Merge pull request #13297 from atorralba/atorralba/java/playmvc-models

Java: Add models for the Play Framework

java/ql/lib/change-notes/2023-05-26-play-framework-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added more dataflow models for the Play Framework.

java/ql/lib/ext/play.libs.ws.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["play.libs.ws", "WSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"]
+      - ["play.libs.ws", "StandaloneWSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"]

java/ql/lib/ext/play.mvc.model.yml

@@ -3,7 +3,44 @@ extensions:
       pack: codeql/java-all
       extensible: sourceModel
     data:
-      - ["play.mvc", "Http$RequestHeader", False, "getHeader", "", "", "ReturnValue", "remote", "manual"]
-      - ["play.mvc", "Http$RequestHeader", False, "getQueryString", "", "", "ReturnValue", "remote", "manual"]
-      - ["play.mvc", "Http$RequestHeader", False, "header", "", "", "ReturnValue", "remote", "manual"]
-      - ["play.mvc", "Http$RequestHeader", False, "queryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$Request", True, "body", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "cookie", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "cookies", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "getHeader", "", "", "ReturnValue", "remote", "manual"] # v2.4.x
+      - ["play.mvc", "Http$RequestHeader", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"] # v2.7.x
+      - ["play.mvc", "Http$RequestHeader", True, "getQueryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "header", "", "", "ReturnValue", "remote", "manual"] # v2.7.x
+      - ["play.mvc", "Http$RequestHeader", True, "headers", "", "", "ReturnValue", "remote", "manual"] # v2.4.x
+      - ["play.mvc", "Http$RequestHeader", True, "host", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "path", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "queryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "remoteAddress", "", "", "ReturnValue", "remote", "manual"]
+      - ["play.mvc", "Http$RequestHeader", True, "uri", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["play.mvc", "Http$RequestBody", True, "as", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asBytes", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x
+      - ["play.mvc", "Http$RequestBody", True, "asFormUrlEncoded", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asJson", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asMultipartFormData", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asRaw", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asText", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "asXml", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RequestBody", True, "parseJson", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x
+      - ["play.mvc", "Http$MultipartFormData", True, "asFormUrlEncoded", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData", True, "getFiles", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getContentType", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getDispositionType", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.4.x
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getFilename", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getKey", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getRef", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x
+      - ["play.mvc", "Http$RawBuffer", True, "asBytes", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$RawBuffer", True, "asFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$Cookie", True, "name", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$Cookie", True, "value", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$Cookies", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["play.mvc", "Http$Cookies", True, "getCookie", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x

java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java

@@ -0,0 +1,25 @@
+import play.mvc.Http;
+
+public class PlayMvc {
+
+    private Http.Request request;
+    private Http.RequestHeader header;
+
+    private static void sink(Object o) {}
+
+    public void test() throws Exception {
+        sink(request.body()); // $ hasRemoteValueFlow
+        sink(header.cookie(null)); // $ hasRemoteValueFlow
+        sink(header.cookies()); // $ hasRemoteValueFlow
+        sink(header.getHeader(null)); // $ hasRemoteValueFlow
+        sink(header.getHeaders()); // $ hasRemoteValueFlow
+        sink(header.getQueryString(null)); // $ hasRemoteValueFlow
+        sink(header.header(null)); // $ hasRemoteValueFlow
+        sink(header.headers()); // $ hasRemoteValueFlow
+        sink(header.host()); // $ hasRemoteValueFlow
+        sink(header.path()); // $ hasRemoteValueFlow
+        sink(header.queryString()); // $ hasRemoteValueFlow
+        sink(header.remoteAddress()); // $ hasRemoteValueFlow
+        sink(header.uri()); // $ hasRemoteValueFlow
+    }
+}

java/ql/test/library-tests/frameworks/play/mad/Test.java

@@ -0,0 +1,194 @@
+package generatedtest;
+
+import akka.util.ByteString;
+import com.fasterxml.jackson.databind.JsonNode;
+import java.io.File;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import org.w3c.dom.Document;
+import play.mvc.Http;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() {
+		return null;
+	}
+
+	void sink(Object o) {}
+
+	public void test() throws Exception {
+
+		{
+			// "play.mvc;Http$Cookie;true;name;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.Cookie in = (Http.Cookie) source();
+			out = in.name();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$Cookie;true;value;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.Cookie in = (Http.Cookie) source();
+			out = in.value();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$Cookies;true;get;;;Argument[this];ReturnValue;taint;manual"
+			Http.Cookie out = null;
+			Http.Cookies in = (Http.Cookies) source();
+			out = in.get(null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$Cookies;true;getCookie;;;Argument[this];ReturnValue;taint;manual"
+			Optional out = null;
+			Http.Cookies in = (Http.Cookies) source();
+			out = in.getCookie(null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData$FilePart;true;getContentType;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
+			out = in.getContentType();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData$FilePart;true;getDispositionType;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
+			out = in.getDispositionType();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData$FilePart;true;getFilename;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
+			out = in.getFilename();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData$FilePart;true;getKey;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
+			out = in.getKey();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData$FilePart;true;getRef;;;Argument[this];ReturnValue;taint;manual"
+			Object out = null;
+			Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
+			out = in.getRef();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual"
+			Map out = null;
+			Http.MultipartFormData in = (Http.MultipartFormData) source();
+			out = in.asFormUrlEncoded();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData;true;getFile;;;Argument[this];ReturnValue;taint;manual"
+			Http.MultipartFormData.FilePart out = null;
+			Http.MultipartFormData in = (Http.MultipartFormData) source();
+			out = in.getFile(null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$MultipartFormData;true;getFiles;;;Argument[this];ReturnValue;taint;manual"
+			List out = null;
+			Http.MultipartFormData in = (Http.MultipartFormData) source();
+			out = in.getFiles();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
+			ByteString out = null;
+			Http.RawBuffer in = (Http.RawBuffer) source();
+			out = in.asBytes();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
+			ByteString out = null;
+			Http.RawBuffer in = (Http.RawBuffer) source();
+			out = in.asBytes(0);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RawBuffer;true;asFile;;;Argument[this];ReturnValue;taint;manual"
+			File out = null;
+			Http.RawBuffer in = (Http.RawBuffer) source();
+			out = in.asFile();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;as;;;Argument[this];ReturnValue;taint;manual"
+			Object out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.as(null);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
+			ByteString out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asBytes();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual"
+			Map out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asFormUrlEncoded();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asJson;;;Argument[this];ReturnValue;taint;manual"
+			JsonNode out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asJson();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asMultipartFormData;;;Argument[this];ReturnValue;taint;manual"
+			Http.MultipartFormData out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asMultipartFormData();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asRaw;;;Argument[this];ReturnValue;taint;manual"
+			Http.RawBuffer out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asRaw();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asText;;;Argument[this];ReturnValue;taint;manual"
+			String out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asText();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;asXml;;;Argument[this];ReturnValue;taint;manual"
+			Document out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.asXml();
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "play.mvc;Http$RequestBody;true;parseJson;;;Argument[this];ReturnValue;taint;manual"
+			Optional out = null;
+			Http.RequestBody in = (Http.RequestBody) source();
+			out = in.parseJson(null);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}

java/ql/test/library-tests/frameworks/play/test.ql

@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest

java/ql/test/query-tests/security/CWE-918/mad/Test.java

@@ -9,6 +9,8 @@ import javafx.scene.web.WebEngine;
 import org.apache.commons.jelly.JellyContext;
 import org.codehaus.cargo.container.installer.ZipURLInstaller;
 import org.kohsuke.stapler.HttpResponses;
+import play.libs.ws.WSClient;
+import play.libs.ws.StandaloneWSClient;
 
 public class Test {
 
@@ -74,4 +76,14 @@ public class Test {
         r.staticResource((URL) source()); // $ SSRF
     }
 
+    public void test(WSClient c) {
+        // "play.libs.ws;WSClient;true;url;;;Argument[0];open-url;manual"
+        c.url((String) source()); // $ SSRF
+    }
+
+    public void test(StandaloneWSClient c) {
+        // "play.libs.ws;StandaloneWSClient;true;url;;;Argument[0];open-url;manual"
+        c.url((String) source()); // $ SSRF
+    }
+
 }

java/ql/test/query-tests/security/CWE-918/options

@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5
+//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x

java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java

@@ -0,0 +1,131 @@
+// Generated automatically from play.api.mvc.Cookie for testing purposes
+
+package play.api.mvc;
+
+import play.mvc.Http;
+
+public class Cookie {
+    protected Cookie() {}
+
+    abstract static public class SameSite {
+        protected SameSite() {}
+
+        public Http.Cookie.SameSite asJava() {
+            return null;
+        }
+
+        public SameSite(String p0) {}
+
+        public String value() {
+            return null;
+        }
+
+        public boolean play$api$mvc$Cookie$SameSite$$matches(String p0) {
+            return false;
+        }
+    }
+
+    public Http.Cookie asJava() {
+        return null;
+    }
+
+    public Object productElement(int p0) {
+        return null;
+    }
+
+    public String copy$default$1() {
+        return null;
+    }
+
+    public String copy$default$2() {
+        return null;
+    }
+
+    public String copy$default$4() {
+        return null;
+    }
+
+    public String name() {
+        return null;
+    }
+
+    public String path() {
+        return null;
+    }
+
+    public String productPrefix() {
+        return null;
+    }
+
+    public String toString() {
+        return null;
+    }
+
+    public String value() {
+        return null;
+    }
+
+    public boolean canEqual(Object p0) {
+        return false;
+    }
+
+    public boolean copy$default$6() {
+        return false;
+    }
+
+    public boolean copy$default$7() {
+        return false;
+    }
+
+    public boolean equals(Object p0) {
+        return false;
+    }
+
+    public boolean httpOnly() {
+        return false;
+    }
+
+    public boolean secure() {
+        return false;
+    }
+
+    public int hashCode() {
+        return 0;
+    }
+
+    public int productArity() {
+        return 0;
+    }
+
+    public static String $lessinit$greater$default$4() {
+        return null;
+    }
+
+    public static String apply$default$4() {
+        return null;
+    }
+
+    public static boolean $lessinit$greater$default$6() {
+        return false;
+    }
+
+    public static boolean $lessinit$greater$default$7() {
+        return false;
+    }
+
+    public static boolean apply$default$6() {
+        return false;
+    }
+
+    public static boolean apply$default$7() {
+        return false;
+    }
+
+    public static int DiscardedMaxAge() {
+        return 0;
+    }
+
+    public static play.api.mvc.Cookie validatePrefix(play.api.mvc.Cookie p0) {
+        return null;
+    }
+}

java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java

@@ -0,0 +1,9 @@
+package play.libs.ws;
+
+public class StandaloneWSClient {
+
+    public StandaloneWSRequest url(String url) {
+        return null;
+    }
+
+}

java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java

@@ -0,0 +1,5 @@
+package play.libs.ws;
+
+public class StandaloneWSRequest {
+    
+}

java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java

@@ -0,0 +1,9 @@
+package play.libs.ws;
+
+public class WSClient {
+
+    public WSRequest url(String url) {
+        return null;
+    }
+
+}

java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java

@@ -0,0 +1,5 @@
+package play.libs.ws;
+
+public class WSRequest {
+
+}

java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java

@@ -1,5 +1,6 @@
 package play.mvc;
 
+import akka.util.ByteString;
 import com.fasterxml.jackson.databind.JsonNode;
 import java.io.File;
 import java.net.URI;
@@ -32,24 +33,12 @@ public class Http {
 
     public Context(Request request, JavaContextComponents components) {}
 
-    public Context(
-        Long id,
-        play.api.mvc.RequestHeader header,
-        Request request,
-        Map<String, String> sessionData,
-        Map<String, String> flashData,
-        Map<String, Object> args,
+    public Context(Long id, play.api.mvc.RequestHeader header, Request request,
+        Map<String, String> sessionData, Map<String, String> flashData, Map<String, Object> args,
         JavaContextComponents components) {}
 
-    public Context(
-        Long id,
-        play.api.mvc.RequestHeader header,
-        Request request,
-        Response response,
-        Session session,
-        Flash flash,
-        Map<String, Object> args,
-        JavaContextComponents components) {}
+    public Context(Long id, play.api.mvc.RequestHeader header, Request request, Response response,
+        Session session, Flash flash, Map<String, Object> args, JavaContextComponents components) {}
 
     public Long id() {
       return 0L;
@@ -328,8 +317,8 @@ public class Http {
       return null;
     }
 
-    public RequestBuilder bodyMultipart(
-        List<String> data, Files.TemporaryFileCreator temporaryFileCreator, String mat) {
+    public RequestBuilder bodyMultipart(List<String> data,
+        Files.TemporaryFileCreator temporaryFileCreator, String mat) {
       return null;
     }
 
@@ -536,6 +525,10 @@ public class Http {
 
   public abstract static class RawBuffer {
 
+    public abstract ByteString asBytes();
+
+    public abstract ByteString asBytes(int maxLength);
+
     public abstract Long size();
 
     public abstract File asFile();
@@ -559,7 +552,8 @@ public class Http {
       }
     }
 
-    public interface Part<A> {}
+    public interface Part<A> {
+    }
 
     public static class FilePart<A> implements Part<A> {
 
@@ -577,9 +571,17 @@ public class Http {
         return "";
       }
 
+      public String getDispositionType() {
+        return "";
+      }
+
       public A getFile() {
         return null;
       }
+
+      public A getRef() {
+        return null;
+      }
     }
 
     public static class DataPart {
@@ -608,6 +610,10 @@ public class Http {
 
     public RequestBody(Object body) {}
 
+    public ByteString asBytes() {
+      return null;
+    }
+
     public <A> MultipartFormData<A> asMultipartFormData() {
       return null;
     }
@@ -640,6 +646,10 @@ public class Http {
       return null;
     }
 
+    public <A> Optional<A> parseJson(Class<A> clazz) {
+      return null;
+    }
+
     public String toString() {
       return "";
     }
@@ -657,15 +667,8 @@ public class Http {
     public void setContentType(String contentType) {}
 
     @Deprecated
-    public void setCookie(
-        String name,
-        String value,
-        Integer maxAge,
-        String path,
-        String domain,
-        boolean secure,
-        boolean httpOnly,
-        SameSite sameSite) {}
+    public void setCookie(String name, String value, Integer maxAge, String path, String domain,
+        boolean secure, boolean httpOnly, SameSite sameSite) {}
 
     public void setCookie(Cookie cookie) {}
 
@@ -734,25 +737,12 @@ public class Http {
 
   public static class Cookie {
 
-    public Cookie(
-        String name,
-        String value,
-        Integer maxAge,
-        String path,
-        String domain,
-        boolean secure,
-        boolean httpOnly,
-        SameSite sameSite) {}
+    public Cookie(String name, String value, Integer maxAge, String path, String domain,
+        boolean secure, boolean httpOnly, SameSite sameSite) {}
 
     @Deprecated
-    public Cookie(
-        String name,
-        String value,
-        Integer maxAge,
-        String path,
-        String domain,
-        boolean secure,
-        boolean httpOnly) {}
+    public Cookie(String name, String value, Integer maxAge, String path, String domain,
+        boolean secure, boolean httpOnly) {}
 
     public static CookieBuilder builder(String name, String value) {
       return null;
@@ -791,9 +781,7 @@ public class Http {
     }
 
     public enum SameSite {
-      STRICT("Strict"),
-      LAX("Lax"),
-      NONE("None");
+      STRICT("Strict"), LAX("Lax"), NONE("None");
 
       SameSite(String value) {}
 
@@ -856,6 +844,8 @@ public class Http {
   public interface Cookies extends Iterable<Cookie> {
 
     Cookie get(String name);
+
+    Optional<Cookie> getCookie(String name);
   }
 
   public interface HeaderNames {