mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Java: Autoformat
This commit is contained in:
Anders Schack-Mulligen
@@ -138,7 +138,8 @@ class ClassReflectivelyReadField extends ReflectivelyReadField {
|
||||
* Consider all `JacksonSerializableField`s as reflectively read.
|
||||
*/
|
||||
class JacksonSerializableReflectivelyReadField extends ReflectivelyReadField,
|
||||
JacksonSerializableField { }
|
||||
JacksonSerializableField
|
||||
{ }
|
||||
|
||||
/**
|
||||
* A field that is used when applying Jackson mixins.
|
||||
|
||||
@@ -94,7 +94,8 @@ abstract class ReflectivelyConstructedClass extends EntryPoint, Class {
|
||||
/**
|
||||
* Classes that are deserialized by Jackson are reflectively constructed.
|
||||
*/
|
||||
library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType {
|
||||
library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType
|
||||
{
|
||||
override Callable getALiveCallable() {
|
||||
// Constructors may be called by Jackson, if they are a no-arg, they have a suitable annotation,
|
||||
// or inherit a suitable annotation through a mixin.
|
||||
@@ -308,8 +309,8 @@ class FacesAccessibleMethodEntryPoint extends CallableEntryPoint {
|
||||
* A Java Server Faces custom component, that is reflectively constructed by the framework when
|
||||
* used in a view (JSP or facelet).
|
||||
*/
|
||||
class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof FacesComponent {
|
||||
}
|
||||
class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof FacesComponent
|
||||
{ }
|
||||
|
||||
/**
|
||||
* Entry point for EJB home interfaces.
|
||||
@@ -459,5 +460,5 @@ class ArbitraryXmlEntryPoint extends ReflectivelyConstructedClass {
|
||||
deprecated class ArbitraryXMLEntryPoint = ArbitraryXmlEntryPoint;
|
||||
|
||||
/** A Selenium PageObject, created by a call to PageFactory.initElements(..). */
|
||||
class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass instanceof SeleniumPageObject {
|
||||
}
|
||||
class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass instanceof SeleniumPageObject
|
||||
{ }
|
||||
|
||||
@@ -33,8 +33,8 @@ class Struts1ActionEntryPoint extends EntryPoint, Class {
|
||||
/**
|
||||
* A struts 2 action class that is reflectively constructed.
|
||||
*/
|
||||
class Struts2ReflectivelyConstructedAction extends ReflectivelyConstructedClass instanceof Struts2ActionClass {
|
||||
}
|
||||
class Struts2ReflectivelyConstructedAction extends ReflectivelyConstructedClass instanceof Struts2ActionClass
|
||||
{ }
|
||||
|
||||
/**
|
||||
* A method called on a struts 2 action class when the action is activated.
|
||||
|
||||
@@ -78,7 +78,8 @@ class JUnitCategory extends WhitelistedLiveClass {
|
||||
/**
|
||||
* A listener that will be reflectively constructed by TestNG.
|
||||
*/
|
||||
class TestNGReflectivelyConstructedListener extends ReflectivelyConstructedClass instanceof TestNGListenerImpl {
|
||||
class TestNGReflectivelyConstructedListener extends ReflectivelyConstructedClass instanceof TestNGListenerImpl
|
||||
{
|
||||
// Consider any class that implements a TestNG listener interface to be live. Listeners can be
|
||||
// specified on the command line, in `testng.xml` files and in Ant build files, so it is safest
|
||||
// to assume that all such listeners are live.
|
||||
|
||||
@@ -123,7 +123,8 @@ class StartServiceMethod extends Method {
|
||||
|
||||
/** Specifies that if an `Intent` is tainted, then so are its synthetic fields. */
|
||||
private class IntentFieldsInheritTaint extends DataFlow::SyntheticFieldContent,
|
||||
TaintInheritingContent {
|
||||
TaintInheritingContent
|
||||
{
|
||||
IntentFieldsInheritTaint() { this.getField().matches("android.content.Intent.%") }
|
||||
}
|
||||
|
||||
|
||||
@@ -35,6 +35,7 @@ private class SliceProviderLifecycleStep extends AdditionalValueStep {
|
||||
}
|
||||
|
||||
private class SliceActionsInheritTaint extends DataFlow::SyntheticFieldContent,
|
||||
TaintInheritingContent {
|
||||
TaintInheritingContent
|
||||
{
|
||||
SliceActionsInheritTaint() { this.getField() = "androidx.slice.Slice.action" }
|
||||
}
|
||||
|
||||
@@ -11,7 +11,8 @@ private class ParseAsMethod extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
private class TypeLiteralToParseAsFlowConfiguration extends DataFlowForSerializability::Configuration {
|
||||
private class TypeLiteralToParseAsFlowConfiguration extends DataFlowForSerializability::Configuration
|
||||
{
|
||||
TypeLiteralToParseAsFlowConfiguration() {
|
||||
this = "GoogleHttpClientApi::TypeLiteralToParseAsFlowConfiguration"
|
||||
}
|
||||
|
||||
@@ -91,7 +91,8 @@ private class FieldReferencedJacksonSerializableType extends JacksonSerializable
|
||||
/** A type whose values may be deserialized by the Jackson JSON framework. */
|
||||
abstract class JacksonDeserializableType extends Type { }
|
||||
|
||||
private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlowForSerializability::Configuration {
|
||||
private class TypeLiteralToJacksonDatabindFlowConfiguration extends DataFlowForSerializability::Configuration
|
||||
{
|
||||
TypeLiteralToJacksonDatabindFlowConfiguration() {
|
||||
this = "TypeLiteralToJacksonDatabindFlowConfiguration"
|
||||
}
|
||||
|
||||
@@ -75,8 +75,8 @@ class ForbiddenSecurityConfigurationCallable extends ForbiddenCallable {
|
||||
}
|
||||
|
||||
/** A method or constructor involving serialization that may not be called by an EJB. */
|
||||
class ForbiddenSerializationCallable extends ForbiddenCallable instanceof ForbiddenSerializationMethod {
|
||||
}
|
||||
class ForbiddenSerializationCallable extends ForbiddenCallable instanceof ForbiddenSerializationMethod
|
||||
{ }
|
||||
|
||||
/** A method or constructor involving network factory operations that may not be called by an EJB. */
|
||||
class ForbiddenSetFactoryCallable extends ForbiddenCallable instanceof ForbiddenSetFactoryMethod { }
|
||||
|
||||
@@ -115,7 +115,8 @@ private class IsWindowsFromApacheCommons extends IsWindowsGuard instanceof Field
|
||||
IsWindowsFromApacheCommons() { isOsFromApacheCommons(this, "IS\\_OS\\_WINDOWS") }
|
||||
}
|
||||
|
||||
private class IsSpecificWindowsVariantFromApacheCommons extends IsSpecificWindowsVariant instanceof FieldAccess {
|
||||
private class IsSpecificWindowsVariantFromApacheCommons extends IsSpecificWindowsVariant instanceof FieldAccess
|
||||
{
|
||||
IsSpecificWindowsVariantFromApacheCommons() {
|
||||
isOsFromApacheCommons(this, "IS\\_OS\\_WINDOWS\\_%")
|
||||
}
|
||||
@@ -125,7 +126,8 @@ private class IsUnixFromApacheCommons extends IsUnixGuard instanceof FieldAccess
|
||||
IsUnixFromApacheCommons() { isOsFromApacheCommons(this, "IS\\_OS\\_UNIX") }
|
||||
}
|
||||
|
||||
private class IsSpecificUnixVariantFromApacheCommons extends IsSpecificUnixVariant instanceof FieldAccess {
|
||||
private class IsSpecificUnixVariantFromApacheCommons extends IsSpecificUnixVariant instanceof FieldAccess
|
||||
{
|
||||
IsSpecificUnixVariantFromApacheCommons() {
|
||||
isOsFromApacheCommons(this,
|
||||
[
|
||||
|
||||
@@ -47,7 +47,8 @@ private class DefaultFragmentInjectionSink extends FragmentInjectionSink {
|
||||
DefaultFragmentInjectionSink() { sinkNode(this, "fragment-injection") }
|
||||
}
|
||||
|
||||
private class DefaultFragmentInjectionAdditionalTaintStep extends FragmentInjectionAdditionalTaintStep {
|
||||
private class DefaultFragmentInjectionAdditionalTaintStep extends FragmentInjectionAdditionalTaintStep
|
||||
{
|
||||
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
|
||||
exists(ReflectiveClassIdentifierMethodAccess ma |
|
||||
ma.getArgument(0) = n1.asExpr() and ma = n2.asExpr()
|
||||
|
||||
@@ -45,7 +45,8 @@ class IntentUriPermissionManipulationAdditionalTaintStep extends Unit {
|
||||
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
|
||||
}
|
||||
|
||||
private class DefaultIntentUriPermissionManipulationSink extends IntentUriPermissionManipulationSink {
|
||||
private class DefaultIntentUriPermissionManipulationSink extends IntentUriPermissionManipulationSink
|
||||
{
|
||||
DefaultIntentUriPermissionManipulationSink() {
|
||||
exists(MethodAccess ma | ma.getMethod() instanceof ActivitySetResultMethod |
|
||||
ma.getArgument(1) = this.asExpr()
|
||||
|
||||
@@ -55,7 +55,8 @@ class JwtParserWithInsecureParseAdditionalFlowStep extends Unit {
|
||||
}
|
||||
|
||||
/** A set of additional flow steps to consider when working with JWT parsing related data flows. */
|
||||
private class DefaultJwtParserWithInsecureParseAdditionalFlowStep extends JwtParserWithInsecureParseAdditionalFlowStep {
|
||||
private class DefaultJwtParserWithInsecureParseAdditionalFlowStep extends JwtParserWithInsecureParseAdditionalFlowStep
|
||||
{
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
jwtParserStep(node1.asExpr(), node2.asExpr())
|
||||
}
|
||||
|
||||
@@ -34,7 +34,8 @@ private class DefaultRequestForgeryAdditionalTaintStep extends RequestForgeryAdd
|
||||
}
|
||||
}
|
||||
|
||||
private class TypePropertiesRequestForgeryAdditionalTaintStep extends RequestForgeryAdditionalTaintStep {
|
||||
private class TypePropertiesRequestForgeryAdditionalTaintStep extends RequestForgeryAdditionalTaintStep
|
||||
{
|
||||
override predicate propagatesTaint(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(MethodAccess ma |
|
||||
// Properties props = new Properties();
|
||||
|
||||
@@ -21,7 +21,8 @@ class SpelExpressionInjectionAdditionalTaintStep extends Unit {
|
||||
}
|
||||
|
||||
/** A set of additional taint steps to consider when taint tracking SpEL related data flows. */
|
||||
private class DefaultSpelExpressionInjectionAdditionalTaintStep extends SpelExpressionInjectionAdditionalTaintStep {
|
||||
private class DefaultSpelExpressionInjectionAdditionalTaintStep extends SpelExpressionInjectionAdditionalTaintStep
|
||||
{
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
expressionParsingStep(node1, node2)
|
||||
}
|
||||
|
||||
@@ -62,8 +62,8 @@ abstract class TemplateInjectionSanitizerWithState extends DataFlow::Node {
|
||||
abstract predicate hasState(DataFlow::FlowState state);
|
||||
}
|
||||
|
||||
private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof RemoteFlowSource {
|
||||
}
|
||||
private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof RemoteFlowSource
|
||||
{ }
|
||||
|
||||
private class DefaultTemplateInjectionSink extends TemplateInjectionSink {
|
||||
DefaultTemplateInjectionSink() { sinkNode(this, "ssti") }
|
||||
|
||||
@@ -60,7 +60,8 @@ private class DefaultXssSanitizer extends XssSanitizer {
|
||||
}
|
||||
|
||||
/** A configuration that tracks data from a servlet writer to an output method. */
|
||||
private class XssVulnerableWriterSourceToWritingMethodFlowConfig extends TaintTracking2::Configuration {
|
||||
private class XssVulnerableWriterSourceToWritingMethodFlowConfig extends TaintTracking2::Configuration
|
||||
{
|
||||
XssVulnerableWriterSourceToWritingMethodFlowConfig() {
|
||||
this = "XSS::XssVulnerableWriterSourceToWritingMethodFlowConfig"
|
||||
}
|
||||
|
||||
@@ -198,7 +198,8 @@ private class DocumentBuilderConstruction extends MethodAccess {
|
||||
}
|
||||
}
|
||||
|
||||
private class SafeDocumentBuilderFactoryToDocumentBuilderConstructionFlowConfig extends DataFlow3::Configuration {
|
||||
private class SafeDocumentBuilderFactoryToDocumentBuilderConstructionFlowConfig extends DataFlow3::Configuration
|
||||
{
|
||||
SafeDocumentBuilderFactoryToDocumentBuilderConstructionFlowConfig() {
|
||||
this = "XmlParsers::SafeDocumentBuilderFactoryToDocumentBuilderConstructionFlowConfig"
|
||||
}
|
||||
|
||||
@@ -55,7 +55,8 @@ private predicate newTransformerOrTemplatesStep(DataFlow::Node n1, DataFlow::Nod
|
||||
/**
|
||||
* A data flow configuration for secure processing feature that is enabled on `TransformerFactory`.
|
||||
*/
|
||||
private class TransformerFactoryWithSecureProcessingFeatureFlowConfig extends DataFlow2::Configuration {
|
||||
private class TransformerFactoryWithSecureProcessingFeatureFlowConfig extends DataFlow2::Configuration
|
||||
{
|
||||
TransformerFactoryWithSecureProcessingFeatureFlowConfig() {
|
||||
this = "TransformerFactoryWithSecureProcessingFeatureFlowConfig"
|
||||
}
|
||||
|
||||
@@ -27,25 +27,29 @@ abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
|
||||
abstract string splittingType();
|
||||
}
|
||||
|
||||
abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
|
||||
abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
|
||||
{
|
||||
override string splittingType() { result = "Request splitting or response splitting" }
|
||||
}
|
||||
|
||||
/**
|
||||
* Request splitting can allowing an attacker to inject/smuggle an additional HTTP request into the socket connection.
|
||||
*/
|
||||
abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
|
||||
abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
|
||||
{
|
||||
override string splittingType() { result = "Request splitting" }
|
||||
}
|
||||
|
||||
/**
|
||||
* Response splitting can lead to HTTP vulnerabilities like XSS and cache poisoning.
|
||||
*/
|
||||
abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
|
||||
abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
|
||||
{
|
||||
override string splittingType() { result = "Response splitting" }
|
||||
}
|
||||
|
||||
private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation {
|
||||
private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation
|
||||
{
|
||||
InsecureDefaultHttpHeadersClassInstantiation() {
|
||||
this.getConstructedType()
|
||||
.hasQualifiedName("io.netty.handler.codec.http",
|
||||
@@ -54,21 +58,24 @@ private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResp
|
||||
}
|
||||
}
|
||||
|
||||
private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation {
|
||||
private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
|
||||
{
|
||||
InsecureDefaultHttpResponseClassInstantiation() {
|
||||
this.getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpResponse") and
|
||||
vulnerableArgumentIndex = 2
|
||||
}
|
||||
}
|
||||
|
||||
private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation {
|
||||
private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
|
||||
{
|
||||
InsecureDefaultHttpRequestClassInstantiation() {
|
||||
this.getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpRequest") and
|
||||
vulnerableArgumentIndex = 3
|
||||
}
|
||||
}
|
||||
|
||||
private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation {
|
||||
private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
|
||||
{
|
||||
InsecureDefaultFullHttpResponseClassInstantiation() {
|
||||
this.getConstructedType()
|
||||
.hasQualifiedName("io.netty.handler.codec.http", "DefaultFullHttpResponse") and
|
||||
@@ -76,7 +83,8 @@ private class InsecureDefaultFullHttpResponseClassInstantiation extends Response
|
||||
}
|
||||
}
|
||||
|
||||
private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation {
|
||||
private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
|
||||
{
|
||||
InsecureDefaultFullHttpRequestClassInstantiation() {
|
||||
this.getConstructedType()
|
||||
.hasQualifiedName("io.netty.handler.codec.http", "DefaultFullHttpRequest") and
|
||||
|
||||
@@ -81,8 +81,8 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink {
|
||||
}
|
||||
|
||||
/** A data flow sink for sql operation. */
|
||||
private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink instanceof QueryInjectionSink {
|
||||
}
|
||||
private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink instanceof QueryInjectionSink
|
||||
{ }
|
||||
|
||||
/** A method that split string. */
|
||||
class SplitMethod extends Method {
|
||||
|
||||
Reference in New Issue
Block a user