hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 23:33:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: revert deletion of redundant imports

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-04-26 12:45:42 +02:00
parent 17005dde2d
commit 881e5e16b5
44 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/lib/semmle/code/java/Javadoc.qll
View File

@@ -3,6 +3,7 @@
*/
import semmle.code.Location
import Element
/** A Javadoc parent is an element whose child can be some Javadoc documentation. */
class JavadocParent extends @javadocParent, Top {

1
java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll
View File

@@ -4,6 +4,7 @@
import java
import Dominance
import semmle.code.java.ControlFlowGraph
/**
* A control-flow node that represents the start of a basic block.

1
java/ql/lib/semmle/code/java/controlflow/Dominance.qll
View File

@@ -3,6 +3,7 @@
*/
import java
private import semmle.code.java.ControlFlowGraph
/*
* Predicates for basic-block-level dominance.

1
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -137,6 +137,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.MyBatis
private import semmle.code.java.frameworks.Hibernate
private import semmle.code.java.frameworks.jOOQ
private import semmle.code.java.frameworks.spring.SpringHttp
}
private predicate sourceModelCsv(string row) {

1
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -27,6 +27,7 @@ import semmle.code.java.frameworks.Guice
import semmle.code.java.frameworks.struts.StrutsActions
import semmle.code.java.frameworks.Thrift
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
private import semmle.code.java.dataflow.ExternalFlow
/** A data flow source of remote user input. */
abstract class RemoteFlowSource extends DataFlow::Node {

1
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -15,6 +15,7 @@ private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.dataflow.internal.DataFlowPrivate
import semmle.code.java.dataflow.FlowSteps
private import FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.java.frameworks.JaxWS
/**
* Holds if taint can flow from `src` to `sink` in zero or more

1
java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll
View File

@@ -1,4 +1,5 @@
import java
import semmle.code.java.JDKAnnotations
/**
* Direct flow of values (i.e. object references) through expressions.

1
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -9,6 +9,7 @@ import semmle.code.java.deadcode.WebEntryPoints
import semmle.code.java.frameworks.javaee.JavaServerFaces
import semmle.code.java.frameworks.JAXB
import semmle.code.java.frameworks.JaxWS
import semmle.code.java.JMX
import semmle.code.java.Reflection
import semmle.code.java.frameworks.JavaxAnnotations
import semmle.code.java.frameworks.Selenium

1
java/ql/lib/semmle/code/java/deadcode/TestEntryPoints.qll
View File

@@ -3,6 +3,7 @@ import semmle.code.java.deadcode.DeadCode
import semmle.code.java.frameworks.Cucumber
import semmle.code.java.deadcode.frameworks.FitNesseEntryPoints
import semmle.code.java.frameworks.Mockito
import semmle.code.java.UnitTests
/**
* A test method, suite, or an associated setup/teardown method.

2
java/ql/lib/semmle/code/java/frameworks/ApacheLdap.qll
View File

@@ -3,6 +3,8 @@
*/
import java
import semmle.code.java.Type
import semmle.code.java.Member
/*--- Types ---*/
/** The interface `org.apache.directory.ldap.client.api.LdapConnection`. */

2
java/ql/lib/semmle/code/java/frameworks/Jndi.qll
View File

@@ -3,6 +3,8 @@
*/
import java
import semmle.code.java.Type
import semmle.code.java.Member
/*--- Types ---*/
/** The interface `javax.naming.Context`. */

2
java/ql/lib/semmle/code/java/frameworks/SpringLdap.qll
View File

@@ -3,6 +3,8 @@
*/
import java
import semmle.code.java.Type
import semmle.code.java.Member
/*--- Types ---*/
/** The class `org.springframework.ldap.core.LdapTemplate`. */

2
java/ql/lib/semmle/code/java/frameworks/UnboundId.qll
View File

@@ -3,6 +3,8 @@
*/
import java
import semmle.code.java.Type
import semmle.code.java.Member
/*--- Types ---*/
/** The interface `com.unboundid.ldap.sdk.ReadOnlySearchRequest`. */

1
java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll
View File

@@ -3,6 +3,7 @@
import java
import Android
import semmle.code.java.dataflow.FlowSteps
import semmle.code.java.dataflow.ExternalFlow
/**
* The class `android.database.sqlite.SQLiteDatabase`.

1
java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll
View File

@@ -1,4 +1,5 @@
import java
import semmle.code.xml.XML
/**
* Holds if any struts XML files are included in this snapshot.

1
java/ql/lib/semmle/code/java/metrics/MetricPackage.qll
View File

@@ -5,6 +5,7 @@
import semmle.code.java.Package
import MetricElement
import MetricRefType
import semmle.code.java.Dependency
import MetricCallable
/** This class provides access to metrics information for packages. */

1
java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll
View File

@@ -3,6 +3,7 @@
import java
import semmle.code.java.security.HttpsUrls
import semmle.code.java.security.InsecureBasicAuth
import semmle.code.java.dataflow.TaintTracking
/**
* A taint tracking configuration for the Basic authentication scheme

2
java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
View File

@@ -3,6 +3,8 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Servlets
import semmle.code.java.frameworks.JaxWS
private import semmle.code.java.dataflow.ExternalFlow
/** A sink that is vulnerable to an HTTP header splitting attack. */

1
java/ql/src/Advisory/Declarations/NonPrivateField.ql
View File

@@ -10,6 +10,7 @@
*/
import java
import semmle.code.java.JDKAnnotations
class NonConstantSourceField extends Field {
NonConstantSourceField() {

1
java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql
View File

@@ -12,6 +12,7 @@
*/
import java
import semmle.code.java.JDKAnnotations
import semmle.code.java.Collections
import semmle.code.java.Maps
import semmle.code.java.frameworks.javaee.ejb.EJB

1
java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
View File

@@ -12,6 +12,7 @@
*/
import java
import semmle.code.java.JDKAnnotations
predicate isSerializable(RefType t) { t.getAnAncestor() instanceof TypeSerializable }

1
java/ql/src/Telemetry/SupportedExternalSinks.ql
View File

@@ -8,6 +8,7 @@
import java
import ExternalApi
import semmle.code.java.GeneratedFiles
from ExternalApi api, int usages
where

1
java/ql/src/Telemetry/SupportedExternalSources.ql
View File

@@ -8,6 +8,7 @@
import java
import ExternalApi
import semmle.code.java.GeneratedFiles
from ExternalApi api, int usages
where

1
java/ql/src/Telemetry/SupportedExternalTaint.ql
View File

@@ -8,6 +8,7 @@
import java
import ExternalApi
import semmle.code.java.GeneratedFiles
from ExternalApi api, int usages
where

1
java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
View File

@@ -8,6 +8,7 @@
import java
import ExternalApi
import semmle.code.java.GeneratedFiles
from ExternalApi api, int usages
where

1
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
View File

@@ -15,6 +15,7 @@ import java
import DataFlow::PathGraph
import MyBatisCommonLib
import MyBatisAnnotationSqlInjectionLib
import semmle.code.java.dataflow.FlowSources
private class MyBatisAnnotationSqlInjectionConfiguration extends TaintTracking::Configuration {
MyBatisAnnotationSqlInjectionConfiguration() { this = "MyBatis annotation sql injection" }

2
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjectionLib.qll
View File

@@ -4,6 +4,8 @@
import java
import MyBatisCommonLib
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Properties
/** An argument of a MyBatis annotated method. */
class MyBatisAnnotatedMethodCallArgument extends DataFlow::Node {

1
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
View File

@@ -6,6 +6,7 @@ import java
import semmle.code.xml.MyBatisMapperXML
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.MyBatis
import semmle.code.java.frameworks.Properties
private predicate propertiesKey(DataFlow::Node prop, string key) {
exists(MethodAccess m |

2
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
View File

@@ -15,6 +15,8 @@ import java
import DataFlow::PathGraph
import MyBatisCommonLib
import MyBatisMapperXmlSqlInjectionLib
import semmle.code.xml.MyBatisMapperXML
import semmle.code.java.dataflow.FlowSources
private class MyBatisMapperXmlSqlInjectionConfiguration extends TaintTracking::Configuration {
MyBatisMapperXmlSqlInjectionConfiguration() { this = "MyBatis mapper xml sql injection" }

1
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjectionLib.qll
View File

@@ -5,6 +5,7 @@
import java
import semmle.code.xml.MyBatisMapperXML
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Properties
/** A sink for MyBatis Mapper method call an argument. */
class MyBatisMapperMethodCallAnArgument extends DataFlow::Node {

1
java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql
View File

@@ -12,6 +12,7 @@
import java
import BeanShellInjection
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
class BeanShellInjectionConfig extends TaintTracking::Configuration {

1
java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
View File

@@ -12,6 +12,7 @@
import java
import JShellInjection
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
class JShellInjectionConfiguration extends TaintTracking::Configuration {

1
java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
View File

@@ -1,5 +1,6 @@
import java
import FlowUtils
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
/**

1
java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
View File

@@ -13,6 +13,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.spring.SpringController
import DataFlow::PathGraph
/** The class `org.python.util.PythonInterpreter`. */

1
java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll
View File

@@ -3,6 +3,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.frameworks.android.Android
/** The `startActivityForResult` method of Android's `Activity` class. */
class StartActivityForResultMethod extends Method {

1
java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql
View File

@@ -11,6 +11,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Servlets
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.TaintTracking2
import DataFlow::PathGraph

1
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
View File

@@ -12,6 +12,7 @@
import java
import JsonpInjectionLib
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.deadcode.WebEntryPoints
import DataFlow::PathGraph

3
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
View File

@@ -2,7 +2,10 @@ import java
import DataFlow
import JsonStringLib
import semmle.code.java.security.XSS
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.DataFlow3
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.spring.SpringController
/**
* A method that is called to handle an HTTP GET request.

1
java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
View File

@@ -14,6 +14,7 @@ import java
import DataFlow
import UnsafeReflectionLib
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
private class ContainsSanitizer extends DataFlow::BarrierGuard {

1
java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql
View File

@@ -10,6 +10,7 @@
*/
import java
import semmle.code.java.J2EE
import TestLib
/** The `main` method in an Enterprise Java Bean. */

1
java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql
View File

@@ -15,6 +15,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.Servlets
import semmle.code.xml.WebXML
import DataFlow::PathGraph

1
java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql
View File

@@ -12,6 +12,7 @@
import java
import SpringUrlRedirect
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
private class StartsWithSanitizer extends DataFlow::BarrierGuard {

1
java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll
View File

@@ -3,6 +3,7 @@ import DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.DataFlow2
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.spring.SpringController
/**
* A concatenate expression using the string `redirect:` or `ajaxredirect:` or `forward:` on the left.

1
java/ql/src/experimental/semmle/code/java/frameworks/CredentialsInPropertiesFile.qll
View File

@@ -5,6 +5,7 @@
import java
import semmle.code.configfiles.ConfigFiles
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Properties
private string possibleSecretName() {
result =