diff --git a/java/ql/lib/semmle/code/java/Javadoc.qll b/java/ql/lib/semmle/code/java/Javadoc.qll index 044ed17f476..8f7b1dbf580 100755 --- a/java/ql/lib/semmle/code/java/Javadoc.qll +++ b/java/ql/lib/semmle/code/java/Javadoc.qll @@ -3,6 +3,7 @@ */ import semmle.code.Location +import Element /** A Javadoc parent is an element whose child can be some Javadoc documentation. */ class JavadocParent extends @javadocParent, Top { diff --git a/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll b/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll index 3fae0f0b4d2..5f1ed3438b5 100644 --- a/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll +++ b/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll @@ -4,6 +4,7 @@ import java import Dominance +import semmle.code.java.ControlFlowGraph /** * A control-flow node that represents the start of a basic block. diff --git a/java/ql/lib/semmle/code/java/controlflow/Dominance.qll b/java/ql/lib/semmle/code/java/controlflow/Dominance.qll index a1263ce3f0e..cbc16022d25 100644 --- a/java/ql/lib/semmle/code/java/controlflow/Dominance.qll +++ b/java/ql/lib/semmle/code/java/controlflow/Dominance.qll @@ -3,6 +3,7 @@ */ import java +private import semmle.code.java.ControlFlowGraph /* * Predicates for basic-block-level dominance. diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index a53e0b88501..3ea87607483 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -137,6 +137,7 @@ private module Frameworks { private import semmle.code.java.frameworks.MyBatis private import semmle.code.java.frameworks.Hibernate private import semmle.code.java.frameworks.jOOQ + private import semmle.code.java.frameworks.spring.SpringHttp } private predicate sourceModelCsv(string row) { diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 66818814773..d90e96e7898 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -27,6 +27,7 @@ import semmle.code.java.frameworks.Guice import semmle.code.java.frameworks.struts.StrutsActions import semmle.code.java.frameworks.Thrift import semmle.code.java.frameworks.javaee.jsf.JSFRenderer +private import semmle.code.java.dataflow.ExternalFlow /** A data flow source of remote user input. */ abstract class RemoteFlowSource extends DataFlow::Node { diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 739e2032ff5..b1422e89552 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -15,6 +15,7 @@ private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.internal.DataFlowPrivate import semmle.code.java.dataflow.FlowSteps private import FlowSummaryImpl as FlowSummaryImpl +private import semmle.code.java.frameworks.JaxWS /** * Holds if taint can flow from `src` to `sink` in zero or more diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll index 506da3803f7..17c8e09eabb 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll @@ -1,4 +1,5 @@ import java +import semmle.code.java.JDKAnnotations /** * Direct flow of values (i.e. object references) through expressions. diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index 168b14c360f..027e2392252 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -9,6 +9,7 @@ import semmle.code.java.deadcode.WebEntryPoints import semmle.code.java.frameworks.javaee.JavaServerFaces import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.JaxWS +import semmle.code.java.JMX import semmle.code.java.Reflection import semmle.code.java.frameworks.JavaxAnnotations import semmle.code.java.frameworks.Selenium diff --git a/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll index 0355f194e54..2d8b28e4de9 100644 --- a/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll @@ -3,6 +3,7 @@ import semmle.code.java.deadcode.DeadCode import semmle.code.java.frameworks.Cucumber import semmle.code.java.deadcode.frameworks.FitNesseEntryPoints import semmle.code.java.frameworks.Mockito +import semmle.code.java.UnitTests /** * A test method, suite, or an associated setup/teardown method. diff --git a/java/ql/lib/semmle/code/java/frameworks/ApacheLdap.qll b/java/ql/lib/semmle/code/java/frameworks/ApacheLdap.qll index 8bcba2f044e..a1cf6376bdf 100644 --- a/java/ql/lib/semmle/code/java/frameworks/ApacheLdap.qll +++ b/java/ql/lib/semmle/code/java/frameworks/ApacheLdap.qll @@ -3,6 +3,8 @@ */ import java +import semmle.code.java.Type +import semmle.code.java.Member /*--- Types ---*/ /** The interface `org.apache.directory.ldap.client.api.LdapConnection`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll index b52a280e964..9294c0c97c7 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll @@ -3,6 +3,8 @@ */ import java +import semmle.code.java.Type +import semmle.code.java.Member /*--- Types ---*/ /** The interface `javax.naming.Context`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll b/java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll index da40caf3744..2db8435c22c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll +++ b/java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll @@ -3,6 +3,8 @@ */ import java +import semmle.code.java.Type +import semmle.code.java.Member /*--- Types ---*/ /** The class `org.springframework.ldap.core.LdapTemplate`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll b/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll index dfa7fd6286a..2bac6eb5ce2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll +++ b/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll @@ -3,6 +3,8 @@ */ import java +import semmle.code.java.Type +import semmle.code.java.Member /*--- Types ---*/ /** The interface `com.unboundid.ldap.sdk.ReadOnlySearchRequest`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll index bce23155bdb..fac70e45f63 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll @@ -3,6 +3,7 @@ import java import Android import semmle.code.java.dataflow.FlowSteps +import semmle.code.java.dataflow.ExternalFlow /** * The class `android.database.sqlite.SQLiteDatabase`. diff --git a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll index 5f628b19a51..77285d98175 100644 --- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll +++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll @@ -1,4 +1,5 @@ import java +import semmle.code.xml.XML /** * Holds if any struts XML files are included in this snapshot. diff --git a/java/ql/lib/semmle/code/java/metrics/MetricPackage.qll b/java/ql/lib/semmle/code/java/metrics/MetricPackage.qll index 751357fc978..eafdd57dd8a 100755 --- a/java/ql/lib/semmle/code/java/metrics/MetricPackage.qll +++ b/java/ql/lib/semmle/code/java/metrics/MetricPackage.qll @@ -5,6 +5,7 @@ import semmle.code.java.Package import MetricElement import MetricRefType +import semmle.code.java.Dependency import MetricCallable /** This class provides access to metrics information for packages. */ diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll index 2ecf21bde2d..941aaafe580 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll @@ -3,6 +3,7 @@ import java import semmle.code.java.security.HttpsUrls import semmle.code.java.security.InsecureBasicAuth +import semmle.code.java.dataflow.TaintTracking /** * A taint tracking configuration for the Basic authentication scheme diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll index 15ae46ce15c..70af02efc6d 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll @@ -3,6 +3,8 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.Servlets +import semmle.code.java.frameworks.JaxWS private import semmle.code.java.dataflow.ExternalFlow /** A sink that is vulnerable to an HTTP header splitting attack. */ diff --git a/java/ql/src/Advisory/Declarations/NonPrivateField.ql b/java/ql/src/Advisory/Declarations/NonPrivateField.ql index 30b18ec53fd..60e49003586 100644 --- a/java/ql/src/Advisory/Declarations/NonPrivateField.ql +++ b/java/ql/src/Advisory/Declarations/NonPrivateField.ql @@ -10,6 +10,7 @@ */ import java +import semmle.code.java.JDKAnnotations class NonConstantSourceField extends Field { NonConstantSourceField() { diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql index 131a5747f49..0b594c0a78f 100644 --- a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql +++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql @@ -12,6 +12,7 @@ */ import java +import semmle.code.java.JDKAnnotations import semmle.code.java.Collections import semmle.code.java.Maps import semmle.code.java.frameworks.javaee.ejb.EJB diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql index 1bf54abb89f..7d831f9cb3f 100644 --- a/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql @@ -12,6 +12,7 @@ */ import java +import semmle.code.java.JDKAnnotations predicate isSerializable(RefType t) { t.getAnAncestor() instanceof TypeSerializable } diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql index e4323632819..760a14cb722 100644 --- a/java/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql @@ -8,6 +8,7 @@ import java import ExternalApi +import semmle.code.java.GeneratedFiles from ExternalApi api, int usages where diff --git a/java/ql/src/Telemetry/SupportedExternalSources.ql b/java/ql/src/Telemetry/SupportedExternalSources.ql index 552e16256e4..4b1bc2a6595 100644 --- a/java/ql/src/Telemetry/SupportedExternalSources.ql +++ b/java/ql/src/Telemetry/SupportedExternalSources.ql @@ -8,6 +8,7 @@ import java import ExternalApi +import semmle.code.java.GeneratedFiles from ExternalApi api, int usages where diff --git a/java/ql/src/Telemetry/SupportedExternalTaint.ql b/java/ql/src/Telemetry/SupportedExternalTaint.ql index f605c597a6d..17f1a33bcc6 100644 --- a/java/ql/src/Telemetry/SupportedExternalTaint.ql +++ b/java/ql/src/Telemetry/SupportedExternalTaint.ql @@ -8,6 +8,7 @@ import java import ExternalApi +import semmle.code.java.GeneratedFiles from ExternalApi api, int usages where diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql index 294a7260bd9..f01c59b2a13 100644 --- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -8,6 +8,7 @@ import java import ExternalApi +import semmle.code.java.GeneratedFiles from ExternalApi api, int usages where diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql index c908e0bf59a..2d1e605c426 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql @@ -15,6 +15,7 @@ import java import DataFlow::PathGraph import MyBatisCommonLib import MyBatisAnnotationSqlInjectionLib +import semmle.code.java.dataflow.FlowSources private class MyBatisAnnotationSqlInjectionConfiguration extends TaintTracking::Configuration { MyBatisAnnotationSqlInjectionConfiguration() { this = "MyBatis annotation sql injection" } diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjectionLib.qll index 6827f32b5f6..a48440426ae 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjectionLib.qll @@ -4,6 +4,8 @@ import java import MyBatisCommonLib +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.Properties /** An argument of a MyBatis annotated method. */ class MyBatisAnnotatedMethodCallArgument extends DataFlow::Node { diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll index f8209718455..b7f01ce06cd 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll @@ -6,6 +6,7 @@ import java import semmle.code.xml.MyBatisMapperXML import semmle.code.java.dataflow.FlowSources import semmle.code.java.frameworks.MyBatis +import semmle.code.java.frameworks.Properties private predicate propertiesKey(DataFlow::Node prop, string key) { exists(MethodAccess m | diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql index 5004d4fe651..9aeb95ea94a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql @@ -15,6 +15,8 @@ import java import DataFlow::PathGraph import MyBatisCommonLib import MyBatisMapperXmlSqlInjectionLib +import semmle.code.xml.MyBatisMapperXML +import semmle.code.java.dataflow.FlowSources private class MyBatisMapperXmlSqlInjectionConfiguration extends TaintTracking::Configuration { MyBatisMapperXmlSqlInjectionConfiguration() { this = "MyBatis mapper xml sql injection" } diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjectionLib.qll index 26b6c038d01..b059ce91eef 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjectionLib.qll @@ -5,6 +5,7 @@ import java import semmle.code.xml.MyBatisMapperXML import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.Properties /** A sink for MyBatis Mapper method call an argument. */ class MyBatisMapperMethodCallAnArgument extends DataFlow::Node { diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql index 34101b7c54c..b8301d4f977 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql @@ -12,6 +12,7 @@ import java import BeanShellInjection +import semmle.code.java.dataflow.FlowSources import DataFlow::PathGraph class BeanShellInjectionConfig extends TaintTracking::Configuration { diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql index c122f6f6429..451dff79444 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql @@ -12,6 +12,7 @@ import java import JShellInjection +import semmle.code.java.dataflow.FlowSources import DataFlow::PathGraph class JShellInjectionConfiguration extends TaintTracking::Configuration { diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll index cc56feabf6c..b65d2067b6a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll @@ -1,5 +1,6 @@ import java import FlowUtils +import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking /** diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql index e8975a960ab..a3dc6e6c39a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql @@ -13,6 +13,7 @@ import java import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.spring.SpringController import DataFlow::PathGraph /** The class `org.python.util.PythonInterpreter`. */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll index 92f93412c8b..36f73bbac01 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll @@ -3,6 +3,7 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking2 +import semmle.code.java.frameworks.android.Android /** The `startActivityForResult` method of Android's `Activity` class. */ class StartActivityForResultMethod extends Method { diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index ec2ca6a4d54..c5a6c36d6a6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -11,6 +11,7 @@ import java import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.Servlets import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.TaintTracking2 import DataFlow::PathGraph diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 43f4d76dcaf..71ee842f162 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -12,6 +12,7 @@ import java import JsonpInjectionLib +import semmle.code.java.dataflow.FlowSources import semmle.code.java.deadcode.WebEntryPoints import DataFlow::PathGraph diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll index c5a268c81e3..bb16099ddc3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll @@ -2,7 +2,10 @@ import java import DataFlow import JsonStringLib import semmle.code.java.security.XSS +import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.DataFlow3 +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.spring.SpringController /** * A method that is called to handle an HTTP GET request. diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql index c440dc12081..ca29a5544d3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql @@ -14,6 +14,7 @@ import java import DataFlow import UnsafeReflectionLib import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.FlowSources import DataFlow::PathGraph private class ContainsSanitizer extends DataFlow::BarrierGuard { diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql index 825258c0ccc..fe69f2d9cea 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql @@ -10,6 +10,7 @@ */ import java +import semmle.code.java.J2EE import TestLib /** The `main` method in an Enterprise Java Bean. */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index c307ec5b4d6..809c5e5e17d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -15,6 +15,7 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.frameworks.Servlets import semmle.code.xml.WebXML import DataFlow::PathGraph diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql index 977f500dff0..b15d7948801 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql @@ -12,6 +12,7 @@ import java import SpringUrlRedirect +import semmle.code.java.dataflow.FlowSources import DataFlow::PathGraph private class StartsWithSanitizer extends DataFlow::BarrierGuard { diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll index 557be08873c..3791573eb9d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll @@ -3,6 +3,7 @@ import DataFlow import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.TaintTracking +import semmle.code.java.frameworks.spring.SpringController /** * A concatenate expression using the string `redirect:` or `ajaxredirect:` or `forward:` on the left. diff --git a/java/ql/src/experimental/semmle/code/java/frameworks/CredentialsInPropertiesFile.qll b/java/ql/src/experimental/semmle/code/java/frameworks/CredentialsInPropertiesFile.qll index 101b2de28e4..1190e13a9a1 100644 --- a/java/ql/src/experimental/semmle/code/java/frameworks/CredentialsInPropertiesFile.qll +++ b/java/ql/src/experimental/semmle/code/java/frameworks/CredentialsInPropertiesFile.qll @@ -5,6 +5,7 @@ import java import semmle.code.configfiles.ConfigFiles import semmle.code.java.dataflow.FlowSources +import semmle.code.java.frameworks.Properties private string possibleSecretName() { result =