diff --git a/java/change-notes/2021-05-13-ognl-injection-query.md b/java/change-notes/2021-05-13-ognl-injection-query.md new file mode 100644 index 00000000000..141e5e04380 --- /dev/null +++ b/java/change-notes/2021-05-13-ognl-injection-query.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* The query "OGNL Expression Language statement with user-controlled input" (`java/ognl-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @ggolawski](https://github.com/github/codeql/pull/3294). \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.java b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.java similarity index 77% rename from java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.java rename to java/ql/src/Security/CWE/CWE-917/OgnlInjection.java index cc99ff46517..7b000e9cd91 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.java +++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.java @@ -14,4 +14,9 @@ public void evaluate(HttpServletRequest request, Object root) throws OgnlExcepti } else { // Reject the request } -} \ No newline at end of file +} + +public void isValid(Strig expression) { + // Custom method to validate the expression. + // For instance, make sure it doesn't include unexpected code. +} diff --git a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.qhelp b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.qhelp new file mode 100644 index 00000000000..47ddde08228 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.qhelp @@ -0,0 +1,35 @@ + + + +

Object-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. +OGNL can create or change executable code, consequently it can introduce critical +security flaws to any application that uses it. Evaluation of unvalidated expressions is a common +flaw in OGNL. This exposes the properties of Java objects to modification by an attacker and +may allow them to execute arbitrary code.

+ + + +

The general recommendation is to avoid evaluating untrusted ONGL expressions. If user-provided OGNL +expressions must be evaluated, do this in a sandbox and validate the expressions before evaluation.

+ + + +

In the following examples, the code accepts an OGNL expression from the user and evaluates it. +

+ +

In the first example, the user-provided OGNL expression is parsed and evaluated.

+ +

The second example validates the expression and evaluates it inside a sandbox. +You can add a sandbox by setting a system property, as shown in the example, or by adding +-Dognl.security.manager to JVM arguments.

+ + + + + +
  • Apache Commons: Apache Commons OGNL.
    • +
  • Struts security: Proactively protect from OGNL Expression Injections attacks.
    • +     +     \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql similarity index 85% rename from java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql rename to java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql index e8a75591b98..80da69698d4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql @@ -11,12 +11,10 @@ */ import java -import semmle.code.java.dataflow.FlowSources -import DataFlow +import semmle.code.java.security.OgnlInjectionQuery import DataFlow::PathGraph -import OgnlInjectionLib from DataFlow::PathNode source, DataFlow::PathNode sink, OgnlInjectionFlowConfig conf where conf.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "OGNL expression might include input from $@.", +select sink.getNode(), source, sink, "OGNL expression might include data from $@.", source.getNode(), "this user input" diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp deleted file mode 100644 index e20d54f1d84..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp +++ /dev/null @@ -1,33 +0,0 @@ - - - -

    Object-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for Java. Due -to its ability to create or change executable code, OGNL is capable of introducing critical -security flaws to any application that uses it. Evaluation of unvalidated expressions can let -attacker to modify Java objects' properties or execute arbitrary code.

    -     - - -

    The general recommendation is to not evaluate untrusted ONGL expressions. If user provided OGNL -expressions must be evaluated, do this in sandbox (add `-Dognl.security.manager` to JVM arguments) -and validate the expressions before evaluation.

    -     - - -

    In the following examples, the code accepts an OGNL expression from the user and evaluates it. -

    - -

    In the first example, the user provided OGNL expression is parsed and evaluated.

    - -

    The second example validates the expression and evaluates it inside the sandbox.

    - - -     - - -
  • OGNL library.
    • -
  • Struts security: Proactively protect from OGNL Expression Injections attacks.
    • -     -     diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll deleted file mode 100644 index 569e18a29c3..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll +++ /dev/null @@ -1,109 +0,0 @@ -import java -import semmle.code.java.dataflow.FlowSources -import DataFlow -import DataFlow::PathGraph - -/** - * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. - */ -class OgnlInjectionFlowConfig extends TaintTracking::Configuration { - OgnlInjectionFlowConfig() { this = "OgnlInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - parseCompileExpressionStep(node1, node2) - } -} - -/** The class `org.apache.commons.ognl.Ognl` or `ognl.Ognl`. */ -class TypeOgnl extends Class { - TypeOgnl() { - this.hasQualifiedName("org.apache.commons.ognl", "Ognl") or - this.hasQualifiedName("ognl", "Ognl") - } -} - -/** The interface `org.apache.commons.ognl.Node` or `ognl.Node`. */ -class TypeNode extends Interface { - TypeNode() { - this.hasQualifiedName("org.apache.commons.ognl", "Node") or - this.hasQualifiedName("ognl", "Node") - } -} - -/** The class `com.opensymphony.xwork2.ognl.OgnlUtil`. */ -class TypeOgnlUtil extends Class { - TypeOgnlUtil() { this.hasQualifiedName("com.opensymphony.xwork2.ognl", "OgnlUtil") } -} - -/** - * OGNL sink for OGNL injection vulnerabilities, i.e. 1st argument to `getValue` or `setValue` - * method from `Ognl` or `getValue` or `setValue` method from `Node`. - */ -predicate ognlSinkMethod(Method m, int index) { - ( - m.getDeclaringType() instanceof TypeOgnl - or - m.getDeclaringType().getAnAncestor*() instanceof TypeNode - ) and - ( - m.hasName("getValue") or - m.hasName("setValue") - ) and - index = 0 -} - -/** - * Struts sink for OGNL injection vulnerabilities, i.e. 1st argument to `getValue`, `setValue` or - * `callMethod` method from `OgnlUtil`. - */ -predicate strutsSinkMethod(Method m, int index) { - m.getDeclaringType() instanceof TypeOgnlUtil and - ( - m.hasName("getValue") or - m.hasName("setValue") or - m.hasName("callMethod") - ) and - index = 0 -} - -/** Holds if parameter at index `index` in method `m` is OGNL injection sink. */ -predicate ognlInjectionSinkMethod(Method m, int index) { - ognlSinkMethod(m, index) or - strutsSinkMethod(m, index) -} - -/** A data flow sink for unvalidated user input that is used in OGNL EL evaluation. */ -class OgnlInjectionSink extends DataFlow::ExprNode { - OgnlInjectionSink() { - exists(MethodAccess ma, Method m, int index | - ma.getMethod() = m and - (ma.getArgument(index) = this.getExpr() or ma.getQualifier() = this.getExpr()) and - ognlInjectionSinkMethod(m, index) - ) - } -} - -/** - * Holds if `n1` to `n2` is a dataflow step that converts between `String` and `Object` or `Node`, - * i.e. `Ognl.parseExpression(tainted)` or `Ognl.compileExpression(tainted)`. - */ -predicate parseCompileExpressionStep(ExprNode n1, ExprNode n2) { - exists(MethodAccess ma, Method m, int index | - n1.asExpr() = ma.getArgument(index) and - n2.asExpr() = ma and - ma.getMethod() = m and - m.getDeclaringType() instanceof TypeOgnl - | - m.hasName("parseExpression") and index = 0 - or - m.hasName("compileExpression") and index = 2 - ) -} diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll index fc2320df82c..69e453f2bbd 100644 --- a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll @@ -101,6 +101,7 @@ private module Frameworks { private import semmle.code.java.security.JexlInjectionSinkModels private import semmle.code.java.security.LdapInjection private import semmle.code.java.security.MvelInjection + private import semmle.code.java.security.OgnlInjection private import semmle.code.java.security.XPath private import semmle.code.java.frameworks.android.SQLite private import semmle.code.java.frameworks.Jdbc diff --git a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index a0778f500d3..6dda49dbadd 100644 --- a/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -51,6 +51,10 @@ private class JacksonWriteValueMethod extends Method, TaintPreservingCallable { } } +/** + * A method used for deserializing objects using Jackson. The first parameter is the object to be + * deserialized. + */ private class JacksonReadValueMethod extends Method, TaintPreservingCallable { JacksonReadValueMethod() { ( @@ -281,7 +285,10 @@ private class JacksonModel extends SummaryModelCsv { [ "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint", "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;MapValue of Argument[0];ReturnValue;taint", - "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint" + "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint", + "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint", + "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint", + "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" ] } } diff --git a/java/ql/src/semmle/code/java/security/OgnlInjection.qll b/java/ql/src/semmle/code/java/security/OgnlInjection.qll new file mode 100644 index 00000000000..bb18002ab54 --- /dev/null +++ b/java/ql/src/semmle/code/java/security/OgnlInjection.qll @@ -0,0 +1,124 @@ +/** Provides classes to reason about OGNL injection vulnerabilities. */ + +import java +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.ExternalFlow + +/** + * A data flow sink for unvalidated user input that is used in OGNL EL evaluation. + * + * Extend this class to add your own OGNL injection sinks. + */ +abstract class OgnlInjectionSink extends DataFlow::Node { } + +/** + * A unit class for adding additional taint steps. + * + * Extend this class to add additional taint steps that should apply to the `OgnlInjectionFlowConfig`. + */ +class OgnlInjectionAdditionalTaintStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a taint + * step for OGNL injection taint configurations. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); +} + +private class DefaultOgnlInjectionSinkModel extends SinkModelCsv { + override predicate row(string row) { + row = + [ + "org.apache.commons.ognl;Ognl;false;getValue;;;Argument[0];ognl-injection", + "org.apache.commons.ognl;Ognl;false;setValue;;;Argument[0];ognl-injection", + "org.apache.commons.ognl;Node;true;getValue;;;Argument[-1];ognl-injection", + "org.apache.commons.ognl;Node;true;setValue;;;Argument[-1];ognl-injection", + "org.apache.commons.ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection", + "org.apache.commons.ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection", + "ognl;Ognl;false;getValue;;;Argument[0];ognl-injection", + "ognl;Ognl;false;setValue;;;Argument[0];ognl-injection", + "ognl;Node;false;getValue;;;Argument[-1];ognl-injection", + "ognl;Node;false;setValue;;;Argument[-1];ognl-injection", + "ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection", + "ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection", + "com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[0];ognl-injection", + "com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[0];ognl-injection", + "com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[0];ognl-injection" + ] + } +} + +private class DefaultOgnlInjectionSink extends OgnlInjectionSink { + DefaultOgnlInjectionSink() { sinkNode(this, "ognl-injection") } +} + +/** The class `org.apache.commons.ognl.Ognl` or `ognl.Ognl`. */ +private class TypeOgnl extends Class { + TypeOgnl() { this.hasQualifiedName(["org.apache.commons.ognl", "ognl"], "Ognl") } +} + +/** The interface `org.apache.commons.ognl.Node` or `ognl.Node`. */ +private class TypeNode extends Interface { + TypeNode() { this.hasQualifiedName(["org.apache.commons.ognl", "ognl"], "Node") } +} + +/** The interface `org.apache.commons.ognl.enhance.ExpressionAccessor` or `ognl.enhance.ExpressionAccessor`. */ +private class TypeExpressionAccessor extends Interface { + TypeExpressionAccessor() { + this.hasQualifiedName(["org.apache.commons.ognl.enhance", "ognl.enhance"], "ExpressionAccessor") + } +} + +/** + * Holds if `n1` to `n2` is a dataflow step that converts between `String` and `Object` or `Node`, + * i.e. `Ognl.parseExpression(tainted)` or `Ognl.compileExpression(tainted)`. + */ +private predicate parseCompileExpressionStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(MethodAccess ma, Method m, int index | + n1.asExpr() = ma.getArgument(index) and + n2.asExpr() = ma and + ma.getMethod() = m and + m.getDeclaringType() instanceof TypeOgnl + | + m.hasName("parseExpression") and index = 0 + or + m.hasName("compileExpression") and index = 2 + ) +} + +/** + * Holds if `n1` to `n2` is a dataflow step that converts between `Node` and `Accessor`, + * i.e. `Node.getAccessor()`. + */ +private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(MethodAccess ma, Method m | + ma.getMethod() = m and + m.getDeclaringType().getASupertype*() instanceof TypeNode and + m.hasName("getAccessor") + | + n1.asExpr() = ma.getQualifier() and + n2.asExpr() = ma + ) +} + +/** + * Holds if `n1` to `n2` is a dataflow step that converts between `Node` and `Accessor` + * in a `setExpression` call, i.e. `accessor.setExpression(tainted)` + */ +private predicate setExpressionStep(DataFlow::Node n1, DataFlow::Node n2) { + exists(MethodAccess ma, Method m | + ma.getMethod() = m and + m.hasName("setExpression") and + m.getDeclaringType().getASupertype*() instanceof TypeExpressionAccessor + | + n1.asExpr() = ma.getArgument(0) and + n2.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier() + ) +} + +private class DefaultOgnlInjectionAdditionalTaintStep extends OgnlInjectionAdditionalTaintStep { + override predicate step(DataFlow::Node node1, DataFlow::Node node2) { + parseCompileExpressionStep(node1, node2) or + getAccessorStep(node1, node2) or + setExpressionStep(node1, node2) + } +} diff --git a/java/ql/src/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/src/semmle/code/java/security/OgnlInjectionQuery.qll new file mode 100644 index 00000000000..46a886ed65c --- /dev/null +++ b/java/ql/src/semmle/code/java/security/OgnlInjectionQuery.qll @@ -0,0 +1,24 @@ +/** Provides taint tracking configurations to be used in OGNL injection queries. */ + +import java +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.security.OgnlInjection + +/** + * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. + */ +class OgnlInjectionFlowConfig extends TaintTracking::Configuration { + OgnlInjectionFlowConfig() { this = "OgnlInjectionFlowConfig" } + + override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } + + override predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink } + + override predicate isSanitizer(DataFlow::Node node) { + node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType + } + + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + any(OgnlInjectionAdditionalTaintStep c).step(node1, node2) + } +} diff --git a/java/ql/test/experimental/query-tests/security/CWE-352/options b/java/ql/test/experimental/query-tests/security/CWE-352/options index ee5f43993f3..910e399ef1e 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-352/options +++ b/java/ql/test/experimental/query-tests/security/CWE-352/options @@ -1 +1 @@ - //semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../stubs/springframework-5.3.8/ + //semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.12/:${testdir}/../../../../stubs/jackson-core-2.12:${testdir}/../../../../stubs/springframework-5.3.8/ diff --git a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.expected deleted file mode 100644 index 8e1cc14fc1d..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.expected +++ /dev/null @@ -1,48 +0,0 @@ -edges -| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:17:19:17:22 | tree | -| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:18:19:18:22 | tree | -| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:20:17:20:27 | (...)... : Object | -| OgnlInjection.java:20:17:20:27 | (...)... : Object | OgnlInjection.java:21:5:21:8 | node | -| OgnlInjection.java:20:17:20:27 | (...)... : Object | OgnlInjection.java:22:5:22:8 | node | -| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:28:19:28:22 | tree | -| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:29:19:29:22 | tree | -| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:31:5:31:8 | tree | -| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:32:5:32:8 | tree | -| OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:37:19:37:22 | expr | -| OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:38:19:38:22 | expr | -| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:44:19:44:22 | expr | -| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:45:19:45:22 | expr | -| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:46:31:46:34 | expr | -nodes -| OgnlInjection.java:15:39:15:63 | expr : String | semmle.label | expr : String | -| OgnlInjection.java:17:19:17:22 | tree | semmle.label | tree | -| OgnlInjection.java:18:19:18:22 | tree | semmle.label | tree | -| OgnlInjection.java:20:17:20:27 | (...)... : Object | semmle.label | (...)... : Object | -| OgnlInjection.java:21:5:21:8 | node | semmle.label | node | -| OgnlInjection.java:22:5:22:8 | node | semmle.label | node | -| OgnlInjection.java:26:41:26:65 | expr : String | semmle.label | expr : String | -| OgnlInjection.java:28:19:28:22 | tree | semmle.label | tree | -| OgnlInjection.java:29:19:29:22 | tree | semmle.label | tree | -| OgnlInjection.java:31:5:31:8 | tree | semmle.label | tree | -| OgnlInjection.java:32:5:32:8 | tree | semmle.label | tree | -| OgnlInjection.java:36:40:36:64 | expr : String | semmle.label | expr : String | -| OgnlInjection.java:37:19:37:22 | expr | semmle.label | expr | -| OgnlInjection.java:38:19:38:22 | expr | semmle.label | expr | -| OgnlInjection.java:42:26:42:50 | expr : String | semmle.label | expr : String | -| OgnlInjection.java:44:19:44:22 | expr | semmle.label | expr | -| OgnlInjection.java:45:19:45:22 | expr | semmle.label | expr | -| OgnlInjection.java:46:31:46:34 | expr | semmle.label | expr | -#select -| OgnlInjection.java:17:19:17:22 | tree | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:17:19:17:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input | -| OgnlInjection.java:18:19:18:22 | tree | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:18:19:18:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input | -| OgnlInjection.java:21:5:21:8 | node | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:21:5:21:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input | -| OgnlInjection.java:22:5:22:8 | node | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:22:5:22:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input | -| OgnlInjection.java:28:19:28:22 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:28:19:28:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input | -| OgnlInjection.java:29:19:29:22 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:29:19:29:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input | -| OgnlInjection.java:31:5:31:8 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:31:5:31:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input | -| OgnlInjection.java:32:5:32:8 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:32:5:32:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input | -| OgnlInjection.java:37:19:37:22 | expr | OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:37:19:37:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:36:40:36:64 | expr | this user input | -| OgnlInjection.java:38:19:38:22 | expr | OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:38:19:38:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:36:40:36:64 | expr | this user input | -| OgnlInjection.java:44:19:44:22 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:44:19:44:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input | -| OgnlInjection.java:45:19:45:22 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:45:19:45:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input | -| OgnlInjection.java:46:31:46:34 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:46:31:46:34 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input | diff --git a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.java b/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.java deleted file mode 100644 index 6026d7fa5e0..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.java +++ /dev/null @@ -1,48 +0,0 @@ -import ognl.Node; -import ognl.Ognl; - -import java.util.HashMap; - -import com.opensymphony.xwork2.ognl.OgnlUtil; - -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RequestMapping; - -@Controller -public class OgnlInjection { - @RequestMapping - public void testOgnlParseExpression(@RequestParam String expr) throws Exception { - Object tree = Ognl.parseExpression(expr); - Ognl.getValue(tree, new HashMap<>(), new Object()); - Ognl.setValue(tree, new HashMap<>(), new Object()); - - Node node = (Node) tree; - node.getValue(null, new Object()); - node.setValue(null, new Object(), new Object()); - } - - @RequestMapping - public void testOgnlCompileExpression(@RequestParam String expr) throws Exception { - Node tree = Ognl.compileExpression(null, new Object(), expr); - Ognl.getValue(tree, new HashMap<>(), new Object()); - Ognl.setValue(tree, new HashMap<>(), new Object()); - - tree.getValue(null, new Object()); - tree.setValue(null, new Object(), new Object()); - } - - @RequestMapping - public void testOgnlDirectlyToGetSet(@RequestParam String expr) throws Exception { - Ognl.getValue(expr, new Object()); - Ognl.setValue(expr, new Object(), new Object()); - } - - @RequestMapping - public void testStruts(@RequestParam String expr) throws Exception { - OgnlUtil ognl = new OgnlUtil(); - ognl.getValue(expr, new HashMap<>(), new Object()); - ognl.setValue(expr, new HashMap<>(), new Object(), new Object()); - new OgnlUtil().callMethod(expr, new HashMap<>(), new Object()); - } -} diff --git a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.qlref b/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.qlref deleted file mode 100644 index 668f3bf2797..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/Security/CWE/CWE-917/OgnlInjection.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-917/options b/java/ql/test/experimental/query-tests/security/CWE-917/options deleted file mode 100644 index b29e21be7b4..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-917/options +++ /dev/null @@ -1 +0,0 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22 diff --git a/java/ql/test/library-tests/dataflow/taint-jackson/Test.java b/java/ql/test/library-tests/dataflow/taint-jackson/Test.java index 3be85336e26..d3f8766de70 100644 --- a/java/ql/test/library-tests/dataflow/taint-jackson/Test.java +++ b/java/ql/test/library-tests/dataflow/taint-jackson/Test.java @@ -29,7 +29,7 @@ class Test { public static void sink(Object any) {} - public static void jacksonObjectMapper() throws java.io.FileNotFoundException, java.io.UnsupportedEncodingException { + public static void jacksonObjectMapper() throws Exception { String s = taint(); ObjectMapper om = new ObjectMapper(); File file = new File("testFile"); @@ -52,7 +52,7 @@ class Test { sink(reconstructed); //$hasTaintFlow } - public static void jacksonObjectWriter() throws java.io.FileNotFoundException, java.io.UnsupportedEncodingException { + public static void jacksonObjectWriter() throws Exception { String s = taint(); ObjectWriter ow = new ObjectWriter(); File file = new File("testFile"); @@ -89,7 +89,7 @@ class Test { ObjectMapper om = new ObjectMapper(); ObjectReader reader = om.readerFor(Potato.class); sink(reader.readValues(s)); //$hasTaintFlow - Iterator pIterator = reader.readValues(s, Potato.class); + Iterator pIterator = reader.readValues(s); while(pIterator.hasNext()) { Potato p = pIterator.next(); sink(p); //$hasTaintFlow diff --git a/java/ql/test/library-tests/dataflow/taint-jackson/options b/java/ql/test/library-tests/dataflow/taint-jackson/options index b8c628f27cf..f80cce8b634 100644 --- a/java/ql/test/library-tests/dataflow/taint-jackson/options +++ b/java/ql/test/library-tests/dataflow/taint-jackson/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jackson-databind-2.10 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12 diff --git a/java/ql/test/library-tests/dataflow/taintsources/options b/java/ql/test/library-tests/dataflow/taintsources/options index be1eb3d91da..5981641da65 100644 --- a/java/ql/test/library-tests/dataflow/taintsources/options +++ b/java/ql/test/library-tests/dataflow/taintsources/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x diff --git a/java/ql/test/library-tests/frameworks/jackson/Test.java b/java/ql/test/library-tests/frameworks/jackson/Test.java new file mode 100644 index 00000000000..c3f48df2960 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jackson/Test.java @@ -0,0 +1,316 @@ +package generatedtest; + +import com.fasterxml.jackson.core.JsonFactory; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectReader; +import java.io.DataInput; +import java.io.File; +import java.io.InputStream; +import java.io.Reader; +import java.net.URL; +import java.util.Map; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object newWithMapValue(Object element) { + return Map.of(null, element); + } + + Object source() { + return null; + } + + void sink(Object o) {} + + public void test() throws Exception { + + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + JsonFactory instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + JsonFactory instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + URL in = (URL) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + String in = (String) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + Reader in = (Reader) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + InputStream in = (InputStream) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + File in = (File) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + DataInput in = (DataInput) source(); + JsonFactory instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + ObjectMapper instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + ObjectMapper instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + URL in = (URL) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + String in = (String) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + Reader in = (Reader) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + InputStream in = (InputStream) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + File in = (File) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + DataInput in = (DataInput) source(); + ObjectMapper instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint" + Object out = null; + Object in = (Object) source(); + ObjectMapper instance = null; + out = instance.convertValue(in, (TypeReference) null); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint" + Object out = null; + Object in = (Object) source(); + ObjectMapper instance = null; + out = instance.convertValue(in, (JavaType) null); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint" + Object out = null; + Object in = (Object) source(); + ObjectMapper instance = null; + out = instance.convertValue(in, (Class) null); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint" + JsonNode out = null; + Object in = (Object) source(); + ObjectMapper instance = null; + out = instance.valueToTree(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;MapValue of + // Argument[0];ReturnValue;taint" + JsonNode out = null; + Object in = (Object) newWithMapValue(source()); + ObjectMapper instance = null; + out = instance.valueToTree(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + ObjectReader instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + char[] in = (char[]) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + ObjectReader instance = null; + out = instance.createParser(in, 0, 0); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + byte[] in = (byte[]) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + URL in = (URL) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + String in = (String) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + Reader in = (Reader) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + InputStream in = (InputStream) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + File in = (File) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + { + // "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint" + JsonParser out = null; + DataInput in = (DataInput) source(); + ObjectReader instance = null; + out = instance.createParser(in); + sink(out); // $ hasTaintFlow + } + + } + +} diff --git a/java/ql/test/library-tests/frameworks/jackson/options b/java/ql/test/library-tests/frameworks/jackson/options new file mode 100644 index 00000000000..f80cce8b634 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jackson/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12 diff --git a/java/ql/test/library-tests/frameworks/jackson/test.expected b/java/ql/test/library-tests/frameworks/jackson/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/jackson/test.ql b/java/ql/test/library-tests/frameworks/jackson/test.ql new file mode 100644 index 00000000000..465161863cc --- /dev/null +++ b/java/ql/test/library-tests/frameworks/jackson/test.ql @@ -0,0 +1,53 @@ +import java +import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.TaintTracking +import TestUtilities.InlineExpectationsTest + +class ValueFlowConf extends DataFlow::Configuration { + ValueFlowConf() { this = "qltest:valueFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class TaintFlowConf extends TaintTracking::Configuration { + TaintFlowConf() { this = "qltest:taintFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class HasFlowTest extends InlineExpectationsTest { + HasFlowTest() { this = "HasFlowTest" } + + override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasValueFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + or + tag = "hasTaintFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | + conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink) + | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/library-tests/frameworks/play/options b/java/ql/test/library-tests/frameworks/play/options index 19a2fe3f5d3..a8aa2278c82 100644 --- a/java/ql/test/library-tests/frameworks/play/options +++ b/java/ql/test/library-tests/frameworks/play/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x diff --git a/java/ql/test/query-tests/security/CWE-502/options b/java/ql/test/query-tests/security/CWE-502/options index fc5cac9e843..aedb1d0518b 100644 --- a/java/ql/test/query-tests/security/CWE-502/options +++ b/java/ql/test/query-tests/security/CWE-502/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1:${testdir}/../../../stubs/jackson-databind-2.10 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12 diff --git a/java/ql/test/query-tests/security/CWE-917/OgnlInjection.java b/java/ql/test/query-tests/security/CWE-917/OgnlInjection.java new file mode 100644 index 00000000000..777bbcb06aa --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-917/OgnlInjection.java @@ -0,0 +1,73 @@ +import ognl.Node; +import ognl.Ognl; +import ognl.enhance.ExpressionAccessor; + +import java.util.HashMap; + +import com.opensymphony.xwork2.ognl.OgnlUtil; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RequestMapping; + +@Controller +public class OgnlInjection { + @RequestMapping + public void testOgnlParseExpression(@RequestParam String expr) throws Exception { + Object tree = Ognl.parseExpression(expr); + Ognl.getValue(tree, new HashMap<>(), new Object()); // $hasOgnlInjection + Ognl.setValue(tree, new HashMap<>(), new Object()); // $hasOgnlInjection + + Node node = (Node) tree; + node.getValue(null, new Object()); // $hasOgnlInjection + node.setValue(null, new Object(), new Object()); // $hasOgnlInjection + } + + @RequestMapping + public void testOgnlCompileExpression(@RequestParam String expr) throws Exception { + Node tree = Ognl.compileExpression(null, new Object(), expr); + Ognl.getValue(tree, new HashMap<>(), new Object()); // $hasOgnlInjection + Ognl.setValue(tree, new HashMap<>(), new Object()); // $hasOgnlInjection + + tree.getValue(null, new Object()); // $hasOgnlInjection + tree.setValue(null, new Object(), new Object()); // $hasOgnlInjection + } + + @RequestMapping + public void testOgnlDirectlyToGetSet(@RequestParam String expr) throws Exception { + Ognl.getValue(expr, new Object()); // $hasOgnlInjection + Ognl.setValue(expr, new Object(), new Object()); // $hasOgnlInjection + } + + @RequestMapping + public void testStruts(@RequestParam String expr) throws Exception { + OgnlUtil ognl = new OgnlUtil(); + ognl.getValue(expr, new HashMap<>(), new Object()); // $hasOgnlInjection + ognl.setValue(expr, new HashMap<>(), new Object(), new Object()); // $hasOgnlInjection + new OgnlUtil().callMethod(expr, new HashMap<>(), new Object()); // $hasOgnlInjection + } + + @RequestMapping + public void testExpressionAccessor(@RequestParam String expr) throws Exception { + Node tree = Ognl.compileExpression(null, new Object(), expr); + ExpressionAccessor accessor = tree.getAccessor(); + accessor.get(null, new Object()); // $hasOgnlInjection + accessor.set(null, new Object(), new Object()); // $hasOgnlInjection + + Ognl.getValue(accessor, null, new Object()); // $hasOgnlInjection + Ognl.setValue(accessor, null, new Object()); // $hasOgnlInjection + } + + @RequestMapping + public void testExpressionAccessorSetExpression(@RequestParam String expr) throws Exception { + Node tree = Ognl.compileExpression(null, new Object(), "\"some safe expression\".toString()"); + ExpressionAccessor accessor = tree.getAccessor(); + Node taintedTree = Ognl.compileExpression(null, new Object(), expr); + accessor.setExpression(taintedTree); + accessor.get(null, new Object()); // $hasOgnlInjection + accessor.set(null, new Object(), new Object()); // $hasOgnlInjection + + Ognl.getValue(accessor, null, new Object()); // $hasOgnlInjection + Ognl.setValue(accessor, null, new Object()); // $hasOgnlInjection + } +} diff --git a/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.expected b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql new file mode 100644 index 00000000000..dc1fc57a0a6 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-917/OgnlInjectionTest.ql @@ -0,0 +1,20 @@ +import java +import semmle.code.java.security.OgnlInjectionQuery +import TestUtilities.InlineExpectationsTest + +class OgnlInjectionTest extends InlineExpectationsTest { + OgnlInjectionTest() { this = "HasOgnlInjection" } + + override string getARelevantTag() { result = "hasOgnlInjection" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasOgnlInjection" and + exists(DataFlow::Node src, DataFlow::Node sink, OgnlInjectionFlowConfig conf | + conf.hasFlow(src, sink) + | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-917/options b/java/ql/test/query-tests/security/CWE-917/options new file mode 100644 index 00000000000..cfb77dafac3 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-917/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22 diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JacksonException.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JacksonException.java new file mode 100644 index 00000000000..f9e02378d6d --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JacksonException.java @@ -0,0 +1,8 @@ +package com.fasterxml.jackson.core; + +public abstract class JacksonException extends java.io.IOException { + public abstract String getOriginalMessage(); + + public abstract Object getProcessor(); + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonEncoding.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonEncoding.java new file mode 100644 index 00000000000..84bc7db6e0f --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonEncoding.java @@ -0,0 +1,10 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +public enum JsonEncoding { +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonFactory.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonFactory.java new file mode 100644 index 00000000000..896c36d0023 --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonFactory.java @@ -0,0 +1,155 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ +package com.fasterxml.jackson.core; + +import java.io.*; +import java.net.URL; + +public class JsonFactory implements java.io.Serializable // since 2.1 (for Android, mostly) +{ + public JsonFactory copy() { + return null; + } + + public boolean canUseCharArrays() { + return true; + } + + public boolean requiresCustomCodec() { + return false; + } + + public final JsonFactory configure(JsonGenerator.Feature f, boolean state) { + return null; + } + + public JsonFactory enable(JsonGenerator.Feature f) { + return null; + } + + public JsonFactory disable(JsonGenerator.Feature f) { + return null; + } + + public JsonFactory setRootValueSeparator(String sep) { + return null; + } + + public String getRootValueSeparator() { + return null; + } + + public JsonParser createParser(File f) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(URL url) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(InputStream in) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(Reader r) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(byte[] data) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(byte[] data, int offset, int len) + throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(String content) throws IOException, JsonParseException { + return null; + } + + public JsonParser createParser(char[] content) throws IOException { + return null; + } + + public JsonParser createParser(char[] content, int offset, int len) throws IOException { + return null; + } + + public JsonParser createParser(DataInput in) throws IOException { + return null; + } + + public JsonParser createNonBlockingByteArrayParser() throws IOException { + return null; + } + + public JsonGenerator createGenerator(OutputStream out, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(OutputStream out) throws IOException { + return null; + } + + public JsonGenerator createGenerator(Writer w) throws IOException { + return null; + } + + public JsonGenerator createGenerator(File f, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(DataOutput out, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(DataOutput out) throws IOException { + return null; + } + + public JsonParser createJsonParser(File f) throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(URL url) throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(InputStream in) throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(Reader r) throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(byte[] data) throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(byte[] data, int offset, int len) + throws IOException, JsonParseException { + return null; + } + + public JsonParser createJsonParser(String content) throws IOException, JsonParseException { + return null; + } + + public JsonGenerator createJsonGenerator(OutputStream out, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createJsonGenerator(Writer out) throws IOException { + return null; + } + + public JsonGenerator createJsonGenerator(OutputStream out) throws IOException { + return null; + } + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerationException.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerationException.java new file mode 100644 index 00000000000..66c2be492e2 --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerationException.java @@ -0,0 +1,31 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +public class JsonGenerationException extends JsonProcessingException { + public JsonGenerationException(Throwable rootCause) {} + + public JsonGenerationException(String msg) {} + + public JsonGenerationException(String msg, Throwable rootCause) {} + + public JsonGenerationException(Throwable rootCause, JsonGenerator g) {} + + public JsonGenerationException(String msg, JsonGenerator g) {} + + public JsonGenerationException(String msg, Throwable rootCause, JsonGenerator g) {} + + public JsonGenerationException withGenerator(JsonGenerator g) { + return null; + } + + @Override + public JsonGenerator getProcessor() { + return null; + } + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerator.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerator.java new file mode 100644 index 00000000000..ef5a50b5c2b --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonGenerator.java @@ -0,0 +1,226 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ +package com.fasterxml.jackson.core; + +import java.io.*; +import java.math.BigDecimal; +import java.math.BigInteger; + +public abstract class JsonGenerator implements Closeable, Flushable { + public enum Feature { + } + + public Object getOutputTarget() { + return null; + } + + public Object getCurrentValue() { + return null; + } + + public void setCurrentValue(Object v) {} + + public abstract JsonGenerator enable(Feature f); + + public abstract JsonGenerator disable(Feature f); + + public final JsonGenerator configure(Feature f, boolean state) { + return null; + } + + public abstract boolean isEnabled(Feature f); + + public abstract int getFeatureMask(); + + public abstract JsonGenerator setFeatureMask(int values); + + public JsonGenerator overrideStdFeatures(int values, int mask) { + return null; + } + + public int getFormatFeatures() { + return 0; + } + + public JsonGenerator overrideFormatFeatures(int values, int mask) { + return null; + } + + public abstract JsonGenerator useDefaultPrettyPrinter(); + + public JsonGenerator setHighestNonEscapedChar(int charCode) { + return this; + } + + public int getHighestEscapedChar() { + return 0; + } + + public int getOutputBuffered() { + return 0; + } + + public boolean canWriteObjectId() { + return false; + } + + public boolean canWriteTypeId() { + return false; + } + + public boolean canWriteBinaryNatively() { + return false; + } + + public boolean canOmitFields() { + return true; + } + + public boolean canWriteFormattedNumbers() { + return false; + } + + public abstract void writeStartArray() throws IOException; + + public void writeStartArray(int size) throws IOException {} + + public void writeStartArray(Object forValue) throws IOException {} + + public void writeStartArray(Object forValue, int size) throws IOException {} + + public abstract void writeEndArray() throws IOException; + + public abstract void writeStartObject() throws IOException; + + public void writeStartObject(Object forValue) throws IOException {} + + public void writeStartObject(Object forValue, int size) throws IOException {} + + public abstract void writeEndObject() throws IOException; + + public abstract void writeFieldName(String name) throws IOException; + + public void writeFieldId(long id) throws IOException {} + + public void writeArray(int[] array, int offset, int length) throws IOException {} + + public void writeArray(long[] array, int offset, int length) throws IOException {} + + public void writeArray(double[] array, int offset, int length) throws IOException {} + + public void writeArray(String[] array, int offset, int length) throws IOException {} + + public abstract void writeString(String text) throws IOException; + + public void writeString(Reader reader, int len) throws IOException {} + + public abstract void writeString(char[] buffer, int offset, int len) throws IOException; + + public abstract void writeRawUTF8String(byte[] buffer, int offset, int len) throws IOException; + + public abstract void writeUTF8String(byte[] buffer, int offset, int len) throws IOException; + + public abstract void writeRaw(String text) throws IOException; + + public abstract void writeRaw(String text, int offset, int len) throws IOException; + + public abstract void writeRaw(char[] text, int offset, int len) throws IOException; + + public abstract void writeRaw(char c) throws IOException; + + public abstract void writeRawValue(String text) throws IOException; + + public abstract void writeRawValue(String text, int offset, int len) throws IOException; + + public abstract void writeRawValue(char[] text, int offset, int len) throws IOException; + + public void writeBinary(byte[] data, int offset, int len) throws IOException {} + + public void writeBinary(byte[] data) throws IOException {} + + public int writeBinary(InputStream data, int dataLength) throws IOException { + return 0; + } + + public void writeNumber(short v) throws IOException { + writeNumber((int) v); + } + + public abstract void writeNumber(int v) throws IOException; + + public abstract void writeNumber(long v) throws IOException; + + public abstract void writeNumber(BigInteger v) throws IOException; + + public abstract void writeNumber(double v) throws IOException; + + public abstract void writeNumber(float v) throws IOException; + + public abstract void writeNumber(BigDecimal v) throws IOException; + + public abstract void writeNumber(String encodedValue) throws IOException; + + public void writeNumber(char[] encodedValueBuffer, int offset, int len) throws IOException {} + + public abstract void writeBoolean(boolean state) throws IOException; + + public abstract void writeNull() throws IOException; + + public void writeEmbeddedObject(Object object) throws IOException {} + + public void writeObjectId(Object id) throws IOException {} + + public void writeObjectRef(Object referenced) throws IOException {} + + public void writeTypeId(Object id) throws IOException {} + + public abstract void writeObject(Object pojo) throws IOException; + + public abstract void writeTree(TreeNode rootNode) throws IOException; + + public void writeBinaryField(String fieldName, byte[] data) throws IOException {} + + public void writeBooleanField(String fieldName, boolean value) throws IOException {} + + public void writeNullField(String fieldName) throws IOException {} + + public void writeStringField(String fieldName, String value) throws IOException {} + + public void writeNumberField(String fieldName, short value) throws IOException {} + + public void writeNumberField(String fieldName, int value) throws IOException {} + + public void writeNumberField(String fieldName, long value) throws IOException {} + + public void writeNumberField(String fieldName, BigInteger value) throws IOException {} + + public void writeNumberField(String fieldName, float value) throws IOException {} + + public void writeNumberField(String fieldName, double value) throws IOException {} + + public void writeNumberField(String fieldName, BigDecimal value) throws IOException {} + + public void writeArrayFieldStart(String fieldName) throws IOException {} + + public void writeObjectFieldStart(String fieldName) throws IOException {} + + public void writeObjectField(String fieldName, Object pojo) throws IOException {} + + public void writeOmittedField(String fieldName) throws IOException {} + + public void copyCurrentEvent(JsonParser p) throws IOException {} + + public void copyCurrentStructure(JsonParser p) throws IOException {} + + @Override + public abstract void flush() throws IOException; + + public abstract boolean isClosed(); + + @Override + public abstract void close() throws IOException; + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParseException.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParseException.java new file mode 100644 index 00000000000..17b858b7dc6 --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParseException.java @@ -0,0 +1,12 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +public class JsonParseException extends Exception { + + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParser.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParser.java new file mode 100644 index 00000000000..e6eaf9bab03 --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonParser.java @@ -0,0 +1,246 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +import java.io.*; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Iterator; +import com.fasterxml.jackson.core.type.TypeReference; + +public abstract class JsonParser implements Closeable { + public enum NumberType { + } + + public Object getInputSource() { + return null; + } + + public Object getCurrentValue() { + return null; + } + + public void setCurrentValue(Object v) {} + + public void setRequestPayloadOnError(byte[] payload, String charset) {} + + public void setRequestPayloadOnError(String payload) {} + + public boolean requiresCustomCodec() { + return false; + } + + public boolean canParseAsync() { + return false; + } + + @Override + public abstract void close() throws IOException; + + public abstract boolean isClosed(); + + public int releaseBuffered(OutputStream out) throws IOException { + return 0; + } + + public int releaseBuffered(Writer w) throws IOException { + return -1; + } + + public JsonParser setFeatureMask(int mask) { + return null; + } + + public JsonParser overrideStdFeatures(int values, int mask) { + return null; + } + + public int getFormatFeatures() { + return 0; + } + + public JsonParser overrideFormatFeatures(int values, int mask) { + return null; + } + + public String nextFieldName() throws IOException { + return null; + } + + public String nextTextValue() throws IOException { + return null; + } + + public int nextIntValue(int defaultValue) throws IOException { + return 0; + } + + public long nextLongValue(long defaultValue) throws IOException { + return 0; + } + + public Boolean nextBooleanValue() throws IOException { + return null; + } + + public abstract JsonParser skipChildren() throws IOException; + + public void finishToken() throws IOException {} + + public int currentTokenId() { + return 0; + } + + public abstract int getCurrentTokenId(); + + public abstract boolean hasCurrentToken(); + + public abstract boolean hasTokenId(int id); + + public boolean isNaN() throws IOException { + return false; + } + + public abstract void clearCurrentToken(); + + public abstract void overrideCurrentName(String name); + + public abstract String getCurrentName() throws IOException; + + public String currentName() throws IOException { + return null; + } + + public abstract String getText() throws IOException; + + public int getText(Writer writer) throws IOException, UnsupportedOperationException { + return 0; + } + + public abstract char[] getTextCharacters() throws IOException; + + public abstract int getTextLength() throws IOException; + + public abstract int getTextOffset() throws IOException; + + public abstract boolean hasTextCharacters(); + + public abstract Number getNumberValue() throws IOException; + + public abstract NumberType getNumberType() throws IOException; + + public byte getByteValue() throws IOException { + return 0; + } + + public short getShortValue() throws IOException { + return 0; + } + + public abstract int getIntValue() throws IOException; + + public abstract long getLongValue() throws IOException; + + public abstract BigInteger getBigIntegerValue() throws IOException; + + public abstract float getFloatValue() throws IOException; + + public abstract double getDoubleValue() throws IOException; + + public abstract BigDecimal getDecimalValue() throws IOException; + + public boolean getBooleanValue() throws IOException { + return false; + } + + public Object getEmbeddedObject() throws IOException { + return null; + } + + public byte[] getBinaryValue() throws IOException { + return null; + } + + public int readBinaryValue(OutputStream out) throws IOException { + return 0; + } + + public int getValueAsInt() throws IOException { + return 0; + } + + public int getValueAsInt(int def) throws IOException { + return def; + } + + public long getValueAsLong() throws IOException { + return 0; + } + + public long getValueAsLong(long def) throws IOException { + return 0; + } + + public double getValueAsDouble() throws IOException { + return 0; + } + + public double getValueAsDouble(double def) throws IOException { + return 0; + } + + public boolean getValueAsBoolean() throws IOException { + return false; + } + + public boolean getValueAsBoolean(boolean def) throws IOException { + return false; + } + + public String getValueAsString() throws IOException { + return null; + } + + public abstract String getValueAsString(String def) throws IOException; + + public boolean canReadObjectId() { + return false; + } + + public boolean canReadTypeId() { + return false; + } + + public Object getObjectId() throws IOException { + return null; + } + + public Object getTypeId() throws IOException { + return null; + } + + public T readValueAs(Class valueType) throws IOException { + return null; + } + + public T readValueAs(TypeReference valueTypeRef) throws IOException { + return null; + } + + public Iterator readValuesAs(Class valueType) throws IOException { + return null; + } + + public Iterator readValuesAs(TypeReference valueTypeRef) throws IOException { + return null; + } + + public T readValueAsTree() throws IOException { + return null; + } + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonProcessingException.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonProcessingException.java new file mode 100644 index 00000000000..4d666f62548 --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/JsonProcessingException.java @@ -0,0 +1,28 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +public class JsonProcessingException extends JacksonException { + + public void clearLocation() {} + + @Override + public String getOriginalMessage() { + return super.getMessage(); + } + + @Override + public Object getProcessor() { + return null; + } + + @Override + public String getMessage() { + return null; + } + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/TreeNode.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/TreeNode.java new file mode 100644 index 00000000000..338f58961da --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/TreeNode.java @@ -0,0 +1,40 @@ +/* + * Jackson JSON-processor. + * + * Copyright (c) 2007- Tatu Saloranta, tatu.saloranta@iki.fi + */ + +package com.fasterxml.jackson.core; + +import java.util.Iterator; + +public interface TreeNode { + JsonParser.NumberType numberType(); + + int size(); + + boolean isValueNode(); + + boolean isContainerNode(); + + boolean isMissingNode(); + + boolean isArray(); + + boolean isObject(); + + TreeNode get(String fieldName); + + TreeNode get(int index); + + TreeNode path(String fieldName); + + TreeNode path(int index); + + Iterator fieldNames(); + + TreeNode at(String jsonPointerExpression) throws IllegalArgumentException; + + JsonParser traverse(); + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/ResolvedType.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/ResolvedType.java new file mode 100644 index 00000000000..90b72a9e66b --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/ResolvedType.java @@ -0,0 +1,54 @@ +package com.fasterxml.jackson.core.type; + +public abstract class ResolvedType { + public abstract Class getRawClass(); + + public abstract boolean hasRawClass(Class clz); + + public abstract boolean isAbstract(); + + public abstract boolean isConcrete(); + + public abstract boolean isThrowable(); + + public abstract boolean isArrayType(); + + public abstract boolean isEnumType(); + + public abstract boolean isInterface(); + + public abstract boolean isPrimitive(); + + public abstract boolean isFinal(); + + public abstract boolean isContainerType(); + + public abstract boolean isCollectionLikeType(); + + public boolean isReferenceType() { + return false; + } + + public abstract boolean isMapLikeType(); + + public abstract boolean hasGenericTypes(); + + public Class getParameterSource() { + return null; + } + + public abstract ResolvedType getKeyType(); + + public abstract ResolvedType getContentType(); + + public abstract ResolvedType getReferencedType(); + + public abstract int containedTypeCount(); + + public abstract ResolvedType containedType(int index); + + public abstract String containedTypeName(int index); + + public abstract String toCanonical(); + +} diff --git a/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/TypeReference.java b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/TypeReference.java new file mode 100644 index 00000000000..a2c0e75e56a --- /dev/null +++ b/java/ql/test/stubs/jackson-core-2.12/com/fasterxml/jackson/core/type/TypeReference.java @@ -0,0 +1,15 @@ +package com.fasterxml.jackson.core.type; + +import java.lang.reflect.Type; + +public abstract class TypeReference implements Comparable> { + public Type getType() { + return null; + } + + @Override + public int compareTo(TypeReference o) { + return 0; + } + +} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonEncoding.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonEncoding.java deleted file mode 100644 index bc94ae34932..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonEncoding.java +++ /dev/null @@ -1,3 +0,0 @@ -package com.fasterxml.jackson.core; - -public class JsonEncoding {} \ No newline at end of file diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonFactory.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonFactory.java deleted file mode 100644 index 12696cd4397..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonFactory.java +++ /dev/null @@ -1,16 +0,0 @@ -package com.fasterxml.jackson.core; - -import java.io.Writer; - -public class JsonFactory { - public JsonFactory() { - } - - public JsonGenerator createGenerator(Writer writer) { - return new JsonGenerator(); - } - - public JsonParser createParser(String content) { - return null; - } -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonGenerator.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonGenerator.java deleted file mode 100644 index 320f77bb152..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonGenerator.java +++ /dev/null @@ -1,6 +0,0 @@ -package com.fasterxml.jackson.core; - -public class JsonGenerator { - protected JsonGenerator() { - } -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/JsonNode.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/JsonNode.java deleted file mode 100644 index 06602e943f5..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/JsonNode.java +++ /dev/null @@ -1,8 +0,0 @@ -package com.fasterxml.jackson.databind; - -import java.util.*; -import com.fasterxml.jackson.core.TreeNode; - -public abstract class JsonNode implements TreeNode, Iterable { - public JsonNode() {} -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectMapper.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectMapper.java deleted file mode 100644 index 754fcc43144..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectMapper.java +++ /dev/null @@ -1,77 +0,0 @@ -package com.fasterxml.jackson.databind; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.TreeNode; -import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator; -import java.lang.reflect.Type; -import java.io.*; -import java.util.*; - -public class ObjectMapper { - public ObjectMapper() { - } - - public void writeValue(File resultFile, Object value) { - } - - public void writeValue(com.fasterxml.jackson.core.JsonGenerator jgen, Object value) { - } - - public void writeValue(OutputStream out, Object value) { - } - - public void writeValue(Writer w, Object value) { - } - - public byte[] writeValueAsBytes(Object value) { - return null; - } - - public String writeValueAsString(Object value) { - return null; - } - - public ObjectReader readerFor(Class type) { - return null; - } - - public T valueToTree(Object fromValue) throws IllegalArgumentException { - return null; - } - - public T convertValue(Object fromValue, Class toValueType) throws IllegalArgumentException { - return null; - } - - public ObjectMapper setPolymorphicTypeValidator(PolymorphicTypeValidator ptv) { - return null; - } - - public ObjectMapper enableDefaultTyping() { - return null; - } - - public T readValue(String content, Class valueType) { - return null; - } - - public T readValue(String content, JavaType valueType) { - return null; - } - - public MappingIterator readValues(JsonParser p, Class valueType) { - return null; - } - - public T treeToValue(TreeNode n, Class valueType) { - return null; - } - - public JsonNode readTree(String content) { - return null; - } - - public JavaType constructType(Type t) { - return null; - } -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectReader.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectReader.java deleted file mode 100644 index f067a3e95a4..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectReader.java +++ /dev/null @@ -1,82 +0,0 @@ -package com.fasterxml.jackson.databind; - -import java.io.*; - -public class ObjectReader { - public ObjectReader forType(Class valueType) { - return null; - } - - public T readValue(String src) { - return null; - } - - public T readValue(String src, Class valueType) throws IOException { - return null; - } - - public T readValue(byte[] content) throws IOException { - return null; - } - - public T readValue(byte[] content, Class valueType) throws IOException { - return null; - } - - public T readValue(File src) throws IOException { - return null; - } - - public T readValue(InputStream src) throws IOException { - return null; - } - - public T readValue(InputStream src, Class valueType) throws IOException { - return null; - } - - public T readValue(Reader src) throws IOException { - return null; - } - - public T readValue(Reader src, Class valueType) throws IOException { - return null; - } - - public MappingIterator readValues(String src) { - return null; - } - - public MappingIterator readValues(String src, Class valueType) throws IOException { - return null; - } - - public MappingIterator readValues(byte[] content) throws IOException { - return null; - } - - public MappingIterator readValues(byte[] content, Class valueType) throws IOException { - return null; - } - - public MappingIterator readValues(File src) throws IOException { - return null; - } - - public MappingIterator readValues(InputStream src) throws IOException { - return null; - } - - public MappingIterator readValues(InputStream src, Class valueType) throws IOException { - return null; - } - - public MappingIterator readValues(Reader src) throws IOException { - return null; - } - - public MappingIterator readValues(Reader src, Class valueType) throws IOException { - return null; - } - -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectWriter.java b/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectWriter.java deleted file mode 100644 index fd069596f50..00000000000 --- a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/ObjectWriter.java +++ /dev/null @@ -1,29 +0,0 @@ -package com.fasterxml.jackson.databind; - -import java.io.*; -import java.util.*; - -public class ObjectWriter { - public ObjectWriter() { - } - - public void writeValue(File resultFile, Object value) { - } - - public void writeValue(com.fasterxml.jackson.core.JsonGenerator jgen, Object value) { - } - - public void writeValue(OutputStream out, Object value) { - } - - public void writeValue(Writer w, Object value) { - } - - public byte[] writeValueAsBytes(Object value) { - return null; - } - - public String writeValueAsString(Object value) { - return null; - } -} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/annotation/JsonTypeInfo.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/annotation/JsonTypeInfo.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/annotation/JsonTypeInfo.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/annotation/JsonTypeInfo.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonParser.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/core/JsonParser.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/JsonParser.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/core/JsonParser.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/TreeNode.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/core/TreeNode.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/core/TreeNode.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/core/TreeNode.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/JavaType.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JavaType.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/JavaType.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JavaType.java diff --git a/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonMappingException.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonMappingException.java new file mode 100644 index 00000000000..43d8e912ce3 --- /dev/null +++ b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonMappingException.java @@ -0,0 +1,119 @@ +package com.fasterxml.jackson.databind; + +import java.io.Closeable; +import java.io.IOException; +import java.io.Serializable; +import java.util.*; +import com.fasterxml.jackson.core.*; + +public class JsonMappingException extends JsonProcessingException { + public static class Reference implements Serializable { + public Reference(Object from) {} + + public Reference(Object from, String fieldName) {} + + public Reference(Object from, int index) {} + + public Object getFrom() { + return null; + } + + public String getFieldName() { + return null; + } + + public int getIndex() { + return 0; + } + + public String getDescription() { + return null; + } + + @Override + public String toString() { + return null; + } + + } + + public JsonMappingException(String msg) {} + + public JsonMappingException(String msg, Throwable rootCause) {} + + public JsonMappingException(Closeable processor, String msg) {} + + public JsonMappingException(Closeable processor, String msg, Throwable problem) {} + + public static JsonMappingException from(JsonParser p, String msg) { + return null; + } + + public static JsonMappingException from(JsonParser p, String msg, Throwable problem) { + return null; + } + + public static JsonMappingException from(JsonGenerator g, String msg) { + return null; + } + + public static JsonMappingException from(JsonGenerator g, String msg, Throwable problem) { + return null; + } + + public static JsonMappingException fromUnexpectedIOE(IOException src) { + return null; + } + + public static JsonMappingException wrapWithPath(Throwable src, Object refFrom, + String refFieldName) { + return null; + } + + public static JsonMappingException wrapWithPath(Throwable src, Object refFrom, int index) { + return null; + } + + public static JsonMappingException wrapWithPath(Throwable src, Reference ref) { + return null; + } + + public List getPath() { + return null; + } + + public String getPathReference() { + return null; + } + + public StringBuilder getPathReference(StringBuilder sb) { + return null; + } + + public void prependPath(Object referrer, String fieldName) {} + + public void prependPath(Object referrer, int index) {} + + public void prependPath(Reference r) {} + + @Override + public Object getProcessor() { + return null; + } + + @Override + public String getLocalizedMessage() { + return null; + } + + @Override + public String getMessage() { + return null; + } + + @Override + public String toString() { + return null; + } + +} diff --git a/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonNode.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonNode.java new file mode 100644 index 00000000000..bab56f6ef11 --- /dev/null +++ b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/JsonNode.java @@ -0,0 +1,304 @@ +package com.fasterxml.jackson.databind; + +import java.io.IOException; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.*; +import com.fasterxml.jackson.core.*; + +public abstract class JsonNode implements TreeNode, Iterable { + public abstract T deepCopy(); + + public int size() { + return 0; + } + + public boolean isEmpty() { + return size() == 0; + } + + public final boolean isValueNode() { + return false; + } + + public final boolean isContainerNode() { + return false; + } + + public boolean isMissingNode() { + return false; + } + + public boolean isArray() { + return false; + } + + public boolean isObject() { + return false; + } + + public abstract JsonNode get(int index); + + public JsonNode get(String fieldName) { + return null; + } + + public abstract JsonNode path(String fieldName); + + public abstract JsonNode path(int index); + + public Iterator fieldNames() { + return null; + } + + public final JsonNode at(String jsonPtrExpr) { + return null; + } + + public final boolean isPojo() { + return false; + } + + public final boolean isNumber() { + return false; + } + + public boolean isIntegralNumber() { + return false; + } + + public boolean isFloatingPointNumber() { + return false; + } + + public boolean isShort() { + return false; + } + + public boolean isInt() { + return false; + } + + public boolean isLong() { + return false; + } + + public boolean isFloat() { + return false; + } + + public boolean isDouble() { + return false; + } + + public boolean isBigDecimal() { + return false; + } + + public boolean isBigInteger() { + return false; + } + + public final boolean isTextual() { + return false; + } + + public final boolean isBoolean() { + return false; + } + + public final boolean isNull() { + return false; + } + + public final boolean isBinary() { + return false; + } + + public boolean canConvertToInt() { + return false; + } + + public boolean canConvertToLong() { + return false; + } + + public boolean canConvertToExactIntegral() { + return false; + } + + public String textValue() { + return null; + } + + public byte[] binaryValue() throws IOException { + return null; + } + + public boolean booleanValue() { + return false; + } + + public Number numberValue() { + return null; + } + + public short shortValue() { + return 0; + } + + public int intValue() { + return 0; + } + + public long longValue() { + return 0L; + } + + public float floatValue() { + return 0.0f; + } + + public double doubleValue() { + return 0.0; + } + + public BigDecimal decimalValue() { + return BigDecimal.ZERO; + } + + public BigInteger bigIntegerValue() { + return BigInteger.ZERO; + } + + public abstract String asText(); + + public String asText(String defaultValue) { + return null; + } + + public int asInt() { + return 0; + } + + public int asInt(int defaultValue) { + return 0; + } + + public long asLong() { + return 0; + } + + public long asLong(long defaultValue) { + return 0; + } + + public double asDouble() { + return 0; + } + + public double asDouble(double defaultValue) { + return 0; + } + + public boolean asBoolean() { + return false; + } + + public boolean asBoolean(boolean defaultValue) { + return false; + } + + public T require() throws IllegalArgumentException { + return null; + } + + public T requireNonNull() throws IllegalArgumentException { + return null; + } + + public JsonNode required(String propertyName) throws IllegalArgumentException { + return null; + } + + public JsonNode required(int index) throws IllegalArgumentException { + return null; + } + + public JsonNode requiredAt(String pathExpr) throws IllegalArgumentException { + return null; + } + + public boolean has(String fieldName) { + return false; + } + + public boolean has(int index) { + return false; + } + + public boolean hasNonNull(String fieldName) { + return false; + } + + public boolean hasNonNull(int index) { + return false; + } + + public final Iterator iterator() { + return elements(); + } + + public Iterator elements() { + return null; + } + + public Iterator> fields() { + return null; + } + + public abstract JsonNode findValue(String fieldName); + + public final List findValues(String fieldName) { + return null; + } + + public final List findValuesAsText(String fieldName) { + return null; + } + + public abstract JsonNode findPath(String fieldName); + + public abstract JsonNode findParent(String fieldName); + + public final List findParents(String fieldName) { + return null; + } + + public abstract List findValues(String fieldName, List foundSoFar); + + public abstract List findValuesAsText(String fieldName, List foundSoFar); + + public abstract List findParents(String fieldName, List foundSoFar); + + public T with(String propertyName) { + return null; + } + + public T withArray(String propertyName) { + return null; + } + + public boolean equals(Comparator comparator, JsonNode other) { + return false; + } + + public abstract String toString(); + + public String toPrettyString() { + return null; + } + + public abstract boolean equals(Object o); + +} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/MappingIterator.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/MappingIterator.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/MappingIterator.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/MappingIterator.java diff --git a/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectMapper.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectMapper.java new file mode 100644 index 00000000000..1bd595045ab --- /dev/null +++ b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectMapper.java @@ -0,0 +1,593 @@ +package com.fasterxml.jackson.databind; + +import java.io.*; +import java.lang.reflect.Type; +import java.net.URL; +import java.text.DateFormat; +import java.util.*; +import java.util.concurrent.atomic.AtomicReference; +import com.fasterxml.jackson.core.*; +import com.fasterxml.jackson.core.type.ResolvedType; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator; + +public class ObjectMapper implements java.io.Serializable // as of 2.1 +{ + public enum DefaultTyping { + } + public static class DefaultTypeResolverBuilder implements java.io.Serializable { + public DefaultTypeResolverBuilder(DefaultTyping t) {} + + public boolean useForType(JavaType t) { + return false; + } + + } + + public ObjectMapper() {} + + public ObjectMapper(JsonFactory jf) {} + + public ObjectMapper copy() { + return null; + } + + public ObjectMapper registerModule(Module module) { + return null; + } + + public ObjectMapper registerModules(Module... modules) { + return null; + } + + public ObjectMapper registerModules(Iterable modules) { + return null; + } + + public Set getRegisteredModuleIds() { + return null; + } + + public static List findModules() { + return null; + } + + public static List findModules(ClassLoader classLoader) { + return null; + } + + public ObjectMapper findAndRegisterModules() { + return null; + } + + public JsonGenerator createGenerator(OutputStream out) throws IOException { + return null; + } + + public JsonGenerator createGenerator(OutputStream out, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(Writer w) throws IOException { + return null; + } + + public JsonGenerator createGenerator(File outputFile, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(DataOutput out) throws IOException { + return null; + } + + public JsonParser createParser(File src) throws IOException { + return null; + } + + public JsonParser createParser(URL src) throws IOException { + return null; + } + + public JsonParser createParser(InputStream in) throws IOException { + return null; + } + + public JsonParser createParser(Reader r) throws IOException { + return null; + } + + public JsonParser createParser(byte[] content) throws IOException { + return null; + } + + public JsonParser createParser(byte[] content, int offset, int len) throws IOException { + return null; + } + + public JsonParser createParser(String content) throws IOException { + return null; + } + + public JsonParser createParser(char[] content) throws IOException { + return null; + } + + public JsonParser createParser(char[] content, int offset, int len) throws IOException { + return null; + } + + public JsonParser createParser(DataInput content) throws IOException { + return null; + } + + public JsonParser createNonBlockingByteArrayParser() throws IOException { + return null; + } + + public ObjectMapper setMixIns(Map, Class> sourceMixins) { + return null; + } + + public ObjectMapper addMixIn(Class target, Class mixinSource) { + return null; + } + + public Class findMixInClassFor(Class cls) { + return null; + } + + public int mixInCount() { + return 0; + } + + public void setMixInAnnotations(Map, Class> sourceMixins) {} + + public final void addMixInAnnotations(Class target, Class mixinSource) {} + + public ObjectMapper setDefaultMergeable(Boolean b) { + return null; + } + + public ObjectMapper setDefaultLeniency(Boolean b) { + return null; + } + + public void registerSubtypes(Class... classes) {} + + public void registerSubtypes(Collection> subtypes) {} + + public ObjectMapper deactivateDefaultTyping() { + return null; + } + + public ObjectMapper enableDefaultTyping() { + return null; + } + + public ObjectMapper enableDefaultTyping(DefaultTyping dti) { + return null; + } + + public ObjectMapper enableDefaultTypingAsProperty(DefaultTyping applicability, + String propertyName) { + return null; + } + + public ObjectMapper disableDefaultTyping() { + return null; + } + + public JavaType constructType(Type t) { + return null; + } + + public JavaType constructType(TypeReference typeRef) { + return null; + } + + public JsonFactory tokenStreamFactory() { + return null; + } + + public JsonFactory getFactory() { + return null; + } + + public JsonFactory getJsonFactory() { + return getFactory(); + } + + public ObjectMapper setDateFormat(DateFormat dateFormat) { + return null; + } + + public DateFormat getDateFormat() { + return null; + } + + public ObjectMapper setLocale(Locale l) { + return null; + } + + public ObjectMapper setTimeZone(TimeZone tz) { + return null; + } + + public boolean isEnabled(JsonGenerator.Feature f) { + return false; + } + + public ObjectMapper configure(JsonGenerator.Feature f, boolean state) { + return null; + } + + public ObjectMapper enable(JsonGenerator.Feature... features) { + return null; + } + + public ObjectMapper disable(JsonGenerator.Feature... features) { + return null; + } + + public T readValue(JsonParser p, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(JsonParser p, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public final T readValue(JsonParser p, ResolvedType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(JsonParser p, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readTree(JsonParser p) throws IOException, JsonProcessingException { + return null; + } + + public MappingIterator readValues(JsonParser p, ResolvedType valueType) + throws IOException, JsonProcessingException { + return null; + } + + public MappingIterator readValues(JsonParser p, JavaType valueType) + throws IOException, JsonProcessingException { + return null; + } + + public MappingIterator readValues(JsonParser p, Class valueType) + throws IOException, JsonProcessingException { + return null; + } + + public MappingIterator readValues(JsonParser p, TypeReference valueTypeRef) + throws IOException, JsonProcessingException { + return null; + } + + public JsonNode readTree(InputStream in) throws IOException { + return null; + } + + public JsonNode readTree(Reader r) throws IOException { + return null; + } + + public JsonNode readTree(String content) throws JsonProcessingException, JsonMappingException { + return null; + } + + public JsonNode readTree(byte[] content) throws IOException { + return null; + } + + public JsonNode readTree(byte[] content, int offset, int len) throws IOException { + return null; + } + + public JsonNode readTree(File file) throws IOException, JsonProcessingException { + return null; + } + + public JsonNode readTree(URL source) throws IOException { + return null; + } + + public void writeValue(JsonGenerator g, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeTree(JsonGenerator g, TreeNode rootNode) + throws IOException, JsonProcessingException {} + + public void writeTree(JsonGenerator g, JsonNode rootNode) + throws IOException, JsonProcessingException {} + + public JsonNode missingNode() { + return null; + } + + public JsonNode nullNode() { + return null; + } + + public JsonParser treeAsTokens(TreeNode n) { + return null; + } + + public T treeToValue(TreeNode n, Class valueType) + throws IllegalArgumentException, JsonProcessingException { + return null; + } + + public T valueToTree(Object fromValue) throws IllegalArgumentException { + return null; + } + + public boolean canSerialize(Class type) { + return false; + } + + public boolean canSerialize(Class type, AtomicReference cause) { + return false; + } + + public boolean canDeserialize(JavaType type) { + return false; + } + + public boolean canDeserialize(JavaType type, AtomicReference cause) { + return false; + } + + public T readValue(File src, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(File src, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(File src, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(URL src, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(URL src, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(URL src, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(String content, Class valueType) + throws JsonProcessingException, JsonMappingException { + return null; + } + + public T readValue(String content, TypeReference valueTypeRef) + throws JsonProcessingException, JsonMappingException { + return null; + } + + public T readValue(String content, JavaType valueType) + throws JsonProcessingException, JsonMappingException { + return null; + } + + public T readValue(Reader src, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(Reader src, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(Reader src, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(InputStream src, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(InputStream src, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(InputStream src, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, int offset, int len, Class valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, int offset, int len, TypeReference valueTypeRef) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(byte[] src, int offset, int len, JavaType valueType) + throws IOException, JsonParseException, JsonMappingException { + return null; + } + + public T readValue(DataInput src, Class valueType) throws IOException { + return null; + } + + public T readValue(DataInput src, JavaType valueType) throws IOException { + return null; + } + + public void writeValue(File resultFile, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeValue(OutputStream out, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeValue(DataOutput out, Object value) throws IOException {} + + public void writeValue(Writer w, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public String writeValueAsString(Object value) throws JsonProcessingException { + return null; + } + + public byte[] writeValueAsBytes(Object value) throws JsonProcessingException { + return null; + } + + public ObjectWriter writer() { + return null; + } + + public ObjectWriter writer(DateFormat df) { + return null; + } + + public ObjectWriter writerWithView(Class serializationView) { + return null; + } + + public ObjectWriter writerFor(Class rootType) { + return null; + } + + public ObjectWriter writerFor(TypeReference rootType) { + return null; + } + + public ObjectWriter writerFor(JavaType rootType) { + return null; + } + + + public ObjectWriter writerWithDefaultPrettyPrinter() { + return null; + } + + public ObjectWriter writerWithType(Class rootType) { + return null; + } + + public ObjectWriter writerWithType(TypeReference rootType) { + return null; + } + + public ObjectWriter writerWithType(JavaType rootType) { + return null; + } + + public ObjectReader reader() { + return null; + } + + public ObjectReader readerForUpdating(Object valueToUpdate) { + return null; + } + + public ObjectReader readerFor(JavaType type) { + return null; + } + + public ObjectReader readerFor(Class type) { + return null; + } + + public ObjectReader readerFor(TypeReference type) { + return null; + } + + public ObjectReader readerForArrayOf(Class type) { + return null; + } + + public ObjectReader readerForListOf(Class type) { + return null; + } + + public ObjectReader readerForMapOf(Class type) { + return null; + } + + + public ObjectReader readerWithView(Class view) { + return null; + } + + public ObjectReader reader(JavaType type) { + return null; + } + + public ObjectReader reader(Class type) { + return null; + } + + public ObjectReader reader(TypeReference type) { + return null; + } + + public T convertValue(Object fromValue, Class toValueType) + throws IllegalArgumentException { + return null; + } + + public T convertValue(Object fromValue, TypeReference toValueTypeRef) + throws IllegalArgumentException { + return null; + } + + public T convertValue(Object fromValue, JavaType toValueType) + throws IllegalArgumentException { + return null; + } + + public T updateValue(T valueToUpdate, Object overrides) throws JsonMappingException { + return null; + } + + public void setPolymorphicTypeValidator(PolymorphicTypeValidator ptv) {} + +} diff --git a/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectReader.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectReader.java new file mode 100644 index 00000000000..74bf5747f23 --- /dev/null +++ b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectReader.java @@ -0,0 +1,313 @@ +package com.fasterxml.jackson.databind; + +import java.io.*; +import java.net.URL; +import java.util.*; +import com.fasterxml.jackson.core.*; +import com.fasterxml.jackson.core.type.TypeReference; + +public class ObjectReader implements java.io.Serializable // since 2.1 +{ + + public ObjectReader with(JsonFactory f) { + return null; + } + + public ObjectReader withRootName(String rootName) { + return null; + } + + + public ObjectReader withoutRootName() { + return null; + } + + public ObjectReader forType(JavaType valueType) { + return null; + } + + public ObjectReader forType(Class valueType) { + return null; + } + + public ObjectReader forType(TypeReference valueTypeRef) { + return null; + } + + public ObjectReader withType(JavaType valueType) { + return null; + } + + public ObjectReader withType(Class valueType) { + return null; + } + + public ObjectReader withType(java.lang.reflect.Type valueType) { + return null; + } + + public ObjectReader withType(TypeReference valueTypeRef) { + return null; + } + + public ObjectReader withValueToUpdate(Object value) { + return null; + } + + public ObjectReader withView(Class activeView) { + return null; + } + + public ObjectReader with(Locale l) { + return null; + } + + public ObjectReader with(TimeZone tz) { + return null; + } + + + public ObjectReader withFormatDetection(ObjectReader... readers) { + return null; + } + + + public ObjectReader withAttributes(Map attrs) { + return null; + } + + public ObjectReader withAttribute(Object key, Object value) { + return null; + } + + public ObjectReader withoutAttribute(Object key) { + return null; + } + + + public JavaType getValueType() { + return null; + } + + public JsonParser createParser(File src) throws IOException { + return null; + } + + public JsonParser createParser(URL src) throws IOException { + return null; + } + + public JsonParser createParser(InputStream in) throws IOException { + return null; + } + + public JsonParser createParser(Reader r) throws IOException { + return null; + } + + public JsonParser createParser(byte[] content) throws IOException { + return null; + } + + public JsonParser createParser(byte[] content, int offset, int len) throws IOException { + return null; + } + + public JsonParser createParser(String content) throws IOException { + return null; + } + + public JsonParser createParser(char[] content) throws IOException { + return null; + } + + public JsonParser createParser(char[] content, int offset, int len) throws IOException { + return null; + } + + public JsonParser createParser(DataInput content) throws IOException { + return null; + } + + public JsonParser createNonBlockingByteArrayParser() throws IOException { + return null; + } + + public T readValue(JsonParser p) throws IOException { + return null; + } + + public T readValue(JsonParser p, JavaType valueType) throws IOException { + return null; + } + + public Iterator readValues(JsonParser p, JavaType valueType) throws IOException { + return null; + } + + public JsonNode createArrayNode() { + return null; + } + + public JsonNode createObjectNode() { + return null; + } + + public JsonNode missingNode() { + return null; + } + + public JsonNode nullNode() { + return null; + } + + public JsonParser treeAsTokens(TreeNode n) { + return null; + } + + public T readTree(JsonParser p) throws IOException { + return null; + } + + public void writeTree(JsonGenerator g, TreeNode rootNode) {} + + public T readValue(InputStream src) throws IOException { + return null; + } + + public T readValue(InputStream src, Class valueType) throws IOException { + return null; + } + + public T readValue(Reader src) throws IOException { + return null; + } + + public T readValue(Reader src, Class valueType) throws IOException { + return null; + } + + public T readValue(String src) throws JsonProcessingException, JsonMappingException { + return null; + } + + public T readValue(String src, Class valueType) throws IOException { + return null; + } + + public T readValue(byte[] content) throws IOException { + return null; + } + + public T readValue(byte[] content, Class valueType) throws IOException { + return null; + } + + public T readValue(byte[] buffer, int offset, int length) throws IOException { + return null; + } + + public T readValue(byte[] buffer, int offset, int length, Class valueType) + throws IOException { + return null; + } + + public T readValue(File src) throws IOException { + return null; + } + + public T readValue(File src, Class valueType) throws IOException { + return null; + } + + public T readValue(URL src) throws IOException { + return null; + } + + public T readValue(URL src, Class valueType) throws IOException { + return null; + } + + public T readValue(JsonNode content) throws IOException { + return null; + } + + public T readValue(JsonNode content, Class valueType) throws IOException { + return null; + } + + public T readValue(DataInput src) throws IOException { + return null; + } + + public T readValue(DataInput content, Class valueType) throws IOException { + return null; + } + + public JsonNode readTree(InputStream src) throws IOException { + return null; + } + + public JsonNode readTree(Reader src) throws IOException { + return null; + } + + public JsonNode readTree(String json) throws JsonProcessingException, JsonMappingException { + return null; + } + + public JsonNode readTree(byte[] json) throws IOException { + return null; + } + + public JsonNode readTree(byte[] json, int offset, int len) throws IOException { + return null; + } + + public JsonNode readTree(DataInput src) throws IOException { + return null; + } + + public MappingIterator readValues(JsonParser p) throws IOException { + return null; + } + + public MappingIterator readValues(InputStream src) throws IOException { + return null; + } + + public MappingIterator readValues(Reader src) throws IOException { + return null; + } + + public MappingIterator readValues(String json) throws IOException { + return null; + } + + public MappingIterator readValues(byte[] src, int offset, int length) throws IOException { + return null; + } + + public final MappingIterator readValues(byte[] src) throws IOException { + return null; + } + + public MappingIterator readValues(File src) throws IOException { + return null; + } + + public MappingIterator readValues(URL src) throws IOException { + return null; + } + + public MappingIterator readValues(DataInput src) throws IOException { + return null; + } + + public T treeToValue(TreeNode n, Class valueType) throws JsonProcessingException { + return null; + } + + public void writeValue(JsonGenerator gen, Object value) throws IOException {} + +} diff --git a/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectWriter.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectWriter.java new file mode 100644 index 00000000000..6c1384a5971 --- /dev/null +++ b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/ObjectWriter.java @@ -0,0 +1,181 @@ +package com.fasterxml.jackson.databind; + +import java.io.*; +import java.text.*; +import java.util.Locale; +import java.util.Map; +import java.util.TimeZone; +import java.util.concurrent.atomic.AtomicReference; +import com.fasterxml.jackson.core.*; +import com.fasterxml.jackson.core.type.TypeReference; + +public class ObjectWriter implements java.io.Serializable // since 2.1 +{ + public ObjectWriter with(JsonGenerator.Feature feature) { + return null; + } + + public ObjectWriter withFeatures(JsonGenerator.Feature... features) { + return null; + } + + public ObjectWriter without(JsonGenerator.Feature feature) { + return null; + } + + public ObjectWriter withoutFeatures(JsonGenerator.Feature... features) { + return null; + } + + public ObjectWriter forType(JavaType rootType) { + return null; + } + + public ObjectWriter forType(Class rootType) { + return null; + } + + public ObjectWriter forType(TypeReference rootType) { + return null; + } + + public ObjectWriter withType(JavaType rootType) { + return null; + } + + public ObjectWriter withType(Class rootType) { + return null; + } + + public ObjectWriter withType(TypeReference rootType) { + return null; + } + + public ObjectWriter with(DateFormat df) { + return null; + } + + public ObjectWriter withDefaultPrettyPrinter() { + return null; + } + + public ObjectWriter withRootName(String rootName) { + return null; + } + + public ObjectWriter withoutRootName() { + return null; + } + + public ObjectWriter withView(Class view) { + return null; + } + + public ObjectWriter with(Locale l) { + return null; + } + + public ObjectWriter with(TimeZone tz) { + return null; + } + + public ObjectWriter with(JsonFactory f) { + return null; + } + + public ObjectWriter withAttributes(Map attrs) { + return null; + } + + public ObjectWriter withAttribute(Object key, Object value) { + return null; + } + + public ObjectWriter withoutAttribute(Object key) { + return null; + } + + public ObjectWriter withRootValueSeparator(String sep) { + return null; + } + + public JsonGenerator createGenerator(OutputStream out) throws IOException { + return null; + } + + public JsonGenerator createGenerator(OutputStream out, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(Writer w) throws IOException { + return null; + } + + public JsonGenerator createGenerator(File outputFile, JsonEncoding enc) throws IOException { + return null; + } + + public JsonGenerator createGenerator(DataOutput out) throws IOException { + return null; + } + + public boolean isEnabled(JsonGenerator.Feature f) { + return false; + } + + public JsonFactory getFactory() { + return null; + } + + public boolean hasPrefetchedSerializer() { + return false; + } + + public void writeValue(JsonGenerator g, Object value) throws IOException {} + + public void writeValue(File resultFile, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeValue(OutputStream out, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeValue(Writer w, Object value) + throws IOException, JsonGenerationException, JsonMappingException {} + + public void writeValue(DataOutput out, Object value) throws IOException {} + + public String writeValueAsString(Object value) throws JsonProcessingException { + return null; + } + + public byte[] writeValueAsBytes(Object value) throws JsonProcessingException { + return null; + } + + public boolean canSerialize(Class type) { + return false; + } + + public boolean canSerialize(Class type, AtomicReference cause) { + return false; + } + + public final static class GeneratorSettings implements java.io.Serializable { + public GeneratorSettings withRootValueSeparator(String sep) { + return null; + } + + public void initialize(JsonGenerator gen) {} + + } + public final static class Prefetch implements java.io.Serializable { + + public Prefetch forRootType(ObjectWriter parent, JavaType newType) { + return null; + } + + public boolean hasSerializer() { + return false; + } + } +} diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/cfg/MapperBuilder.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/cfg/MapperBuilder.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/cfg/MapperBuilder.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/cfg/MapperBuilder.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/json/JsonMapper.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/json/JsonMapper.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/json/JsonMapper.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/json/JsonMapper.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/jsontype/BasicPolymorphicTypeValidator.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/jsontype/BasicPolymorphicTypeValidator.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/jsontype/BasicPolymorphicTypeValidator.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/jsontype/BasicPolymorphicTypeValidator.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/jsontype/PolymorphicTypeValidator.java b/java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/jsontype/PolymorphicTypeValidator.java similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/com/fasterxml/jackson/databind/jsontype/PolymorphicTypeValidator.java rename to java/ql/test/stubs/jackson-databind-2.12/com/fasterxml/jackson/databind/jsontype/PolymorphicTypeValidator.java diff --git a/java/ql/test/stubs/jackson-databind-2.10/jackson-LICENSE.txt b/java/ql/test/stubs/jackson-databind-2.12/jackson-LICENSE.txt similarity index 100% rename from java/ql/test/stubs/jackson-databind-2.10/jackson-LICENSE.txt rename to java/ql/test/stubs/jackson-databind-2.12/jackson-LICENSE.txt diff --git a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/JavaSource.java b/java/ql/test/stubs/ognl-3.2.14/ognl/JavaSource.java similarity index 100% rename from java/ql/test/experimental/stubs/ognl-3.2.14/ognl/JavaSource.java rename to java/ql/test/stubs/ognl-3.2.14/ognl/JavaSource.java diff --git a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Node.java b/java/ql/test/stubs/ognl-3.2.14/ognl/Node.java similarity index 75% rename from java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Node.java rename to java/ql/test/stubs/ognl-3.2.14/ognl/Node.java index 56d58f24d07..d4663b769ee 100644 --- a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Node.java +++ b/java/ql/test/stubs/ognl-3.2.14/ognl/Node.java @@ -1,6 +1,9 @@ package ognl; +import ognl.enhance.ExpressionAccessor; + public interface Node extends JavaSource { public Object getValue(OgnlContext context, Object source) throws OgnlException; public void setValue(OgnlContext context, Object target, Object value) throws OgnlException; + ExpressionAccessor getAccessor(); } diff --git a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Ognl.java b/java/ql/test/stubs/ognl-3.2.14/ognl/Ognl.java similarity index 70% rename from java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Ognl.java rename to java/ql/test/stubs/ognl-3.2.14/ognl/Ognl.java index 1aa67646f92..7a24e9b2891 100644 --- a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Ognl.java +++ b/java/ql/test/stubs/ognl-3.2.14/ognl/Ognl.java @@ -1,5 +1,7 @@ package ognl; +import ognl.enhance.ExpressionAccessor; + import java.util.*; public abstract class Ognl { @@ -11,8 +13,14 @@ public abstract class Ognl { return new Object(); } + public static Object getValue(ExpressionAccessor accessor, OgnlContext context, Object root) throws OgnlException { + return new Object(); + } + public static void setValue(Object tree, Object root, Object value) throws OgnlException {} + public static void setValue(ExpressionAccessor accessor, OgnlContext context, Object root, Object value) throws OgnlException {} + public static Node compileExpression(OgnlContext context, Object root, String expression) throws Exception { return null; diff --git a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlContext.java b/java/ql/test/stubs/ognl-3.2.14/ognl/OgnlContext.java similarity index 100% rename from java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlContext.java rename to java/ql/test/stubs/ognl-3.2.14/ognl/OgnlContext.java diff --git a/java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlException.java b/java/ql/test/stubs/ognl-3.2.14/ognl/OgnlException.java similarity index 100% rename from java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlException.java rename to java/ql/test/stubs/ognl-3.2.14/ognl/OgnlException.java diff --git a/java/ql/test/stubs/ognl-3.2.14/ognl/enhance/ExpressionAccessor.java b/java/ql/test/stubs/ognl-3.2.14/ognl/enhance/ExpressionAccessor.java new file mode 100644 index 00000000000..cc1c1d6def5 --- /dev/null +++ b/java/ql/test/stubs/ognl-3.2.14/ognl/enhance/ExpressionAccessor.java @@ -0,0 +1,13 @@ +package ognl.enhance; + +import ognl.Node; +import ognl.OgnlContext; + +public interface ExpressionAccessor +{ + Object get( OgnlContext context, Object target ); + + void set( OgnlContext context, Object target, Object value ); + + void setExpression( Node expression ); +} diff --git a/java/ql/test/experimental/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java b/java/ql/test/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java similarity index 100% rename from java/ql/test/experimental/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java rename to java/ql/test/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java