mapper class used for this `refType`, if any.
*/
private string getStrutsMapperClass(RefType refType) {
result = getRootXMLFile(refType).getConstantValue("struts.mapper.class")
result = getRootXmlFile(refType).getConstantValue("struts.mapper.class")
}
/**
@@ -21,7 +21,7 @@ class Struts2ActionClass extends Class {
or
// If there is a struts.xml file, then any class that is specified as an action is considered
// to be reflectively constructed.
exists(StrutsXMLAction strutsAction | this = strutsAction.getActionClass())
exists(StrutsXmlAction strutsAction | this = strutsAction.getActionClass())
or
// We have determined that this is an action class due to the conventions plugin.
this instanceof Struts2ConventionActionClass
@@ -64,7 +64,7 @@ class Struts2ActionClass extends Class {
any()
else (
// Use the default mapping
exists(StrutsXMLAction strutsAction |
exists(StrutsXmlAction strutsAction |
this = strutsAction.getActionClass() and
result = strutsAction.getActionMethod()
)

11
java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
View File

@@ -53,7 +53,7 @@ private predicate isStrutsConventionPluginUsed(RefType refType) {
strutsConventionAnnotationUsedInFolder(getSourceFolder(refType.getCompilationUnit()))
or
// The struts configuration file for this file sets a convention property
getRootXMLFile(refType).getAConstant().getName().matches("struts.convention%")
getRootXmlFile(refType).getAConstant().getName().matches("struts.convention%")
or
// We've found the POM for this RefType, and it includes a dependency on the convention plugin
exists(Pom pom |
@@ -68,7 +68,7 @@ private predicate isStrutsConventionPluginUsed(RefType refType) {
* We guess by identifying the "nearest" `struts.xml` configuration file, i.e. the Struts
* configuration file with the lowest common ancestor to this file.
*/
StrutsXMLFile getRootXMLFile(RefType refType) {
StrutsXmlFile getRootXmlFile(RefType refType) {
exists(StrutsFolder strutsFolder |
strutsFolder = refType.getFile().getParentContainer*() and
strutsFolder.isUnique()
@@ -77,14 +77,17 @@ StrutsXMLFile getRootXMLFile(RefType refType) {
)
}
/** DEPRECATED: Alias for getRootXmlFile */
deprecated StrutsXMLFile getRootXMLFile(RefType refType) { result = getRootXmlFile(refType) }
/**
* Gets the suffix used for automatically identifying actions when using the convention plugin.
*
* If no configuration is supplied, or identified, the default is "Action".
*/
private string getConventionSuffix(RefType refType) {
if exists(getRootXMLFile(refType).getConstantValue("struts.convention.action.suffix"))
then result = getRootXMLFile(refType).getConstantValue("struts.convention.action.suffix")
if exists(getRootXmlFile(refType).getConstantValue("struts.convention.action.suffix"))
then result = getRootXmlFile(refType).getConstantValue("struts.convention.action.suffix")
else result = "Action"
}

70
java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll
View File

@@ -4,13 +4,16 @@ import semmle.code.xml.XML
/**
* Holds if any struts XML files are included in this snapshot.
*/
predicate isStrutsXMLIncluded() { exists(StrutsXMLFile strutsXML) }
predicate isStrutsXmlIncluded() { exists(StrutsXmlFile strutsXml) }
/** DEPRECATED: Alias for isStrutsXmlIncluded */
deprecated predicate isStrutsXMLIncluded = isStrutsXmlIncluded/0;
/**
* A struts 2 configuration file.
*/
abstract class StrutsXMLFile extends XMLFile {
StrutsXMLFile() {
abstract class StrutsXmlFile extends XMLFile {
StrutsXmlFile() {
// Contains a single top-level XML node named "struts".
count(XMLElement e | e = this.getAChild()) = 1 and
this.getAChild().getName() = "struts"
@@ -19,55 +22,64 @@ abstract class StrutsXMLFile extends XMLFile {
/**
* Gets a "root" struts configuration file that includes this file.
*/
StrutsRootXMLFile getARoot() { result.getAnIncludedFile() = this }
StrutsRootXmlFile getARoot() { result.getAnIncludedFile() = this }
/**
* Gets a directly included file.
*/
StrutsXMLFile getADirectlyIncludedFile() {
exists(StrutsXMLInclude include | include.getFile() = this | result = include.getIncludedFile())
StrutsXmlFile getADirectlyIncludedFile() {
exists(StrutsXmlInclude include | include.getFile() = this | result = include.getIncludedFile())
}
/**
* Gets a transitively included file.
*/
StrutsXMLFile getAnIncludedFile() { result = this.getADirectlyIncludedFile*() }
StrutsXmlFile getAnIncludedFile() { result = this.getADirectlyIncludedFile*() }
/**
* Gets a `<constant>` defined in this file, or an included file.
*/
StrutsXMLConstant getAConstant() { result.getFile() = this.getAnIncludedFile() }
StrutsXmlConstant getAConstant() { result.getFile() = this.getAnIncludedFile() }
/**
* Gets the value of the constant with the given `name`.
*/
string getConstantValue(string name) {
exists(StrutsXMLConstant constant | constant = this.getAConstant() |
exists(StrutsXmlConstant constant | constant = this.getAConstant() |
constant.getConstantName() = name and
result = constant.getConstantValue()
)
}
}
/** DEPRECATED: Alias for StrutsXmlFile */
deprecated class StrutsXMLFile = StrutsXmlFile;
/**
* A Struts 2 "root" configuration XML file directly read by struts.
*
* Root configurations either have the name `struts.xml` or `struts-plugin.xml`.
*/
class StrutsRootXMLFile extends StrutsXMLFile {
StrutsRootXMLFile() {
class StrutsRootXmlFile extends StrutsXmlFile {
StrutsRootXmlFile() {
this.getBaseName() = "struts.xml" or
this.getBaseName() = "struts-plugin.xml"
}
}
/** DEPRECATED: Alias for StrutsRootXmlFile */
deprecated class StrutsRootXMLFile = StrutsRootXmlFile;
/**
* A Struts 2 configuration XML file included, directly or indirectly, by a root Struts configuration.
*/
class StrutsIncludedXMLFile extends StrutsXMLFile {
StrutsIncludedXMLFile() { exists(StrutsXMLInclude include | this = include.getIncludedFile()) }
class StrutsIncludedXmlFile extends StrutsXmlFile {
StrutsIncludedXmlFile() { exists(StrutsXmlInclude include | this = include.getIncludedFile()) }
}
/** DEPRECATED: Alias for StrutsIncludedXmlFile */
deprecated class StrutsIncludedXMLFile = StrutsIncludedXmlFile;
/**
* A Folder which has one or more Struts 2 root configurations.
*/
@@ -75,7 +87,7 @@ class StrutsFolder extends Folder {
StrutsFolder() {
exists(Container c | c = this.getAChildContainer() |
c instanceof StrutsFolder or
c instanceof StrutsXMLFile
c instanceof StrutsXmlFile
)
}
@@ -87,7 +99,7 @@ class StrutsFolder extends Folder {
/**
* Gets a struts root configuration that applies to this folder.
*/
StrutsRootXMLFile getAStrutsRootFile() {
StrutsRootXmlFile getAStrutsRootFile() {
result = this.getAChildContainer() or
result = this.getAChildContainer().(StrutsFolder).getAStrutsRootFile()
}
@@ -96,8 +108,8 @@ class StrutsFolder extends Folder {
/**
* An XML element in a `StrutsXMLFile`.
*/
class StrutsXMLElement extends XMLElement {
StrutsXMLElement() { this.getFile() instanceof StrutsXMLFile }
class StrutsXmlElement extends XMLElement {
StrutsXmlElement() { this.getFile() instanceof StrutsXmlFile }
/**
* Gets the value for this element, with leading and trailing whitespace trimmed.
@@ -105,14 +117,17 @@ class StrutsXMLElement extends XMLElement {
string getValue() { result = this.allCharactersString().trim() }
}
/** DEPRECATED: Alias for StrutsXmlElement */
deprecated class StrutsXMLElement = StrutsXmlElement;
/**
* A `<include>` element within a `struts.xml` file.
*
* This indicates that the file specified in the `file` attribute should be included in the struts
* configuration. The file is looked up using the classpath.
*/
class StrutsXMLInclude extends StrutsXMLElement {
StrutsXMLInclude() { this.getName() = "include" }
class StrutsXmlInclude extends StrutsXmlElement {
StrutsXmlInclude() { this.getName() = "include" }
/**
* Gets the XMLFile that we believe is included by this include statement.
@@ -127,6 +142,9 @@ class StrutsXMLInclude extends StrutsXMLElement {
}
}
/** DEPRECATED: Alias for StrutsXmlInclude */
deprecated class StrutsXMLInclude = StrutsXmlInclude;
/**
* Escape a string for use as the matcher in a string.match(..) call.
*/
@@ -150,8 +168,8 @@ private predicate strutsWildcardMatching(string matches, string wildcardstring)
/**
* A `<action>` element within a `struts.xml` file.
*/
class StrutsXMLAction extends StrutsXMLElement {
StrutsXMLAction() { this.getName() = "action" }
class StrutsXmlAction extends StrutsXmlElement {
StrutsXmlAction() { this.getName() = "action" }
/**
* Gets the `Class` that is referenced by this Struts action.
@@ -175,13 +193,19 @@ class StrutsXMLAction extends StrutsXMLElement {
}
}
/** DEPRECATED: Alias for StrutsXmlAction */
deprecated class StrutsXMLAction = StrutsXmlAction;
/**
* A `<constant>` property, representing a configuration parameter to struts.
*/
class StrutsXMLConstant extends StrutsXMLElement {
StrutsXMLConstant() { this.getName() = "constant" }
class StrutsXmlConstant extends StrutsXmlElement {
StrutsXmlConstant() { this.getName() = "constant" }
string getConstantName() { result = this.getAttribute("name").getValue() }
string getConstantValue() { result = this.getAttribute("value").getValue() }
}
/** DEPRECATED: Alias for StrutsXmlConstant */
deprecated class StrutsXMLConstant = StrutsXmlConstant;

15
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -17,10 +17,13 @@ class X509TrustManager extends RefType {
X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
}
class HttpsURLConnection extends RefType {
HttpsURLConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
class HttpsUrlConnection extends RefType {
HttpsUrlConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
}
/** DEPRECATED: Alias for HttpsUrlConnection */
deprecated class HttpsURLConnection = HttpsUrlConnection;
class SSLSocketFactory extends RefType {
SSLSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
}
@@ -105,22 +108,22 @@ class CreateSslEngineMethod extends Method {
class SetConnectionFactoryMethod extends Method {
SetConnectionFactoryMethod() {
this.hasName("setSSLSocketFactory") and
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
}
}
class SetHostnameVerifierMethod extends Method {
SetHostnameVerifierMethod() {
this.hasName("setHostnameVerifier") and
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
}
}
/** The `setDefaultHostnameVerifier` method of the class `javax.net.ssl.HttpsURLConnection`. */
/** The `setDefaultHostnameVerifier` method of the class `javax.net.ssl.HttpsUrlConnection`. */
class SetDefaultHostnameVerifierMethod extends Method {
SetDefaultHostnameVerifierMethod() {
this.hasName("setDefaultHostnameVerifier") and
this.getDeclaringType().getAnAncestor() instanceof HttpsURLConnection
this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
}
}

55
java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
View File

@@ -10,11 +10,14 @@ import semmle.code.java.dataflow.TaintTracking
/**
* A `Method` that is considered a "safe" external API from a security perspective.
*/
abstract class SafeExternalAPIMethod extends Method { }
abstract class SafeExternalApiMethod extends Method { }
/** DEPRECATED: Alias for SafeExternalApiMethod */
deprecated class SafeExternalAPIMethod = SafeExternalApiMethod;
/** The default set of "safe" external APIs. */
private class DefaultSafeExternalAPIMethod extends SafeExternalAPIMethod {
DefaultSafeExternalAPIMethod() {
private class DefaultSafeExternalApiMethod extends SafeExternalApiMethod {
DefaultSafeExternalApiMethod() {
this instanceof EqualsMethod
or
this.getName().regexpMatch("size|length|compareTo|getClass|lastIndexOf")
@@ -53,11 +56,11 @@ private class DefaultSafeExternalAPIMethod extends SafeExternalAPIMethod {
}
/** A node representing data being passed to an external API. */
class ExternalAPIDataNode extends DataFlow::Node {
class ExternalApiDataNode extends DataFlow::Node {
Call call;
int i;
ExternalAPIDataNode() {
ExternalApiDataNode() {
(
// Argument to call to a method
this.asExpr() = call.getArgument(i)
@@ -79,7 +82,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
not exists(DataFlow::Node next | TaintTracking::defaultAdditionalTaintStep(this, next)) and
// Not a call to a known safe external API
not call.getCallee() instanceof SafeExternalAPIMethod
not call.getCallee() instanceof SafeExternalApiMethod
}
/** Gets the called API `Method`. */
@@ -95,38 +98,47 @@ class ExternalAPIDataNode extends DataFlow::Node {
}
}
/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */
class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration {
UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfig" }
/** DEPRECATED: Alias for ExternalApiDataNode */
deprecated class ExternalAPIDataNode = ExternalApiDataNode;
/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode }
override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
}
/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) }
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() {
any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this)
any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
}
}
private newtype TExternalAPI =
TExternalAPIParameter(Method m, int index) {
exists(UntrustedExternalAPIDataNode n |
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
private newtype TExternalApi =
TExternalApiParameter(Method m, int index) {
exists(UntrustedExternalApiDataNode n |
m = n.getMethod() and
index = n.getIndex()
)
}
/** An external API which is used with untrusted data. */
class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
class ExternalApiUsedWithUntrustedData extends TExternalApi {
/** Gets a possibly untrusted use of this external API. */
UntrustedExternalAPIDataNode getUntrustedDataNode() {
this = TExternalAPIParameter(result.getMethod(), result.getIndex())
UntrustedExternalApiDataNode getUntrustedDataNode() {
this = TExternalApiParameter(result.getMethod(), result.getIndex())
}
/** Gets the number of untrusted sources used with this external API. */
@@ -139,9 +151,12 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI {
exists(Method m, int index, string indexString |
if index = -1 then indexString = "qualifier" else indexString = "param " + index
|
this = TExternalAPIParameter(m, index) and
this = TExternalApiParameter(m, index) and
result =
m.getDeclaringType().getQualifiedName() + "." + m.getSignature() + " [" + indexString + "]"
)
}
}
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

2
java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
View File

@@ -18,7 +18,7 @@ class RequestForgeryConfiguration extends TaintTracking::Configuration {
// Exclude results of remote HTTP requests: fetching something else based on that result
// is no worse than following a redirect returned by the remote server, and typically
// we're requesting a resource via https which we trust to only send us to safe URLs.
not source.asExpr().(MethodAccess).getCallee() instanceof URLConnectionGetInputStreamMethod
not source.asExpr().(MethodAccess).getCallee() instanceof UrlConnectionGetInputStreamMethod
}
override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink }

6
java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
View File

@@ -28,8 +28,8 @@ private class ObjectInputStreamReadObjectMethod extends Method {
}
}
private class XMLDecoderReadObjectMethod extends Method {
XMLDecoderReadObjectMethod() {
private class XmlDecoderReadObjectMethod extends Method {
XmlDecoderReadObjectMethod() {
this.getDeclaringType().hasQualifiedName("java.beans", "XMLDecoder") and
this.hasName("readObject")
}
@@ -140,7 +140,7 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
.hasQualifiedName("org.apache.commons.io.serialization", "ValidatingObjectInputStream")
)
or
m instanceof XMLDecoderReadObjectMethod and
m instanceof XmlDecoderReadObjectMethod and
sink = ma.getQualifier()
or
m instanceof XStreamReadObjectMethod and

4
java/ql/lib/semmle/code/java/security/XSS.qll
View File

@@ -50,8 +50,8 @@ private class DefaultXssSink extends XssSink {
}
/** A default sanitizer that considers numeric and boolean typed data safe for writing to output. */
private class DefaultXSSSanitizer extends XssSanitizer {
DefaultXSSSanitizer() {
private class DefaultXssSanitizer extends XssSanitizer {
DefaultXssSanitizer() {
this.getType() instanceof NumericType or
this.getType() instanceof BooleanType or
// Match `org.springframework.web.util.HtmlUtils.htmlEscape` and possibly other methods like it.

381
java/ql/lib/semmle/code/java/security/XmlParsers.qll
View File

@@ -358,21 +358,24 @@ class SafeXmlInputFactory extends VarAccess {
/**
* The class `org.jdom.input.SAXBuilder.`
*/
class SAXBuilder extends RefType {
SAXBuilder() {
class SaxBuilder extends RefType {
SaxBuilder() {
this.hasQualifiedName("org.jdom.input", "SAXBuilder") or
this.hasQualifiedName("org.jdom2.input", "SAXBuilder")
}
}
/** DEPRECATED: Alias for SaxBuilder */
deprecated class SAXBuilder = SaxBuilder;
/**
* A call to `SAXBuilder.build.`
*/
class SAXBuilderParse extends XmlParserCall {
SAXBuilderParse() {
class SaxBuilderParse extends XmlParserCall {
SaxBuilderParse() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXBuilder and
m.getDeclaringType() instanceof SaxBuilder and
m.hasName("build")
)
}
@@ -380,19 +383,22 @@ class SAXBuilderParse extends XmlParserCall {
override Expr getSink() { result = this.getArgument(0) }
override predicate isSafe() {
exists(SafeSAXBuilderToSAXBuilderParseFlowConfig conf | conf.hasFlowToExpr(this.getQualifier()))
exists(SafeSaxBuilderToSaxBuilderParseFlowConfig conf | conf.hasFlowToExpr(this.getQualifier()))
}
}
private class SafeSAXBuilderToSAXBuilderParseFlowConfig extends DataFlow2::Configuration {
SafeSAXBuilderToSAXBuilderParseFlowConfig() {
/** DEPRECATED: Alias for SaxBuilderParse */
deprecated class SAXBuilderParse = SaxBuilderParse;
private class SafeSaxBuilderToSaxBuilderParseFlowConfig extends DataFlow2::Configuration {
SafeSaxBuilderToSaxBuilderParseFlowConfig() {
this = "XmlParsers::SafeSAXBuilderToSAXBuilderParseFlowConfig"
}
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSAXBuilder }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxBuilder }
override predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(SAXBuilderParse sax).getQualifier()
sink.asExpr() = any(SaxBuilderParse sax).getQualifier()
}
override int fieldFlowBranchLimit() { result = 0 }
@@ -401,22 +407,25 @@ private class SafeSAXBuilderToSAXBuilderParseFlowConfig extends DataFlow2::Confi
/**
* A `ParserConfig` specific to `SAXBuilder`.
*/
class SAXBuilderConfig extends ParserConfig {
SAXBuilderConfig() {
class SaxBuilderConfig extends ParserConfig {
SaxBuilderConfig() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXBuilder and
m.getDeclaringType() instanceof SaxBuilder and
m.hasName("setFeature")
)
}
}
/** A safely configured `SAXBuilder`. */
class SafeSAXBuilder extends VarAccess {
SafeSAXBuilder() {
/** DEPRECATED: Alias for SaxBuilderConfig */
deprecated class SAXBuilderConfig = SaxBuilderConfig;
/** A safely configured `SaxBuilder`. */
class SafeSaxBuilder extends VarAccess {
SafeSaxBuilder() {
exists(Variable v |
v = this.getVariable() and
exists(SAXBuilderConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxBuilderConfig config | config.getQualifier() = v.getAnAccess() |
config
.enables(any(ConstantStringExpr s |
s.getStringValue() = "http://apache.org/xml/features/disallow-doctype-decl"
@@ -426,6 +435,9 @@ class SafeSAXBuilder extends VarAccess {
}
}
/** DEPRECATED: Alias for SafeSaxBuilder */
deprecated class SafeSAXBuilder = SafeSaxBuilder;
/*
* The case in
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
@@ -435,21 +447,27 @@ class SafeSAXBuilder extends VarAccess {
/**
* The class `javax.xml.parsers.SAXParser`.
*/
class SAXParser extends RefType {
SAXParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") }
class SaxParser extends RefType {
SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") }
}
/** The class `javax.xml.parsers.SAXParserFactory`. */
class SAXParserFactory extends RefType {
SAXParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") }
/** DEPRECATED: Alias for SaxParser */
deprecated class SAXParser = SaxParser;
/** The class `javax.xml.parsers.SaxParserFactory`. */
class SaxParserFactory extends RefType {
SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") }
}
/** A call to `SAXParser.parse`. */
class SAXParserParse extends XmlParserCall {
SAXParserParse() {
/** DEPRECATED: Alias for SaxParserFactory */
deprecated class SAXParserFactory = SaxParserFactory;
/** A call to `SaxParser.parse`. */
class SaxParserParse extends XmlParserCall {
SaxParserParse() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXParser and
m.getDeclaringType() instanceof SaxParser and
m.hasName("parse")
)
}
@@ -457,44 +475,50 @@ class SAXParserParse extends XmlParserCall {
override Expr getSink() { result = this.getArgument(0) }
override predicate isSafe() {
exists(SafeSAXParserFlowConfig sp | sp.hasFlowToExpr(this.getQualifier()))
exists(SafeSaxParserFlowConfig sp | sp.hasFlowToExpr(this.getQualifier()))
}
}
/** A `ParserConfig` that is specific to `SAXParserFactory`. */
class SAXParserFactoryConfig extends ParserConfig {
SAXParserFactoryConfig() {
/** DEPRECATED: Alias for SaxParserParse */
deprecated class SAXParserParse = SaxParserParse;
/** A `ParserConfig` that is specific to `SaxParserFactory`. */
class SaxParserFactoryConfig extends ParserConfig {
SaxParserFactoryConfig() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXParserFactory and
m.getDeclaringType() instanceof SaxParserFactory and
m.hasName("setFeature")
)
}
}
/** DEPRECATED: Alias for SaxParserFactoryConfig */
deprecated class SAXParserFactoryConfig = SaxParserFactoryConfig;
/**
* A safely configured `SAXParserFactory`.
*/
class SafeSAXParserFactory extends VarAccess {
SafeSAXParserFactory() {
class SafeSaxParserFactory extends VarAccess {
SafeSaxParserFactory() {
exists(Variable v | v = this.getVariable() |
exists(SAXParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
config.enables(singleSafeConfig())
)
or
exists(SAXParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-general-entities"
))
) and
exists(SAXParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-parameter-entities"
))
) and
exists(SAXParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() =
@@ -505,18 +529,21 @@ class SafeSAXParserFactory extends VarAccess {
}
}
private class SafeSAXParserFactoryToNewSAXParserFlowConfig extends DataFlow5::Configuration {
SafeSAXParserFactoryToNewSAXParserFlowConfig() {
/** DEPRECATED: Alias for SafeSaxParserFactory */
deprecated class SafeSAXParserFactory = SafeSaxParserFactory;
private class SafeSaxParserFactoryToNewSaxParserFlowConfig extends DataFlow5::Configuration {
SafeSaxParserFactoryToNewSaxParserFlowConfig() {
this = "XmlParsers::SafeSAXParserFactoryToNewSAXParserFlowConfig"
}
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSAXParserFactory }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxParserFactory }
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma, Method m |
sink.asExpr() = ma.getQualifier() and
ma.getMethod() = m and
m.getDeclaringType() instanceof SAXParserFactory and
m.getDeclaringType() instanceof SaxParserFactory and
m.hasName("newSAXParser")
)
}
@@ -524,45 +551,51 @@ private class SafeSAXParserFactoryToNewSAXParserFlowConfig extends DataFlow5::Co
override int fieldFlowBranchLimit() { result = 0 }
}
private class SafeSAXParserFlowConfig extends DataFlow4::Configuration {
SafeSAXParserFlowConfig() { this = "XmlParsers::SafeSAXParserFlowConfig" }
private class SafeSaxParserFlowConfig extends DataFlow4::Configuration {
SafeSaxParserFlowConfig() { this = "XmlParsers::SafeSAXParserFlowConfig" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSAXParser }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxParser }
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma |
sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof SAXParser
sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof SaxParser
)
}
override int fieldFlowBranchLimit() { result = 0 }
}
/** A `SAXParser` created from a safely configured `SAXParserFactory`. */
class SafeSAXParser extends MethodAccess {
SafeSAXParser() {
exists(SafeSAXParserFactoryToNewSAXParserFlowConfig sdf |
this.getMethod().getDeclaringType() instanceof SAXParserFactory and
/** A `SaxParser` created from a safely configured `SaxParserFactory`. */
class SafeSaxParser extends MethodAccess {
SafeSaxParser() {
exists(SafeSaxParserFactoryToNewSaxParserFlowConfig sdf |
this.getMethod().getDeclaringType() instanceof SaxParserFactory and
this.getMethod().hasName("newSAXParser") and
sdf.hasFlowToExpr(this.getQualifier())
)
}
}
/** DEPRECATED: Alias for SafeSaxParser */
deprecated class SafeSAXParser = SafeSaxParser;
/* SAXReader: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader */
/**
* The class `org.dom4j.io.SAXReader`.
*/
class SAXReader extends RefType {
SAXReader() { this.hasQualifiedName("org.dom4j.io", "SAXReader") }
class SaxReader extends RefType {
SaxReader() { this.hasQualifiedName("org.dom4j.io", "SAXReader") }
}
/** A call to `SAXReader.read`. */
class SAXReaderRead extends XmlParserCall {
SAXReaderRead() {
/** DEPRECATED: Alias for SaxReader */
deprecated class SAXReader = SaxReader;
/** A call to `SaxReader.read`. */
class SaxReaderRead extends XmlParserCall {
SaxReaderRead() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXReader and
m.getDeclaringType() instanceof SaxReader and
m.hasName("read")
)
}
@@ -570,52 +603,58 @@ class SAXReaderRead extends XmlParserCall {
override Expr getSink() { result = this.getArgument(0) }
override predicate isSafe() {
exists(SafeSAXReaderFlowConfig sr | sr.hasFlowToExpr(this.getQualifier()))
exists(SafeSaxReaderFlowConfig sr | sr.hasFlowToExpr(this.getQualifier()))
}
}
/** A `ParserConfig` specific to `SAXReader`. */
class SAXReaderConfig extends ParserConfig {
SAXReaderConfig() {
/** DEPRECATED: Alias for SaxReaderRead */
deprecated class SAXReaderRead = SaxReaderRead;
/** A `ParserConfig` specific to `SaxReader`. */
class SaxReaderConfig extends ParserConfig {
SaxReaderConfig() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXReader and
m.getDeclaringType() instanceof SaxReader and
m.hasName("setFeature")
)
}
}
private class SafeSAXReaderFlowConfig extends DataFlow4::Configuration {
SafeSAXReaderFlowConfig() { this = "XmlParsers::SafeSAXReaderFlowConfig" }
/** DEPRECATED: Alias for SaxReaderConfig */
deprecated class SAXReaderConfig = SaxReaderConfig;
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSAXReader }
private class SafeSaxReaderFlowConfig extends DataFlow4::Configuration {
SafeSaxReaderFlowConfig() { this = "XmlParsers::SafeSAXReaderFlowConfig" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxReader }
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma |
sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof SAXReader
sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof SaxReader
)
}
override int fieldFlowBranchLimit() { result = 0 }
}
/** A safely configured `SAXReader`. */
class SafeSAXReader extends VarAccess {
SafeSAXReader() {
/** A safely configured `SaxReader`. */
class SafeSaxReader extends VarAccess {
SafeSaxReader() {
exists(Variable v | v = this.getVariable() |
exists(SAXReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-general-entities"
))
) and
exists(SAXReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-parameter-entities"
))
) and
exists(SAXReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(SaxReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.enables(any(ConstantStringExpr s |
s.getStringValue() = "http://apache.org/xml/features/disallow-doctype-decl"
@@ -625,18 +664,24 @@ class SafeSAXReader extends VarAccess {
}
}
/** DEPRECATED: Alias for SafeSaxReader */
deprecated class SafeSAXReader = SafeSaxReader;
/* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlreader */
/** The class `org.xml.sax.XMLReader`. */
class XMLReader extends RefType {
XMLReader() { this.hasQualifiedName("org.xml.sax", "XMLReader") }
/** The class `org.xml.sax.XmlReader`. */
class XmlReader extends RefType {
XmlReader() { this.hasQualifiedName("org.xml.sax", "XMLReader") }
}
/** A call to `XMLReader.read`. */
class XMLReaderParse extends XmlParserCall {
XMLReaderParse() {
/** DEPRECATED: Alias for XmlReader */
deprecated class XMLReader = XmlReader;
/** A call to `XmlReader.read`. */
class XmlReaderParse extends XmlParserCall {
XmlReaderParse() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof XMLReader and
m.getDeclaringType() instanceof XmlReader and
m.hasName("parse")
)
}
@@ -644,59 +689,68 @@ class XMLReaderParse extends XmlParserCall {
override Expr getSink() { result = this.getArgument(0) }
override predicate isSafe() {
exists(ExplicitlySafeXMLReader sr | sr.flowsTo(this.getQualifier())) or
exists(CreatedSafeXMLReader cr | cr.flowsTo(this.getQualifier()))
exists(ExplicitlySafeXmlReader sr | sr.flowsTo(this.getQualifier())) or
exists(CreatedSafeXmlReader cr | cr.flowsTo(this.getQualifier()))
}
}
/** A `ParserConfig` specific to the `XMLReader`. */
class XMLReaderConfig extends ParserConfig {
XMLReaderConfig() {
/** DEPRECATED: Alias for XmlReaderParse */
deprecated class XMLReaderParse = XmlReaderParse;
/** A `ParserConfig` specific to the `XmlReader`. */
class XmlReaderConfig extends ParserConfig {
XmlReaderConfig() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof XMLReader and
m.getDeclaringType() instanceof XmlReader and
m.hasName("setFeature")
)
}
}
private class ExplicitlySafeXMLReaderFlowConfig extends DataFlow3::Configuration {
ExplicitlySafeXMLReaderFlowConfig() { this = "XmlParsers::ExplicitlySafeXMLReaderFlowConfig" }
/** DEPRECATED: Alias for XmlReaderConfig */
deprecated class XMLReaderConfig = XmlReaderConfig;
private class ExplicitlySafeXmlReaderFlowConfig extends DataFlow3::Configuration {
ExplicitlySafeXmlReaderFlowConfig() { this = "XmlParsers::ExplicitlySafeXMLReaderFlowConfig" }
override predicate isSource(DataFlow::Node src) {
src.asExpr() instanceof ExplicitlySafeXMLReader
src.asExpr() instanceof ExplicitlySafeXmlReader
}
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXMLReaderFlowSink }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXmlReaderFlowSink }
override int fieldFlowBranchLimit() { result = 0 }
}
class SafeXMLReaderFlowSink extends Expr {
SafeXMLReaderFlowSink() {
this = any(XMLReaderParse p).getQualifier() or
this = any(ConstructedSAXSource s).getArgument(0) or
this = any(SAXSourceSetReader s).getArgument(0)
class SafeXmlReaderFlowSink extends Expr {
SafeXmlReaderFlowSink() {
this = any(XmlReaderParse p).getQualifier() or
this = any(ConstructedSaxSource s).getArgument(0) or
this = any(SaxSourceSetReader s).getArgument(0)
}
}
/** An `XMLReader` that is explicitly configured to be safe. */
class ExplicitlySafeXMLReader extends VarAccess {
ExplicitlySafeXMLReader() {
/** DEPRECATED: Alias for SafeXmlReaderFlowSink */
deprecated class SafeXMLReaderFlowSink = SafeXmlReaderFlowSink;
/** An `XmlReader` that is explicitly configured to be safe. */
class ExplicitlySafeXmlReader extends VarAccess {
ExplicitlySafeXmlReader() {
exists(Variable v | v = this.getVariable() |
exists(XMLReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(XmlReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-general-entities"
))
) and
exists(XMLReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(XmlReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() = "http://xml.org/sax/features/external-parameter-entities"
))
) and
exists(XMLReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(XmlReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.disables(any(ConstantStringExpr s |
s.getStringValue() =
@@ -704,7 +758,7 @@ class ExplicitlySafeXMLReader extends VarAccess {
))
)
or
exists(XMLReaderConfig config | config.getQualifier() = v.getAnAccess() |
exists(XmlReaderConfig config | config.getQualifier() = v.getAnAccess() |
config
.enables(any(ConstantStringExpr s |
s.getStringValue() = "http://apache.org/xml/features/disallow-doctype-decl"
@@ -713,35 +767,38 @@ class ExplicitlySafeXMLReader extends VarAccess {
)
}
predicate flowsTo(SafeXMLReaderFlowSink sink) {
any(ExplicitlySafeXMLReaderFlowConfig conf)
predicate flowsTo(SafeXmlReaderFlowSink sink) {
any(ExplicitlySafeXmlReaderFlowConfig conf)
.hasFlow(DataFlow::exprNode(this), DataFlow::exprNode(sink))
}
}
private class CreatedSafeXMLReaderFlowConfig extends DataFlow3::Configuration {
CreatedSafeXMLReaderFlowConfig() { this = "XmlParsers::CreatedSafeXMLReaderFlowConfig" }
/** DEPRECATED: Alias for ExplicitlySafeXmlReader */
deprecated class ExplicitlySafeXMLReader = ExplicitlySafeXmlReader;
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXMLReader }
private class CreatedSafeXmlReaderFlowConfig extends DataFlow3::Configuration {
CreatedSafeXmlReaderFlowConfig() { this = "XmlParsers::CreatedSafeXMLReaderFlowConfig" }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXMLReaderFlowSink }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXmlReader }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXmlReaderFlowSink }
override int fieldFlowBranchLimit() { result = 0 }
}
/** An `XMLReader` that is obtained from a safe source. */
class CreatedSafeXMLReader extends Call {
CreatedSafeXMLReader() {
/** An `XmlReader` that is obtained from a safe source. */
class CreatedSafeXmlReader extends Call {
CreatedSafeXmlReader() {
//Obtained from SAXParser
exists(SafeSAXParserFlowConfig safeParser |
this.(MethodAccess).getMethod().getDeclaringType() instanceof SAXParser and
exists(SafeSaxParserFlowConfig safeParser |
this.(MethodAccess).getMethod().getDeclaringType() instanceof SaxParser and
this.(MethodAccess).getMethod().hasName("getXMLReader") and
safeParser.hasFlowToExpr(this.getQualifier())
)
or
//Obtained from SAXReader
exists(SafeSAXReaderFlowConfig safeReader |
this.(MethodAccess).getMethod().getDeclaringType() instanceof SAXReader and
exists(SafeSaxReaderFlowConfig safeReader |
this.(MethodAccess).getMethod().getDeclaringType() instanceof SaxReader and
this.(MethodAccess).getMethod().hasName("getXMLReader") and
safeReader.hasFlowToExpr(this.getQualifier())
)
@@ -753,28 +810,34 @@ class CreatedSafeXMLReader extends Call {
)
}
predicate flowsTo(SafeXMLReaderFlowSink sink) {
any(CreatedSafeXMLReaderFlowConfig conf)
predicate flowsTo(SafeXmlReaderFlowSink sink) {
any(CreatedSafeXmlReaderFlowConfig conf)
.hasFlow(DataFlow::exprNode(this), DataFlow::exprNode(sink))
}
}
/** DEPRECATED: Alias for CreatedSafeXmlReader */
deprecated class CreatedSafeXMLReader = CreatedSafeXmlReader;
/*
* SAXSource in
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
*/
/** The class `javax.xml.transform.sax.SAXSource` */
class SAXSource extends RefType {
SAXSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") }
/** The class `javax.xml.transform.sax.SaxSource` */
class SaxSource extends RefType {
SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") }
}
/** A call to the constructor of `SAXSource` with `XMLReader` and `InputSource`. */
class ConstructedSAXSource extends ClassInstanceExpr {
ConstructedSAXSource() {
this.getConstructedType() instanceof SAXSource and
/** DEPRECATED: Alias for SaxSource */
deprecated class SAXSource = SaxSource;
/** A call to the constructor of `SaxSource` with `XmlReader` and `InputSource`. */
class ConstructedSaxSource extends ClassInstanceExpr {
ConstructedSaxSource() {
this.getConstructedType() instanceof SaxSource and
this.getNumArgument() = 2 and
this.getArgument(0).getType() instanceof XMLReader
this.getArgument(0).getType() instanceof XmlReader
}
/**
@@ -782,40 +845,49 @@ class ConstructedSAXSource extends ClassInstanceExpr {
*/
Expr getSink() { result = this.getArgument(1) }
/** Holds if the resulting `SAXSource` is safe. */
/** Holds if the resulting `SaxSource` is safe. */
predicate isSafe() {
exists(CreatedSafeXMLReader safeReader | safeReader.flowsTo(this.getArgument(0))) or
exists(ExplicitlySafeXMLReader safeReader | safeReader.flowsTo(this.getArgument(0)))
exists(CreatedSafeXmlReader safeReader | safeReader.flowsTo(this.getArgument(0))) or
exists(ExplicitlySafeXmlReader safeReader | safeReader.flowsTo(this.getArgument(0)))
}
}
/** A call to the `SAXSource.setXMLReader` method. */
class SAXSourceSetReader extends MethodAccess {
SAXSourceSetReader() {
/** DEPRECATED: Alias for ConstructedSaxSource */
deprecated class ConstructedSAXSource = ConstructedSaxSource;
/** A call to the `SaxSource.setXMLReader` method. */
class SaxSourceSetReader extends MethodAccess {
SaxSourceSetReader() {
exists(Method m |
m = this.getMethod() and
m.getDeclaringType() instanceof SAXSource and
m.getDeclaringType() instanceof SaxSource and
m.hasName("setXMLReader")
)
}
}
/** A `SAXSource` that is safe to use. */
class SafeSAXSource extends Expr {
SafeSAXSource() {
/** DEPRECATED: Alias for SaxSourceSetReader */
deprecated class SAXSourceSetReader = SaxSourceSetReader;
/** A `SaxSource` that is safe to use. */
class SafeSaxSource extends Expr {
SafeSaxSource() {
exists(Variable v | v = this.(VarAccess).getVariable() |
exists(SAXSourceSetReader s | s.getQualifier() = v.getAnAccess() |
exists(SaxSourceSetReader s | s.getQualifier() = v.getAnAccess() |
(
exists(CreatedSafeXMLReader safeReader | safeReader.flowsTo(s.getArgument(0))) or
exists(ExplicitlySafeXMLReader safeReader | safeReader.flowsTo(s.getArgument(0)))
exists(CreatedSafeXmlReader safeReader | safeReader.flowsTo(s.getArgument(0))) or
exists(ExplicitlySafeXmlReader safeReader | safeReader.flowsTo(s.getArgument(0)))
)
)
)
or
this.(ConstructedSAXSource).isSafe()
this.(ConstructedSaxSource).isSafe()
}
}
/** DEPRECATED: Alias for SafeSaxSource */
deprecated class SafeSAXSource = SafeSaxSource;
/* Transformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory */
/** An access to a method use for configuring a transformer or schema. */
abstract class TransformerConfig extends MethodAccess {
@@ -992,8 +1064,8 @@ class SafeTransformer extends MethodAccess {
*/
/** A call to `SAXTransformerFactory.newFilter`. */
class SAXTransformerFactoryNewXMLFilter extends XmlParserCall {
SAXTransformerFactoryNewXMLFilter() {
class SaxTransformerFactoryNewXmlFilter extends XmlParserCall {
SaxTransformerFactoryNewXmlFilter() {
exists(Method m |
this.getMethod() = m and
m.getDeclaringType().hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") and
@@ -1008,6 +1080,9 @@ class SAXTransformerFactoryNewXMLFilter extends XmlParserCall {
}
}
/** DEPRECATED: Alias for SaxTransformerFactoryNewXmlFilter */
deprecated class SAXTransformerFactoryNewXMLFilter = SaxTransformerFactoryNewXmlFilter;
/* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */
/** The class `javax.xml.validation.SchemaFactory`. */
class SchemaFactory extends RefType {
@@ -1116,8 +1191,8 @@ class XPathEvaluate extends XmlParserCall {
// Sink methods in simplexml http://simple.sourceforge.net/home.php
/** A call to `read` or `validate` in `Persister`. */
class SimpleXMLPersisterCall extends XmlParserCall {
SimpleXMLPersisterCall() {
class SimpleXmlPersisterCall extends XmlParserCall {
SimpleXmlPersisterCall() {
exists(Method m |
this.getMethod() = m and
(m.hasName("validate") or m.hasName("read")) and
@@ -1130,9 +1205,12 @@ class SimpleXMLPersisterCall extends XmlParserCall {
override predicate isSafe() { none() }
}
/** DEPRECATED: Alias for SimpleXmlPersisterCall */
deprecated class SimpleXMLPersisterCall = SimpleXmlPersisterCall;
/** A call to `provide` in `Provider`. */
class SimpleXMLProviderCall extends XmlParserCall {
SimpleXMLProviderCall() {
class SimpleXmlProviderCall extends XmlParserCall {
SimpleXmlProviderCall() {
exists(Method m |
this.getMethod() = m and
m.hasName("provide") and
@@ -1148,9 +1226,12 @@ class SimpleXMLProviderCall extends XmlParserCall {
override predicate isSafe() { none() }
}
/** DEPRECATED: Alias for SimpleXmlProviderCall */
deprecated class SimpleXMLProviderCall = SimpleXmlProviderCall;
/** A call to `read` in `NodeBuilder`. */
class SimpleXMLNodeBuilderCall extends XmlParserCall {
SimpleXMLNodeBuilderCall() {
class SimpleXmlNodeBuilderCall extends XmlParserCall {
SimpleXmlNodeBuilderCall() {
exists(Method m |
this.getMethod() = m and
m.hasName("read") and
@@ -1163,9 +1244,12 @@ class SimpleXMLNodeBuilderCall extends XmlParserCall {
override predicate isSafe() { none() }
}
/** DEPRECATED: Alias for SimpleXmlNodeBuilderCall */
deprecated class SimpleXMLNodeBuilderCall = SimpleXmlNodeBuilderCall;
/** A call to the `format` method of the `Formatter`. */
class SimpleXMLFormatterCall extends XmlParserCall {
SimpleXMLFormatterCall() {
class SimpleXmlFormatterCall extends XmlParserCall {
SimpleXmlFormatterCall() {
exists(Method m |
this.getMethod() = m and
m.hasName("format") and
@@ -1178,6 +1262,9 @@ class SimpleXMLFormatterCall extends XmlParserCall {
override predicate isSafe() { none() }
}
/** DEPRECATED: Alias for SimpleXmlFormatterCall */
deprecated class SimpleXMLFormatterCall = SimpleXmlFormatterCall;
/** A configuration for secure processing. */
Expr configSecureProcessing() {
result.(ConstantStringExpr).getStringValue() =

6
java/ql/lib/semmle/code/java/security/XsltInjection.qll
View File

@@ -112,7 +112,7 @@ private predicate documentBuilderStep(DataFlow::Node n1, DataFlow::Node n2) {
* `new DOMSource(tainted)`.
*/
private predicate domSourceStep(DataFlow::Node n1, DataFlow::Node n2) {
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeDOMSource |
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeDomSource |
n1.asExpr() = cc.getAnArgument() and
n2.asExpr() = cc
)
@@ -179,8 +179,8 @@ private class TypeStAXSource extends Class {
}
/** The class `javax.xml.transform.dom.DOMSource`. */
private class TypeDOMSource extends Class {
TypeDOMSource() { this.hasQualifiedName("javax.xml.transform.dom", "DOMSource") }
private class TypeDomSource extends Class {
TypeDomSource() { this.hasQualifiedName("javax.xml.transform.dom", "DOMSource") }
}
/** The interface `javax.xml.transform.Templates`. */