hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/kotlin

Browse Source
This commit is contained in:
Paolo Tranquilli
2024-05-16 15:55:08 +01:00
parent e546560d7c 92699d18ac
commit 75709bf1ec
771 changed files with 19858 additions and 11024 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
java/integration-tests-lib/toolchains_test_utils.py Normal file
View File

@@ -0,0 +1,42 @@
import os.path
import sys
import tempfile
def actions_expose_all_toolchains():
# On actions, expose all usable toolchains so that we can test version-selection logic.
toolchains_dir = tempfile.mkdtemp(prefix="integration-tests-toolchains-")
toolchains_file = os.path.join(toolchains_dir, "toolchains.xml")
def none_or_blank(s):
return s is None or s == ""
with open(toolchains_file, "w") as f:
f.write('<?xml version="1.0" encoding="UTF-8"?>\n<toolchains>\n')
for v in [8, 11, 17, 21]:
homedir = os.getenv("JAVA_HOME_%d_X64" % v)
if none_or_blank(homedir):
homedir = os.getenv("JAVA_HOME_%d_arm64" % v)
if none_or_blank(homedir) and v == 8 and not none_or_blank(os.getenv("JAVA_HOME_11_arm64")):
print("Mocking a toolchain entry using Java 11 install as a fake Java 8 entry, so this test behaves the same on x64 and arm64 runners", file = sys.stderr)
homedir = os.getenv("JAVA_HOME_11_arm64")
if homedir is not None and homedir != "":
f.write("""
<toolchain>
<type>jdk</type>
<provides>
<version>%d</version>
<vendor>oracle</vendor>
</provides>
<configuration>
<jdkHome>%s</jdkHome>
</configuration>
</toolchain>
""" % (v, homedir))
f.write("</toolchains>")
return toolchains_file

17
java/kotlin-extractor/src/main/java/com/semmle/util/process/Env.java
View File

@@ -36,14 +36,6 @@ public class Env {
/*
* Core toolchain variables
*/
/**
* The location of the toolchain.
*
* Deprecated in favour of {@link Var#SEMMLE_DIST}, {@link Var#SEMMLE_HOME}, and
* {@link Var#SEMMLE_DATA}.
*/
@Deprecated
ODASA_HOME,
/**
* The location of the user's configuration files, including project configurations,
* dashboard configurations, team insight configurations, licenses etc.
@@ -82,10 +74,6 @@ public class Env {
* The location where our queries are kept.
*/
ODASA_QUERIES,
/**
* The location of the 'tools' directory
*/
ODASA_TOOLS,
/**
* Whether we are running in 'prototyping mode'.
*/
@@ -197,10 +185,6 @@ public class Env {
* The platform we are running on; one of "linux", "osx" and "win".
*/
SEMMLE_PLATFORM,
/**
* Location of platform specific tools, currently only used in universal LGTM distributions
*/
SEMMLE_PLATFORM_TOOLS,
/**
* PATH to use to look up tooling required by macOS Relocator scripts.
*/
@@ -284,7 +268,6 @@ public class Env {
/*
* Layout variables
*/
ODASA_JAVA_LAYOUT,
ODASA_CPP_LAYOUT,
ODASA_CSHARP_LAYOUT,
ODASA_PYTHON_LAYOUT,

6
java/ql/automodel/src/AutomodelAlertSinkUtil.qll
View File

@@ -159,11 +159,7 @@ predicate sinkModelTallyPerQuery(string queryName, int alertCount, SinkModel sin
SinkTallier<RequestForgeryConfig>::getSinkModelCount(alertCount, sinkModel)
or
queryName = "java/command-line-injection" and
exists(int c1, int c2 |
SinkTallier<RemoteUserInputToArgumentToExecFlowConfig>::getSinkModelCount(c1, sinkModel) and
SinkTallier<LocalUserInputToArgumentToExecFlowConfig>::getSinkModelCount(c2, sinkModel) and
alertCount = c1 + c2
)
SinkTallier<InputToArgumentToExecFlowConfig>::getSinkModelCount(alertCount, sinkModel)
or
queryName = "java/concatenated-sql-query" and
SinkTallier<UncontrolledStringBuilderSourceFlowConfig>::getSinkModelCount(alertCount, sinkModel)

4
java/ql/automodel/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.0.23
No user-facing changes.
## 0.0.22
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/0.0.23.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.23
No user-facing changes.

2
java/ql/automodel/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.22
lastReleaseVersion: 0.0.23

2
java/ql/automodel/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 0.0.23-dev
version: 0.0.24-dev
groups:
- java
- automodel

6
java/ql/integration-tests/all-platforms/java/android-8-sample/.gitattributes vendored Normal file
View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

37
java/ql/integration-tests/all-platforms/java/android-8-sample/.gitignore vendored Normal file
View File

@@ -0,0 +1,37 @@
HELP.md
.gradle
build/
!gradle/wrapper/gradle-wrapper.jar
!**/src/main/**/build/
!**/src/test/**/build/
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
bin/
!**/src/main/**/bin/
!**/src/test/**/bin/
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
out/
!**/src/main/**/out/
!**/src/test/**/out/
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
### VS Code ###
.vscode/

13
java/ql/integration-tests/all-platforms/java/android-8-sample/build.gradle Normal file
View File

@@ -0,0 +1,13 @@
plugins {
/**
* Use `apply false` in the top-level build.gradle file to add a Gradle
* plugin as a build dependency but not apply it to the current (root)
* project. Don't use `apply false` in sub-projects. For more information,
* see Applying external plugins with same version to subprojects.
*/
id 'com.android.application' version '8.0.0' apply false
id 'com.android.library' version '8.0.0' apply false
id 'org.jetbrains.kotlin.android' version '1.7.20' apply false
}

4
java/ql/integration-tests/all-platforms/java/android-8-sample/force_sequential_test_execution Normal file
View File

@@ -0,0 +1,4 @@
# We currently have a bug where gradle tests become flaky when executed in parallel
# - sometimes, gradle fails to connect to the gradle daemon.
# Therefore, force this test to run sequentially.
# Additionally, Android SDK on-demand downloading can fail when multiple tests try to download the same SDK in parallel.

BIN
java/ql/integration-tests/all-platforms/java/android-8-sample/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

5
java/ql/integration-tests/all-platforms/java/android-8-sample/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.0-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

240
java/ql/integration-tests/all-platforms/java/android-8-sample/gradlew vendored Executable file
View File

@@ -0,0 +1,240 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
APP_NAME="Gradle"
APP_BASE_NAME=${0##*/}
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

91
java/ql/integration-tests/all-platforms/java/android-8-sample/gradlew.bat vendored Normal file
View File

@@ -0,0 +1,91 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

58
java/ql/integration-tests/all-platforms/java/android-8-sample/project/build.gradle Normal file
View File

@@ -0,0 +1,58 @@
/**
* The first line in the build configuration applies the Android Gradle plugin
* to this build and makes the android block available to specify
* Android-specific build options.
*/
plugins {
id 'com.android.application'
}
/**
* The android block is where you configure all your Android-specific
* build options.
*/
android {
/**
* The app's namespace. Used primarily to access app resources.
*/
namespace 'com.github.androidsample'
/**
* compileSdk specifies the Android API level Gradle should use to
* compile your app. This means your app can use the API features included in
* this API level and lower.
*/
compileSdk 33
/**
* The defaultConfig block encapsulates default settings and entries for all
* build variants and can override some attributes in main/AndroidManifest.xml
* dynamically from the build system. You can configure product flavors to override
* these values for different versions of your app.
*/
defaultConfig {
// Uniquely identifies the package for publishing.
applicationId 'com.github.androidsample'
// Defines the minimum API level required to run the app.
minSdk 21
// Specifies the API level used to test the app.
targetSdk 33
// Defines the version number of your app.
versionCode 1
// Defines a user-friendly version name for your app.
versionName "1.0"
}
variantFilter { variant -> if (variant.buildType.name == "debug") { setIgnore(true) } }
}

12
java/ql/integration-tests/all-platforms/java/android-8-sample/project/src/main/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.github.androidsample">
<application android:label="AndroidSample">
<activity android:name="Main" android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>

11
java/ql/integration-tests/all-platforms/java/android-8-sample/project/src/main/java/com/github/androidsample/Main.java Normal file
View File

@@ -0,0 +1,11 @@
package com.github.androidsample;
import android.app.Activity;
import android.os.Bundle;
public class Main extends Activity
{
@Override
public void onCreate(Bundle savedInstanceState) {
}
}

40
java/ql/integration-tests/all-platforms/java/android-8-sample/settings.gradle Normal file
View File

@@ -0,0 +1,40 @@
pluginManagement {
/**
* The pluginManagement {repositories {...}} block configures the
* repositories Gradle uses to search or download the Gradle plugins and
* their transitive dependencies. Gradle pre-configures support for remote
* repositories such as JCenter, Maven Central, and Ivy. You can also use
* local repositories or define your own remote repositories. The code below
* defines the Gradle Plugin Portal, Google's Maven repository,
* and the Maven Central Repository as the repositories Gradle should use to look for its
* dependencies.
*/
repositories {
gradlePluginPortal()
google()
mavenCentral()
}
}
dependencyResolutionManagement {
/**
* The dependencyResolutionManagement {repositories {...}}
* block is where you configure the repositories and dependencies used by
* all modules in your project, such as libraries that you are using to
* create your application. However, you should configure module-specific
* dependencies in each module-level build.gradle file. For new projects,
* Android Studio includes Google's Maven repository and the Maven Central
* Repository by default, but it does not configure any dependencies (unless
* you select a template that requires some).
*/
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
google()
mavenCentral()
}
}
rootProject.name = "Android Sample"
include ':project'

20
java/ql/integration-tests/all-platforms/java/android-8-sample/test.expected Normal file
View File

@@ -0,0 +1,20 @@
#select
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-libraries.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-libraries.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/module.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-dependencies.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-libraries.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-libraries.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release.xml |
| project/build/intermediates/incremental/mergeReleaseAssets/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseAssets/merger.xml |
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/incremental/release/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/release/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/release/packageReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/release/packageReleaseResources/merger.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |

10
java/ql/integration-tests/all-platforms/java/android-8-sample/test.py Normal file
View File

@@ -0,0 +1,10 @@
import sys
from create_database_utils import *
# Put Java 11 on the path so as to challenge our version selection logic: Java 11 is unsuitable for Android Gradle Plugin 8+,
# so it will be necessary to notice Java 17 available in the environment and actively select it.
try_use_java11()
run_codeql_database_create([], lang="java")

7
java/ql/integration-tests/all-platforms/java/android-8-sample/test.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from File f
where f.isSourceFile()
select f
query predicate xmlFiles(XmlFile x) { any() }

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.py
View File

@@ -1,6 +1,8 @@
import sys
from create_database_utils import *
from toolchains_test_utils import *
try_use_java11()
run_codeql_database_create([], lang="java")
toolchains_file = actions_expose_all_toolchains()
run_codeql_database_create([], lang="java", extra_env={"LGTM_INDEX_MAVEN_TOOLCHAINS_FILE": toolchains_file})

7
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.py
View File

@@ -1,7 +1,8 @@
import sys
from create_database_utils import *
from toolchains_test_utils import *
try_use_java11()
run_codeql_database_create([], lang="java")
toolchains_file = actions_expose_all_toolchains()
run_codeql_database_create([], lang="java", extra_env={"LGTM_INDEX_MAVEN_TOOLCHAINS_FILE": toolchains_file})

1
java/ql/integration-tests/all-platforms/java/buildless-dependency-different-repository/test.py
View File

@@ -4,6 +4,7 @@ from create_database_utils import *
from buildless_test_utils import *
import subprocess
# Each of these serves the "repo" and "repo2" directories on http://localhost:924[89]
repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428"], cwd = "repo")
repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429"], cwd = "repo2")

6
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/.gitattributes vendored Normal file
View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

5
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
# Ignore Gradle project-specific cache directory
.gradle
# Ignore Gradle build output directory
build

30
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/build.gradle Normal file
View File

@@ -0,0 +1,30 @@
/*
* This build file was auto generated by running the Gradle 'init' task
* by 'arthur' at '28/11/20 22:29' with Gradle 3.0
*
* This generated file contains a sample Java project to get you started.
* For more details take a look at the Java Quickstart chapter in the Gradle
* user guide available at https://docs.gradle.org/3.0/userguide/tutorial_java_projects.html
*/
// Apply the java plugin to add support for Java
apply plugin: 'java'
// In this section you declare where to find the dependencies of your project
repositories {
// Use 'jcenter' for resolving your dependencies.
// You can declare any Maven/Ivy/file repository here.
jcenter()
}
// In this section you declare the dependencies for your production and test code
dependencies {
// The production code uses the SLF4J logging API at compile time
compile 'org.slf4j:slf4j-api:1.7.21'
// Declare the dependency for your favourite test framework you want to use in your tests.
// TestNG is also supported by the Gradle Test task. Just change the
// testCompile dependency to testCompile 'org.testng:testng:6.8.1' and add
// 'test.useTestNG()' to your build script.
testCompile 'junit:junit:4.12'
}

98
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/diagnostics.expected Normal file
View File

@@ -0,0 +1,98 @@
{
"markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/gradle-timed-out",
"name": "Java analysis timed out running Gradle"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
"name": "Failed to extract dependency information from build tool tool Gradle"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/using-build-tool-advice",
"name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used the system default JDK.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "Java analysis used the system default JDK"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis with build-mode 'none' completed.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/complete",
"name": "Java analysis with build-mode 'none' completed"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/mode-active",
"name": "Java was extracted with build-mode set to 'none'"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Running the Gradle plugin `org.gradle:github-dependency-graph-gradle-plugin` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/github-dependency-graph-gradle-plugin-failed",
"name": "Java analysis failed to extract a dependency graph from Gradle"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}

3
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/force_sequential_test_execution Normal file
View File

@@ -0,0 +1,3 @@
# We currently have a bug where gradle tests become flaky when executed in parallel
# - sometimes, gradle fails to connect to the gradle daemon.
# Therefore, force this test to run sequentially.

7
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/gradle/verification-metadata.xml Normal file
View File

@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<verification-metadata>
<configuration>
<verify-metadata>true</verify-metadata>
<verify-signatures>false</verify-signatures>
</configuration>
</verification-metadata>

BIN
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

5
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://192.0.2.0/distributions/gradle-99.99.99-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

185
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/gradlew vendored Executable file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env sh
#
# Copyright 2015 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn () {
echo "$*"
}
die () {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin or MSYS, switch paths to Windows format before running java
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=`expr $i + 1`
done
case $i in
0) set -- ;;
1) set -- "$args0" ;;
2) set -- "$args0" "$args1" ;;
3) set -- "$args0" "$args1" "$args2" ;;
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=`save "$@"`
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
exec "$JAVACMD" "$@"

89
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/gradlew.bat vendored Normal file
View File

@@ -0,0 +1,89 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

19
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/settings.gradle Normal file
View File

@@ -0,0 +1,19 @@
/*
* This settings file was auto generated by the Gradle buildInit task
* by 'arthur' at '28/11/20 22:29' with Gradle 3.0
*
* The settings file is used to specify which projects to include in your build.
* In a single project build this file can be empty or even removed.
*
* Detailed information about configuring a multi-project build in Gradle can be found
* in the user guide at https://docs.gradle.org/3.0/userguide/multi_project_builds.html
*/
/*
// To declare projects as part of a multi-project build use the 'include' method
include 'shared'
include 'api'
include 'services:webservice'
*/
rootProject.name = 'gradle-sample'

14
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/src/main/java/com/example/App.java Normal file
View File

@@ -0,0 +1,14 @@
/*
* This Java source file was generated by the Gradle 'init' task.
*/
package com.example;
public class App {
public String getGreeting() {
return "Hello world.";
}
public static void main(String[] args) {
System.out.println(new App().getGreeting());
}
}

14
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/src/test/java/com/example/AppTest.java Normal file
View File

@@ -0,0 +1,14 @@
/*
* This Java source file was generated by the Gradle 'init' task.
*/
package com.example;
import org.junit.Test;
import static org.junit.Assert.*;
public class AppTest {
@Test public void testAppHasAGreeting() {
App classUnderTest = new App();
assertNotNull("app should have a greeting", classUnderTest.getGreeting());
}
}

5
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/test.expected Normal file
View File

@@ -0,0 +1,5 @@
xmlFiles
| gradle/verification-metadata.xml:0:0:0:0 | gradle/verification-metadata.xml |
#select
| src/main/java/com/example/App.java:0:0:0:0 | App |
| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |

9
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/test.py Normal file
View File

@@ -0,0 +1,9 @@
import sys
from create_database_utils import *
from diagnostics_test_utils import *
# gradlew has been rigged to stall for a long time by trying to fetch from a black-hole IP. We should find the timeout logic fires and buildless aborts the Gradle run quickly.
run_codeql_database_create([], lang="java", extra_args=["--build-mode=none"], extra_env={"CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT": "5"})
check_diagnostics()

7
java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/test.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from File f
where f.isSourceFile()
select f
query predicate xmlFiles(XmlFile x) { any() }

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/buildless-fetches.expected Normal file
View File

@@ -0,0 +1 @@
https://localhost:4443/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar

21
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/cert.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIUP5OLGP5M6AlodzWUwsOgEFAeS5IwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA1MTAxODA2MTNaFw0yNTA1
MTAxODA2MTNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCjonLrp9w3TKEzvjNxu0q7T717SBiTYQBJAliIO69V
dKC9/PELTc/L4APIkLlB4YCFWTHblc1i5dGolWi6W1fTS+S8txD1HP2hWW20pvSP
yDQSE7P40Ha6dLf9hGU5tIZyqxkJQJ1vsne3+YicB6SOa8Ub5dVaCK06IVTcmzkX
+3zae+OaTgBOfzxXpd3b8JGm0pLAjp7+theJzmToId2ZxDtb5Ot6fvEd1/voQ8i+
wlYhpwpM0+KCL8R0P57XB1hXxvz/25OUSQQvcUF9TeckvVm+4P01Zip4/WublBue
q9b4ctA3TZotdN/FO1rLZ74v1+uqWSvso+47YWH7OVjLAgMBAAGjaTBnMB0GA1Ud
DgQWBBQ9xal7NPTWMjgQc45zfTPTuC/IWjAfBgNVHSMEGDAWgBQ9xal7NPTWMjgQ
c45zfTPTuC/IWjAPBgNVHRMBAf8EBTADAQH/MBQGA1UdEQQNMAuCCWxvY2FsaG9z
dDANBgkqhkiG9w0BAQsFAAOCAQEAC7s9WsRYQD5U1jb+PTsUPgYga/SPnmJ7Y2e6
0Wtdj5ggG/DyGOVOWXVTiv7qI36N2iNfv2XfR1i9jnr/7HcEJPOgXHjCM6m/bg3v
9xamt5VIjM6ZeVStgPZe1kuXP9CinhuRfa2ypfqZKXXIj4Ri+cv9qCRmLyTcJCpa
+WrlP/NdpQQ3WhghCzoD4dlXGVwcAWV7lAhWgnZbxq+CjMCXt+cIOhCX8tyzsDAK
0BnLokXfFPwHrIvniayQJWcMFbEQuLuLgG/KlChbsCgKBfTY/jYnr5tl5ukcEUrr
hci9Ww25oELOoghZAIKV2Mstc4aZHx7EBCygZap6/Z+PmOBkjw==
-----END CERTIFICATE-----

70
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/diagnostics.expected Normal file
View File

@@ -0,0 +1,70 @@
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/using-build-tool-advice",
"name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used the system default JDK.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "Java analysis used the system default JDK"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis with build-mode 'none' completed.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/complete",
"name": "Java analysis with build-mode 'none' completed"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/mode-active",
"name": "Java was extracted with build-mode set to 'none'"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Reading the dependency graph from build files provided 1 classpath entries",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-provided-by-maven",
"name": "Java analysis extracted precise dependency graph information from tool Maven"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}

BIN
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/jdk8_shipped_cacerts_plus_cert_pem Normal file
View File

Binary file not shown.

28
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjonLrp9w3TKEz
vjNxu0q7T717SBiTYQBJAliIO69VdKC9/PELTc/L4APIkLlB4YCFWTHblc1i5dGo
lWi6W1fTS+S8txD1HP2hWW20pvSPyDQSE7P40Ha6dLf9hGU5tIZyqxkJQJ1vsne3
+YicB6SOa8Ub5dVaCK06IVTcmzkX+3zae+OaTgBOfzxXpd3b8JGm0pLAjp7+theJ
zmToId2ZxDtb5Ot6fvEd1/voQ8i+wlYhpwpM0+KCL8R0P57XB1hXxvz/25OUSQQv
cUF9TeckvVm+4P01Zip4/WublBueq9b4ctA3TZotdN/FO1rLZ74v1+uqWSvso+47
YWH7OVjLAgMBAAECgf8xdXxjQPivkL4jB8CyZrahotkxCVsDi9xoEr84NU87aK+q
Vsm334jBxv9dwhD+KF3jfomqGZ1ErZ5K5I5oCbxrPa0NUezqpo6iFBYPAY9ynCHA
Q/ALIoWNNrSIMFRzpS4PKxQWhKRyJB6T+iJWF/lKAdznUy/2Su1a9EZifmYveFKk
71bso/KPZLKslf0VwwebvH7BSwjZUISLJzgP4gorBCI2CHo6qai963XA+7POgoPk
Oz1g1QQOypHCAPaONBAuzqbUGoezQtWSBmshmRTTgz1ZYSvxf9iVvPUutT7jsKaC
TKa18UMN0tvXk0SzGZiSX/fgGUQCybe6ydevQcECgYEA0TvP80Y/B0M5NjG7278l
nSYrpGILW81frYr7i2W6B5sD/XTNjGMBsTh14FA90J2oii9OxZrH8TIku/+WXb8i
T6aEz5javHe0qtYSgSO/99uP7/r/AXQcuLvyZAmGF+q3vsM6wpc1E4dwEAXy2m1l
pyyWbXZmy/dWtwCuqZzPTrsCgYEAyDV+HX6esGdMAfRgrxfiP9Aqx4q83R3zDPI8
xSrMhF17T3Url0a9lRdyfzEZHopqfK/DsHH+I+RPr3FxDT+09oE8n2N5oAgYrtLH
CnTZi84yV3l9TRqG3pCKtGMT8z4qQgtniExgX3lBYyjkzyePctLUElQTEO2gBBxZ
tHN65TECgYEArqa/uXDskbJiYkN3bUGMMzY2fbu9gX7YG7OEr2JVu52A4iOKpGHM
etMHShuQzb+cfORqW3YM6d+SXD9Hk69FA7ma6PLNuz4s1+FjhtqBlnJ3Hrmj/OGg
S+/OsARnIzWw9RJfzSiMjGWkfCuLARsKHFaSpoKL4jvu7Ukrgrc7MJsCgYEAl8Os
8RC9nD0Bae3kqHWzZOoYs6AgoIEGcAbkOBXEaIYwZkAMpiTSq0TV30LJptQH+rKF
5afTnUOBgB2/M+rZ845t9OjEFqJsi4Ftrih7jDXnBVYrvJniKK5q5mjAg7/Y6q2Y
csJqv5S8Ez25jKqRW9ojNi2TMl7e0J7pBRgQzdECgYAFQ06YB1w4Sgw7fRtMJwyT
8E7Bbi3BeD/sLEXuNRBDVbbyHMvPYu2qEwRTdXpXKwN5P0dGw/JAGYzTeq6EKiFz
lajQVGs6l1yOz7a4e62qPQtjSUGzkYHsCopARTOjCpHt1yxL/Mzh3u0qW6yIeaB4
4QQRjB9++Jpci2GQiTPhyg==
-----END PRIVATE KEY-----

35
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/pom.xml Normal file
View File

@@ -0,0 +1,35 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany.app</groupId>
<artifactId>my-app</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<repositories>
<repository>
<id>snapshot-test-repo</id>
<url>https://localhost:4443/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>com.github.my.snapshot.test</groupId>
<artifactId>snapshottest</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
</dependencies>
</project>

24
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml Normal file
View File

@@ -0,0 +1,24 @@
<metadata modelVersion="1.1.0">
<groupId>com.github.my.snapshot.test</groupId>
<artifactId>snapshottest</artifactId>
<version>1.0-SNAPSHOT</version>
<versioning>
<lastUpdated>20230101020304</lastUpdated>
<snapshot>
<timestamp>20230901.050514</timestamp>
<buildNumber>100</buildNumber>
</snapshot>
<snapshotVersions>
<snapshotVersion>
<extension>jar</extension>
<value>1.0-20230901.050514-100</value>
<updated>20230101020304</updated>
</snapshotVersion>
<snapshotVersion>
<extension>pom</extension>
<value>1.0-20230901.050514-100</value>
<updated>20230101020304</updated>
</snapshotVersion>
</snapshotVersions>
</versioning>
</metadata>

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml.md5 Normal file
View File

@@ -0,0 +1 @@
cf2064037098dc6d4294ef6f1a12dc75

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/maven-metadata.xml.sha1 Normal file
View File

@@ -0,0 +1 @@
aeabf1dbf735290f5317d78459b3219d267dbb0e

BIN
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar Normal file
View File

Binary file not shown.

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar.md5 Normal file
View File

@@ -0,0 +1 @@
dbb202adb2f6c5504c9b29b93610dd9e

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar.sha1 Normal file
View File

@@ -0,0 +1 @@
6db6f637a68116728830d5610cbafb608bc58a21

13
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom Normal file
View File

@@ -0,0 +1,13 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.my.snapshot.test</groupId>
<artifactId>snapshottest</artifactId>
<version>1.0-SNAPSHOT</version>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
</project>

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom.md5 Normal file
View File

@@ -0,0 +1 @@
66c5f73407153610dc3f5743eef678f3

1
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.pom.sha1 Normal file
View File

@@ -0,0 +1 @@
f895a88d2490dbcec8228c2a528bde029d80409e

12
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/server.py Normal file
View File

@@ -0,0 +1,12 @@
from http.server import HTTPServer, SimpleHTTPRequestHandler
import ssl
httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler)
sslctx = ssl.SSLContext()
sslctx.load_cert_chain(certfile="../cert.pem", keyfile="../key.pem")
httpd.socket = sslctx.wrap_socket (httpd.socket, server_side=True)
httpd.serve_forever()

7
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/src/main/java/Test.java Normal file
View File

@@ -0,0 +1,7 @@
import testpkg.DepClass;
public class Test {
DepClass dc;
}

3
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.expected Normal file
View File

@@ -0,0 +1,3 @@
diagnostics
#select
| DepClass |

22
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.py Normal file
View File

@@ -0,0 +1,22 @@
import sys
from create_database_utils import *
from buildless_test_utils import *
from diagnostics_test_utils import *
import subprocess
import os.path
# This serves the "repo" directory on https://locahost:4443
repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd = "repo")
mypath = os.path.abspath(os.path.dirname(__file__))
certspath = os.path.join(mypath, "jdk8_shipped_cacerts_plus_cert_pem")
maven_certs_option = "-Djavax.net.ssl.trustStore=" + certspath
try:
run_codeql_database_create([], lang="java", extra_args=["--build-mode=none"], extra_env={"MAVEN_OPTS": maven_certs_option, "CODEQL_JAVA_EXTRACTOR_TRUST_STORE_PATH": certspath})
finally:
repo_server_process.kill()
check_buildless_fetches()
check_diagnostics()

8
java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/test.ql Normal file
View File

@@ -0,0 +1,8 @@
import java
import semmle.code.java.Diagnostics
query predicate diagnostics(Diagnostic d) { any() }
from Class c
where c.getName() = "DepClass"
select c.toString()

6
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/.gitattributes vendored Normal file
View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf
*.cmd text eol=crlf

BIN
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/.mvn/wrapper/maven-wrapper.jar vendored Normal file
View File

Binary file not shown.

21
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/.mvn/wrapper/maven-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,21 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This distribution URL will intentionally stall forever: 240.0.0.0 is a black-hole IP, and Maven 9.9.9 should certainly not be present on the local system already.
distributionUrl=https://192.0.2.0/maven2/org/apache/maven/apache-maven/9.9.9/apache-maven-9.9.9-bin.zip
wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

98
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/diagnostics.expected Normal file
View File

@@ -0,0 +1,98 @@
{
"markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/maven-timed-out",
"name": "Java analysis timed out running Maven"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
"name": "Failed to extract dependency information from build tool tool Maven"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/using-build-tool-advice",
"name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used the system default JDK.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "Java analysis used the system default JDK"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis with build-mode 'none' completed.",
"severity": "unknown",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/complete",
"name": "Java analysis with build-mode 'none' completed"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/mode-active",
"name": "Java was extracted with build-mode set to 'none'"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/depgraph-maven-plugin-failed",
"name": "Java buildless mode failed to extract a dependency graph from Maven"
},
"visibility": {
"cliSummaryTable": true,
"statusPage": true,
"telemetry": true
}
}

1
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/force_sequential_test_execution Normal file
View File

@@ -0,0 +1 @@
The wrapper downloading a Maven distribution multiple times in parallel is not safe.

287
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/mvnw vendored Executable file
View File

@@ -0,0 +1,287 @@
#!/bin/sh
# ----------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# ----------------------------------------------------------------------------
# ----------------------------------------------------------------------------
# Apache Maven Wrapper startup batch script, version 3.1.1
#
# Required ENV vars:
# ------------------
# JAVA_HOME - location of a JDK home dir
#
# Optional ENV vars
# -----------------
# MAVEN_OPTS - parameters passed to the Java VM when running Maven
# e.g. to debug Maven itself, use
# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
# ----------------------------------------------------------------------------
if [ -z "$MAVEN_SKIP_RC" ] ; then
if [ -f /usr/local/etc/mavenrc ] ; then
. /usr/local/etc/mavenrc
fi
if [ -f /etc/mavenrc ] ; then
. /etc/mavenrc
fi
if [ -f "$HOME/.mavenrc" ] ; then
. "$HOME/.mavenrc"
fi
fi
# OS specific support. $var _must_ be set to either true or false.
cygwin=false;
darwin=false;
mingw=false
case "`uname`" in
CYGWIN*) cygwin=true ;;
MINGW*) mingw=true;;
Darwin*) darwin=true
# Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
# See https://developer.apple.com/library/mac/qa/qa1170/_index.html
if [ -z "$JAVA_HOME" ]; then
if [ -x "/usr/libexec/java_home" ]; then
JAVA_HOME="`/usr/libexec/java_home`"; export JAVA_HOME
else
JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
fi
fi
;;
esac
if [ -z "$JAVA_HOME" ] ; then
if [ -r /etc/gentoo-release ] ; then
JAVA_HOME=`java-config --jre-home`
fi
fi
# For Cygwin, ensure paths are in UNIX format before anything is touched
if $cygwin ; then
[ -n "$JAVA_HOME" ] &&
JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
[ -n "$CLASSPATH" ] &&
CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
fi
# For Mingw, ensure paths are in UNIX format before anything is touched
if $mingw ; then
[ -n "$JAVA_HOME" ] &&
JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
fi
if [ -z "$JAVA_HOME" ]; then
javaExecutable="`which javac`"
if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
# readlink(1) is not available as standard on Solaris 10.
readLink=`which readlink`
if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
if $darwin ; then
javaHome="`dirname \"$javaExecutable\"`"
javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
else
javaExecutable="`readlink -f \"$javaExecutable\"`"
fi
javaHome="`dirname \"$javaExecutable\"`"
javaHome=`expr "$javaHome" : '\(.*\)/bin'`
JAVA_HOME="$javaHome"
export JAVA_HOME
fi
fi
fi
if [ -z "$JAVACMD" ] ; then
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
else
JAVACMD="`\\unset -f command; \\command -v java`"
fi
fi
if [ ! -x "$JAVACMD" ] ; then
echo "Error: JAVA_HOME is not defined correctly." >&2
echo " We cannot execute $JAVACMD" >&2
exit 1
fi
if [ -z "$JAVA_HOME" ] ; then
echo "Warning: JAVA_HOME environment variable is not set."
fi
# traverses directory structure from process work directory to filesystem root
# first directory with .mvn subdirectory is considered project base directory
find_maven_basedir() {
if [ -z "$1" ]
then
echo "Path not specified to find_maven_basedir"
return 1
fi
basedir="$1"
wdir="$1"
while [ "$wdir" != '/' ] ; do
if [ -d "$wdir"/.mvn ] ; then
basedir=$wdir
break
fi
# workaround for JBEAP-8937 (on Solaris 10/Sparc)
if [ -d "${wdir}" ]; then
wdir=`cd "$wdir/.."; pwd`
fi
# end of workaround
done
printf '%s' "$(cd "$basedir"; pwd)"
}
# concatenates all lines of a file
concat_lines() {
if [ -f "$1" ]; then
echo "$(tr -s '\n' ' ' < "$1")"
fi
}
BASE_DIR=$(find_maven_basedir "$(dirname $0)")
if [ -z "$BASE_DIR" ]; then
exit 1;
fi
MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
if [ "$MVNW_VERBOSE" = true ]; then
echo $MAVEN_PROJECTBASEDIR
fi
##########################################################################################
# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
# This allows using the maven wrapper in projects that prohibit checking in binary data.
##########################################################################################
if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
if [ "$MVNW_VERBOSE" = true ]; then
echo "Found .mvn/wrapper/maven-wrapper.jar"
fi
else
if [ "$MVNW_VERBOSE" = true ]; then
echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
fi
if [ -n "$MVNW_REPOURL" ]; then
wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar"
else
wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar"
fi
while IFS="=" read key value; do
case "$key" in (wrapperUrl) wrapperUrl="$value"; break ;;
esac
done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
if [ "$MVNW_VERBOSE" = true ]; then
echo "Downloading from: $wrapperUrl"
fi
wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
if $cygwin; then
wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
fi
if command -v wget > /dev/null; then
QUIET="--quiet"
if [ "$MVNW_VERBOSE" = true ]; then
echo "Found wget ... using wget"
QUIET=""
fi
if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
wget $QUIET "$wrapperUrl" -O "$wrapperJarPath"
else
wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath"
fi
[ $? -eq 0 ] || rm -f "$wrapperJarPath"
elif command -v curl > /dev/null; then
QUIET="--silent"
if [ "$MVNW_VERBOSE" = true ]; then
echo "Found curl ... using curl"
QUIET=""
fi
if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L
else
curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L
fi
[ $? -eq 0 ] || rm -f "$wrapperJarPath"
else
if [ "$MVNW_VERBOSE" = true ]; then
echo "Falling back to using Java to download"
fi
javaSource="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class"
# For Cygwin, switch paths to Windows format before running javac
if $cygwin; then
javaSource=`cygpath --path --windows "$javaSource"`
javaClass=`cygpath --path --windows "$javaClass"`
fi
if [ -e "$javaSource" ]; then
if [ ! -e "$javaClass" ]; then
if [ "$MVNW_VERBOSE" = true ]; then
echo " - Compiling MavenWrapperDownloader.java ..."
fi
# Compiling the Java class
("$JAVA_HOME/bin/javac" "$javaSource")
fi
if [ -e "$javaClass" ]; then
# Running the downloader
if [ "$MVNW_VERBOSE" = true ]; then
echo " - Running MavenWrapperDownloader.java ..."
fi
("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
fi
fi
fi
fi
##########################################################################################
# End of extension
##########################################################################################
MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
# For Cygwin, switch paths to Windows format before running java
if $cygwin; then
[ -n "$JAVA_HOME" ] &&
JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
[ -n "$CLASSPATH" ] &&
CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
[ -n "$MAVEN_PROJECTBASEDIR" ] &&
MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
fi
# Provide a "standardized" way to retrieve the CLI args that will
# work with both Windows and non-Windows executions.
MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
export MAVEN_CMD_LINE_ARGS
WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
exec "$JAVACMD" \
$MAVEN_OPTS \
$MAVEN_DEBUG_OPTS \
-classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

187
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/mvnw.cmd vendored Normal file
View File

@@ -0,0 +1,187 @@
@REM ----------------------------------------------------------------------------
@REM Licensed to the Apache Software Foundation (ASF) under one
@REM or more contributor license agreements. See the NOTICE file
@REM distributed with this work for additional information
@REM regarding copyright ownership. The ASF licenses this file
@REM to you under the Apache License, Version 2.0 (the
@REM "License"); you may not use this file except in compliance
@REM with the License. You may obtain a copy of the License at
@REM
@REM http://www.apache.org/licenses/LICENSE-2.0
@REM
@REM Unless required by applicable law or agreed to in writing,
@REM software distributed under the License is distributed on an
@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@REM KIND, either express or implied. See the License for the
@REM specific language governing permissions and limitations
@REM under the License.
@REM ----------------------------------------------------------------------------
@REM ----------------------------------------------------------------------------
@REM Apache Maven Wrapper startup batch script, version 3.1.1
@REM
@REM Required ENV vars:
@REM JAVA_HOME - location of a JDK home dir
@REM
@REM Optional ENV vars
@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
@REM e.g. to debug Maven itself, use
@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
@REM ----------------------------------------------------------------------------
@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
@echo off
@REM set title of command window
title %0
@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
@REM set %HOME% to equivalent of $HOME
if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
@REM Execute a user defined script before this one
if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
@REM check for pre script, once with legacy .bat ending and once with .cmd ending
if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
:skipRcPre
@setlocal
set ERROR_CODE=0
@REM To isolate internal variables from possible post scripts, we use another setlocal
@setlocal
@REM ==== START VALIDATION ====
if not "%JAVA_HOME%" == "" goto OkJHome
echo.
echo Error: JAVA_HOME not found in your environment. >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo.
goto error
:OkJHome
if exist "%JAVA_HOME%\bin\java.exe" goto init
echo.
echo Error: JAVA_HOME is set to an invalid directory. >&2
echo JAVA_HOME = "%JAVA_HOME%" >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo.
goto error
@REM ==== END VALIDATION ====
:init
@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
@REM Fallback to current working directory if not found.
set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
set EXEC_DIR=%CD%
set WDIR=%EXEC_DIR%
:findBaseDir
IF EXIST "%WDIR%"\.mvn goto baseDirFound
cd ..
IF "%WDIR%"=="%CD%" goto baseDirNotFound
set WDIR=%CD%
goto findBaseDir
:baseDirFound
set MAVEN_PROJECTBASEDIR=%WDIR%
cd "%EXEC_DIR%"
goto endDetectBaseDir
:baseDirNotFound
set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
cd "%EXEC_DIR%"
:endDetectBaseDir
IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
@setlocal EnableExtensions EnableDelayedExpansion
for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
:endReadAdditionalConfig
SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar"
FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
)
@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
if exist %WRAPPER_JAR% (
if "%MVNW_VERBOSE%" == "true" (
echo Found %WRAPPER_JAR%
)
) else (
if not "%MVNW_REPOURL%" == "" (
SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar"
)
if "%MVNW_VERBOSE%" == "true" (
echo Couldn't find %WRAPPER_JAR%, downloading it ...
echo Downloading from: %WRAPPER_URL%
)
powershell -Command "&{"^
"$webclient = new-object System.Net.WebClient;"^
"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
"}"^
"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
"}"
if "%MVNW_VERBOSE%" == "true" (
echo Finished downloading %WRAPPER_JAR%
)
)
@REM End of extension
@REM Provide a "standardized" way to retrieve the CLI args that will
@REM work with both Windows and non-Windows executions.
set MAVEN_CMD_LINE_ARGS=%*
%MAVEN_JAVA_EXE% ^
%JVM_CONFIG_MAVEN_PROPS% ^
%MAVEN_OPTS% ^
%MAVEN_DEBUG_OPTS% ^
-classpath %WRAPPER_JAR% ^
"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
%WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
if ERRORLEVEL 1 goto error
goto end
:error
set ERROR_CODE=1
:end
@endlocal & set ERROR_CODE=%ERROR_CODE%
if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
@REM check for post script, once with legacy .bat ending and once with .cmd ending
if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
:skipRcPost
@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
if "%MAVEN_BATCH_PAUSE%"=="on" pause
if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
cmd /C exit /B %ERROR_CODE%

114
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/pom.xml Normal file
View File

@@ -0,0 +1,114 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>maven-sample</artifactId>
<version>1.0-SNAPSHOT</version>
<name>maven-sample</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>exec-maven-plugin</artifactId>
<groupId>org.codehaus.mojo</groupId>
<version>1.1.1</version>
<executions>
<execution>
<id>check-maven-version</id>
<phase>package</phase>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>com.example.App</mainClass>
</configuration>
</plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>2.19.1</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
<phase>compile</phase>
</execution>
</executions>
<configuration>
<java>
<licenseHeader>
<content>/* FAIL ME */</content>
</licenseHeader>
</java>
</configuration>
</plugin>
</plugins>
<pluginManagement>
<!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.1.0</version>
</plugin>
<!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.22.1</version>
</plugin>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<version>3.0.2</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>2.5.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.8.2</version>
</plugin>
<!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
<plugin>
<artifactId>maven-site-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.0.0</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>

30
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/src/main/java/com/example/App.java Normal file
View File

@@ -0,0 +1,30 @@
package com.example;
import java.util.regex.Pattern;
import java.nio.file.Path;
import java.nio.file.Paths;
/**
* Hello world!
*
*/
public class App
{
public static void main( String[] args )
{
System.out.println( "Hello World!" );
String expectedVersion = System.getenv("EXPECT_MAVEN");
Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
String observedVersion = mavenHome.getFileName().toString();
if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
System.exit(1);
}
String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
String command = System.getProperty("sun.java.command");
if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
System.exit(1);
}
}
}

1
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/src/main/resources/my-app.properties Normal file
View File

@@ -0,0 +1 @@
version=1.0

8
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/src/main/resources/page.xml Normal file
View File

@@ -0,0 +1,8 @@
<html>
<head>
<title>A sample</title>
</head>
<body>
<p>Hello world!</p>
</body>
</html>

4
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/src/main/resources/struts.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<struts>
This is a sample file
</struts>

20
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/src/test/java/com/example/AppTest.java Normal file
View File

@@ -0,0 +1,20 @@
package com.example;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
/**
* Unit test for simple App.
*/
public class AppTest
{
/**
* Rigorous Test :-)
*/
@Test
public void shouldAnswerWithTrue()
{
assertTrue( true );
}
}

11
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/test.expected Normal file
View File

@@ -0,0 +1,11 @@
#select
| src/main/java/com/example/App.java:0:0:0:0 | App |
| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
xmlFiles
| pom.xml:0:0:0:0 | pom.xml |
| src/main/resources/page.xml:0:0:0:0 | src/main/resources/page.xml |
| src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
propertiesFiles
| .mvn/wrapper/maven-wrapper.properties:0:0:0:0 | .mvn/wrapper/maven-wrapper.properties |
| src/main/resources/my-app.properties:0:0:0:0 | src/main/resources/my-app.properties |
| test-db/log/ext/javac.properties:0:0:0:0 | test-db/log/ext/javac.properties |

9
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/test.py Normal file
View File

@@ -0,0 +1,9 @@
import sys
from create_database_utils import *
from diagnostics_test_utils import *
# mvnw has been rigged to stall for a long time by trying to fetch from a black-hole IP. We should find the timeout logic fires and buildless aborts the Maven run quickly.
run_codeql_database_create([], lang="java", extra_args=["--build-mode=none"], extra_env={"CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT": "5"})
check_diagnostics()

9
java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/test.ql Normal file
View File

@@ -0,0 +1,9 @@
import java
from File f
where f.isSourceFile()
select f
query predicate xmlFiles(XmlFile x) { any() }
query predicate propertiesFiles(File f) { f.getExtension() = "properties" }

39
java/ql/integration-tests/all-platforms/java/buildless-sibling-projects/test.py
View File

@@ -1,47 +1,12 @@
from create_database_utils import *
from diagnostics_test_utils import *
from buildless_test_utils import *
import tempfile
import os.path
import sys
from toolchains_test_utils import *
#The version of gradle used doesn't work on java 17
try_use_java11()
# On actions, expose all usable toolchains so that we can test version-selection logic.
toolchains_dir = tempfile.mkdtemp(prefix="integration-tests-toolchains-")
toolchains_file = os.path.join(toolchains_dir, "toolchains.xml")
def none_or_blank(s):
return s is None or s == ""
with open(toolchains_file, "w") as f:
f.write('<?xml version="1.0" encoding="UTF-8"?>\n<toolchains>\n')
for v in [8, 11, 17, 21]:
homedir = os.getenv("JAVA_HOME_%d_X64" % v)
if none_or_blank(homedir):
homedir = os.getenv("JAVA_HOME_%d_arm64" % v)
if none_or_blank(homedir) and v == 8 and not none_or_blank(os.getenv("JAVA_HOME_11_arm64")):
print("Mocking a toolchain entry using Java 11 install as a fake Java 8 entry, so this test behaves the same on x64 and arm64 runners", file = sys.stderr)
homedir = os.getenv("JAVA_HOME_11_arm64")
if homedir is not None and homedir != "":
f.write("""
<toolchain>
<type>jdk</type>
<provides>
<version>%d</version>
<vendor>oracle</vendor>
</provides>
<configuration>
<jdkHome>%s</jdkHome>
</configuration>
</toolchain>
""" % (v, homedir))
f.write("</toolchains>")
toolchains_file = actions_expose_all_toolchains()
run_codeql_database_create([], lang="java", extra_env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true", "LGTM_INDEX_MAVEN_TOOLCHAINS_FILE": toolchains_file})

1
java/ql/integration-tests/all-platforms/java/buildless-snapshot-repository/test.py
View File

@@ -4,6 +4,7 @@ from create_database_utils import *
from buildless_test_utils import *
import subprocess
# This serves the "repo" directory on http://localhost:9427
repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9427"], cwd = "repo")
try:

6
java/ql/integration-tests/all-platforms/java/spring-boot-sample/.gitattributes vendored Normal file
View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

37
java/ql/integration-tests/all-platforms/java/spring-boot-sample/.gitignore vendored Normal file
View File

@@ -0,0 +1,37 @@
HELP.md
.gradle
build/
!gradle/wrapper/gradle-wrapper.jar
!**/src/main/**/build/
!**/src/test/**/build/
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
bin/
!**/src/main/**/bin/
!**/src/test/**/bin/
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
out/
!**/src/main/**/out/
!**/src/test/**/out/
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
### VS Code ###
.vscode/

3
java/ql/integration-tests/all-platforms/java/spring-boot-sample/README Normal file
View File

@@ -0,0 +1,3 @@
Generated using start.spring.io, using Java 17 and Spring Boot 3.2.5.
I also added a JSR305 dependency to circumvent a harmless database inconsistency that arose because annotations on Spring Core classes weren't included in the compile classpath (the Java extractor touches more classes than actual compilation)

25
java/ql/integration-tests/all-platforms/java/spring-boot-sample/build.gradle Normal file
View File

@@ -0,0 +1,25 @@
plugins {
id 'java'
id 'org.springframework.boot' version '3.2.5'
id 'io.spring.dependency-management' version '1.1.4'
}
group = 'com.github'
version = '0.0.1-SNAPSHOT'
// The generated sample would explicitly set sourceCompatibility to Java 17 here,
// but I omit it to test we recognise the Spring Boot plugin version.
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
implementation 'com.google.code.findbugs:jsr305:3.0.2'
}
tasks.named('test') {
useJUnitPlatform()
}

3
java/ql/integration-tests/all-platforms/java/spring-boot-sample/force_sequential_test_execution Normal file
View File

@@ -0,0 +1,3 @@
# We currently have a bug where gradle tests become flaky when executed in parallel
# - sometimes, gradle fails to connect to the gradle daemon.
# Therefore, force this test to run sequentially.

BIN
java/ql/integration-tests/all-platforms/java/spring-boot-sample/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

7
java/ql/integration-tests/all-platforms/java/spring-boot-sample/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,7 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

249
java/ql/integration-tests/all-platforms/java/spring-boot-sample/gradlew vendored Executable file
View File

@@ -0,0 +1,249 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
if ! command -v java >/dev/null 2>&1
then
die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Collect all arguments for the java command:
# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
# and any embedded shellness will be escaped.
# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
# treated as '${Hostname}' itself on the command line.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

92
java/ql/integration-tests/all-platforms/java/spring-boot-sample/gradlew.bat vendored Normal file
View File

@@ -0,0 +1,92 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

1
java/ql/integration-tests/all-platforms/java/spring-boot-sample/settings.gradle Normal file
View File

@@ -0,0 +1 @@
rootProject.name = 'spring-boot-sample'

13
java/ql/integration-tests/all-platforms/java/spring-boot-sample/src/main/java/com/github/springbootsample/SpringBootSampleApplication.java Normal file
View File

@@ -0,0 +1,13 @@
package com.github.springbootsample;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringBootSampleApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootSampleApplication.class, args);
}
}

1
java/ql/integration-tests/all-platforms/java/spring-boot-sample/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1 @@
spring.application.name=spring-boot-sample

13
java/ql/integration-tests/all-platforms/java/spring-boot-sample/src/test/java/com/github/springbootsample/SpringBootSampleApplicationTests.java Normal file
View File

@@ -0,0 +1,13 @@
package com.github.springbootsample;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
class SpringBootSampleApplicationTests {
@Test
void contextLoads() {
}
}

4
java/ql/integration-tests/all-platforms/java/spring-boot-sample/test.expected Normal file
View File

@@ -0,0 +1,4 @@
#select
| src/main/java/com/github/springbootsample/SpringBootSampleApplication.java:0:0:0:0 | SpringBootSampleApplication |
| src/test/java/com/github/springbootsample/SpringBootSampleApplicationTests.java:0:0:0:0 | SpringBootSampleApplicationTests |
xmlFiles

8
java/ql/integration-tests/all-platforms/java/spring-boot-sample/test.py Normal file
View File

@@ -0,0 +1,8 @@
import sys
from create_database_utils import *
#The version of gradle used doesn't work on java 17
try_use_java11()
run_codeql_database_create([], lang="java")

7
java/ql/integration-tests/all-platforms/java/spring-boot-sample/test.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from File f
where f.isSourceFile()
select f
query predicate xmlFiles(XmlFile x) { any() }

7
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.11.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_JAVA_LAYOUT`, `ODASA_TOOLS` and `ODASA_HOME` legacy environment variables.
* The Java extractor no longer supports the `ODASA_BUILD_ERROR_DIR` legacy environment variable.
## 0.10.0
### Breaking Changes

4
java/ql/lib/change-notes/2024-04-26-env-vars.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The Java extractor no longer supports the `ODASA_BUILD_ERROR_DIR` legacy environment variable.

6
java/ql/lib/change-notes/released/0.11.0.md Normal file
View File

@@ -0,0 +1,6 @@
## 0.11.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_JAVA_LAYOUT`, `ODASA_TOOLS` and `ODASA_HOME` legacy environment variables.
* The Java extractor no longer supports the `ODASA_BUILD_ERROR_DIR` legacy environment variable.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.10.0
lastReleaseVersion: 0.11.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.10.1-dev
version: 0.11.1-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

Some files were not shown because too many files have changed in this diff Show More